Examples with HiveRoleGrant org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant used on opensource projects

Example 6 with HiveRoleGrant

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant in project hive by apache.

the class DDLTask method writeRolesGrantedInfo.

static String writeRolesGrantedInfo(List<HiveRoleGrant> roles, boolean testMode) {
    if (roles == null || roles.isEmpty()) {
        return "";
    }
    StringBuilder builder = new StringBuilder();
    //sort the list to get sorted (deterministic) output (for ease of testing)
    Collections.sort(roles);
    for (HiveRoleGrant role : roles) {
        appendNonNull(builder, role.getRoleName(), true);
        appendNonNull(builder, role.isGrantOption());
        appendNonNull(builder, testMode ? -1 : role.getGrantTime() * 1000L);
        appendNonNull(builder, role.getGrantor());
    }
    return builder.toString();
}

Example 7 with HiveRoleGrant

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant in project hive by apache.

the class DDLTask method roleDDL.

private int roleDDL(Hive db, RoleDDLDesc roleDDLDesc) throws Exception {
    HiveAuthorizer authorizer = getSessionAuthorizer(db);
    RoleDDLDesc.RoleOperation operation = roleDDLDesc.getOperation();
    //call the appropriate hive authorizer function
    switch(operation) {
        case CREATE_ROLE:
            authorizer.createRole(roleDDLDesc.getName(), null);
            break;
        case DROP_ROLE:
            authorizer.dropRole(roleDDLDesc.getName());
            break;
        case SHOW_ROLE_GRANT:
            boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST);
            List<HiveRoleGrant> roles = authorizer.getRoleGrantInfoForPrincipal(AuthorizationUtils.getHivePrincipal(roleDDLDesc.getName(), roleDDLDesc.getPrincipalType()));
            writeToFile(writeRolesGrantedInfo(roles, testMode), roleDDLDesc.getResFile());
            break;
        case SHOW_ROLES:
            List<String> allRoles = authorizer.getAllRoles();
            writeListToFileAfterSort(allRoles, roleDDLDesc.getResFile());
            break;
        case SHOW_CURRENT_ROLE:
            List<String> roleNames = authorizer.getCurrentRoleNames();
            writeListToFileAfterSort(roleNames, roleDDLDesc.getResFile());
            break;
        case SET_ROLE:
            authorizer.setCurrentRole(roleDDLDesc.getName());
            break;
        case SHOW_ROLE_PRINCIPALS:
            testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST);
            List<HiveRoleGrant> roleGrants = authorizer.getPrincipalGrantInfoForRole(roleDDLDesc.getName());
            writeToFile(writeHiveRoleGrantInfo(roleGrants, testMode), roleDDLDesc.getResFile());
            break;
        default:
            throw new HiveException("Unkown role operation " + operation.getOperationName());
    }
    return 0;
}

Example 8 with HiveRoleGrant

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant in project hive by apache.

the class SQLStdHiveAccessController method doesUserHasAdminOption.

private boolean doesUserHasAdminOption(List<String> roleNames) throws HiveAuthzPluginException {
    List<HiveRoleGrant> currentRoles;
    currentRoles = getCurrentRoles();
    for (String roleName : roleNames) {
        boolean roleFound = false;
        for (HiveRoleGrant currentRole : currentRoles) {
            if (roleName.equalsIgnoreCase(currentRole.getRoleName())) {
                roleFound = true;
                if (!currentRole.isGrantOption()) {
                    return false;
                } else {
                    break;
                }
            }
        }
        if (!roleFound) {
            return false;
        }
    }
    return true;
}

Example 9 with HiveRoleGrant

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant in project hive by apache.

the class SQLStdHiveAccessController method getRolesFromMS.

private List<HiveRoleGrant> getRolesFromMS() throws HiveAuthzPluginException {
    try {
        List<RolePrincipalGrant> roles = getRoleGrants(currentUserName, PrincipalType.USER);
        Map<String, HiveRoleGrant> name2Rolesmap = new HashMap<String, HiveRoleGrant>();
        getAllRoleAncestors(name2Rolesmap, roles);
        List<HiveRoleGrant> currentRoles = new ArrayList<HiveRoleGrant>(roles.size());
        for (HiveRoleGrant role : name2Rolesmap.values()) {
            if (!HiveMetaStore.ADMIN.equalsIgnoreCase(role.getRoleName())) {
                currentRoles.add(role);
            } else {
                this.adminRole = role;
            }
        }
        return currentRoles;
    } catch (Exception e) {
        throw SQLAuthorizationUtils.getPluginException("Failed to retrieve roles for " + currentUserName, e);
    }
}

Example 10 with HiveRoleGrant

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant in project hive by apache.

the class SQLStdHiveAccessController method isUserAdmin.

/**
   * @return true only if current role of user is Admin
   * @throws HiveAuthzPluginException
   */
boolean isUserAdmin() throws HiveAuthzPluginException {
    List<HiveRoleGrant> roles;
    roles = getCurrentRoles();
    for (HiveRoleGrant role : roles) {
        if (role.getRoleName().equalsIgnoreCase(HiveMetaStore.ADMIN)) {
            return true;
        }
    }
    return false;
}