@VisibleForTesting CommandProcessorResponse run(SessionState ss, String command) { CommandProcessorResponse authErrResp = CommandUtil.authorizeCommand(ss, HiveOperationType.RESET, Arrays.asList(command)); if (authErrResp != null) {
/** * Authorize command of given type, arguments and for service hosts (for Service Type authorization) * * @param ss - session state * @param type - operation type * @param command - command args * @param serviceObject - service object * @return null if there was no authorization error. Otherwise returns CommandProcessorResponse * capturing the authorization error */ static CommandProcessorResponse authorizeCommandAndServiceObject(SessionState ss, HiveOperationType type, List<String> command, String serviceObject) { if (ss == null) { // ss can be null in unit tests return null; } if (ss.isAuthorizationModeV2() && HiveConf.getBoolVar(ss.getConf(), HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED)) { String errMsg = "Error authorizing command " + command; try { authorizeCommandThrowEx(ss, type, command, serviceObject); // authorized to perform action return null; } catch (HiveAuthzPluginException | HiveAccessControlException e) { LOG.error(errMsg, e); return CommandProcessorResponse.create(e); } } return null; }
private CommandProcessorResponse llapCacheCommandHandler(final SessionState ss, final String[] params) throws ParseException { CommandLine args = parseCommandArgs(CACHE_OPTIONS, params); boolean purge = args.hasOption("purge"); String hs2Host = null; if (ss.isHiveServerQuery()) { hs2Host = ss.getHiveServer2Host(); } if (purge) { List<String> fullCommand = Lists.newArrayList("llap", "cache"); fullCommand.addAll(Arrays.asList(params)); CommandProcessorResponse authErrResp = CommandUtil.authorizeCommandAndServiceObject(ss, HiveOperationType.LLAP_CACHE_PURGE, fullCommand, hs2Host); if (authErrResp != null) { // there was an authorization issue return authErrResp; } try { LlapRegistryService llapRegistryService = LlapRegistryService.getClient(ss.getConf()); llapCachePurge(ss, llapRegistryService); return createProcessorSuccessResponse(); } catch (Exception e) { LOG.error("Error while purging LLAP IO Cache. err: ", e); return returnErrorResponse("Error while purging LLAP IO Cache. err: " + e.getMessage()); } } else { String usage = getUsageAsString(); return returnErrorResponse("Unsupported sub-command option. " + usage); } }
CommandUtil.authorizeCommand(ss, HiveOperationType.RESET, Arrays.asList(command)); if (authErrResp != null) {
String errMsg = "Error authorizing command " + command; try { authorizeCommandThrowEx(ss, type, command);
fullCommand.addAll(Arrays.asList(params)); CommandProcessorResponse authErrResp = CommandUtil.authorizeCommandAndServiceObject(ss, HiveOperationType.LLAP_CLUSTER_INFO, fullCommand, hs2Host); if (authErrResp != null) {
CommandUtil.authorizeCommand(ss, HiveOperationType.COMPILE, Arrays.asList(command)); if(authErrResp != null){
String errMsg = "Error authorizing command " + command; try { authorizeCommandThrowEx(ss, type, command);
CommandUtil.authorizeCommand(ss, HiveOperationType.COMPILE, Arrays.asList(command)); if(authErrResp != null){
String errMsg = "Error authorizing command " + command; try { authorizeCommandThrowEx(ss, type, command);
CommandUtil.authorizeCommand(ss, HiveOperationType.ADD, Arrays.asList(tokens)); if(authErrResp != null){
CommandUtil.authorizeCommand(ss, HiveOperationType.DELETE, Arrays.asList(tokens)); if(authErrResp != null){
CommandUtil.authorizeCommand(ss, HiveOperationType.DFS, Arrays.asList(tokens)); if(authErrResp != null){
CommandUtil.authorizeCommand(ss, HiveOperationType.DELETE, Arrays.asList(tokens)); if(authErrResp != null){
CommandUtil.authorizeCommand(ss, HiveOperationType.ADD, Arrays.asList(tokens)); if(authErrResp != null){
CommandUtil.authorizeCommand(ss, HiveOperationType.DFS, Arrays.asList(tokens)); if(authErrResp != null){
CommandUtil.authorizeCommand(ss, HiveOperationType.COMPILE, Arrays.asList(command)); if(authErrResp != null){
@Override public CommandProcessorResponse run(String command) { try { SessionState ss = SessionState.get(); command = new VariableSubstitution().substitute(ss.getConf(),command); String[] tokens = command.split("\\s+"); CommandProcessorResponse authErrResp = CommandUtil.authorizeCommand(ss, HiveOperationType.DFS, Arrays.asList(tokens)); if(authErrResp != null){ // there was an authorization issue return authErrResp; } PrintStream oldOut = System.out; if (ss != null && ss.out != null) { System.setOut(ss.out); } int ret = dfs.run(tokens); if (ret != 0) { console.printError("Command failed with exit code = " + ret); } System.setOut(oldOut); return new CommandProcessorResponse(ret, null, null, dfsSchema); } catch (Exception e) { console.printError("Exception raised from DFSShell.run " + e.getLocalizedMessage(), org.apache.hadoop.util.StringUtils .stringifyException(e)); return new CommandProcessorResponse(1); } }
@Override public CommandProcessorResponse run(String command) throws CommandNeedRetryException { SessionState ss = SessionState.get(); CommandProcessorResponse authErrResp = CommandUtil.authorizeCommand(ss, HiveOperationType.RESET, Arrays.asList(command)); if(authErrResp != null){ // there was an authorization issue return authErrResp; } if (ss.getOverriddenConfigurations().isEmpty()) { return new CommandProcessorResponse(0); } HiveConf conf = new HiveConf(); for (String key : ss.getOverriddenConfigurations().keySet()) { String value = conf.get(key); if (value != null) { ss.getConf().set(key, value); } } ss.getOverriddenConfigurations().clear(); return new CommandProcessorResponse(0); } }
@Override public CommandProcessorResponse run(String command) { SessionState ss = SessionState.get(); command = new VariableSubstitution().substitute(ss.getConf(),command); String[] tokens = command.split("\\s+"); SessionState.ResourceType t; if (tokens.length < 1 || (t = SessionState.find_resource_type(tokens[0])) == null) { console.printError("Usage: delete [" + StringUtils.join(SessionState.ResourceType.values(), "|") + "] <value> [<value>]*"); return new CommandProcessorResponse(1); } CommandProcessorResponse authErrResp = CommandUtil.authorizeCommand(ss, HiveOperationType.DELETE, Arrays.asList(tokens)); if(authErrResp != null){ // there was an authorization issue return authErrResp; } if (tokens.length >= 2) { ss.delete_resources(t, Arrays.asList(Arrays.copyOfRange(tokens, 1, tokens.length))); } else { ss.delete_resources(t); } return new CommandProcessorResponse(0); } }