Search in sources :

Example 41 with HivePrivilegeObject

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject in project drill by axbaretto.

the class HiveAuthorizationHelper method authorizeReadTable.

/**
 * Check authorization for "READ TABLE" for given db.table. A {@link HiveAccessControlException} is thrown
 * for illegal access.
 * @param dbName
 * @param tableName
 */
public void authorizeReadTable(final String dbName, final String tableName) throws HiveAccessControlException {
    if (!authzEnabled) {
        return;
    }
    HivePrivilegeObject toRead = new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, dbName, tableName);
    authorize(HiveOperationType.QUERY, ImmutableList.of(toRead), Collections.<HivePrivilegeObject>emptyList(), "READ TABLE");
}
Also used : HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Example 42 with HivePrivilegeObject

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject in project hive by apache.

the class AlterDatabaseEvent method getOutputHObjs.

private List<HivePrivilegeObject> getOutputHObjs() {
    LOG.debug("==> AlterDatabaseEvent.getOutputHObjs()");
    List<HivePrivilegeObject> ret = new ArrayList<>();
    PreAlterDatabaseEvent event = (PreAlterDatabaseEvent) preEventContext;
    Database database = event.getNewDatabase();
    if (database != null) {
        ret.add(getHivePrivilegeObject(database));
        String newUri = (database != null) ? database.getLocationUri() : "";
        if (StringUtils.isNotEmpty(newUri)) {
            ret.add(getHivePrivilegeObjectDfsUri(newUri));
        }
        COMMAND_STR = buildCommandString(COMMAND_STR, database);
        LOG.debug("<== AlterDatabaseEvent.getOutputHObjs(): ret={}", ret);
    }
    return ret;
}
Also used : PreAlterDatabaseEvent(org.apache.hadoop.hive.metastore.events.PreAlterDatabaseEvent) ArrayList(java.util.ArrayList) Database(org.apache.hadoop.hive.metastore.api.Database) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Example 43 with HivePrivilegeObject

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject in project hive by apache.

the class HiveMetaStoreAuthorizer method getFilteredDatabaseList.

private List<String> getFilteredDatabaseList(List<HivePrivilegeObject> hivePrivilegeObjects) {
    List<String> ret = new ArrayList<>();
    for (HivePrivilegeObject hivePrivilegeObject : hivePrivilegeObjects) {
        String dbName = hivePrivilegeObject.getDbname();
        ret.add(dbName);
    }
    return ret;
}
Also used : ArrayList(java.util.ArrayList) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Example 44 with HivePrivilegeObject

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject in project hive by apache.

the class AddPartitionEvent method getOutputHObjs.

private List<HivePrivilegeObject> getOutputHObjs() {
    LOG.debug("==> AddPartitionEvent.getOutputHObjs()");
    List<HivePrivilegeObject> ret = new ArrayList<>();
    PreAddPartitionEvent event = (PreAddPartitionEvent) preEventContext;
    Table table = event.getTable();
    ret.add(getHivePrivilegeObject(table));
    List<Partition> partitions = event.getPartitions();
    if (partitions != null) {
        for (Partition partition : partitions) {
            String uri = getSdLocation(partition.getSd());
            if (StringUtils.isNotEmpty(uri)) {
                ret.add(getHivePrivilegeObjectDfsUri(uri));
            }
        }
    }
    COMMAND_STR = buildCommandString(COMMAND_STR, table);
    LOG.debug("<== AddPartitionEvent.getOutputHObjs(): ret={}", ret);
    return ret;
}
Also used : Partition(org.apache.hadoop.hive.metastore.api.Partition) PreAddPartitionEvent(org.apache.hadoop.hive.metastore.events.PreAddPartitionEvent) Table(org.apache.hadoop.hive.metastore.api.Table) ArrayList(java.util.ArrayList) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Example 45 with HivePrivilegeObject

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject in project hive by apache.

the class CreateDatabaseEvent method getOutputHObjs.

private List<HivePrivilegeObject> getOutputHObjs() {
    LOG.debug("==> CreateDatabaseEvent.getOutputHObjs()");
    List<HivePrivilegeObject> ret = new ArrayList<>();
    PreCreateDatabaseEvent event = (PreCreateDatabaseEvent) preEventContext;
    Database database = event.getDatabase();
    String uri = (database != null) ? database.getLocationUri() : "";
    if (database != null) {
        ret.add(getHivePrivilegeObject(database));
        if (StringUtils.isNotEmpty(uri)) {
            ret.add(getHivePrivilegeObjectDfsUri(uri));
        }
        COMMAND_STR = buildCommandString(COMMAND_STR, database);
        LOG.debug("<== CreateDatabaseEvent.getOutputHObjs(): ret={}", ret);
    }
    return ret;
}
Also used : PreCreateDatabaseEvent(org.apache.hadoop.hive.metastore.events.PreCreateDatabaseEvent) ArrayList(java.util.ArrayList) Database(org.apache.hadoop.hive.metastore.api.Database) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Aggregations

HivePrivilegeObject (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)68 ArrayList (java.util.ArrayList)39 Table (org.apache.hadoop.hive.metastore.api.Table)11 HiveException (org.apache.hadoop.hive.ql.metadata.HiveException)10 IOException (java.io.IOException)9 HivePrincipal (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)9 HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)8 HiveAuthzContext (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext)8 HivePrivilegeObjectType (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType)8 HivePrivilege (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege)7 Table (org.apache.hadoop.hive.ql.metadata.Table)6 HiveAuthorizer (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)6 HivePrivilegeInfo (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo)6 MetaException (org.apache.hadoop.hive.metastore.api.MetaException)5 IMetaStoreClient (org.apache.hadoop.hive.metastore.IMetaStoreClient)4 Database (org.apache.hadoop.hive.metastore.api.Database)4 InvalidOperationException (org.apache.hadoop.hive.metastore.api.InvalidOperationException)4 NoSuchObjectException (org.apache.hadoop.hive.metastore.api.NoSuchObjectException)4 HiveOperationType (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType)4 HivePrivObjectActionType (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivObjectActionType)4