public static HivePrivilegeObject getHiveObjectRef(HiveObjectRef privObj) throws HiveException { if (privObj == null) { return null; } HivePrivilegeObjectType objType = getHiveObjType(privObj.getObjectType()); return new HivePrivilegeObject(objType, privObj.getDbName(), privObj.getObjectName(), privObj.getPartValues(), privObj.getColumnName()); }
public static List<HivePrivilegeInfo> getPrivilegeInfos(List<HiveObjectPrivilege> privs) throws HiveException { List<HivePrivilegeInfo> hivePrivs = new ArrayList<HivePrivilegeInfo>(); for (HiveObjectPrivilege priv : privs) { PrivilegeGrantInfo grantorInfo = priv.getGrantInfo(); HiveObjectRef privObject = priv.getHiveObject(); HivePrincipal hivePrincipal = getHivePrincipal(priv.getPrincipalName(), priv.getPrincipalType()); HivePrincipal grantor = getHivePrincipal(grantorInfo.getGrantor(), grantorInfo.getGrantorType()); HivePrivilegeObject object = getHiveObjectRef(privObject); HivePrivilege privilege = new HivePrivilege(grantorInfo.getPrivilege(), null); hivePrivs.add(new HivePrivilegeInfo(hivePrincipal, privilege, object, grantor, grantorInfo.isGrantOption(), grantorInfo.getCreateTime())); } return hivePrivs; }
private int grantOrRevokePrivileges(Hive db, List<PrincipalDesc> principals, List<PrivilegeDesc> privileges, PrivilegeObjectDesc privSubjectDesc, String grantor, PrincipalType grantorType, boolean grantOption, boolean isGrant) throws HiveException { HiveAuthorizer authorizer = getSessionAuthorizer(db); //Convert to object types used by the authorization plugin interface List<HivePrincipal> hivePrincipals = AuthorizationUtils.getHivePrincipals( principals, getAuthorizationTranslator(authorizer)); List<HivePrivilege> hivePrivileges = AuthorizationUtils.getHivePrivileges( privileges, getAuthorizationTranslator(authorizer)); HivePrivilegeObject hivePrivObject = getAuthorizationTranslator(authorizer) .getHivePrivilegeObject(privSubjectDesc); HivePrincipal grantorPrincipal = new HivePrincipal( grantor, AuthorizationUtils.getHivePrincipalType(grantorType)); if(isGrant){ authorizer.grantPrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantorPrincipal, grantOption); }else { authorizer.revokePrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantorPrincipal, grantOption); } //no exception thrown, so looks good return 0; }
private int grantOrRevokeRole(Hive db, GrantRevokeRoleDDL grantOrRevokeRoleDDL) throws HiveException { HiveAuthorizer authorizer = getSessionAuthorizer(db); //convert to the types needed for plugin api HivePrincipal grantorPrinc = null; if(grantOrRevokeRoleDDL.getGrantor() != null){ grantorPrinc = new HivePrincipal(grantOrRevokeRoleDDL.getGrantor(), AuthorizationUtils.getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType())); } List<HivePrincipal> principals = AuthorizationUtils.getHivePrincipals( grantOrRevokeRoleDDL.getPrincipalDesc(), getAuthorizationTranslator(authorizer)); List<String> roles = grantOrRevokeRoleDDL.getRoles(); boolean grantOption = grantOrRevokeRoleDDL.isGrantOption(); if (grantOrRevokeRoleDDL.getGrant()) { authorizer.grantRole(principals, roles, grantOption, grantorPrinc); } else { authorizer.revokeRole(principals, roles, grantOption, grantorPrinc); } return 0; }
private int grantOrRevokePrivileges(List<PrincipalDesc> principals, List<PrivilegeDesc> privileges, PrivilegeObjectDesc privSubjectDesc, String grantor, PrincipalType grantorType, boolean grantOption, boolean isGrant) throws HiveException { HiveAuthorizer authorizer = getSessionAuthorizer(); //Convert to object types used by the authorization plugin interface List<HivePrincipal> hivePrincipals = AuthorizationUtils.getHivePrincipals(principals); List<HivePrivilege> hivePrivileges = AuthorizationUtils.getHivePrivileges(privileges); HivePrivilegeObject hivePrivObject = AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc); HivePrincipal grantorPrincipal = new HivePrincipal( grantor, AuthorizationUtils.getHivePrincipalType(grantorType)); if(isGrant){ authorizer.grantPrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantorPrincipal, grantOption); }else { authorizer.revokePrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantorPrincipal, grantOption); } //no exception thrown, so looks good return 0; }
String name = principal == null ? null : principal.getName(); PrincipalType type = AuthorizationUtils.getThriftPrincipalType(principal == null ? null : principal.getType()); return AuthorizationUtils.getPrivilegeInfos(privs); } catch (Exception ex) { throw new HiveAuthzPluginException(ex);
String principalName = principal == null ? null : principal.getName(); PrincipalType principalType = principal == null ? null : AuthorizationUtils.getThriftPrincipalType(principal.getType()); AuthorizationUtils.getHivePrincipalType(msObjPriv.getPrincipalType())); AuthorizationUtils.getHivePrincipalType(msGrantInfo.getGrantorType()));
AuthorizationUtils.getHivePrivilegeObjectType(privObject.getType()); if(privObject.isDummy()) { throw new AssertionError("Unexpected object type"); HivePrivObjectActionType actionType = AuthorizationUtils.getActionType(privObject); HivePrivilegeObject hPrivObject = new HivePrivilegeObject(privObjType, dbname, objName, partKeys, columns, actionType, null);
@Override public HivePrincipal getHivePrincipal(PrincipalDesc principal) throws HiveException { if (principal == null) { return null; } return AuthorizationUtils.getHivePrincipal(principal.getName(), principal.getType()); }
public static HivePrincipal getHivePrincipal(String name, PrincipalType type) throws HiveException { return new HivePrincipal(name, AuthorizationUtils.getHivePrincipalType(type)); }
@Override public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) throws HiveException { // null means ALL for show grants, GLOBAL for grant/revoke HivePrivilegeObjectType objectType = null; String[] dbTable; List<String> partSpec = null; List<String> columns = null; if (privSubjectDesc == null) { dbTable = new String[] {null, null}; } else { if (privSubjectDesc.getTable()) { dbTable = Utilities.getDbTableName(privSubjectDesc.getObject()); } else { dbTable = new String[] {privSubjectDesc.getObject(), null}; } if (privSubjectDesc.getPartSpec() != null) { partSpec = new ArrayList<String>(privSubjectDesc.getPartSpec().values()); } columns = privSubjectDesc.getColumns(); objectType = AuthorizationUtils.getPrivObjectType(privSubjectDesc); } return new HivePrivilegeObject(objectType, dbTable[0], dbTable[1], partSpec, columns, null); }
private int showGrants(ShowGrantDesc showGrantDesc) throws HiveException { HiveAuthorizer authorizer = getSessionAuthorizer(); try { List<HivePrivilegeInfo> privInfos = authorizer.showPrivileges( AuthorizationUtils.getHivePrincipal(showGrantDesc.getPrincipalDesc()), AuthorizationUtils.getHivePrivilegeObject(showGrantDesc.getHiveObj())); boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST); writeToFile(writeGrantInfo(privInfos, testMode), showGrantDesc.getResFile()); } catch (IOException e) { throw new HiveException("Error in show grant statement", e); } return 0; }
private int grantOrRevokeRole(Hive db, GrantRevokeRoleDDL grantOrRevokeRoleDDL) throws HiveException { HiveAuthorizer authorizer = getSessionAuthorizer(db); //convert to the types needed for plugin api HivePrincipal grantorPrinc = null; if(grantOrRevokeRoleDDL.getGrantor() != null){ grantorPrinc = new HivePrincipal(grantOrRevokeRoleDDL.getGrantor(), AuthorizationUtils.getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType())); } List<HivePrincipal> principals = AuthorizationUtils.getHivePrincipals( grantOrRevokeRoleDDL.getPrincipalDesc(), getAuthorizationTranslator(authorizer)); List<String> roles = grantOrRevokeRoleDDL.getRoles(); boolean grantOption = grantOrRevokeRoleDDL.isGrantOption(); if (grantOrRevokeRoleDDL.getGrant()) { authorizer.grantRole(principals, roles, grantOption, grantorPrinc); } else { authorizer.revokeRole(principals, roles, grantOption, grantorPrinc); } return 0; }
String name = principal == null ? null : principal.getName(); PrincipalType type = AuthorizationUtils.getThriftPrincipalType(principal == null ? null : principal.getType()); return AuthorizationUtils.getPrivilegeInfos(privs); } catch (Exception ex) { throw new HiveAuthzPluginException(ex);
String principalName = principal == null ? null : principal.getName(); PrincipalType principalType = principal == null ? null : AuthorizationUtils.getThriftPrincipalType(principal.getType()); AuthorizationUtils.getHivePrincipalType(msObjPriv.getPrincipalType())); AuthorizationUtils.getHivePrincipalType(msGrantInfo.getGrantorType()));
AuthorizationUtils.getHivePrivilegeObjectType(privObject.getType()); if(privObject.isDummy()) { throw new AssertionError("Unexpected object type"); HivePrivObjectActionType actionType = AuthorizationUtils.getActionType(privObject); HivePrivilegeObject hPrivObject = new HivePrivilegeObject(privObjType, dbname, objName, partKeys, columns, actionType, null, className);
@Override public HivePrincipal getHivePrincipal(PrincipalDesc principal) throws HiveException { if (principal == null) { return null; } return AuthorizationUtils.getHivePrincipal(principal.getName(), principal.getType()); }
public static HivePrincipal getHivePrincipal(String name, PrincipalType type) throws HiveException { return new HivePrincipal(name, AuthorizationUtils.getHivePrincipalType(type)); }
@Override public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) throws HiveException { // null means ALL for show grants, GLOBAL for grant/revoke HivePrivilegeObjectType objectType = null; String[] dbTable; List<String> partSpec = null; List<String> columns = null; if (privSubjectDesc == null) { dbTable = new String[] {null, null}; } else { if (privSubjectDesc.getTable()) { dbTable = Utilities.getDbTableName(privSubjectDesc.getObject()); } else { dbTable = new String[] {privSubjectDesc.getObject(), null}; } if (privSubjectDesc.getPartSpec() != null) { partSpec = new ArrayList<String>(privSubjectDesc.getPartSpec().values()); } columns = privSubjectDesc.getColumns(); objectType = AuthorizationUtils.getPrivObjectType(privSubjectDesc); } return new HivePrivilegeObject(objectType, dbTable[0], dbTable[1], partSpec, columns, null); }
private int grantOrRevokePrivileges(Hive db, List<PrincipalDesc> principals, List<PrivilegeDesc> privileges, PrivilegeObjectDesc privSubjectDesc, String grantor, PrincipalType grantorType, boolean grantOption, boolean isGrant) throws HiveException { HiveAuthorizer authorizer = getSessionAuthorizer(db); //Convert to object types used by the authorization plugin interface List<HivePrincipal> hivePrincipals = AuthorizationUtils.getHivePrincipals( principals, getAuthorizationTranslator(authorizer)); List<HivePrivilege> hivePrivileges = AuthorizationUtils.getHivePrivileges( privileges, getAuthorizationTranslator(authorizer)); HivePrivilegeObject hivePrivObject = getAuthorizationTranslator(authorizer) .getHivePrivilegeObject(privSubjectDesc); HivePrincipal grantorPrincipal = new HivePrincipal( grantor, AuthorizationUtils.getHivePrincipalType(grantorType)); if(isGrant){ authorizer.grantPrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantorPrincipal, grantOption); }else { authorizer.revokePrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantorPrincipal, grantOption); } //no exception thrown, so looks good return 0; }