/** * Create HivePrivilegeObject of type {@link HivePrivilegeObjectType.COMMAND_PARAMS} * @param cmdParams * @return */ public static HivePrivilegeObject createHivePrivilegeObject(List<String> cmdParams) { return new HivePrivilegeObject(HivePrivilegeObjectType.COMMAND_PARAMS, null, null, null, null, cmdParams); }
@Override public int compareTo(HivePrivilegeObject o) { int compare = type.compareTo(o.type); if (compare == 0) { compare = dbname != null ? (o.dbname != null ? dbname.compareTo(o.dbname) : 1) : (o.dbname != null ? -1 : 0); } if (compare == 0) { compare = objectName != null ? (o.objectName != null ? objectName.compareTo(o.objectName) : 1) : (o.objectName != null ? -1 : 0); } if (compare == 0) { compare = partKeys != null ? (o.partKeys != null ? compare(partKeys, o.partKeys) : 1) : (o.partKeys != null ? -1 : 0); } if (compare == 0) { compare = columns != null ? (o.columns != null ? compare(columns, o.columns) : 1) : (o.columns != null ? -1 : 0); } return compare; }
private static void authorizeCommandThrowEx(SessionState ss, HiveOperationType type, List<String> command, String serviceObject) throws HiveAuthzPluginException, HiveAccessControlException { HivePrivilegeObject commandObj = HivePrivilegeObject.createHivePrivilegeObject(command); HivePrivilegeObject serviceObj = new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.SERVICE_NAME, null, serviceObject, null, null, null); HiveAuthzContext.Builder ctxBuilder = new HiveAuthzContext.Builder(); ctxBuilder.setCommandString(Joiner.on(' ').join(command)); ctxBuilder.setUserIpAddress(ss.getUserIpAddress()); ctxBuilder.setForwardedAddresses(ss.getForwardedAddresses()); ss.getAuthorizerV2().checkPrivileges(type, Collections.singletonList(commandObj), Collections.singletonList(serviceObj), ctxBuilder.build()); } }
/** * Convert thrift HiveObjectRef to plugin HivePrivilegeObject * @param privObj * @return * @throws HiveException */ public static HiveObjectRef getThriftHiveObjectRef(HivePrivilegeObject privObj) throws HiveException { if (privObj == null) { return null; } HiveObjectType objType = getThriftHiveObjType(privObj.getType()); return new HiveObjectRef(objType, privObj.getDbname(), privObj.getObjectName(), null, null); }
public boolean needsMaskingOrFiltering(HivePrivilegeObject privObject) throws SemanticException { String filter = privObject.getRowFilterExpression(); if (filter != null) { return true; } List<String> exprs = privObject.getCellValueTransformers(); if (exprs != null) { if (exprs.size() != privObject.getColumns().size()) { throw new SemanticException("Expect " + privObject.getColumns().size() + " columns in " + privObject.getObjectName() + ", but only find " + exprs.size()); } for (int index = 0; index < exprs.size(); index++) { String expr = exprs.get(index); if (expr == null) { throw new SemanticException("Expect string type CellValueTransformer in " + privObject.getObjectName() + ", but only find null"); } String colName = privObject.getColumns().get(index); if (!expr.equals(colName)) { return true; } } } return false; }
continue; if (opPriv.getActionType() != null && opPriv.getActionType() != hObj.getActionType()) { continue; if (opPriv.getObjectType() != null && opPriv.getObjectType() != hObj.getType()) { continue;
} else if (privObj.getDbname() == null) { Database dbObj = hive.getDatabase(privObj.getDbname());; if (dbObj == null) { throw new HiveException("Database " + privObj.getDbname() + " does not exists"); if (privObj.getObjectName() != null) { tableObj = hive.getTable(dbObj.getName(), privObj.getObjectName()); List<String> partValues = privObj.getPartKeys(); name, type, dbObj.getName(), null, null, null)); } else { List<String> columns = privObj.getColumns(); if (columns != null && !columns.isEmpty()) {
extractColumnInfos(table, colNames, new ArrayList<>()); basicInfos.put(new HivePrivilegeObject(table.getDbName(), table.getTableName(), colNames), null); extractColumnInfos(table, colNames, colTypes); basicInfos.put(new HivePrivilegeObject(table.getDbName(), table.getTableName(), colNames), new MaskAndFilterInfo(colTypes, additionalTabInfo.toString(), alias, astNode, table.isView(), table.isNonNative())); privObj.getDbname(), privObj.getObjectName()); } else { String replacementText = tableMask.create(privObj, info); privObj.getDbname(), privObj.getObjectName());
if (privObject.getType() == null || privObject.getType() == HivePrivilegeObject.HivePrivilegeObjectType.GLOBAL) { for (HivePrivilege priv : privileges) { List<String> columns = priv.getColumns(); if (privObject.getPartKeys() != null && grantOption) { throw new HiveException("Grant does not support partition level."); Database dbObj = hive.getDatabase(privObject.getDbname()); if (dbObj == null) { throw new HiveException("Database " + privObject.getDbname() + " does not exists"); if (privObject.getObjectName() != null) { tableObj = hive.getTable(dbObj.getName(), privObject.getObjectName()); if (tableObj != null) { if ((!tableObj.isPartitioned()) && privObject.getPartKeys() != null) { throw new HiveException( "Table is not partitioned, but partition name is present: partSpec=" + privObject.getPartKeys()); if (privObject.getPartKeys() != null) { Map<String, String> partSpec = Warehouse.makeSpecFromValues(tableObj.getPartitionKeys(), privObject.getPartKeys()); Partition partObj = hive.getPartition(tableObj, partSpec, false).getTPartition(); partValues = partObj.getValues();
private List<String> getDbNames(List<HivePrivilegeObject> filteredObjects) { List<String> tnames = new ArrayList<String>(); for(HivePrivilegeObject obj : filteredObjects) { tnames.add(obj.getDbname()); } return tnames; }
@Override public int compare(HivePrivilegeInfo o1, HivePrivilegeInfo o2) { int compare = o1.getObject().compareTo(o2.getObject()); if (compare == 0) { compare = o1.getPrincipal().compareTo(o2.getPrincipal()); } if (compare == 0) { compare = o1.getPrivilege().compareTo(o2.getPrivilege()); } return compare; } });
/** * Authorize command. Throws exception if the check fails * @param ss * @param type * @param command * @throws HiveAuthzPluginException * @throws HiveAccessControlException */ static void authorizeCommandThrowEx(SessionState ss, HiveOperationType type, List<String> command) throws HiveAuthzPluginException, HiveAccessControlException { HivePrivilegeObject commandObj = HivePrivilegeObject.createHivePrivilegeObject(command); HiveAuthzContext.Builder ctxBuilder = new HiveAuthzContext.Builder(); ctxBuilder.setCommandString(Joiner.on(' ').join(command)); ctxBuilder.setUserIpAddress(ss.getUserIpAddress()); ctxBuilder.setForwardedAddresses(ss.getForwardedAddresses()); ss.getAuthorizerV2().checkPrivileges(type, Arrays.asList(commandObj), null, ctxBuilder.build()); }
case TABLE_OR_VIEW: case PARTITION: name = getDbObjectName(dbname, objectName); if (partKeys != null) { name += partKeys.toString(); name = getDbObjectName(dbname, objectName); break; case COLUMN:
} else if (privObj.getDbname() == null) { Database dbObj = hive.getDatabase(privObj.getDbname());; if (dbObj == null) { throw new HiveException("Database " + privObj.getDbname() + " does not exists"); if (privObj.getObjectName() != null) { tableObj = hive.getTable(dbObj.getName(), privObj.getObjectName()); List<String> partValues = privObj.getPartKeys(); name, type, dbObj.getName(), null, null, null)); } else { List<String> columns = privObj.getColumns(); if (columns != null && !columns.isEmpty()) {
/** * Convert thrift HiveObjectRef to plugin HivePrivilegeObject * @param privObj * @return * @throws HiveException */ public static HiveObjectRef getThriftHiveObjectRef(HivePrivilegeObject privObj) throws HiveException { if (privObj == null) { return null; } HiveObjectType objType = getThriftHiveObjType(privObj.getType()); return new HiveObjectRef(objType, privObj.getDbname(), privObj.getObjectName(), null, null); }
basicInfos.put(new HivePrivilegeObject(table.getDbName(), table.getTableName(), colNames), new MaskAndFilterInfo(colTypes, additionalTabInfo.toString(), alias, astNode, table.isView())); privObj.getDbname(), privObj.getObjectName());
sb.append("(SELECT "); boolean firstOne = true; List<String> exprs = privObject.getCellValueTransformers(); if (exprs != null) { List<String> colTypes = maskAndFilterInfo.colTypes; firstOne = false; String colName = privObject.getColumns().get(index); if (!expr.equals(colName)) { sb.append(HiveUtils.unparseIdentifier(privObject.getDbname(), conf)); sb.append("."); sb.append(HiveUtils.unparseIdentifier(privObject.getObjectName(), conf)); sb.append(" " + maskAndFilterInfo.additionalTabInfo); String filter = privObject.getRowFilterExpression(); if (filter != null) { sb.append(" WHERE " + filter);
if (privObject.getType() == null || privObject.getType() == HivePrivilegeObject.HivePrivilegeObjectType.GLOBAL) { for (HivePrivilege priv : privileges) { List<String> columns = priv.getColumns(); if (privObject.getPartKeys() != null && grantOption) { throw new HiveException("Grant does not support partition level."); Database dbObj = hive.getDatabase(privObject.getDbname()); if (dbObj == null) { throw new HiveException("Database " + privObject.getDbname() + " does not exists"); if (privObject.getObjectName() != null) { tableObj = hive.getTable(dbObj.getName(), privObject.getObjectName()); if (tableObj != null) { if ((!tableObj.isPartitioned()) && privObject.getPartKeys() != null) { throw new HiveException( "Table is not partitioned, but partition name is present: partSpec=" + privObject.getPartKeys()); if (privObject.getPartKeys() != null) { Map<String, String> partSpec = Warehouse.makeSpecFromValues(tableObj.getPartitionKeys(), privObject.getPartKeys()); Partition partObj = hive.getPartition(tableObj, partSpec, false).getTPartition(); partValues = partObj.getValues();
continue; if (opPriv.getActionType() != null && opPriv.getActionType() != hObj.getActionType()) { continue; if (opPriv.getObjectType() != null && opPriv.getObjectType() != hObj.getType()) { continue;
private List<String> getDbNames(List<HivePrivilegeObject> filteredObjects) { List<String> tnames = new ArrayList<String>(); for(HivePrivilegeObject obj : filteredObjects) { tnames.add(obj.getDbname()); } return tnames; }