public static HivePrivilegeObjectType getPrivObjectType(PrivilegeObjectDesc privSubjectDesc) { if (privSubjectDesc.getObject() == null) { return null; } return privSubjectDesc.getTable() ? HivePrivilegeObjectType.TABLE_OR_VIEW : HivePrivilegeObjectType.DATABASE; }
public static HivePrivilegeObjectType getPrivObjectType(PrivilegeObjectDesc privSubjectDesc) { if (privSubjectDesc.getObject() == null) { return null; } return privSubjectDesc.getTable() ? HivePrivilegeObjectType.TABLE_OR_VIEW : HivePrivilegeObjectType.DATABASE; }
@Override public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) throws HiveException { // null means ALL for show grants, GLOBAL for grant/revoke HivePrivilegeObjectType objectType = null; String[] dbTable; List<String> partSpec = null; List<String> columns = null; if (privSubjectDesc == null) { dbTable = new String[] {null, null}; } else { if (privSubjectDesc.getTable()) { dbTable = Utilities.getDbTableName(privSubjectDesc.getObject()); } else { dbTable = new String[] {privSubjectDesc.getObject(), null}; } if (privSubjectDesc.getPartSpec() != null) { partSpec = new ArrayList<String>(privSubjectDesc.getPartSpec().values()); } columns = privSubjectDesc.getColumns(); objectType = AuthorizationUtils.getPrivObjectType(privSubjectDesc); } return new HivePrivilegeObject(objectType, dbTable[0], dbTable[1], partSpec, columns, null); }
@Override public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) throws HiveException { // null means ALL for show grants, GLOBAL for grant/revoke HivePrivilegeObjectType objectType = null; String[] dbTable; List<String> partSpec = null; List<String> columns = null; if (privSubjectDesc == null) { dbTable = new String[] {null, null}; } else { if (privSubjectDesc.getTable()) { dbTable = Utilities.getDbTableName(privSubjectDesc.getObject()); } else { dbTable = new String[] {privSubjectDesc.getObject(), null}; } if (privSubjectDesc.getPartSpec() != null) { partSpec = new ArrayList<String>(privSubjectDesc.getPartSpec().values()); } columns = privSubjectDesc.getColumns(); objectType = AuthorizationUtils.getPrivObjectType(privSubjectDesc); } return new HivePrivilegeObject(objectType, dbTable[0], dbTable[1], partSpec, columns, null); }
private PrivilegeObjectDesc analyzePrivilegeObject(ASTNode ast, HashSet<WriteEntity> outputs) throws SemanticException { PrivilegeObjectDesc subject = parsePrivObject(ast); if (subject.getTable()) { Table tbl = getTable(subject.getObject()); if (subject.getPartSpec() != null) { Partition part = getPartition(tbl, subject.getPartSpec()); outputs.add(new WriteEntity(part, WriteEntity.WriteType.DDL_NO_LOCK)); } else { outputs.add(new WriteEntity(tbl, WriteEntity.WriteType.DDL_NO_LOCK)); } } return subject; }
private PrivilegeObjectDesc analyzePrivilegeObject(ASTNode ast, HashSet<WriteEntity> outputs) throws SemanticException { PrivilegeObjectDesc subject = parsePrivObject(ast); if (subject.getTable()) { Table tbl = getTable(subject.getObject()); if (subject.getPartSpec() != null) { Partition part = getPartition(tbl, subject.getPartSpec()); outputs.add(new WriteEntity(part, WriteEntity.WriteType.DDL_NO_LOCK)); } else { outputs.add(new WriteEntity(tbl, WriteEntity.WriteType.DDL_NO_LOCK)); } } return subject; }
public static void grantUserTable(String privStr, PrivilegeType privType, QueryState queryState, Hive db) throws Exception { DDLWork work = AuthorizationTestUtil.analyze("GRANT " + privStr + " ON TABLE " + TABLE + " TO USER " + USER, queryState, db); GrantDesc grantDesc = work.getGrantDesc(); Assert.assertNotNull("Grant should not be null", grantDesc); //check privileges for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) { Assert.assertEquals(privType, privilege.getPrivilege().getPriv()); } //check other parts for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { Assert.assertEquals(PrincipalType.USER, principal.getType()); Assert.assertEquals(USER, principal.getName()); } Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable()); Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject()); }
/** * SHOW GRANT GROUP ... ON TABLE ... */ @Test public void testShowGrantGroupOnTable() throws Exception { DDLWork work = analyze("SHOW GRANT GROUP " + GROUP + " ON TABLE " + TABLE); ShowGrantDesc grantDesc = work.getShowGrantDesc(); Assert.assertNotNull("Show grant should not be null", grantDesc); Assert.assertEquals(PrincipalType.GROUP, grantDesc.getPrincipalDesc().getType()); Assert.assertEquals(GROUP, grantDesc.getPrincipalDesc().getName()); Assert.assertTrue("Expected table", grantDesc.getHiveObj().getTable()); Assert.assertEquals(TABLE_QNAME, grantDesc.getHiveObj().getObject()); Assert.assertTrue("Expected table", grantDesc.getHiveObj().getTable()); }
/** * SHOW GRANT ROLE ... ON TABLE ... */ @Test public void testShowGrantRoleOnTable() throws Exception { DDLWork work = analyze("SHOW GRANT ROLE " + ROLE + " ON TABLE " + TABLE); ShowGrantDesc grantDesc = work.getShowGrantDesc(); Assert.assertNotNull("Show grant should not be null", grantDesc); Assert.assertEquals(PrincipalType.ROLE, grantDesc.getPrincipalDesc().getType()); Assert.assertEquals(ROLE, grantDesc.getPrincipalDesc().getName()); Assert.assertTrue("Expected table", grantDesc.getHiveObj().getTable()); Assert.assertEquals(TABLE_QNAME, grantDesc.getHiveObj().getObject()); Assert.assertTrue("Expected table", grantDesc.getHiveObj().getTable()); } /**
/** * SHOW GRANT USER ... ON TABLE ... */ @Test public void testShowGrantUserOnTable() throws Exception { DDLWork work = analyze("SHOW GRANT USER " + USER + " ON TABLE " + TABLE); ShowGrantDesc grantDesc = work.getShowGrantDesc(); Assert.assertNotNull("Show grant should not be null", grantDesc); Assert.assertEquals(PrincipalType.USER, grantDesc.getPrincipalDesc().getType()); Assert.assertEquals(USER, grantDesc.getPrincipalDesc().getName()); Assert.assertTrue("Expected table", grantDesc.getHiveObj().getTable()); Assert.assertEquals(TABLE_QNAME, grantDesc.getHiveObj().getObject()); Assert.assertTrue("Expected table", grantDesc.getHiveObj().getTable()); } /**
/** * GRANT ... ON TABLE ... TO ROLE ... */ @Test public void testGrantRoleTable() throws Exception { DDLWork work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO ROLE " + ROLE); GrantDesc grantDesc = work.getGrantDesc(); Assert.assertNotNull("Grant should not be null", grantDesc); for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { Assert.assertEquals(PrincipalType.ROLE, principal.getType()); Assert.assertEquals(ROLE, principal.getName()); } for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) { Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege()); } Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable()); Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject()); } /**
/** * REVOKE ... ON TABLE ... FROM USER ... */ @Test public void testRevokeUserTable() throws Exception { DDLWork work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM USER " + USER); RevokeDesc grantDesc = work.getRevokeDesc(); Assert.assertNotNull("Revoke should not be null", grantDesc); for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { Assert.assertEquals(PrincipalType.USER, principal.getType()); Assert.assertEquals(USER, principal.getName()); } for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) { Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege()); } Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable()); Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject()); } /**
/** * GRANT ... ON TABLE ... TO GROUP ... */ @Test public void testGrantGroupTable() throws Exception { DDLWork work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO GROUP " + GROUP); GrantDesc grantDesc = work.getGrantDesc(); Assert.assertNotNull("Grant should not be null", grantDesc); for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { Assert.assertEquals(PrincipalType.GROUP, principal.getType()); Assert.assertEquals(GROUP, principal.getName()); } for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) { Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege()); } Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable()); Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject()); } /**
/** * GRANT ... ON TABLE ... TO USER ... */ @Test public void testGrantUserTable() throws Exception { DDLWork work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO USER " + USER); GrantDesc grantDesc = work.getGrantDesc(); Assert.assertNotNull("Grant should not be null", grantDesc); for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { Assert.assertEquals(PrincipalType.USER, principal.getType()); Assert.assertEquals(USER, principal.getName()); } for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) { Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege()); } Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable()); Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject()); } /**
/** * REVOKE ... ON TABLE ... FROM ROLE ... */ @Test public void testRevokeRoleTable() throws Exception { DDLWork work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM ROLE " + ROLE); RevokeDesc grantDesc = work.getRevokeDesc(); Assert.assertNotNull("Revoke should not be null", grantDesc); for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { Assert.assertEquals(PrincipalType.ROLE, principal.getType()); Assert.assertEquals(ROLE, principal.getName()); } for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) { Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege()); } Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable()); Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject()); } /**
/** * REVOKE ... ON TABLE ... FROM GROUP ... */ @Test public void testRevokeGroupTable() throws Exception { DDLWork work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM GROUP " + GROUP); RevokeDesc grantDesc = work.getRevokeDesc(); Assert.assertNotNull("Revoke should not be null", grantDesc); for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { Assert.assertEquals(PrincipalType.GROUP, principal.getType()); Assert.assertEquals(GROUP, principal.getName()); } for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) { Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege()); } Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable()); Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject()); } /**
public static HivePrivilegeObjectType getPrivObjectType(PrivilegeObjectDesc privSubjectDesc) { if (privSubjectDesc.getObject() == null) { return null; } return privSubjectDesc.getTable() ? HivePrivilegeObjectType.TABLE_OR_VIEW : HivePrivilegeObjectType.DATABASE; }
public static HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) throws HiveException { // null means ALL for show grants, GLOBAL for grant/revoke HivePrivilegeObjectType objectType = null; String[] dbTable; List<String> partSpec = null; List<String> columns = null; if (privSubjectDesc == null) { dbTable = new String[] {null, null}; } else { if (privSubjectDesc.getTable()) { dbTable = Utilities.getDbTableName(privSubjectDesc.getObject()); } else { dbTable = new String[] {privSubjectDesc.getObject(), null}; } if (privSubjectDesc.getPartSpec() != null) { partSpec = new ArrayList<String>(privSubjectDesc.getPartSpec().values()); } columns = privSubjectDesc.getColumns(); objectType = getPrivObjectType(privSubjectDesc); } return new HivePrivilegeObject(objectType, dbTable[0], dbTable[1], partSpec, columns, null); }
private PrivilegeObjectDesc analyzePrivilegeObject(ASTNode ast, HashSet<WriteEntity> outputs) throws SemanticException { PrivilegeObjectDesc subject = parsePrivObject(ast); if (subject.getTable()) { Table tbl = getTable(subject.getObject()); if (subject.getPartSpec() != null) { Partition part = getPartition(tbl, subject.getPartSpec()); outputs.add(new WriteEntity(part, WriteEntity.WriteType.DDL_NO_LOCK)); } else { outputs.add(new WriteEntity(tbl, WriteEntity.WriteType.DDL_NO_LOCK)); } } return subject; }
private PrivilegeObjectDesc analyzePrivilegeObject(ASTNode ast, HashSet<WriteEntity> outputs) throws SemanticException { PrivilegeObjectDesc subject = new PrivilegeObjectDesc(); subject.setObject(unescapeIdentifier(ast.getChild(0).getText())); if (ast.getChildCount() > 1) { for (int i =0;i< ast.getChildCount();i++) { ASTNode astChild = (ASTNode) ast.getChild(i); if (astChild.getToken().getType() == HiveParser.TOK_PARTSPEC) { subject.setPartSpec(DDLSemanticAnalyzer.getPartSpec(astChild)); } else { subject.setTable(ast.getChild(0) != null); } } } try { if (subject.getTable()) { Table tbl = db.getTable(subject.getObject()); if (subject.getPartSpec() != null) { Partition part = db.getPartition(tbl, subject.getPartSpec(), false); outputs.add(new WriteEntity(part)); } else { outputs.add(new WriteEntity(tbl)); } } } catch (HiveException e) { throw new SemanticException(e); } return subject; }