Search in sources :

Example 1 with HivePrivilegeObjectType

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType in project ranger by apache.

the class RangerHivePlugin method createHiveResourceForFiltering.

private RangerHiveResource createHiveResourceForFiltering(HivePrivilegeObject privilegeObject) {
    RangerHiveResource resource = null;
    HivePrivilegeObjectType objectType = privilegeObject.getType();
    switch(objectType) {
        case DATABASE:
        case TABLE_OR_VIEW:
            resource = createHiveResource(privilegeObject, getMetaStoreClient());
            break;
        default:
            LOG.warn("RangerHiveAuthorizer.createHiveResourceForFiltering: unexpected objectType:" + objectType);
    }
    return resource;
}
Also used : HivePrivilegeObjectType(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType)

Example 2 with HivePrivilegeObjectType

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType in project hive by apache.

the class DefaultHiveAuthorizationTranslator method getHivePrivilegeObject.

@Override
public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) throws HiveException {
    // null means ALL for show grants, GLOBAL for grant/revoke
    HivePrivilegeObjectType objectType = null;
    String[] dbTable;
    List<String> partSpec = null;
    List<String> columns = null;
    if (privSubjectDesc == null) {
        dbTable = new String[] { null, null };
    } else {
        if (privSubjectDesc.getTable()) {
            dbTable = Utilities.getDbTableName(privSubjectDesc.getObject());
        } else {
            dbTable = new String[] { privSubjectDesc.getObject(), null };
        }
        if (privSubjectDesc.getPartSpec() != null) {
            partSpec = new ArrayList<String>(privSubjectDesc.getPartSpec().values());
        }
        columns = privSubjectDesc.getColumns();
        objectType = AuthorizationUtils.getPrivObjectType(privSubjectDesc);
    }
    return new HivePrivilegeObject(objectType, dbTable[0], dbTable[1], partSpec, columns, null);
}
Also used : HivePrivilegeObjectType(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Example 3 with HivePrivilegeObjectType

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType in project hive by apache.

the class DatabaseFilterContext method getInputHObjs.

private List<HivePrivilegeObject> getInputHObjs() {
    LOG.debug("==> DatabaseFilterContext.getOutputHObjs()");
    List<HivePrivilegeObject> ret = new ArrayList<>();
    for (String database : databases) {
        HivePrivilegeObjectType type = HivePrivilegeObjectType.DATABASE;
        HivePrivObjectActionType objectActionType = HivePrivObjectActionType.OTHER;
        HivePrivilegeObject hivePrivilegeObject = new HivePrivilegeObject(type, database, null, null, null, objectActionType, null, null);
        ret.add(hivePrivilegeObject);
    }
    LOG.debug("<== DatabaseFilterContext.getOutputHObjs(): ret=" + ret);
    return ret;
}
Also used : HivePrivObjectActionType(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivObjectActionType) ArrayList(java.util.ArrayList) HivePrivilegeObjectType(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Example 4 with HivePrivilegeObjectType

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType in project hive by apache.

the class Driver method getHivePrivObjects.

private static List<HivePrivilegeObject> getHivePrivObjects(Set<? extends Entity> privObjects, Map<String, List<String>> tableName2Cols) {
    List<HivePrivilegeObject> hivePrivobjs = new ArrayList<HivePrivilegeObject>();
    if (privObjects == null) {
        return hivePrivobjs;
    }
    for (Entity privObject : privObjects) {
        HivePrivilegeObjectType privObjType = AuthorizationUtils.getHivePrivilegeObjectType(privObject.getType());
        if (privObject.isDummy()) {
            // do not authorize dummy readEntity or writeEntity
            continue;
        }
        if (privObject instanceof ReadEntity && !((ReadEntity) privObject).isDirect()) {
            // See description of the isDirect in ReadEntity
            continue;
        }
        if (privObject instanceof WriteEntity && ((WriteEntity) privObject).isTempURI()) {
            // do not authorize temporary uris
            continue;
        }
        // support for authorization on partitions needs to be added
        String dbname = null;
        String objName = null;
        List<String> partKeys = null;
        List<String> columns = null;
        String className = null;
        switch(privObject.getType()) {
            case DATABASE:
                dbname = privObject.getDatabase().getName();
                break;
            case TABLE:
                dbname = privObject.getTable().getDbName();
                objName = privObject.getTable().getTableName();
                columns = tableName2Cols == null ? null : tableName2Cols.get(Table.getCompleteName(dbname, objName));
                break;
            case DFS_DIR:
            case LOCAL_DIR:
                objName = privObject.getD().toString();
                break;
            case FUNCTION:
                if (privObject.getDatabase() != null) {
                    dbname = privObject.getDatabase().getName();
                }
                objName = privObject.getFunctionName();
                className = privObject.getClassName();
                break;
            case DUMMYPARTITION:
            case PARTITION:
                // not currently handled
                continue;
            case SERVICE_NAME:
                objName = privObject.getServiceName();
                break;
            default:
                throw new AssertionError("Unexpected object type");
        }
        HivePrivObjectActionType actionType = AuthorizationUtils.getActionType(privObject);
        HivePrivilegeObject hPrivObject = new HivePrivilegeObject(privObjType, dbname, objName, partKeys, columns, actionType, null, className);
        hivePrivobjs.add(hPrivObject);
    }
    return hivePrivobjs;
}
Also used : ReadEntity(org.apache.hadoop.hive.ql.hooks.ReadEntity) WriteEntity(org.apache.hadoop.hive.ql.hooks.WriteEntity) ReadEntity(org.apache.hadoop.hive.ql.hooks.ReadEntity) Entity(org.apache.hadoop.hive.ql.hooks.Entity) HivePrivObjectActionType(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivObjectActionType) ArrayList(java.util.ArrayList) HivePrivilegeObjectType(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject) WriteEntity(org.apache.hadoop.hive.ql.hooks.WriteEntity)

Example 5 with HivePrivilegeObjectType

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType in project ranger by apache.

the class RangerHivePlugin method createHiveResource.

RangerHiveResource createHiveResource(HivePrivilegeObject privilegeObject) {
    RangerHiveResource resource = null;
    HivePrivilegeObjectType objectType = privilegeObject.getType();
    String objectName = privilegeObject.getObjectName();
    String dbName = privilegeObject.getDbname();
    switch(objectType) {
        case DATABASE:
            resource = new RangerHiveResource(HiveObjectType.DATABASE, objectName);
            break;
        case TABLE_OR_VIEW:
            resource = new RangerHiveResource(HiveObjectType.TABLE, dbName, objectName);
            break;
        default:
            LOG.warn("RangerHiveAuthorizer.getHiveResource: unexpected objectType:" + objectType);
    }
    if (resource != null) {
        resource.setServiceDef(hivePlugin == null ? null : hivePlugin.getServiceDef());
    }
    return resource;
}
Also used : HivePrivilegeObjectType(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType)

Aggregations

HivePrivilegeObjectType (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType)10 HivePrivilegeObject (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)7 HivePrivObjectActionType (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivObjectActionType)5 ArrayList (java.util.ArrayList)4 RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)2 DataConnector (org.apache.hadoop.hive.metastore.api.DataConnector)1 Database (org.apache.hadoop.hive.metastore.api.Database)1 Table (org.apache.hadoop.hive.metastore.api.Table)1 Entity (org.apache.hadoop.hive.ql.hooks.Entity)1 ReadEntity (org.apache.hadoop.hive.ql.hooks.ReadEntity)1 WriteEntity (org.apache.hadoop.hive.ql.hooks.WriteEntity)1 HiveException (org.apache.hadoop.hive.ql.metadata.HiveException)1 Table (org.apache.hadoop.hive.ql.metadata.Table)1 HiveAuthzSessionContext (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext)1 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1 RangerAccessResult (org.apache.ranger.plugin.policyengine.RangerAccessResult)1