use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType in project ranger by apache.
the class RangerHivePlugin method createHiveResourceForFiltering.
private RangerHiveResource createHiveResourceForFiltering(HivePrivilegeObject privilegeObject) {
RangerHiveResource resource = null;
HivePrivilegeObjectType objectType = privilegeObject.getType();
switch(objectType) {
case DATABASE:
case TABLE_OR_VIEW:
resource = createHiveResource(privilegeObject, getMetaStoreClient());
break;
default:
LOG.warn("RangerHiveAuthorizer.createHiveResourceForFiltering: unexpected objectType:" + objectType);
}
return resource;
}
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType in project hive by apache.
the class DefaultHiveAuthorizationTranslator method getHivePrivilegeObject.
@Override
public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) throws HiveException {
// null means ALL for show grants, GLOBAL for grant/revoke
HivePrivilegeObjectType objectType = null;
String[] dbTable;
List<String> partSpec = null;
List<String> columns = null;
if (privSubjectDesc == null) {
dbTable = new String[] { null, null };
} else {
if (privSubjectDesc.getTable()) {
dbTable = Utilities.getDbTableName(privSubjectDesc.getObject());
} else {
dbTable = new String[] { privSubjectDesc.getObject(), null };
}
if (privSubjectDesc.getPartSpec() != null) {
partSpec = new ArrayList<String>(privSubjectDesc.getPartSpec().values());
}
columns = privSubjectDesc.getColumns();
objectType = AuthorizationUtils.getPrivObjectType(privSubjectDesc);
}
return new HivePrivilegeObject(objectType, dbTable[0], dbTable[1], partSpec, columns, null);
}
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType in project hive by apache.
the class DatabaseFilterContext method getInputHObjs.
private List<HivePrivilegeObject> getInputHObjs() {
LOG.debug("==> DatabaseFilterContext.getOutputHObjs()");
List<HivePrivilegeObject> ret = new ArrayList<>();
for (String database : databases) {
HivePrivilegeObjectType type = HivePrivilegeObjectType.DATABASE;
HivePrivObjectActionType objectActionType = HivePrivObjectActionType.OTHER;
HivePrivilegeObject hivePrivilegeObject = new HivePrivilegeObject(type, database, null, null, null, objectActionType, null, null);
ret.add(hivePrivilegeObject);
}
LOG.debug("<== DatabaseFilterContext.getOutputHObjs(): ret=" + ret);
return ret;
}
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType in project hive by apache.
the class Driver method getHivePrivObjects.
private static List<HivePrivilegeObject> getHivePrivObjects(Set<? extends Entity> privObjects, Map<String, List<String>> tableName2Cols) {
List<HivePrivilegeObject> hivePrivobjs = new ArrayList<HivePrivilegeObject>();
if (privObjects == null) {
return hivePrivobjs;
}
for (Entity privObject : privObjects) {
HivePrivilegeObjectType privObjType = AuthorizationUtils.getHivePrivilegeObjectType(privObject.getType());
if (privObject.isDummy()) {
// do not authorize dummy readEntity or writeEntity
continue;
}
if (privObject instanceof ReadEntity && !((ReadEntity) privObject).isDirect()) {
// See description of the isDirect in ReadEntity
continue;
}
if (privObject instanceof WriteEntity && ((WriteEntity) privObject).isTempURI()) {
// do not authorize temporary uris
continue;
}
// support for authorization on partitions needs to be added
String dbname = null;
String objName = null;
List<String> partKeys = null;
List<String> columns = null;
String className = null;
switch(privObject.getType()) {
case DATABASE:
dbname = privObject.getDatabase().getName();
break;
case TABLE:
dbname = privObject.getTable().getDbName();
objName = privObject.getTable().getTableName();
columns = tableName2Cols == null ? null : tableName2Cols.get(Table.getCompleteName(dbname, objName));
break;
case DFS_DIR:
case LOCAL_DIR:
objName = privObject.getD().toString();
break;
case FUNCTION:
if (privObject.getDatabase() != null) {
dbname = privObject.getDatabase().getName();
}
objName = privObject.getFunctionName();
className = privObject.getClassName();
break;
case DUMMYPARTITION:
case PARTITION:
// not currently handled
continue;
case SERVICE_NAME:
objName = privObject.getServiceName();
break;
default:
throw new AssertionError("Unexpected object type");
}
HivePrivObjectActionType actionType = AuthorizationUtils.getActionType(privObject);
HivePrivilegeObject hPrivObject = new HivePrivilegeObject(privObjType, dbname, objName, partKeys, columns, actionType, null, className);
hivePrivobjs.add(hPrivObject);
}
return hivePrivobjs;
}
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType in project ranger by apache.
the class RangerHivePlugin method createHiveResource.
RangerHiveResource createHiveResource(HivePrivilegeObject privilegeObject) {
RangerHiveResource resource = null;
HivePrivilegeObjectType objectType = privilegeObject.getType();
String objectName = privilegeObject.getObjectName();
String dbName = privilegeObject.getDbname();
switch(objectType) {
case DATABASE:
resource = new RangerHiveResource(HiveObjectType.DATABASE, objectName);
break;
case TABLE_OR_VIEW:
resource = new RangerHiveResource(HiveObjectType.TABLE, dbName, objectName);
break;
default:
LOG.warn("RangerHiveAuthorizer.getHiveResource: unexpected objectType:" + objectType);
}
if (resource != null) {
resource.setServiceDef(hivePlugin == null ? null : hivePlugin.getServiceDef());
}
return resource;
}
Aggregations