private void setupBlockedUdfs() { HiveConf hiveConf = getHiveConf(); FunctionRegistry.setupPermissionsForBuiltinUDFs( hiveConf.getVar(ConfVars.HIVE_SERVER2_BUILTIN_UDF_WHITELIST), hiveConf.getVar(ConfVars.HIVE_SERVER2_BUILTIN_UDF_BLACKLIST)); }
@After public void tearDown() throws Exception { FunctionRegistry.setupPermissionsForBuiltinUDFs("", ""); }
/** * Verify that UDF not in whitelist can't be accessed * @throws Exception */ @Test (expected=SemanticException.class) public void testUdfNotInWhiteList() throws Exception { Set<String> funcNames = FunctionRegistry.getFunctionNames(); funcNames.remove("reflect"); FunctionRegistry.setupPermissionsForBuiltinUDFs(funcNames.toString(), ""); assertEquals("reflect", FunctionRegistry.getFunctionInfo("reflect").getDisplayName()); }
/** * Verify that UDF in the whitelist can be access * @throws Exception */ @Test public void testUdfInWhiteList() throws Exception { Set<String> funcNames = FunctionRegistry.getFunctionNames(); funcNames.remove("reflect"); FunctionRegistry.setupPermissionsForBuiltinUDFs(funcNames.toString(), ""); assertEquals("substr", FunctionRegistry.getFunctionInfo("substr").getDisplayName()); }
/** * Test malformatted udf list setting */ @Test (expected=SemanticException.class) public void testMalformattedListProperty() throws Exception { FunctionRegistry.setupPermissionsForBuiltinUDFs(",,", " ,reflect,"); assertEquals("reflect", FunctionRegistry.getFunctionInfo("reflect").getDisplayName()); }
/** * Verify that UDF in blacklist can't be accessed * @throws Exception */ @Test (expected=SemanticException.class) public void testUdfInBlackList() throws Exception { FunctionRegistry.setupPermissionsForBuiltinUDFs("", "reflect"); assertEquals("reflect", FunctionRegistry.getFunctionInfo("reflect").getDisplayName()); }
/** * Verify that UDF in whitelist and blacklist can't be accessed * @throws Exception */ @Test (expected=SemanticException.class) public void testUdfInBlackAndWhiteList() throws Exception { FunctionRegistry.setupPermissionsForBuiltinUDFs("reflect", "reflect"); assertEquals("reflect", FunctionRegistry.getFunctionInfo("reflect").getDisplayName()); }
/** * Verify that UDF in the whitelist can be access * @throws Exception */ @Test public void testDefaultWhiteList() throws Exception { assertEquals("", new HiveConf().getVar(ConfVars.HIVE_SERVER2_BUILTIN_UDF_WHITELIST)); assertEquals("", new HiveConf().getVar(ConfVars.HIVE_SERVER2_BUILTIN_UDF_BLACKLIST)); FunctionRegistry.setupPermissionsForBuiltinUDFs("", ""); assertEquals("substr", FunctionRegistry.getFunctionInfo("substr").getDisplayName()); }
private void setupBlockedUdfs() { FunctionRegistry.setupPermissionsForBuiltinUDFs( hiveConf.getVar(ConfVars.HIVE_SERVER2_BUILTIN_UDF_WHITELIST), hiveConf.getVar(ConfVars.HIVE_SERVER2_BUILTIN_UDF_BLACKLIST)); }
private void setupBlockedUdfs() { FunctionRegistry.setupPermissionsForBuiltinUDFs( hiveConf.getVar(ConfVars.HIVE_SERVER2_BUILTIN_UDF_WHITELIST), hiveConf.getVar(ConfVars.HIVE_SERVER2_BUILTIN_UDF_BLACKLIST)); }
private void setupBlockedUdfs() { FunctionRegistry.setupPermissionsForBuiltinUDFs( hiveConf.getVar(ConfVars.HIVE_SERVER2_BUILTIN_UDF_WHITELIST), hiveConf.getVar(ConfVars.HIVE_SERVER2_BUILTIN_UDF_BLACKLIST)); }
private void setupBlockedUdfs() { FunctionRegistry.setupPermissionsForBuiltinUDFs( hiveConf.getVar(ConfVars.HIVE_SERVER2_BUILTIN_UDF_WHITELIST), hiveConf.getVar(ConfVars.HIVE_SERVER2_BUILTIN_UDF_BLACKLIST)); }
private void setupBlockedUdfs() { HiveConf hiveConf = getHiveConf(); FunctionRegistry.setupPermissionsForBuiltinUDFs( hiveConf.getVar(ConfVars.HIVE_SERVER2_BUILTIN_UDF_WHITELIST), hiveConf.getVar(ConfVars.HIVE_SERVER2_BUILTIN_UDF_BLACKLIST)); }
public HiveAuthzBindingHook() throws Exception { SessionState session = SessionState.get(); if(session == null) { throw new IllegalStateException("Session has not been started"); } // HACK: set a random classname to force the Auth V2 in Hive SessionState.get().setAuthorizer(null); HiveConf hiveConf = session.getConf(); if(hiveConf == null) { throw new IllegalStateException("Session HiveConf is null"); } authzConf = loadAuthzConf(hiveConf); hiveAuthzBinding = new HiveAuthzBinding(hiveConf, authzConf); String serdeWhiteLists = authzConf.get(HiveAuthzConf.HIVE_SENTRY_SERDE_WHITELIST, HiveAuthzConf.HIVE_SENTRY_SERDE_WHITELIST_DEFAULT); serdeWhiteList = Arrays.asList(serdeWhiteLists.split(",")); serdeURIPrivilegesEnabled = authzConf.getBoolean(HiveAuthzConf.HIVE_SENTRY_SERDE_URI_PRIVILIEGES_ENABLED, HiveAuthzConf.HIVE_SENTRY_SERDE_URI_PRIVILIEGES_ENABLED_DEFAULT); FunctionRegistry.setupPermissionsForBuiltinUDFs("", HiveAuthzConf.HIVE_UDF_BLACK_LIST); }