Examples with HivePrivilegeObject org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject used on opensource projects

Search in sources :

Example 46 with HivePrivilegeObject

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject in project hive by apache.

the class AddPartitionEvent method getOutputHObjs.

private List<HivePrivilegeObject> getOutputHObjs() {
    LOG.debug("==> AddPartitionEvent.getOutputHObjs()");
    List<HivePrivilegeObject> ret = new ArrayList<>();
    PreAddPartitionEvent event = (PreAddPartitionEvent) preEventContext;
    Table table = event.getTable();
    ret.add(getHivePrivilegeObject(table));
    List<Partition> partitions = event.getPartitions();
    if (partitions != null) {
        for (Partition partition : partitions) {
            String uri = getSdLocation(partition.getSd());
            if (StringUtils.isNotEmpty(uri)) {
                ret.add(getHivePrivilegeObjectDfsUri(uri));
            }
        }
    }
    COMMAND_STR = buildCommandString(COMMAND_STR, table);
    LOG.debug("<== AddPartitionEvent.getOutputHObjs(): ret={}", ret);
    return ret;
}
Also used : Partition(org.apache.hadoop.hive.metastore.api.Partition) PreAddPartitionEvent(org.apache.hadoop.hive.metastore.events.PreAddPartitionEvent) Table(org.apache.hadoop.hive.metastore.api.Table) ArrayList(java.util.ArrayList) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Example 47 with HivePrivilegeObject

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject in project hive by apache.

the class CreateDatabaseEvent method getOutputHObjs.

private List<HivePrivilegeObject> getOutputHObjs() {
    LOG.debug("==> CreateDatabaseEvent.getOutputHObjs()");
    List<HivePrivilegeObject> ret = new ArrayList<>();
    PreCreateDatabaseEvent event = (PreCreateDatabaseEvent) preEventContext;
    Database database = event.getDatabase();
    String uri = (database != null) ? database.getLocationUri() : "";
    if (database != null) {
        ret.add(getHivePrivilegeObject(database));
        if (StringUtils.isNotEmpty(uri)) {
            ret.add(getHivePrivilegeObjectDfsUri(uri));
        }
        COMMAND_STR = buildCommandString(COMMAND_STR, database);
        LOG.debug("<== CreateDatabaseEvent.getOutputHObjs(): ret={}", ret);
    }
    return ret;
}
Also used : PreCreateDatabaseEvent(org.apache.hadoop.hive.metastore.events.PreCreateDatabaseEvent) ArrayList(java.util.ArrayList) Database(org.apache.hadoop.hive.metastore.api.Database) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Example 48 with HivePrivilegeObject

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject in project hive by apache.

the class CreateTableEvent method getOutputHObjs.

private List<HivePrivilegeObject> getOutputHObjs() {
    LOG.debug("==> CreateTableEvent.getOutputHObjs()");
    List<HivePrivilegeObject> ret = new ArrayList<>();
    PreCreateTableEvent event = (PreCreateTableEvent) preEventContext;
    Table table = event.getTable();
    String uri = getSdLocation(table.getSd());
    ret.add(getHivePrivilegeObject(table));
    if (StringUtils.isNotEmpty(uri)) {
        ret.add(new HivePrivilegeObject(HivePrivilegeObjectType.DFS_URI, null, uri));
    }
    COMMAND_STR = buildCommandString(COMMAND_STR, table);
    LOG.debug("<== CreateTableEvent.getOutputHObjs(): ret={}", ret);
    return ret;
}
Also used : Table(org.apache.hadoop.hive.metastore.api.Table) ArrayList(java.util.ArrayList) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject) PreCreateTableEvent(org.apache.hadoop.hive.metastore.events.PreCreateTableEvent)

Example 49 with HivePrivilegeObject

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject in project hive by apache.

the class DropFunctionEvent method getInputHObjs.

private List<HivePrivilegeObject> getInputHObjs() {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> DropFunctionEvent.getInputHObjs()");
    }
    List<HivePrivilegeObject> ret = new ArrayList<>();
    PreDropFunctionEvent event = (PreDropFunctionEvent) preEventContext;
    Function function = event.getFunction();
    List<ResourceUri> uris = function.getResourceUris();
    ret.add(new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.FUNCTION, function.getDbName(), function.getFunctionName(), null, null, HivePrivilegeObject.HivePrivObjectActionType.OTHER, null, function.getClassName(), function.getOwnerName(), function.getOwnerType()));
    if (uris != null && !uris.isEmpty()) {
        for (ResourceUri uri : uris) {
            ret.add(new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.DFS_URI, null, uri.getUri()));
        }
    }
    COMMAND_STR = buildCommandString(function);
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== DropFunctionEvent.getInputHObjs(): ret=" + ret);
    }
    return ret;
}
Also used : Function(org.apache.hadoop.hive.metastore.api.Function) ResourceUri(org.apache.hadoop.hive.metastore.api.ResourceUri) ArrayList(java.util.ArrayList) PreDropFunctionEvent(org.apache.hadoop.hive.metastore.events.PreDropFunctionEvent) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Example 50 with HivePrivilegeObject

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject in project hive by apache.

the class SQLStdHiveAuthorizationValidator method checkPrivileges.

private void checkPrivileges(HiveOperationType hiveOpType, List<HivePrivilegeObject> hiveObjects, IMetaStoreClient metastoreClient, String userName, IOType ioType, List<String> deniedMessages) throws HiveAuthzPluginException, HiveAccessControlException {
    if (hiveObjects == null) {
        return;
    }
    // Special-casing for ADMIN-level operations that do not require object checking.
    if (Operation2Privilege.isAdminPrivOperation(hiveOpType)) {
        // Require ADMIN privilege
        if (!privController.isUserAdmin()) {
            deniedMessages.add(SQLPrivTypeGrant.ADMIN_PRIV.toString() + " on " + ioType);
        }
        // Ignore object, fail if not admin, succeed if admin.
        return;
    }
    // Compare required privileges and available privileges for each hive object
    for (HivePrivilegeObject hiveObj : hiveObjects) {
        RequiredPrivileges requiredPrivs = Operation2Privilege.getRequiredPrivs(hiveOpType, hiveObj, ioType);
        if (requiredPrivs.getRequiredPrivilegeSet().isEmpty()) {
            // no privileges required, so don't need to check this object privileges
            continue;
        }
        // find available privileges
        // start with an empty priv set;
        RequiredPrivileges availPrivs = new RequiredPrivileges();
        switch(hiveObj.getType()) {
            case LOCAL_URI:
            case DFS_URI:
                availPrivs = SQLAuthorizationUtils.getPrivilegesFromFS(new Path(hiveObj.getObjectName()), conf, userName);
                break;
            case PARTITION:
                // ignore partitions
                continue;
            case COMMAND_PARAMS:
            case SERVICE_NAME:
                // solely on the type
                if (privController.isUserAdmin()) {
                    availPrivs.addPrivilege(SQLPrivTypeGrant.ADMIN_PRIV);
                }
                break;
            case FUNCTION:
                // standard authorization.
                continue;
            default:
                availPrivs = SQLAuthorizationUtils.getPrivilegesFromMetaStore(metastoreClient, userName, hiveObj, privController.getCurrentRoleNames(), privController.isUserAdmin());
        }
        // Verify that there are no missing privileges
        Collection<SQLPrivTypeGrant> missingPriv = requiredPrivs.findMissingPrivs(availPrivs);
        SQLAuthorizationUtils.addMissingPrivMsg(missingPriv, hiveObj, deniedMessages);
    }
}
Also used : Path(org.apache.hadoop.fs.Path) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Aggregations

HivePrivilegeObject (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)68 ArrayList (java.util.ArrayList)39 Table (org.apache.hadoop.hive.metastore.api.Table)11 HiveException (org.apache.hadoop.hive.ql.metadata.HiveException)10 IOException (java.io.IOException)9 HivePrincipal (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)9 HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)8 HiveAuthzContext (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext)8 HivePrivilegeObjectType (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType)8 HivePrivilege (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege)7 Table (org.apache.hadoop.hive.ql.metadata.Table)6 HiveAuthorizer (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)6 HivePrivilegeInfo (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo)6 MetaException (org.apache.hadoop.hive.metastore.api.MetaException)5 IMetaStoreClient (org.apache.hadoop.hive.metastore.IMetaStoreClient)4 Database (org.apache.hadoop.hive.metastore.api.Database)4 InvalidOperationException (org.apache.hadoop.hive.metastore.api.InvalidOperationException)4 NoSuchObjectException (org.apache.hadoop.hive.metastore.api.NoSuchObjectException)4 HiveOperationType (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType)4 HivePrivObjectActionType (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivObjectActionType)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial