Examples with HiveResourceACLs org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs used on opensource projects

Search in sources :

Example 1 with HiveResourceACLs

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs in project hive by apache.

the class TestHDFSPermissionPolicyProvider method testPolicyProvider.

@Test
public void testPolicyProvider() throws Exception {
    HDFSPermissionPolicyProvider policyProvider = new HDFSPermissionPolicyProvider(conf);
    FileSystem fs = FileSystem.get(conf);
    fs.setOwner(new Path(defaultTbl1Loc), "user1", "group1");
    fs.setOwner(new Path(defaultTbl2Loc), "user1", "group1");
    fs.setOwner(new Path(db1Loc), "user1", "group1");
    fs.setOwner(new Path(db1Tbl1Loc), "user1", "group1");
    // r--r--r--
    fs.setPermission(new Path(defaultTbl1Loc), new FsPermission("444"));
    HiveResourceACLs acls = policyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, "default", "tbl1"));
    assertEquals(acls.getUserPermissions().size(), 1);
    assertTrue(acls.getUserPermissions().keySet().contains("user1"));
    assertEquals(acls.getGroupPermissions().size(), 2);
    assertTrue(acls.getGroupPermissions().keySet().contains("group1"));
    assertTrue(acls.getGroupPermissions().keySet().contains("public"));
    // r--r-----
    fs.setPermission(new Path(defaultTbl1Loc), new FsPermission("440"));
    acls = policyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, "default", "tbl1"));
    assertEquals(acls.getUserPermissions().size(), 1);
    assertEquals(acls.getUserPermissions().keySet().iterator().next(), "user1");
    assertEquals(acls.getGroupPermissions().size(), 1);
    assertTrue(acls.getGroupPermissions().keySet().contains("group1"));
    // r-----r--
    fs.setPermission(new Path(defaultTbl1Loc), new FsPermission("404"));
    acls = policyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, "default", "tbl1"));
    assertEquals(acls.getUserPermissions().size(), 1);
    assertTrue(acls.getUserPermissions().keySet().contains("user1"));
    assertEquals(acls.getGroupPermissions().size(), 1);
    assertTrue(acls.getGroupPermissions().keySet().contains("public"));
    // r--------
    fs.setPermission(new Path(defaultTbl1Loc), new FsPermission("400"));
    acls = policyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, "default", "tbl1"));
    assertEquals(acls.getUserPermissions().size(), 1);
    assertTrue(acls.getUserPermissions().keySet().contains("user1"));
    assertEquals(acls.getGroupPermissions().size(), 0);
    // ------r--
    fs.setPermission(new Path(defaultTbl1Loc), new FsPermission("004"));
    // rwxrwxrwx
    fs.setPermission(new Path(defaultTbl2Loc), new FsPermission("777"));
    acls = policyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, "default", "tbl1"));
    assertEquals(acls.getUserPermissions().size(), 0);
    assertEquals(acls.getGroupPermissions().size(), 1);
    assertTrue(acls.getGroupPermissions().keySet().contains("public"));
    acls = policyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, "default", "tbl2"));
    assertEquals(acls.getUserPermissions().size(), 1);
    assertTrue(acls.getUserPermissions().keySet().contains("user1"));
    assertEquals(acls.getGroupPermissions().size(), 2);
    assertTrue(acls.getGroupPermissions().keySet().contains("group1"));
    assertTrue(acls.getGroupPermissions().keySet().contains("public"));
    // ------r--
    fs.setPermission(new Path(db1Loc), new FsPermission("400"));
    fs.delete(new Path(db1Tbl1Loc), true);
    acls = policyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.DATABASE, "db1", null));
    assertEquals(acls.getUserPermissions().size(), 1);
    assertTrue(acls.getUserPermissions().keySet().contains("user1"));
    assertEquals(acls.getGroupPermissions().size(), 0);
    acls = policyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, "db1", "tbl1"));
    assertEquals(acls.getUserPermissions().size(), 1);
    assertTrue(acls.getUserPermissions().keySet().contains("user1"));
    assertEquals(acls.getGroupPermissions().size(), 0);
}
Also used : Path(org.apache.hadoop.fs.Path) FileSystem(org.apache.hadoop.fs.FileSystem) FsPermission(org.apache.hadoop.fs.permission.FsPermission) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject) HiveResourceACLs(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs) HDFSPermissionPolicyProvider(org.apache.hadoop.hive.ql.security.authorization.HDFSPermissionPolicyProvider) Test(org.junit.Test)

Example 2 with HiveResourceACLs

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs in project hive by apache.

the class PrivilegeSynchronizer method addGrantPrivilegesToBag.

private void addGrantPrivilegesToBag(HivePolicyProvider policyProvider, PrivilegeBag privBag, HiveObjectType type, String dbName, String objName, String columnName, String authorizer) throws Exception {
    HiveResourceACLs objectAcls = null;
    switch(type) {
        case DATACONNECTOR:
            objectAcls = policyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.DATACONNECTOR, null, objName));
            break;
        case DATABASE:
            objectAcls = policyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.DATABASE, dbName, null));
            break;
        case TABLE:
            objectAcls = policyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, dbName, objName));
            break;
        case COLUMN:
            objectAcls = policyProvider.getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.COLUMN, dbName, objName, null, columnName));
            break;
        default:
            throw new RuntimeException("Get unknown object type " + type);
    }
    if (objectAcls == null) {
        return;
    }
    addACLsToBag(objectAcls.getUserPermissions(), privBag, type, dbName, objName, columnName, PrincipalType.USER, authorizer);
    addACLsToBag(objectAcls.getGroupPermissions(), privBag, type, dbName, objName, columnName, PrincipalType.GROUP, authorizer);
}
Also used : HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject) HiveResourceACLs(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs)

Example 3 with HiveResourceACLs

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs in project hive by apache.

the class HDFSPermissionPolicyProvider method getResourceACLs.

@Override
public HiveResourceACLs getResourceACLs(HivePrivilegeObject hiveObject) {
    HiveResourceACLs acls = null;
    try {
        switch(hiveObject.getType()) {
            case DATABASE:
                Database db = Hive.get().getDatabase(hiveObject.getDbname());
                acls = getResourceACLs(new Path(db.getLocationUri()));
                break;
            case TABLE_OR_VIEW:
            case COLUMN:
                Table table = Hive.get().getTable(hiveObject.getDbname(), hiveObject.getObjectName());
                acls = getResourceACLs(new Path(table.getTTable().getSd().getLocation()));
                break;
            default:
                // Shall never happen
                throw new RuntimeException("Unknown request type:" + hiveObject.getType());
        }
    } catch (Exception e) {
    }
    return acls;
}
Also used : Path(org.apache.hadoop.fs.Path) Table(org.apache.hadoop.hive.ql.metadata.Table) Database(org.apache.hadoop.hive.metastore.api.Database) HiveResourceACLs(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs) IOException(java.io.IOException)

Example 4 with HiveResourceACLs

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs in project ranger by apache.

the class RangerHivePolicyProvider method getResourceACLs.

@Override
public HiveResourceACLs getResourceACLs(HivePrivilegeObject hiveObject) {
    HiveResourceACLs ret;
    RangerPerfTracer perf = null;
    if (RangerPerfTracer.isPerfTraceEnabled(PERF_HIVEACLPROVIDER_REQUEST_LOG)) {
        perf = RangerPerfTracer.getPerfTracer(PERF_HIVEACLPROVIDER_REQUEST_LOG, "RangerHivePolicyProvider.getResourceACLS()");
    }
    // Extract and build RangerHiveResource from inputObject
    RangerHiveResource hiveResource = RangerHiveAuthorizer.createHiveResource(hiveObject, null);
    ret = getResourceACLs(hiveResource);
    RangerPerfTracer.log(perf);
    return ret;
}
Also used : RangerPerfTracer(org.apache.ranger.plugin.util.RangerPerfTracer) HiveResourceACLs(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs)

Example 5 with HiveResourceACLs

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs in project ranger by apache.

the class RangerHivePolicyProvider method getResourceACLs.

public HiveResourceACLs getResourceACLs(RangerHiveResource hiveResource) {
    HiveResourceACLs ret;
    RangerAccessRequestImpl request = new RangerAccessRequestImpl(hiveResource, RangerPolicyEngine.ANY_ACCESS, null, null, null);
    RangerResourceACLs acls = rangerPlugin.getResourceACLs(request);
    if (LOG.isDebugEnabled()) {
        LOG.debug("HiveResource:[" + hiveResource.getAsString() + "], Computed ACLS:[" + acls + "]");
    }
    Map<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> userPermissions = convertRangerACLsToHiveACLs(acls.getUserACLs());
    Map<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> groupPermissions = convertRangerACLsToHiveACLs(acls.getGroupACLs());
    ret = new RangerHiveResourceACLs(userPermissions, groupPermissions);
    return ret;
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) RangerResourceACLs(org.apache.ranger.plugin.policyengine.RangerResourceACLs) HiveResourceACLs(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

HiveResourceACLs (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs)5 Path (org.apache.hadoop.fs.Path)2 HivePrivilegeObject (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)2 IOException (java.io.IOException)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 FileSystem (org.apache.hadoop.fs.FileSystem)1 FsPermission (org.apache.hadoop.fs.permission.FsPermission)1 Database (org.apache.hadoop.hive.metastore.api.Database)1 Table (org.apache.hadoop.hive.ql.metadata.Table)1 HDFSPermissionPolicyProvider (org.apache.hadoop.hive.ql.security.authorization.HDFSPermissionPolicyProvider)1 RangerAccessRequestImpl (org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl)1 RangerResourceACLs (org.apache.ranger.plugin.policyengine.RangerResourceACLs)1 RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)1 Test (org.junit.Test)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial