Examples with HivePrivilegeInfo org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo used on opensource projects

Search in sources :

Example 1 with HivePrivilegeInfo

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo in project hive by apache.

the class DDLTask method showGrants.

private int showGrants(Hive db, ShowGrantDesc showGrantDesc) throws HiveException {
    HiveAuthorizer authorizer = getSessionAuthorizer(db);
    try {
        List<HivePrivilegeInfo> privInfos = authorizer.showPrivileges(getAuthorizationTranslator(authorizer).getHivePrincipal(showGrantDesc.getPrincipalDesc()), getAuthorizationTranslator(authorizer).getHivePrivilegeObject(showGrantDesc.getHiveObj()));
        boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST);
        writeToFile(writeGrantInfo(privInfos, testMode), showGrantDesc.getResFile());
    } catch (IOException e) {
        throw new HiveException("Error in show grant statement", e);
    }
    return 0;
}
Also used : HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer) HivePrivilegeInfo(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo) HiveException(org.apache.hadoop.hive.ql.metadata.HiveException) IOException(java.io.IOException)

Example 2 with HivePrivilegeInfo

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo in project hive by apache.

the class ShowGrantOperation method writeGrantInfo.

private String writeGrantInfo(List<HivePrivilegeInfo> privileges, boolean testMode) {
    if (CollectionUtils.isEmpty(privileges)) {
        return "";
    }
    // sort the list to get sorted (deterministic) output (for ease of testing)
    Collections.sort(privileges, new Comparator<HivePrivilegeInfo>() {

        @Override
        public int compare(HivePrivilegeInfo o1, HivePrivilegeInfo o2) {
            int compare = o1.getObject().compareTo(o2.getObject());
            if (compare == 0) {
                compare = o1.getPrincipal().compareTo(o2.getPrincipal());
            }
            if (compare == 0) {
                compare = o1.getPrivilege().compareTo(o2.getPrivilege());
            }
            return compare;
        }
    });
    StringBuilder builder = new StringBuilder();
    for (HivePrivilegeInfo privilege : privileges) {
        HivePrincipal principal = privilege.getPrincipal();
        HivePrivilegeObject resource = privilege.getObject();
        HivePrincipal grantor = privilege.getGrantorPrincipal();
        ShowUtils.appendNonNull(builder, resource.getDbname(), true);
        ShowUtils.appendNonNull(builder, resource.getObjectName());
        ShowUtils.appendNonNull(builder, resource.getPartKeys());
        ShowUtils.appendNonNull(builder, resource.getColumns());
        ShowUtils.appendNonNull(builder, principal.getName());
        ShowUtils.appendNonNull(builder, principal.getType());
        ShowUtils.appendNonNull(builder, privilege.getPrivilege().getName());
        ShowUtils.appendNonNull(builder, privilege.isGrantOption());
        ShowUtils.appendNonNull(builder, testMode ? -1 : privilege.getGrantTime() * 1000L);
        ShowUtils.appendNonNull(builder, grantor.getName());
    }
    return builder.toString();
}
Also used : HivePrivilegeInfo(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Example 3 with HivePrivilegeInfo

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo in project hive by apache.

the class AuthorizationUtils method getPrivilegeInfos.

public static List<HivePrivilegeInfo> getPrivilegeInfos(List<HiveObjectPrivilege> privs) throws HiveException {
    List<HivePrivilegeInfo> hivePrivs = new ArrayList<HivePrivilegeInfo>();
    for (HiveObjectPrivilege priv : privs) {
        PrivilegeGrantInfo grantorInfo = priv.getGrantInfo();
        HiveObjectRef privObject = priv.getHiveObject();
        HivePrincipal hivePrincipal = getHivePrincipal(priv.getPrincipalName(), priv.getPrincipalType());
        HivePrincipal grantor = getHivePrincipal(grantorInfo.getGrantor(), grantorInfo.getGrantorType());
        HivePrivilegeObject object = getHiveObjectRef(privObject);
        HivePrivilege privilege = new HivePrivilege(grantorInfo.getPrivilege(), null);
        hivePrivs.add(new HivePrivilegeInfo(hivePrincipal, privilege, object, grantor, grantorInfo.isGrantOption(), grantorInfo.getCreateTime()));
    }
    return hivePrivs;
}
Also used : HivePrivilegeInfo(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Example 4 with HivePrivilegeInfo

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo in project hive by apache.

the class SQLStdHiveAccessController method showPrivileges.

@Override
public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj) throws HiveAuthzPluginException {
    try {
        // First authorize the call
        if (principal == null) {
            // only the admin is allowed to list privileges for any user
            if (!isUserAdmin()) {
                throw new HiveAccessControlException("User : " + currentUserName + " has to specify" + " a user name or role in the show grant. " + ADMIN_ONLY_MSG);
            }
        } else {
            // principal is specified, authorize on it
            if (!isUserAdmin()) {
                ensureShowGrantAllowed(principal);
            }
        }
        IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient();
        List<HivePrivilegeInfo> resPrivInfos = new ArrayList<HivePrivilegeInfo>();
        String principalName = principal == null ? null : principal.getName();
        PrincipalType principalType = principal == null ? null : AuthorizationUtils.getThriftPrincipalType(principal.getType());
        // get metastore/thrift privilege object using metastore api
        List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(principalName, principalType, SQLAuthorizationUtils.getThriftHiveObjectRef(privObj));
        // convert the metastore thrift objects to result objects
        for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
            // result principal
            HivePrincipal resPrincipal = new HivePrincipal(msObjPriv.getPrincipalName(), AuthorizationUtils.getHivePrincipalType(msObjPriv.getPrincipalType()));
            // result privilege
            PrivilegeGrantInfo msGrantInfo = msObjPriv.getGrantInfo();
            HivePrivilege resPrivilege = new HivePrivilege(msGrantInfo.getPrivilege(), null);
            // result object
            HiveObjectRef msObjRef = msObjPriv.getHiveObject();
            if (!isSupportedObjectType(msObjRef.getObjectType())) {
                // ignore them
                continue;
            }
            HivePrivilegeObject resPrivObj = new HivePrivilegeObject(getPluginPrivilegeObjType(msObjRef.getObjectType()), msObjRef.getDbName(), msObjRef.getObjectName(), msObjRef.getPartValues(), msObjRef.getColumnName());
            // result grantor principal
            HivePrincipal grantorPrincipal = new HivePrincipal(msGrantInfo.getGrantor(), AuthorizationUtils.getHivePrincipalType(msGrantInfo.getGrantorType()));
            HivePrivilegeInfo resPrivInfo = new HivePrivilegeInfo(resPrincipal, resPrivilege, resPrivObj, grantorPrincipal, msGrantInfo.isGrantOption(), msGrantInfo.getCreateTime());
            resPrivInfos.add(resPrivInfo);
        }
        return resPrivInfos;
    } catch (Exception e) {
        throw SQLAuthorizationUtils.getPluginException("Error showing privileges", e);
    }
}
Also used : HivePrivilegeInfo(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject) IMetaStoreClient(org.apache.hadoop.hive.metastore.IMetaStoreClient) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) TException(org.apache.thrift.TException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType)

Example 5 with HivePrivilegeInfo

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo in project ranger by apache.

the class RangerHivePlugin method showPrivileges.

@Override
public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj) throws HiveAuthzPluginException {
    List<HivePrivilegeInfo> ret;
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> RangerHiveAuthorizer.showPrivileges ==>  principal: " + principal + "HivePrivilegeObject : " + privObj.getObjectName());
    }
    if (hivePlugin == null) {
        new HiveAuthzPluginException("RangerHiveAuthorizer.showPrivileges error: hivePlugin is null");
    }
    try {
        HiveObjectRef msObjRef = AuthorizationUtils.getThriftHiveObjectRef(privObj);
        if (msObjRef.getDbName() == null) {
            throw new HiveAuthzPluginException("RangerHiveAuthorizer.showPrivileges() only supports SHOW PRIVILEGES for Hive resources and not user level");
        }
        ret = getHivePrivilegeInfos(principal, privObj);
    } catch (Exception e) {
        LOG.error("RangerHiveAuthorizer.showPrivileges() error", e);
        throw new HiveAuthzPluginException("RangerHiveAuthorizer.showPrivileges() error: " + e.getMessage(), e);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== RangerHiveAuthorizer.showPrivileges() Result: " + ret);
    }
    return ret;
}
Also used : HivePrivilegeInfo(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) SemanticException(org.apache.hadoop.hive.ql.parse.SemanticException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) IOException(java.io.IOException)

Aggregations

HivePrivilegeInfo (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo)9 HivePrincipal (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)6 HivePrivilegeObject (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)6 IOException (java.io.IOException)4 ArrayList (java.util.ArrayList)4 HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)4 HivePrivilege (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege)4 HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)3 HiveAuthzPluginException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)3 HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)2 PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)2 HiveException (org.apache.hadoop.hive.ql.metadata.HiveException)2 SemanticException (org.apache.hadoop.hive.ql.parse.SemanticException)2 HiveAuthorizer (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)2 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)2 HashMap (java.util.HashMap)1 Map (java.util.Map)1 IMetaStoreClient (org.apache.hadoop.hive.metastore.IMetaStoreClient)1 MetaException (org.apache.hadoop.hive.metastore.api.MetaException)1 PrincipalType (org.apache.hadoop.hive.metastore.api.PrincipalType)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial