Example 11 with HiveRoleGrant
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant in project hive by apache.
the class SQLStdHiveAccessController method doesUserHasAdminOption.
private boolean doesUserHasAdminOption(List<String> roleNames) throws HiveAuthzPluginException {
List<HiveRoleGrant> currentRoles;
currentRoles = getCurrentRoles();
for (String roleName : roleNames) {
boolean roleFound = false;
for (HiveRoleGrant currentRole : currentRoles) {
if (roleName.equalsIgnoreCase(currentRole.getRoleName())) {
roleFound = true;
if (!currentRole.isGrantOption()) {
return false;
} else {
break;
}
}
}
if (!roleFound) {
return false;
}
}
return true;
}
Also used :
HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)
Example 12 with HiveRoleGrant
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant in project hive by apache.
the class SQLStdHiveAccessController method isUserAdmin.
/**
* @return true only if current role of user is Admin
* @throws HiveAuthzPluginException
*/
boolean isUserAdmin() throws HiveAuthzPluginException {
List<HiveRoleGrant> roles;
roles = getCurrentRoles();
for (HiveRoleGrant role : roles) {
if (role.getRoleName().equalsIgnoreCase(HMSHandler.ADMIN)) {
return true;
}
}
return false;
}
Also used :
HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)
Example 13 with HiveRoleGrant
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant in project hive by apache.
the class SQLStdHiveAccessController method getRolesFromMS.
private List<HiveRoleGrant> getRolesFromMS() throws HiveAuthzPluginException {
try {
List<RolePrincipalGrant> roles = getRoleGrants(currentUserName, PrincipalType.USER);
Map<String, HiveRoleGrant> name2Rolesmap = new HashMap<String, HiveRoleGrant>();
getAllRoleAncestors(name2Rolesmap, roles);
List<HiveRoleGrant> currentRoles = new ArrayList<HiveRoleGrant>(roles.size());
for (HiveRoleGrant role : name2Rolesmap.values()) {
if (!HMSHandler.ADMIN.equalsIgnoreCase(role.getRoleName())) {
currentRoles.add(role);
} else {
this.adminRole = role;
}
}
return currentRoles;
} catch (Exception e) {
throw SQLAuthorizationUtils.getPluginException("Failed to retrieve roles for " + currentUserName, e);
}
}
Also used :
RolePrincipalGrant(org.apache.hadoop.hive.metastore.api.RolePrincipalGrant)
HashMap(java.util.HashMap)
HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)
ArrayList(java.util.ArrayList)
MetaException(org.apache.hadoop.hive.metastore.api.MetaException)
HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)
HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)
TException(org.apache.thrift.TException)
Example 14 with HiveRoleGrant
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant in project hive by apache.
the class ShowRoleGrantOperation method execute.
@Override
public int execute() throws HiveException, IOException {
HiveAuthorizer authorizer = PrivilegeUtils.getSessionAuthorizer(context.getConf());
boolean testMode = context.getConf().getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST);
List<HiveRoleGrant> roles = authorizer.getRoleGrantInfoForPrincipal(AuthorizationUtils.getHivePrincipal(desc.getName(), desc.getPrincipalType()));
ShowUtils.writeToFile(writeRolesGrantedInfo(roles, testMode), desc.getResFile(), context);
return 0;
}
Also used :
HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)
HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)
Example 15 with HiveRoleGrant
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant in project hive by apache.
the class ShowRoleGrantOperation method writeRolesGrantedInfo.
private String writeRolesGrantedInfo(List<HiveRoleGrant> roles, boolean testMode) {
if (roles == null || roles.isEmpty()) {
return "";
}
StringBuilder builder = new StringBuilder();
// sort the list to get sorted (deterministic) output (for ease of testing)
Collections.sort(roles);
for (HiveRoleGrant role : roles) {
ShowUtils.appendNonNull(builder, role.getRoleName(), true);
ShowUtils.appendNonNull(builder, role.isGrantOption());
ShowUtils.appendNonNull(builder, testMode ? -1 : role.getGrantTime() * 1000L);
ShowUtils.appendNonNull(builder, role.getGrantor());
}
return builder.toString();
}
Also used :
HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)
Aggregations
HiveRoleGrant (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)17
ArrayList (java.util.ArrayList)5
HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)5
RolePrincipalGrant (org.apache.hadoop.hive.metastore.api.RolePrincipalGrant)4
HiveAuthzPluginException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)4
HiveAuthorizer (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)3
IOException (java.io.IOException)2
MetaException (org.apache.hadoop.hive.metastore.api.MetaException)2
SemanticException (org.apache.hadoop.hive.ql.parse.SemanticException)2
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)2
RangerRole (org.apache.ranger.plugin.model.RangerRole)2
RangerAccessResult (org.apache.ranger.plugin.policyengine.RangerAccessResult)2
TException (org.apache.thrift.TException)2
HashMap (java.util.HashMap)1
GetPrincipalsInRoleRequest (org.apache.hadoop.hive.metastore.api.GetPrincipalsInRoleRequest)1
GetPrincipalsInRoleResponse (org.apache.hadoop.hive.metastore.api.GetPrincipalsInRoleResponse)1
HiveException (org.apache.hadoop.hive.ql.metadata.HiveException)1
RoleDDLDesc (org.apache.hadoop.hive.ql.plan.RoleDDLDesc)1
