Example 1 with HiveRoleGrant
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant in project hive by apache.
the class DDLTask method writeHiveRoleGrantInfo.
private String writeHiveRoleGrantInfo(List<HiveRoleGrant> roleGrants, boolean testMode) {
if (roleGrants == null || roleGrants.isEmpty()) {
return "";
}
StringBuilder builder = new StringBuilder();
// sort the list to get sorted (deterministic) output (for ease of testing)
Collections.sort(roleGrants);
for (HiveRoleGrant roleGrant : roleGrants) {
// schema:
// principal_name,principal_type,grant_option,grantor,grantor_type,grant_time
appendNonNull(builder, roleGrant.getPrincipalName(), true);
appendNonNull(builder, roleGrant.getPrincipalType());
appendNonNull(builder, roleGrant.isGrantOption());
appendNonNull(builder, roleGrant.getGrantor());
appendNonNull(builder, roleGrant.getGrantorType());
appendNonNull(builder, testMode ? -1 : roleGrant.getGrantTime() * 1000L);
}
return builder.toString();
}
Also used :
HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)
Example 2 with HiveRoleGrant
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant in project hive by apache.
the class DDLTask method writeRolesGrantedInfo.
static String writeRolesGrantedInfo(List<HiveRoleGrant> roles, boolean testMode) {
if (roles == null || roles.isEmpty()) {
return "";
}
StringBuilder builder = new StringBuilder();
// sort the list to get sorted (deterministic) output (for ease of testing)
Collections.sort(roles);
for (HiveRoleGrant role : roles) {
appendNonNull(builder, role.getRoleName(), true);
appendNonNull(builder, role.isGrantOption());
appendNonNull(builder, testMode ? -1 : role.getGrantTime() * 1000L);
appendNonNull(builder, role.getGrantor());
}
return builder.toString();
}
Also used :
HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)
Example 3 with HiveRoleGrant
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant in project ranger by apache.
the class RangerHivePlugin method getHiveRoleGrant.
private HiveRoleGrant getHiveRoleGrant(RangerRole role, RangerRole.RoleMember roleMember, String type) {
HiveRoleGrant ret = new HiveRoleGrant();
ret.setRoleName(role.getName());
ret.setGrantOption(roleMember.getIsAdmin());
ret.setGrantor(role.getCreatedByUser());
ret.setGrantorType(HivePrincipal.HivePrincipalType.USER.name());
ret.setPrincipalName(roleMember.getName());
ret.setPrincipalType(type);
if (role.getUpdateTime() != null) {
ret.setGrantTime((int) (role.getUpdateTime().getTime() / 1000));
}
return ret;
}
Also used :
HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)
Example 4 with HiveRoleGrant
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant in project hive by apache.
the class ShowPrincipalsOperation method execute.
@Override
public int execute() throws HiveException, IOException {
HiveAuthorizer authorizer = PrivilegeUtils.getSessionAuthorizer(context.getConf());
boolean testMode = context.getConf().getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST);
List<HiveRoleGrant> roleGrants = authorizer.getPrincipalGrantInfoForRole(desc.getName());
ShowUtils.writeToFile(writeHiveRoleGrantInfo(roleGrants, testMode), desc.getResFile(), context);
return 0;
}
Also used :
HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)
HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)
Example 5 with HiveRoleGrant
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant in project hive by apache.
the class ShowPrincipalsOperation method writeHiveRoleGrantInfo.
private String writeHiveRoleGrantInfo(List<HiveRoleGrant> roleGrants, boolean testMode) {
if (roleGrants == null || roleGrants.isEmpty()) {
return "";
}
StringBuilder builder = new StringBuilder();
// sort the list to get sorted (deterministic) output (for ease of testing)
Collections.sort(roleGrants);
for (HiveRoleGrant roleGrant : roleGrants) {
// schema: principal_name,principal_type,grant_option,grantor,grantor_type,grant_time
ShowUtils.appendNonNull(builder, roleGrant.getPrincipalName(), true);
ShowUtils.appendNonNull(builder, roleGrant.getPrincipalType());
ShowUtils.appendNonNull(builder, roleGrant.isGrantOption());
ShowUtils.appendNonNull(builder, roleGrant.getGrantor());
ShowUtils.appendNonNull(builder, roleGrant.getGrantorType());
ShowUtils.appendNonNull(builder, testMode ? -1 : roleGrant.getGrantTime() * 1000L);
}
return builder.toString();
}
Also used :
HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)
Aggregations
HiveRoleGrant (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)17
ArrayList (java.util.ArrayList)5
HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)5
RolePrincipalGrant (org.apache.hadoop.hive.metastore.api.RolePrincipalGrant)4
HiveAuthzPluginException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)4
HiveAuthorizer (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)3
IOException (java.io.IOException)2
MetaException (org.apache.hadoop.hive.metastore.api.MetaException)2
SemanticException (org.apache.hadoop.hive.ql.parse.SemanticException)2
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)2
RangerRole (org.apache.ranger.plugin.model.RangerRole)2
RangerAccessResult (org.apache.ranger.plugin.policyengine.RangerAccessResult)2
TException (org.apache.thrift.TException)2
HashMap (java.util.HashMap)1
GetPrincipalsInRoleRequest (org.apache.hadoop.hive.metastore.api.GetPrincipalsInRoleRequest)1
GetPrincipalsInRoleResponse (org.apache.hadoop.hive.metastore.api.GetPrincipalsInRoleResponse)1
HiveException (org.apache.hadoop.hive.ql.metadata.HiveException)1
RoleDDLDesc (org.apache.hadoop.hive.ql.plan.RoleDDLDesc)1
