/** * Remove any role privileges that don't belong to the roles in curRoles * @param thriftPrivs * @param curRoles * @return */ private static void filterPrivsByCurrentRoles(PrincipalPrivilegeSet thriftPrivs, List<String> curRoles) { // check if there are privileges to be filtered if(thriftPrivs == null || thriftPrivs.getRolePrivileges() == null || thriftPrivs.getRolePrivilegesSize() == 0 ){ // no privileges to filter return; } // add the privs for roles in curRoles to new role-to-priv map Map<String, List<PrivilegeGrantInfo>> filteredRolePrivs = new HashMap<String, List<PrivilegeGrantInfo>>(); for(String role : curRoles){ List<PrivilegeGrantInfo> privs = thriftPrivs.getRolePrivileges().get(role); if(privs != null){ filteredRolePrivs.put(role, privs); } } thriftPrivs.setRolePrivileges(filteredRolePrivs); }
public Object getFieldValue(_Fields field) { switch (field) { case USER_PRIVILEGES: return getUserPrivileges(); case GROUP_PRIVILEGES: return getGroupPrivileges(); case ROLE_PRIVILEGES: return getRolePrivileges(); } throw new IllegalStateException(); }
private static RequiredPrivileges getRequiredPrivsFromThrift(PrincipalPrivilegeSet thrifPrivs) throws HiveAuthzPluginException { RequiredPrivileges reqPrivs = new RequiredPrivileges(); // add user privileges Map<String, List<PrivilegeGrantInfo>> userPrivs = thrifPrivs.getUserPrivileges(); if (userPrivs != null && userPrivs.size() != 1) { throw new HiveAuthzPluginException("Invalid number of user privilege objects: " + userPrivs.size()); } addRequiredPrivs(reqPrivs, userPrivs); // add role privileges Map<String, List<PrivilegeGrantInfo>> rolePrivs = thrifPrivs.getRolePrivileges(); addRequiredPrivs(reqPrivs, rolePrivs); return reqPrivs; }
/** * Remove any role privileges that don't belong to the roles in curRoles * @param thriftPrivs * @param curRoles * @return */ private static void filterPrivsByCurrentRoles(PrincipalPrivilegeSet thriftPrivs, List<String> curRoles) { // check if there are privileges to be filtered if(thriftPrivs == null || thriftPrivs.getRolePrivileges() == null || thriftPrivs.getRolePrivilegesSize() == 0 ){ // no privileges to filter return; } // add the privs for roles in curRoles to new role-to-priv map Map<String, List<PrivilegeGrantInfo>> filteredRolePrivs = new HashMap<String, List<PrivilegeGrantInfo>>(); for(String role : curRoles){ List<PrivilegeGrantInfo> privs = thriftPrivs.getRolePrivileges().get(role); if(privs != null){ filteredRolePrivs.put(role, privs); } } thriftPrivs.setRolePrivileges(filteredRolePrivs); }
private static RequiredPrivileges getRequiredPrivsFromThrift(PrincipalPrivilegeSet thrifPrivs) throws HiveAuthzPluginException { RequiredPrivileges reqPrivs = new RequiredPrivileges(); // add user privileges Map<String, List<PrivilegeGrantInfo>> userPrivs = thrifPrivs.getUserPrivileges(); if (userPrivs != null && userPrivs.size() != 1) { throw new HiveAuthzPluginException("Invalid number of user privilege objects: " + userPrivs.size()); } addRequiredPrivs(reqPrivs, userPrivs); // add role privileges Map<String, List<PrivilegeGrantInfo>> rolePrivs = thrifPrivs.getRolePrivileges(); addRequiredPrivs(reqPrivs, rolePrivs); return reqPrivs; }
/** * Remove any role privileges that don't belong to the roles in curRoles * @param thriftPrivs * @param curRoles * @return */ private static void filterPrivsByCurrentRoles(PrincipalPrivilegeSet thriftPrivs, List<String> curRoles) { // check if there are privileges to be filtered if(thriftPrivs == null || thriftPrivs.getRolePrivileges() == null || thriftPrivs.getRolePrivilegesSize() == 0 ){ // no privileges to filter return; } // add the privs for roles in curRoles to new role-to-priv map Map<String, List<PrivilegeGrantInfo>> filteredRolePrivs = new HashMap<String, List<PrivilegeGrantInfo>>(); for(String role : curRoles){ List<PrivilegeGrantInfo> privs = thriftPrivs.getRolePrivileges().get(role); if(privs != null){ filteredRolePrivs.put(role, privs); } } thriftPrivs.setRolePrivileges(filteredRolePrivs); }
if (privileges.getRolePrivileges() != null && privileges.getRolePrivileges().size() > 0) { Collection<List<PrivilegeGrantInfo>> rolePrivsCollection = privileges .getRolePrivileges().values();
privileges.addAll(toGrants(userPrivileges.get(principalName))); Map<String, List<PrivilegeGrantInfo>> rolePrivilegesMap = privilegeSet.getRolePrivileges(); if (rolePrivilegesMap != null) { for (List<PrivilegeGrantInfo> rolePrivileges : rolePrivilegesMap.values()) {
if (privileges.getRolePrivileges() != null && privileges.getRolePrivileges().size() > 0) { Collection<List<PrivilegeGrantInfo>> rolePrivsCollection = privileges .getRolePrivileges().values();
private static void assertAuthInfoReturned(String user, String group, Partition partition) { assertNotNull(partition.getPrivileges()); assertEquals(Lists.newArrayList(), partition.getPrivileges().getUserPrivileges().get(user)); assertEquals(Lists.newArrayList(), partition.getPrivileges().getGroupPrivileges().get(group)); assertEquals(Lists.newArrayList(), partition.getPrivileges().getRolePrivileges().get("public")); }
setTablePrivileges(user, USER, table.getDbName(), table.getTableName(), userPrivileges); for (Entry<String, List<PrivilegeGrantInfo>> entry : privileges.getRolePrivileges().entrySet()) { String role = entry.getKey(); Set<HivePrivilegeInfo> rolePrivileges = entry.getValue().stream()
private static void assertAuthInfoReturned(String user, String group, Partition partition) { assertNotNull(partition.getPrivileges()); assertEquals(Lists.newArrayList(), partition.getPrivileges().getUserPrivileges().get(user)); assertEquals(Lists.newArrayList(), partition.getPrivileges().getGroupPrivileges().get(group)); assertEquals(Lists.newArrayList(), partition.getPrivileges().getRolePrivileges().get("public")); }
putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, groupPrivs, PrincipalType.GROUP, "SQL"); Map<String, List<PrivilegeGrantInfo>> rolePrivs = principalPrivs.getRolePrivileges(); putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, rolePrivs, PrincipalType.ROLE, "SQL");
public Object getFieldValue(_Fields field) { switch (field) { case USER_PRIVILEGES: return getUserPrivileges(); case GROUP_PRIVILEGES: return getGroupPrivileges(); case ROLE_PRIVILEGES: return getRolePrivileges(); } throw new IllegalStateException(); }
public Object getFieldValue(_Fields field) { switch (field) { case USER_PRIVILEGES: return getUserPrivileges(); case GROUP_PRIVILEGES: return getGroupPrivileges(); case ROLE_PRIVILEGES: return getRolePrivileges(); } throw new IllegalStateException(); }
public Object getFieldValue(_Fields field) { switch (field) { case USER_PRIVILEGES: return getUserPrivileges(); case GROUP_PRIVILEGES: return getGroupPrivileges(); case ROLE_PRIVILEGES: return getRolePrivileges(); } throw new IllegalStateException(); }
public Object getFieldValue(_Fields field) { switch (field) { case USER_PRIVILEGES: return getUserPrivileges(); case GROUP_PRIVILEGES: return getGroupPrivileges(); case ROLE_PRIVILEGES: return getRolePrivileges(); } throw new IllegalStateException(); }
private Set<HivePrivilege> getPrivileges(String user, HiveObjectRef objectReference) { ImmutableSet.Builder<HivePrivilege> privileges = ImmutableSet.builder(); try (HiveMetastoreClient client = clientProvider.createMetastoreClient()) { PrincipalPrivilegeSet privilegeSet = client.getPrivilegeSet(objectReference, user, null); if (privilegeSet != null) { Map<String, List<PrivilegeGrantInfo>> userPrivileges = privilegeSet.getUserPrivileges(); if (userPrivileges != null) { privileges.addAll(toGrants(userPrivileges.get(user))); } for (List<PrivilegeGrantInfo> rolePrivileges : privilegeSet.getRolePrivileges().values()) { privileges.addAll(toGrants(rolePrivileges)); } // We do not add the group permissions as Hive does not seem to process these } } catch (TException e) { throw new PrestoException(HIVE_METASTORE_ERROR, e); } return privileges.build(); }
private static RequiredPrivileges getRequiredPrivsFromThrift(PrincipalPrivilegeSet thrifPrivs) throws HiveAuthzPluginException { RequiredPrivileges reqPrivs = new RequiredPrivileges(); // add user privileges Map<String, List<PrivilegeGrantInfo>> userPrivs = thrifPrivs.getUserPrivileges(); if (userPrivs != null && userPrivs.size() != 1) { throw new HiveAuthzPluginException("Invalid number of user privilege objects: " + userPrivs.size()); } addRequiredPrivs(reqPrivs, userPrivs); // add role privileges Map<String, List<PrivilegeGrantInfo>> rolePrivs = thrifPrivs.getRolePrivileges(); addRequiredPrivs(reqPrivs, rolePrivs); return reqPrivs; }
public void createTable(Table tbl) throws InvalidObjectException, MetaException { boolean commited = false; try { openTransaction(); MTable mtbl = convertToMTable(tbl); pm.makePersistent(mtbl); PrincipalPrivilegeSet principalPrivs = tbl.getPrivileges(); List<Object> toPersistPrivObjs = new ArrayList<Object>(); if (principalPrivs != null) { int now = (int)(System.currentTimeMillis()/1000); Map<String, List<PrivilegeGrantInfo>> userPrivs = principalPrivs.getUserPrivileges(); putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, userPrivs, PrincipalType.USER); Map<String, List<PrivilegeGrantInfo>> groupPrivs = principalPrivs.getGroupPrivileges(); putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, groupPrivs, PrincipalType.GROUP); Map<String, List<PrivilegeGrantInfo>> rolePrivs = principalPrivs.getRolePrivileges(); putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, rolePrivs, PrincipalType.ROLE); } pm.makePersistentAll(toPersistPrivObjs); commited = commitTransaction(); } finally { if (!commited) { rollbackTransaction(); } } }