use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject in project hive by apache.
the class CommandUtil method authorizeCommandThrowEx.
/**
* Authorize command. Throws exception if the check fails
* @param ss
* @param type
* @param command
* @throws HiveAuthzPluginException
* @throws HiveAccessControlException
*/
static void authorizeCommandThrowEx(SessionState ss, HiveOperationType type, List<String> command) throws HiveAuthzPluginException, HiveAccessControlException {
HivePrivilegeObject commandObj = HivePrivilegeObject.createHivePrivilegeObject(command);
HiveAuthzContext.Builder ctxBuilder = new HiveAuthzContext.Builder();
ctxBuilder.setCommandString(Joiner.on(' ').join(command));
ctxBuilder.setUserIpAddress(ss.getUserIpAddress());
ctxBuilder.setForwardedAddresses(ss.getForwardedAddresses());
ss.getAuthorizerV2().checkPrivileges(type, Arrays.asList(commandObj), null, ctxBuilder.build());
}
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject in project drill by axbaretto.
the class HiveAuthorizationHelper method authorizeShowTables.
/**
* Check authorization for "SHOW TABLES" command in given Hive db. A {@link HiveAccessControlException} is thrown
* for illegal access.
* @param dbName
*/
public void authorizeShowTables(final String dbName) throws HiveAccessControlException {
if (!authzEnabled) {
return;
}
final HivePrivilegeObject toRead = new HivePrivilegeObject(HivePrivilegeObjectType.DATABASE, dbName, null);
authorize(HiveOperationType.SHOWTABLES, ImmutableList.of(toRead), Collections.<HivePrivilegeObject>emptyList(), "SHOW TABLES");
}
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject in project hive by apache.
the class Driver method doAuthorizationV2.
private static void doAuthorizationV2(SessionState ss, HiveOperation op, Set<ReadEntity> inputs, Set<WriteEntity> outputs, String command, Map<String, List<String>> tab2cols, Map<String, List<String>> updateTab2Cols) throws HiveException {
/* comment for reviewers -> updateTab2Cols needed to be separate from tab2cols because if I
pass tab2cols to getHivePrivObjects for the output case it will trip up insert/selects,
since the insert will get passed the columns from the select.
*/
HiveAuthzContext.Builder authzContextBuilder = new HiveAuthzContext.Builder();
authzContextBuilder.setUserIpAddress(ss.getUserIpAddress());
authzContextBuilder.setForwardedAddresses(ss.getForwardedAddresses());
authzContextBuilder.setCommandString(command);
HiveOperationType hiveOpType = getHiveOperationType(op);
List<HivePrivilegeObject> inputsHObjs = getHivePrivObjects(inputs, tab2cols);
List<HivePrivilegeObject> outputHObjs = getHivePrivObjects(outputs, updateTab2Cols);
ss.getAuthorizerV2().checkPrivileges(hiveOpType, inputsHObjs, outputHObjs, authzContextBuilder.build());
}
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject in project drill by apache.
the class HiveAuthorizationHelper method authorizeShowTables.
/**
* Check authorization for "SHOW TABLES" command in given Hive db. A {@link HiveAccessControlException} is thrown
* for illegal access.
* @param dbName
*/
public void authorizeShowTables(final String dbName) throws HiveAccessControlException {
if (!authzEnabled) {
return;
}
final HivePrivilegeObject toRead = new HivePrivilegeObject(HivePrivilegeObjectType.DATABASE, dbName, null);
authorize(HiveOperationType.SHOWTABLES, ImmutableList.of(toRead), Collections.<HivePrivilegeObject>emptyList(), "SHOW TABLES");
}
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject in project hive by apache.
the class SQLStdHiveAuthorizationValidatorForTest method applyRowFilterAndColumnMasking.
// Please take a look at the instructions in HiveAuthorizer.java before
// implementing applyRowFilterAndColumnMasking
public List<HivePrivilegeObject> applyRowFilterAndColumnMasking(HiveAuthzContext context, List<HivePrivilegeObject> privObjs) throws SemanticException {
List<HivePrivilegeObject> needRewritePrivObjs = new ArrayList<>();
for (HivePrivilegeObject privObj : privObjs) {
if (privObj.getObjectName().equals("masking_test")) {
privObj.setRowFilterExpression("key % 2 = 0 and key < 10");
List<String> cellValueTransformers = new ArrayList<>();
for (String columnName : privObj.getColumns()) {
if (columnName.equals("value")) {
cellValueTransformers.add("reverse(value)");
} else {
cellValueTransformers.add(columnName);
}
}
privObj.setCellValueTransformers(cellValueTransformers);
needRewritePrivObjs.add(privObj);
} else if (privObj.getObjectName().equals("masking_test_view")) {
privObj.setRowFilterExpression("key > 6");
List<String> cellValueTransformers = new ArrayList<>();
for (String columnName : privObj.getColumns()) {
if (columnName.equals("key")) {
cellValueTransformers.add("key / 2");
} else {
cellValueTransformers.add(columnName);
}
}
privObj.setCellValueTransformers(cellValueTransformers);
needRewritePrivObjs.add(privObj);
} else if (privObj.getObjectName().equals("masking_test_subq")) {
privObj.setRowFilterExpression("key in (select key from src where src.key = masking_test_subq.key)");
needRewritePrivObjs.add(privObj);
} else if (privObj.getObjectName().equals("masking_acid_no_masking")) {
// testing acid usage when no masking/filtering is present
needRewritePrivObjs.add(privObj);
}
}
return needRewritePrivObjs;
}
Aggregations