@Override public void setConf(Configuration conf) { this.conf = conf; UserGroupInformation ugi = null; String proxyUser = conf.get(PROXY_USER_NAME); if (proxyUser == null){ super.setConf(conf); return; } // If we're here, proxy user is set. try { ugi = UserGroupInformation.createRemoteUser(proxyUser); } catch (Exception e) { throw new RuntimeException(e); } if (ugi == null) { throw new RuntimeException( "Can not initialize ProxyUserAuthenticator for user ["+proxyUser+"]"); } this.userName = ugi.getShortUserName(); if (ugi.getGroupNames() != null) { this.groupNames = Arrays.asList(ugi.getGroupNames()); } }
private void verifySettability(List<String> paramRegexes, List<String> settableParams, ConfVars whiteListParam) throws HiveAuthzPluginException { HiveConf processedConf = newAuthEnabledConf(); processedConf.setVar(whiteListParam, Joiner.on("|").join(paramRegexes)); SQLStdHiveAccessController accessController = new SQLStdHiveAccessController(null, processedConf, new HadoopDefaultAuthenticator(), getHS2SessionCtx()); accessController.applyAuthorizationConfigPolicy(processedConf); verifyParamSettability(settableParams, processedConf); }
@Before public void setup() throws Exception { queryState = new QueryState.Builder().build(); HiveConf conf = queryState.getConf(); conf.setVar(ConfVars.HIVE_AUTHORIZATION_TASK_FACTORY, TestHiveAuthorizationTaskFactory.DummyHiveAuthorizationTaskFactoryImpl.class.getName()); conf .setVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER, "org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory"); db = Mockito.mock(Hive.class); table = new Table(DB, TABLE); partition = new Partition(table); SessionState.start(conf); context = new Context(conf); parseDriver = new ParseDriver(); analyzer = new DDLSemanticAnalyzer(queryState, db); Mockito.when(db.getTable(DB, TABLE, false)).thenReturn(table); Mockito.when(db.getTable(TABLE_QNAME, false)).thenReturn(table); Mockito.when(db.getPartition(table, new HashMap<String, String>(), false)) .thenReturn(partition); HadoopDefaultAuthenticator auth = new HadoopDefaultAuthenticator(); auth.setConf(conf); currentUser = auth.getUserName(); DummyHiveAuthorizationTaskFactoryImpl.reset(); } /**
@Override public void setConf(Configuration conf) { this.conf = conf; UserGroupInformation ugi = null; String proxyUser = conf.get(PROXY_USER_NAME); if (proxyUser == null){ super.setConf(conf); return; } // If we're here, proxy user is set. try { ugi = UserGroupInformation.createRemoteUser(proxyUser); } catch (Exception e) { throw new RuntimeException(e); } if (ugi == null) { throw new RuntimeException( "Can not initialize ProxyUserAuthenticator for user ["+proxyUser+"]"); } this.userName = ugi.getShortUserName(); if (ugi.getGroupNames() != null) { this.groupNames = Arrays.asList(ugi.getGroupNames()); } }
/** * Test that SQLStdHiveAccessController is not applying config restrictions on CLI * * @throws HiveAuthzPluginException */ @Test public void testConfigProcessing() throws HiveAuthzPluginException { HiveConf processedConf = new HiveConf(); SQLStdHiveAccessController accessController = new SQLStdHiveAccessController(null, processedConf, new HadoopDefaultAuthenticator(), getCLISessionCtx() ); accessController.applyAuthorizationConfigPolicy(processedConf); // check that hook to disable transforms has not been added assertFalse("Check for transform query disabling hook", processedConf.getVar(ConfVars.PREEXECHOOKS).contains(DisallowTransformHook.class.getName())); // verify that some dummy param can be set processedConf.verifyAndSet("dummy.param", "dummy.val"); processedConf.verifyAndSet(ConfVars.HIVE_AUTHORIZATION_ENABLED.varname, "true"); }
@Override public void setConf(Configuration conf) { this.conf = conf; UserGroupInformation ugi = null; String proxyUser = conf.get(PROXY_USER_NAME); if (proxyUser == null){ super.setConf(conf); return; } // If we're here, proxy user is set. try { ugi = UserGroupInformation.createRemoteUser(proxyUser); } catch (Exception e) { throw new RuntimeException(e); } if (ugi == null) { throw new RuntimeException( "Can not initialize ProxyUserAuthenticator for user ["+proxyUser+"]"); } this.userName = ugi.getShortUserName(); if (ugi.getGroupNames() != null) { this.groupNames = Arrays.asList(ugi.getGroupNames()); } }
/** * Test if SQLStdHiveAccessController is applying configuration security * policy on hiveconf correctly * * @throws HiveAuthzPluginException * @throws IllegalAccessException * @throws NoSuchFieldException * @throws IllegalArgumentException * @throws SecurityException */ @Test public void testConfigProcessing() throws HiveAuthzPluginException, SecurityException, IllegalArgumentException, NoSuchFieldException, IllegalAccessException { HiveConf processedConf = newAuthEnabledConf(); SQLStdHiveAccessController accessController = new SQLStdHiveAccessController(null, processedConf, new HadoopDefaultAuthenticator(), getHS2SessionCtx()); accessController.applyAuthorizationConfigPolicy(processedConf); // check that hook to disable transforms has been added assertTrue("Check for transform query disabling hook", processedConf.getVar(ConfVars.PREEXECHOOKS).contains(DisallowTransformHook.class.getName())); List<String> settableParams = getSettableParams(); verifyParamSettability(settableParams, processedConf); }
/** * Verify that no exception is thrown if authorization is enabled from hive cli, * when sql std auth is used */ @Test public void testAuthEnable() throws Exception { HiveConf processedConf = new HiveConf(); processedConf.setBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED, true); HiveAuthorizerFactory authorizerFactory = new SQLStdHiveAuthorizerFactory(); HiveAuthorizer authorizer = authorizerFactory.createHiveAuthorizer(null, processedConf, new HadoopDefaultAuthenticator(), getCLISessionCtx()); }