private static RequiredPrivileges getGrantRequiredPrivileges(List<HivePrivilege> hivePrivileges) throws HiveAuthzPluginException { RequiredPrivileges reqPrivs = new RequiredPrivileges(); for (HivePrivilege hivePriv : hivePrivileges) { reqPrivs.addPrivilege(hivePriv.getName(), true /* grant priv required */); } return reqPrivs; }
private static void addPrivilegesFromFS( String userName, RequiredPrivileges availPrivs, FileSystem fs, FileStatus fileStatus, boolean recurse) throws Exception { Set<SQLPrivTypeGrant> privs = getPrivilegesFromFS(userName, fs, fileStatus, recurse); availPrivs.addAll(privs.toArray(new SQLPrivTypeGrant[privs.size()])); }
ioType); if(requiredPrivs.getRequiredPrivilegeSet().isEmpty()){ RequiredPrivileges availPrivs = new RequiredPrivileges(); //start with an empty priv set; switch (hiveObj.getType()) { case LOCAL_URI: availPrivs.addPrivilege(SQLPrivTypeGrant.ADMIN_PRIV); Collection<SQLPrivTypeGrant> missingPriv = requiredPrivs.findMissingPrivs(availPrivs); SQLAuthorizationUtils.addMissingPrivMsg(missingPriv, hiveObj, deniedMessages);
public void addAll(SQLPrivTypeGrant[] inputPrivs) { if (inputPrivs == null) { return; } for (SQLPrivTypeGrant privType : inputPrivs) { addPrivilege(privType); } }
List<PrivRequirement> opPrivs = op2Priv.get(hiveOpType); Preconditions.checkNotNull(opPrivs, "Privileges for " + hiveOpType + " are null"); RequiredPrivileges reqPrivs = new RequiredPrivileges(); continue; reqPrivs.addAll(opPriv.getReqPrivs());
private static RequiredPrivileges getRequiredPrivsFromThrift(PrincipalPrivilegeSet thrifPrivs) throws HiveAuthzPluginException { RequiredPrivileges reqPrivs = new RequiredPrivileges(); // add user privileges Map<String, List<PrivilegeGrantInfo>> userPrivs = thrifPrivs.getUserPrivileges(); if (userPrivs != null && userPrivs.size() != 1) { throw new HiveAuthzPluginException("Invalid number of user privilege objects: " + userPrivs.size()); } addRequiredPrivs(reqPrivs, userPrivs); // add role privileges Map<String, List<PrivilegeGrantInfo>> rolePrivs = thrifPrivs.getRolePrivileges(); addRequiredPrivs(reqPrivs, rolePrivs); return reqPrivs; }
private static void checkRequiredPrivileges( RequiredPrivileges reqPrivileges, HivePrivilegeObject hivePrivObject, IMetaStoreClient metastoreClient, String userName, List<String> curRoles, boolean isAdmin, HiveOperationType opType) throws HiveAuthzPluginException, HiveAccessControlException { // keep track of the principals on which privileges have been checked for // this object // get privileges for this user and its roles on this object RequiredPrivileges availPrivs = SQLAuthorizationUtils.getPrivilegesFromMetaStore( metastoreClient, userName, hivePrivObject, curRoles, isAdmin); // check if required privileges is subset of available privileges List<String> deniedMessages = new ArrayList<String>(); Collection<SQLPrivTypeGrant> missingPrivs = reqPrivileges.findMissingPrivs(availPrivs); SQLAuthorizationUtils.addMissingPrivMsg(missingPrivs, hivePrivObject, deniedMessages); SQLAuthorizationUtils.assertNoDeniedPermissions(new HivePrincipal(userName, HivePrincipalType.USER), opType, deniedMessages); }
ioType); if(requiredPrivs.getRequiredPrivilegeSet().isEmpty()){ RequiredPrivileges availPrivs = new RequiredPrivileges(); //start with an empty priv set; switch (hiveObj.getType()) { case LOCAL_URI: availPrivs.addPrivilege(SQLPrivTypeGrant.ADMIN_PRIV); Collection<SQLPrivTypeGrant> missingPriv = requiredPrivs.findMissingPrivs(availPrivs); SQLAuthorizationUtils.addMissingPrivMsg(missingPriv, hiveObj, deniedMessages);
public void addAll(SQLPrivTypeGrant[] inputPrivs) { if (inputPrivs == null) { return; } for (SQLPrivTypeGrant privType : inputPrivs) { addPrivilege(privType); } }
List<PrivRequirement> opPrivs = op2Priv.get(hiveOpType); Preconditions.checkNotNull(opPrivs, "Privileges for " + hiveOpType + " are null"); RequiredPrivileges reqPrivs = new RequiredPrivileges(); continue; reqPrivs.addAll(opPriv.getReqPrivs());
RequiredPrivileges availPrivs = new RequiredPrivileges();
private static void checkRequiredPrivileges( RequiredPrivileges reqPrivileges, HivePrivilegeObject hivePrivObject, IMetaStoreClient metastoreClient, String userName, List<String> curRoles, boolean isAdmin, HiveOperationType opType) throws HiveAuthzPluginException, HiveAccessControlException { // keep track of the principals on which privileges have been checked for // this object // get privileges for this user and its roles on this object RequiredPrivileges availPrivs = SQLAuthorizationUtils.getPrivilegesFromMetaStore( metastoreClient, userName, hivePrivObject, curRoles, isAdmin); // check if required privileges is subset of available privileges List<String> deniedMessages = new ArrayList<String>(); Collection<SQLPrivTypeGrant> missingPrivs = reqPrivileges.findMissingPrivs(availPrivs); SQLAuthorizationUtils.addMissingPrivMsg(missingPrivs, hivePrivObject, deniedMessages); SQLAuthorizationUtils.assertNoDeniedPermissions(new HivePrincipal(userName, HivePrincipalType.USER), opType, deniedMessages); }
ioType); if(requiredPrivs.getRequiredPrivilegeSet().isEmpty()){ RequiredPrivileges availPrivs = new RequiredPrivileges(); //start with an empty priv set; switch (hiveObj.getType()) { case LOCAL_URI: availPrivs.addPrivilege(SQLPrivTypeGrant.ADMIN_PRIV); Collection<SQLPrivTypeGrant> missingPriv = requiredPrivs.findMissingPrivs(availPrivs); SQLAuthorizationUtils.addMissingPrivMsg(missingPriv, hiveObj, deniedMessages);
private static RequiredPrivileges getGrantRequiredPrivileges(List<HivePrivilege> hivePrivileges) throws HiveAuthzPluginException { RequiredPrivileges reqPrivs = new RequiredPrivileges(); for (HivePrivilege hivePriv : hivePrivileges) { reqPrivs.addPrivilege(hivePriv.getName(), true /* grant priv required */); } return reqPrivs; }
public void addPrivilege(String priv, boolean withGrant) throws HiveAuthzPluginException { SQLPrivTypeGrant privType = SQLPrivTypeGrant.getSQLPrivTypeGrant(priv, withGrant); addPrivilege(privType); privilegeGrantSet.add(privType); if(withGrant){ //as with grant also implies without grant privilege, add without privilege as well addPrivilege(priv, false); } }
List<PrivRequirement> opPrivs = op2Priv.get(hiveOpType); Preconditions.checkNotNull(opPrivs, "Privileges for " + hiveOpType + " are null"); RequiredPrivileges reqPrivs = new RequiredPrivileges(); continue; reqPrivs.addAll(opPriv.getReqPrivs());
/** * Find the missing privileges in availPrivs * * @param availPrivs * - available privileges * @return missing privileges as RequiredPrivileges object */ public Collection<SQLPrivTypeGrant> findMissingPrivs(RequiredPrivileges availPrivs) { MissingPrivilegeCapturer missingPrivCapturer = new MissingPrivilegeCapturer(); if(availPrivs == null ){ availPrivs = new RequiredPrivileges(); //create an empty priv set } if(availPrivs.privilegeGrantSet.contains(SQLPrivTypeGrant.ADMIN_PRIV)){ //you are an admin! You have all privileges, no missing privileges return missingPrivCapturer.getMissingPrivileges(); } // check the mere mortals! for (SQLPrivTypeGrant requiredPriv : privilegeGrantSet) { if (!availPrivs.privilegeGrantSet.contains(requiredPriv)) { missingPrivCapturer.addMissingPrivilege(requiredPriv); } } return missingPrivCapturer.getMissingPrivileges(); }
private static void addPrivilegesFromFS( String userName, RequiredPrivileges availPrivs, FileSystem fs, FileStatus fileStatus, boolean recurse) throws Exception { Set<SQLPrivTypeGrant> privs = getPrivilegesFromFS(userName, fs, fileStatus, recurse); availPrivs.addAll(privs.toArray(new SQLPrivTypeGrant[privs.size()])); }
private static void checkRequiredPrivileges( RequiredPrivileges reqPrivileges, HivePrivilegeObject hivePrivObject, IMetaStoreClient metastoreClient, String userName, List<String> curRoles, boolean isAdmin, HiveOperationType opType) throws HiveAuthzPluginException, HiveAccessControlException { // keep track of the principals on which privileges have been checked for // this object // get privileges for this user and its roles on this object RequiredPrivileges availPrivs = SQLAuthorizationUtils.getPrivilegesFromMetaStore( metastoreClient, userName, hivePrivObject, curRoles, isAdmin); // check if required privileges is subset of available privileges List<String> deniedMessages = new ArrayList<String>(); Collection<SQLPrivTypeGrant> missingPrivs = reqPrivileges.findMissingPrivs(availPrivs); SQLAuthorizationUtils.addMissingPrivMsg(missingPrivs, hivePrivObject, deniedMessages); SQLAuthorizationUtils.assertNoDeniedPermissions(new HivePrincipal(userName, HivePrincipalType.USER), opType, deniedMessages); }
private static RequiredPrivileges getGrantRequiredPrivileges(List<HivePrivilege> hivePrivileges) throws HiveAuthzPluginException { RequiredPrivileges reqPrivs = new RequiredPrivileges(); for (HivePrivilege hivePriv : hivePrivileges) { reqPrivs.addPrivilege(hivePriv.getName(), true /* grant priv required */); } return reqPrivs; }