private int grantOrRevokeRole(Hive db, GrantRevokeRoleDDL grantOrRevokeRoleDDL) throws HiveException { HiveAuthorizer authorizer = getSessionAuthorizer(db); //convert to the types needed for plugin api HivePrincipal grantorPrinc = null; if(grantOrRevokeRoleDDL.getGrantor() != null){ grantorPrinc = new HivePrincipal(grantOrRevokeRoleDDL.getGrantor(), AuthorizationUtils.getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType())); } List<HivePrincipal> principals = AuthorizationUtils.getHivePrincipals( grantOrRevokeRoleDDL.getPrincipalDesc(), getAuthorizationTranslator(authorizer)); List<String> roles = grantOrRevokeRoleDDL.getRoles(); boolean grantOption = grantOrRevokeRoleDDL.isGrantOption(); if (grantOrRevokeRoleDDL.getGrant()) { authorizer.grantRole(principals, roles, grantOption, grantorPrinc); } else { authorizer.revokeRole(principals, roles, grantOption, grantorPrinc); } return 0; }
private int grantOrRevokeRole(Hive db, GrantRevokeRoleDDL grantOrRevokeRoleDDL) throws HiveException { HiveAuthorizer authorizer = getSessionAuthorizer(db); //convert to the types needed for plugin api HivePrincipal grantorPrinc = null; if(grantOrRevokeRoleDDL.getGrantor() != null){ grantorPrinc = new HivePrincipal(grantOrRevokeRoleDDL.getGrantor(), AuthorizationUtils.getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType())); } List<HivePrincipal> principals = AuthorizationUtils.getHivePrincipals( grantOrRevokeRoleDDL.getPrincipalDesc(), getAuthorizationTranslator(authorizer)); List<String> roles = grantOrRevokeRoleDDL.getRoles(); boolean grantOption = grantOrRevokeRoleDDL.isGrantOption(); if (grantOrRevokeRoleDDL.getGrant()) { authorizer.grantRole(principals, roles, grantOption, grantorPrinc); } else { authorizer.revokeRole(principals, roles, grantOption, grantorPrinc); } return 0; }
/** * REVOKE ROLE ... FROM USER ... */ @Test public void testRevokeRoleUser() throws Exception { DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM USER " + USER); GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL(); Assert.assertNotNull("Grant should not be null", grantDesc); Assert.assertFalse("Did not expect grant ", grantDesc.getGrant()); Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption()); Assert.assertEquals(currentUser, grantDesc.getGrantor()); Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType()); for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) { Assert.assertEquals(ROLE, role); } for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) { Assert.assertEquals(PrincipalType.USER, principal.getType()); Assert.assertEquals(USER, principal.getName()); } } /**
/** * GRANT ROLE ... TO USER ... */ @Test public void testGrantRoleUser() throws Exception { DDLWork work = analyze("GRANT ROLE " + ROLE + " TO USER " + USER); GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL(); Assert.assertNotNull("Grant should not be null", grantDesc); Assert.assertTrue("Expected grant ", grantDesc.getGrant()); Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption()); Assert.assertEquals(currentUser, grantDesc.getGrantor()); Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType()); for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) { Assert.assertEquals(ROLE, role); } for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) { Assert.assertEquals(PrincipalType.USER, principal.getType()); Assert.assertEquals(USER, principal.getName()); } } /**
/** * REVOKE ROLE ... FROM ROLE ... */ @Test public void testRevokeRoleRole() throws Exception { DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM ROLE " + ROLE); GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL(); Assert.assertNotNull("Grant should not be null", grantDesc); Assert.assertFalse("Did not expect grant ", grantDesc.getGrant()); Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption()); Assert.assertEquals(currentUser, grantDesc.getGrantor()); Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType()); for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) { Assert.assertEquals(ROLE, role); } for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) { Assert.assertEquals(PrincipalType.ROLE, principal.getType()); Assert.assertEquals(ROLE, principal.getName()); } } /**
/** * GRANT ROLE ... TO ROLE ... */ @Test public void testGrantRoleRole() throws Exception { DDLWork work = analyze("GRANT ROLE " + ROLE + " TO ROLE " + ROLE); GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL(); Assert.assertNotNull("Grant should not be null", grantDesc); Assert.assertTrue("Expected grant ", grantDesc.getGrant()); Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption()); Assert.assertEquals(currentUser, grantDesc.getGrantor()); Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType()); for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) { Assert.assertEquals(ROLE, role); } for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) { Assert.assertEquals(PrincipalType.ROLE, principal.getType()); Assert.assertEquals(ROLE, principal.getName()); } } /**
/** * GRANT ROLE ... TO GROUP ... */ @Test public void testGrantRoleGroup() throws Exception { DDLWork work = analyze("GRANT ROLE " + ROLE + " TO GROUP " + GROUP); GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL(); Assert.assertNotNull("Grant should not be null", grantDesc); Assert.assertTrue("Expected grant ", grantDesc.getGrant()); Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption()); Assert.assertEquals(currentUser, grantDesc.getGrantor()); Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType()); for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) { Assert.assertEquals(ROLE, role); } for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) { Assert.assertEquals(PrincipalType.GROUP, principal.getType()); Assert.assertEquals(GROUP, principal.getName()); } } /**
/** * REVOKE ROLE ... FROM GROUP ... */ @Test public void testRevokeRoleGroup() throws Exception { DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM GROUP " + GROUP); GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL(); Assert.assertNotNull("Grant should not be null", grantDesc); Assert.assertFalse("Did not expect grant ", grantDesc.getGrant()); Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption()); Assert.assertEquals(currentUser, grantDesc.getGrantor()); Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType()); for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) { Assert.assertEquals(ROLE, role); } for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) { Assert.assertEquals(PrincipalType.GROUP, principal.getType()); Assert.assertEquals(GROUP, principal.getName()); } } /**
private int grantOrRevokeRole(GrantRevokeRoleDDL grantOrRevokeRoleDDL) throws HiveException { try { boolean grantRole = grantOrRevokeRoleDDL.getGrant(); List<PrincipalDesc> principals = grantOrRevokeRoleDDL.getPrincipalDesc(); List<String> roles = grantOrRevokeRoleDDL.getRoles(); for (PrincipalDesc principal : principals) { String userName = principal.getName(); for (String roleName : roles) { if (grantRole) { db.grantRole(roleName, userName, principal.getType(), grantOrRevokeRoleDDL.getGrantor(), grantOrRevokeRoleDDL .getGrantorType(), grantOrRevokeRoleDDL.isGrantOption()); } else { db.revokeRole(roleName, userName, principal.getType()); } } } } catch (Exception e) { throw new HiveException(e); } return 0; }
private int grantOrRevokeRole(GrantRevokeRoleDDL grantOrRevokeRoleDDL) throws HiveException { HiveAuthorizer authorizer = getSessionAuthorizer(); //convert to the types needed for plugin api HivePrincipal grantorPrinc = null; if(grantOrRevokeRoleDDL.getGrantor() != null){ grantorPrinc = new HivePrincipal(grantOrRevokeRoleDDL.getGrantor(), AuthorizationUtils.getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType())); } List<HivePrincipal> principals = AuthorizationUtils.getHivePrincipals(grantOrRevokeRoleDDL.getPrincipalDesc()); List<String> roles = grantOrRevokeRoleDDL.getRoles(); boolean grantOption = grantOrRevokeRoleDDL.isGrantOption(); if (grantOrRevokeRoleDDL.getGrant()) { authorizer.grantRole(principals, roles, grantOption, grantorPrinc); } else { authorizer.revokeRole(principals, roles, grantOption, grantorPrinc); } return 0; }