org.apache.hadoop.hive.metastore.api.PrincipalType Java Examples
The following examples show how to use
org.apache.hadoop.hive.metastore.api.PrincipalType.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: TestSentryHiveAuthorizationTaskFactory.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
/**
* GRANT ... ON TABLE ... TO ROLE ...
*/
@Test
public void testGrantRoleTable() throws Exception {
DDLWork work = analyze(parse("GRANT " + ALL + " ON TABLE " + TABLE
+ " TO ROLE " + ROLE));
GrantDesc grantDesc = work.getGrantDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipals())) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
for (PrivilegeDesc privilege : assertSize(1, grantDesc.getPrivileges())) {
Assert.assertEquals(Privilege.ALL, privilege.getPrivilege());
}
Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc()
.getTable());
Assert.assertEquals(TABLE, grantDesc.getPrivilegeSubjectDesc().getObject());
}
Example #2
| Source File: TestSentryHiveAuthorizationTaskFactory.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
/**
* GRANT ALL ON SERVER
*/
@Test
public void testGrantServer() throws Exception {
DDLWork work = analyze(parse("GRANT " + ALL + " ON SERVER " + SERVER
+ " TO ROLE " + ROLE));
GrantDesc grantDesc = work.getGrantDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipals())) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
for (PrivilegeDesc privilege : assertSize(1, grantDesc.getPrivileges())) {
Assert.assertEquals(Privilege.ALL, privilege.getPrivilege());
}
SentryHivePrivilegeObjectDesc privilegeDesc =
(SentryHivePrivilegeObjectDesc)grantDesc.getPrivilegeSubjectDesc();
Assert.assertTrue("Expected server", privilegeDesc.getServer());
Assert.assertEquals(SERVER, privilegeDesc.getObject());
}
Example #3
| Source File: SentryHiveAuthorizationTaskFactoryImpl.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
@Override
public Task<? extends Serializable> createShowRoleGrantTask(ASTNode ast, Path resultFile,
HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) throws SemanticException {
ASTNode child = (ASTNode) ast.getChild(0);
PrincipalType principalType = PrincipalType.USER;
switch (child.getType()) {
case HiveParser.TOK_USER:
principalType = PrincipalType.USER;
break;
case HiveParser.TOK_GROUP:
principalType = PrincipalType.GROUP;
break;
case HiveParser.TOK_ROLE:
principalType = PrincipalType.ROLE;
break;
}
if (principalType != PrincipalType.GROUP) {
String msg = SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + principalType;
throw new SemanticException(msg);
}
String principalName = BaseSemanticAnalyzer.unescapeIdentifier(child.getChild(0).getText());
RoleDDLDesc roleDesc = new RoleDDLDesc(principalName, principalType,
RoleDDLDesc.RoleOperation.SHOW_ROLE_GRANT, null);
roleDesc.setResFile(resultFile.toString());
return createTask(new DDLWork(inputs, outputs, roleDesc));
}
Example #4
| Source File: HiveCatalog.java From flink with Apache License 2.0 | 6 votes |
|
private static Function instantiateHiveFunction(ObjectPath functionPath, CatalogFunction function) {
boolean isGeneric = Boolean.valueOf(function.getProperties().get(CatalogConfig.IS_GENERIC));
// Hive Function does not have properties map
// thus, use a prefix in class name to distinguish Flink and Hive functions
String functionClassName = isGeneric ?
FLINK_FUNCTION_PREFIX + function.getClassName() :
function.getClassName();
return new Function(
// due to https://issues.apache.org/jira/browse/HIVE-22053, we have to normalize function name ourselves
HiveStringUtils.normalizeIdentifier(functionPath.getObjectName()),
functionPath.getDatabaseName(),
functionClassName,
null, // Owner name
PrincipalType.GROUP, // Temporarily set to GROUP type because it's required by Hive. May change later
(int) (System.currentTimeMillis() / 1000),
FunctionType.JAVA, // FunctionType only has JAVA now
new ArrayList<>() // Resource URIs
);
}
Example #5
| Source File: SentryHiveAuthorizationTaskFactoryImpl.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
@Override
public Task<? extends Serializable> createRevokeTask(ASTNode ast, HashSet<ReadEntity> inputs,
HashSet<WriteEntity> outputs) throws SemanticException {
List<PrivilegeDesc> privilegeDesc = analyzePrivilegeListDef((ASTNode) ast.getChild(0));
List<PrincipalDesc> principalDesc = analyzePrincipalListDef((ASTNode) ast.getChild(1));
PrivilegeObjectDesc privilegeObj = null;
if (ast.getChildCount() > 2) {
ASTNode astChild = (ASTNode) ast.getChild(2);
privilegeObj = analyzePrivilegeObject(astChild);
}
if (privilegeObj != null && privilegeObj.getPartSpec() != null) {
throw new SemanticException(SentryHiveConstants.PARTITION_PRIVS_NOT_SUPPORTED);
}
for (PrincipalDesc princ : principalDesc) {
if (princ.getType() != PrincipalType.ROLE) {
String msg = SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + princ.getType();
throw new SemanticException(msg);
}
}
RevokeDesc revokeDesc = new RevokeDesc(privilegeDesc, principalDesc, privilegeObj);
return createTask(new DDLWork(inputs, outputs, revokeDesc));
}
Example #6
| Source File: SentryHiveAuthorizationTaskFactoryImpl.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
private Task<? extends Serializable> analyzeGrantRevokeRole(boolean isGrant, ASTNode ast,
HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) throws SemanticException {
List<PrincipalDesc> principalDesc = analyzePrincipalListDef(
(ASTNode) ast.getChild(0));
List<String> roles = new ArrayList<String>();
for (int i = 1; i < ast.getChildCount(); i++) {
roles.add(BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(i).getText()));
}
String roleOwnerName = "";
if (SessionState.get() != null
&& SessionState.get().getAuthenticator() != null) {
roleOwnerName = SessionState.get().getAuthenticator().getUserName();
}
for (PrincipalDesc princ : principalDesc) {
if (princ.getType() != PrincipalType.GROUP) {
String msg = SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_ON_OBJECT + princ.getType();
throw new SemanticException(msg);
}
}
GrantRevokeRoleDDL grantRevokeRoleDDL = new GrantRevokeRoleDDL(isGrant,
roles, principalDesc, roleOwnerName, PrincipalType.USER, false);
return createTask(new DDLWork(inputs, outputs, grantRevokeRoleDDL));
}
Example #7
| Source File: ThriftHiveMetastoreClient.java From presto with Apache License 2.0 | 6 votes |
|
@Override
public void grantRole(String role, String granteeName, PrincipalType granteeType, String grantorName, PrincipalType grantorType, boolean grantOption)
throws TException
{
List<RolePrincipalGrant> grants = listRoleGrants(granteeName, granteeType);
for (RolePrincipalGrant grant : grants) {
if (grant.getRoleName().equals(role)) {
if (grant.isGrantOption() == grantOption) {
return;
}
if (!grant.isGrantOption() && grantOption) {
revokeRole(role, granteeName, granteeType, false);
break;
}
}
}
createGrant(role, granteeName, granteeType, grantorName, grantorType, grantOption);
}
Example #8
| Source File: SentryHiveAuthorizationTaskFactoryImpl.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
@Override
public Task<? extends Serializable> createShowRolePrincipalsTask(ASTNode ast, Path resFile,
HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) throws SemanticException {
String roleName;
if (ast.getChildCount() == 1) {
roleName = ast.getChild(0).getText();
} else {
// the parser should not allow this
throw new AssertionError("Unexpected Tokens in SHOW ROLE PRINCIPALS");
}
RoleDDLDesc roleDDLDesc = new RoleDDLDesc(roleName, PrincipalType.ROLE,
RoleDDLDesc.RoleOperation.SHOW_ROLE_PRINCIPALS, null);
roleDDLDesc.setResFile(resFile.toString());
return createTask(new DDLWork(inputs, outputs, roleDDLDesc));
//return TaskFactory.get(new DDLWork(inputs, outputs, roleDDLDesc), conf);
}
Example #9
| Source File: TestSentryHiveAuthorizationTaskFactory.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
@Test
public void testGrantUri() throws Exception {
String uriPath = "/tmp";
DDLWork work = analyze(parse("GRANT " + ALL + " ON URI '" + uriPath
+ "' TO ROLE " + ROLE));
GrantDesc grantDesc = work.getGrantDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipals())) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
for (PrivilegeDesc privilege : assertSize(1, grantDesc.getPrivileges())) {
Assert.assertEquals(Privilege.ALL, privilege.getPrivilege());
}
SentryHivePrivilegeObjectDesc privilegeDesc = (SentryHivePrivilegeObjectDesc)grantDesc.getPrivilegeSubjectDesc();
Assert.assertTrue("Expected uri", privilegeDesc.getUri());
Assert.assertEquals(uriPath, privilegeDesc.getObject());
}
Example #10
| Source File: TestSentryHiveAuthorizationTaskFactory.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
/**
* GRANT ... ON TABLE ... TO ROLE ... WITH GRANT OPTION
*/
@Test
public void testGrantRoleTableWithGrantOption() throws Exception {
DDLWork work = analyze(parse("GRANT " + ALL + " ON TABLE " + TABLE + " TO ROLE " + ROLE +
" WITH GRANT OPTION"));
GrantDesc grantDesc = work.getGrantDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipals())) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
for (PrivilegeDesc privilege : assertSize(1, grantDesc.getPrivileges())) {
Assert.assertEquals(Privilege.ALL, privilege.getPrivilege());
}
Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc()
.getTable());
Assert.assertTrue("Expected grantOption is true", grantDesc.isGrantOption());
Assert.assertEquals(TABLE, grantDesc.getPrivilegeSubjectDesc().getObject());
}
Example #11
| Source File: TestSentryHiveAuthorizationTaskFactory.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
/**
* REVOKE ... ON TABLE ... FROM ROLE ...
*/
@Test
public void testRevokeRoleTable() throws Exception {
DDLWork work = analyze(parse("REVOKE " + ALL + " ON TABLE " + TABLE
+ " FROM ROLE " + ROLE));
RevokeDesc grantDesc = work.getRevokeDesc();
Assert.assertNotNull("Revoke should not be null", grantDesc);
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipals())) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
for (PrivilegeDesc privilege : assertSize(1, grantDesc.getPrivileges())) {
Assert.assertEquals(Privilege.ALL, privilege.getPrivilege());
}
Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc()
.getTable());
Assert.assertEquals(TABLE, grantDesc.getPrivilegeSubjectDesc().getObject());
}
Example #12
| Source File: TestSentryHiveAuthorizationTaskFactory.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
/**
* GRANT ROLE ... TO GROUP ...
*/
@Test
public void testGrantRoleGroup() throws Exception {
DDLWork work = analyze(parse("GRANT ROLE " + ROLE + " TO GROUP " + GROUP));
GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertTrue("Expected grant ", grantDesc.getGrant());
Assert
.assertFalse("Grant option should be false", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
for (String role : assertSize(1, grantDesc.getRoles())) {
Assert.assertEquals(ROLE, role);
}
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipalDesc())) {
Assert.assertEquals(PrincipalType.GROUP, principal.getType());
Assert.assertEquals(GROUP, principal.getName());
}
}
Example #13
| Source File: TestSentryHiveAuthorizationTaskFactory.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
/**
* REVOKE ROLE ... FROM GROUP ...
*/
@Test
public void testRevokeRoleGroup() throws Exception {
DDLWork work = analyze(parse("REVOKE ROLE " + ROLE + " FROM GROUP " + GROUP));
GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertFalse("Did not expect grant ", grantDesc.getGrant());
Assert.assertFalse("Grant option is always true ", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
for (String role : assertSize(1, grantDesc.getRoles())) {
Assert.assertEquals(ROLE, role);
}
for (PrincipalDesc principal : assertSize(1, grantDesc.getPrincipalDesc())) {
Assert.assertEquals(PrincipalType.GROUP, principal.getType());
Assert.assertEquals(GROUP, principal.getName());
}
}
Example #14
| Source File: ThriftHiveMetastoreClient.java From presto with Apache License 2.0 | 6 votes |
|
private void createGrant(String role, String granteeName, PrincipalType granteeType, String grantorName, PrincipalType grantorType, boolean grantOption)
throws TException
{
GrantRevokeRoleRequest request = new GrantRevokeRoleRequest();
request.setRequestType(GrantRevokeType.GRANT);
request.setRoleName(role);
request.setPrincipalName(granteeName);
request.setPrincipalType(granteeType);
request.setGrantor(grantorName);
request.setGrantorType(grantorType);
request.setGrantOption(grantOption);
GrantRevokeRoleResponse response = client.grant_revoke_role(request);
if (!response.isSetSuccess()) {
throw new MetaException("GrantRevokeResponse missing success field");
}
}
Example #15
| Source File: CatalogToHiveConverter.java From aws-glue-data-catalog-client-for-apache-hive-metastore with Apache License 2.0 | 6 votes |
|
public static Function convertFunction(final String dbName,
final com.amazonaws.services.glue.model.UserDefinedFunction catalogFunction) {
if (catalogFunction == null) {
return null;
}
Function hiveFunction = new Function();
hiveFunction.setClassName(catalogFunction.getClassName());
hiveFunction.setCreateTime((int)(catalogFunction.getCreateTime().getTime() / 1000));
hiveFunction.setDbName(dbName);
hiveFunction.setFunctionName(catalogFunction.getFunctionName());
hiveFunction.setFunctionType(FunctionType.JAVA);
hiveFunction.setOwnerName(catalogFunction.getOwnerName());
hiveFunction.setOwnerType(convertPrincipalType(com.amazonaws.services.glue.model.PrincipalType.fromValue(catalogFunction.getOwnerType())));
hiveFunction.setResourceUris(convertResourceUriList(catalogFunction.getResourceUris()));
return hiveFunction;
}
Example #16
| Source File: ThriftHiveMetastoreClient.java From presto with Apache License 2.0 | 6 votes |
|
@Override
public void revokeRole(String role, String granteeName, PrincipalType granteeType, boolean grantOption)
throws TException
{
List<RolePrincipalGrant> grants = listRoleGrants(granteeName, granteeType);
RolePrincipalGrant currentGrant = null;
for (RolePrincipalGrant grant : grants) {
if (grant.getRoleName().equals(role)) {
currentGrant = grant;
break;
}
}
if (currentGrant == null) {
return;
}
if (!currentGrant.isGrantOption() && grantOption) {
return;
}
removeGrant(role, granteeName, granteeType, grantOption);
}
Example #17
| Source File: TestSentryHiveAuthorizationTaskFactory.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
/**
* SHOW CURRENT ROLE
*/
@Test
public void testShowCurrentRole() throws Exception {
DDLWork work = analyze(parse("SHOW CURRENT ROLES"));
RoleDDLDesc roleDDLDesc = work.getRoleDDLDesc();
Assert.assertEquals(PrincipalType.USER, roleDDLDesc.getPrincipalType());
Assert.assertEquals(RoleOperation.SHOW_CURRENT_ROLE, roleDDLDesc.getOperation());
}
Example #18
| Source File: TestSentryHiveAuthorizationTaskFactory.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
/**
* SHOW GRANT ROLE ... ON TABLE ...
*/
@Test
public void testShowGrantRoleOnTable() throws Exception {
DDLWork work = analyze(parse("SHOW GRANT ROLE " + ROLE + " ON TABLE " + TABLE));
ShowGrantDesc grantDesc = work.getShowGrantDesc();
Assert.assertNotNull("Show grant should not be null", grantDesc);
Assert.assertEquals(PrincipalType.ROLE, grantDesc.getPrincipalDesc().getType());
Assert.assertEquals(ROLE, grantDesc.getPrincipalDesc().getName());
Assert.assertTrue("Expected table", grantDesc.getHiveObj().getTable());
Assert.assertEquals(TABLE, grantDesc.getHiveObj().getObject());
Assert.assertTrue("Expected table", grantDesc.getHiveObj().getTable());
}
Example #19
| Source File: HiveCatalog.java From flink with Apache License 2.0 | 5 votes |
|
private static Function instantiateHiveFunction(ObjectPath functionPath, CatalogFunction function) {
boolean isGeneric = function.isGeneric();
// Hive Function does not have properties map
// thus, use a prefix in class name to distinguish Flink and Hive functions
String functionClassName;
if (function.getFunctionLanguage().equals(FunctionLanguage.JAVA)) {
functionClassName = isGeneric ?
FLINK_FUNCTION_PREFIX + function.getClassName() :
function.getClassName();
} else if (function.getFunctionLanguage().equals(FunctionLanguage.PYTHON)) {
functionClassName = FLINK_PYTHON_FUNCTION_PREFIX + function.getClassName();
} else {
throw new UnsupportedOperationException("HiveCatalog supports only creating" +
" JAVA or PYTHON based function for now");
}
return new Function(
// due to https://issues.apache.org/jira/browse/HIVE-22053, we have to normalize function name ourselves
functionPath.getObjectName().trim().toLowerCase(),
functionPath.getDatabaseName(),
functionClassName,
null, // Owner name
PrincipalType.GROUP, // Temporarily set to GROUP type because it's required by Hive. May change later
(int) (System.currentTimeMillis() / 1000),
FunctionType.JAVA, // FunctionType only has JAVA now
new ArrayList<>() // Resource URIs
);
}
Example #20
| Source File: TestSentryHiveAuthorizationTaskFactory.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
/**
* SHOW ROLE GRANT GROUP ...
*/
@Test
public void testShowRoleGrantGroup() throws Exception {
DDLWork work = analyze(parse("SHOW ROLE GRANT GROUP " + GROUP));
RoleDDLDesc roleDesc = work.getRoleDDLDesc();
Assert.assertNotNull("Role should not be null", roleDesc);
Assert.assertEquals(RoleOperation.SHOW_ROLE_GRANT, roleDesc.getOperation());
Assert.assertEquals(PrincipalType.GROUP, roleDesc.getPrincipalType());
Assert.assertEquals(GROUP, roleDesc.getName());
}
Example #21
| Source File: SentryHiveAuthorizationTaskFactoryImpl.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
private List<PrincipalDesc> analyzePrincipalListDef(ASTNode node) {
List<PrincipalDesc> principalList = new ArrayList<PrincipalDesc>();
for (int i = 0; i < node.getChildCount(); i++) {
ASTNode child = (ASTNode) node.getChild(i);
PrincipalType type = null;
switch (child.getType()) {
case 880:
type = PrincipalType.USER;
break;
case HiveParser.TOK_USER:
type = PrincipalType.USER;
break;
case 685:
type = PrincipalType.GROUP;
break;
case HiveParser.TOK_GROUP:
type = PrincipalType.GROUP;
break;
case 782:
type = PrincipalType.ROLE;
break;
case HiveParser.TOK_ROLE:
type = PrincipalType.ROLE;
break;
}
String principalName = BaseSemanticAnalyzer.unescapeIdentifier(child.getChild(0).getText());
PrincipalDesc principalDesc = new PrincipalDesc(principalName, type);
LOG.debug("## Principal : [ " + principalName + ", " + type + "]");
principalList.add(principalDesc);
}
return principalList;
}
Example #22
| Source File: SentryHiveAuthorizationTaskFactoryImpl.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Override
public Task<? extends Serializable> createShowGrantTask(ASTNode ast, Path resultFile, HashSet<ReadEntity> inputs,
HashSet<WriteEntity> outputs) throws SemanticException {
SentryHivePrivilegeObjectDesc privHiveObj = null;
ASTNode principal = (ASTNode) ast.getChild(0);
PrincipalType type = PrincipalType.USER;
switch (principal.getType()) {
case HiveParser.TOK_USER:
type = PrincipalType.USER;
break;
case HiveParser.TOK_GROUP:
type = PrincipalType.GROUP;
break;
case HiveParser.TOK_ROLE:
type = PrincipalType.ROLE;
break;
}
if (type != PrincipalType.ROLE) {
String msg = SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + type;
throw new SemanticException(msg);
}
String principalName = BaseSemanticAnalyzer.unescapeIdentifier(principal.getChild(0).getText());
PrincipalDesc principalDesc = new PrincipalDesc(principalName, type);
// Partition privileges are not supported by Sentry
if (ast.getChildCount() > 1) {
ASTNode child = (ASTNode) ast.getChild(1);
if (child.getToken().getType() == HiveParser.TOK_PRIV_OBJECT_COL) {
privHiveObj = analyzePrivilegeObject(child);
} else {
throw new SemanticException("Unrecognized Token: " + child.getToken().getType());
}
}
ShowGrantDesc showGrant = new ShowGrantDesc(resultFile.toString(),
principalDesc, privHiveObj);
return createTask(new DDLWork(inputs, outputs, showGrant));
}
Example #23
| Source File: SentryAuthorizerUtil.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
/**
* Convert TSentryRole to HiveRoleGrant
*
* @param role
*/
public static HiveRoleGrant convert2HiveRoleGrant(TSentryRole role) {
HiveRoleGrant hiveRoleGrant = new HiveRoleGrant();
hiveRoleGrant.setRoleName(role.getRoleName());
hiveRoleGrant.setPrincipalName(role.getRoleName());
hiveRoleGrant.setPrincipalType(PrincipalType.ROLE.name());
hiveRoleGrant.setGrantOption(false);
hiveRoleGrant.setGrantor(role.getGrantorPrincipal());
hiveRoleGrant.setGrantorType(PrincipalType.USER.name());
return hiveRoleGrant;
}
Example #24
| Source File: SentryHiveAuthorizationTaskFactoryImpl.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Override
public Task<? extends Serializable> createGrantTask(ASTNode ast, HashSet<ReadEntity> inputs,
HashSet<WriteEntity> outputs) throws SemanticException {
List<PrivilegeDesc> privilegeDesc = analyzePrivilegeListDef(
(ASTNode) ast.getChild(0));
List<PrincipalDesc> principalDesc = analyzePrincipalListDef(
(ASTNode) ast.getChild(1));
SentryHivePrivilegeObjectDesc privilegeObj = null;
boolean grantOption = false;
if (ast.getChildCount() > 2) {
for (int i = 2; i < ast.getChildCount(); i++) {
ASTNode astChild = (ASTNode) ast.getChild(i);
if (astChild.getType() == HiveParser.TOK_GRANT_WITH_OPTION) {
grantOption = true;
} else if (astChild.getType() == HiveParser.TOK_PRIV_OBJECT) {
privilegeObj = analyzePrivilegeObject(astChild);
}
}
}
String userName = null;
if (SessionState.get() != null
&& SessionState.get().getAuthenticator() != null) {
userName = SessionState.get().getAuthenticator().getUserName();
}
Preconditions.checkNotNull(privilegeObj, "privilegeObj is null for " + ast.dump());
if (privilegeObj.getPartSpec() != null) {
throw new SemanticException(SentryHiveConstants.PARTITION_PRIVS_NOT_SUPPORTED);
}
for (PrincipalDesc princ : principalDesc) {
if (princ.getType() != PrincipalType.ROLE) {
String msg = SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + princ.getType();
throw new SemanticException(msg);
}
}
GrantDesc grantDesc = new GrantDesc(privilegeObj, privilegeDesc,
principalDesc, userName, PrincipalType.USER, grantOption);
return createTask(new DDLWork(inputs, outputs, grantDesc));
}
Example #25
| Source File: HiveStubs.java From waggle-dance with Apache License 2.0 | 5 votes |
|
public static Function newFunction(String databaseName, String functionName) {
List<ResourceUri> resourceUris = Lists
.newArrayList(new ResourceUri(ResourceType.JAR, "hdfs://path/to/my/jar/my.jar"));
Function function = new Function(functionName, databaseName, "com.hotels.hive.FN", "hadoop", PrincipalType.USER, 0,
FunctionType.JAVA, resourceUris);
return function;
}
Example #26
| Source File: FederatedHMSHandler.java From waggle-dance with Apache License 2.0 | 5 votes |
|
@Override
@Loggable(value = Loggable.DEBUG, skipResult = true, name = INVOCATION_LOG_NAME)
public List<HiveObjectPrivilege> list_privileges(
String principal_name,
PrincipalType principal_type,
HiveObjectRef hiveObject)
throws MetaException, TException {
DatabaseMapping mapping = databaseMappingService.databaseMapping(hiveObject.getDbName());
List<HiveObjectPrivilege> privileges = mapping
.getClient()
.list_privileges(principal_name, principal_type, mapping.transformInboundHiveObjectRef(hiveObject));
return mapping.transformOutboundHiveObjectPrivileges(privileges);
}
Example #27
| Source File: FederatedHMSHandler.java From waggle-dance with Apache License 2.0 | 5 votes |
|
@Override
@Loggable(value = Loggable.DEBUG, skipResult = true, name = INVOCATION_LOG_NAME)
public boolean grant_role(
String role_name,
String principal_name,
PrincipalType principal_type,
String grantor,
PrincipalType grantorType,
boolean grant_option)
throws MetaException, TException {
return getPrimaryClient().grant_role(role_name, principal_name, principal_type, grantor, grantorType, grant_option);
}
Example #28
| Source File: WaggleDanceIntegrationTest.java From waggle-dance with Apache License 2.0 | 5 votes |
|
@Test
public void typicalGetAllFunctions() throws Exception {
runner = WaggleDanceRunner
.builder(configLocation)
.databaseResolution(DatabaseResolution.PREFIXED)
.primary("primary", localServer.getThriftConnectionUri(), READ_ONLY)
.withPrimaryPrefix("primary_")
.federate(SECONDARY_METASTORE_NAME, remoteServer.getThriftConnectionUri(), REMOTE_DATABASE)
.build();
runWaggleDance(runner);
HiveMetaStoreClient proxy = getWaggleDanceClient();
List<ResourceUri> resourceUris = Lists
.newArrayList(new ResourceUri(ResourceType.JAR, "hdfs://path/to/my/jar/my.jar"));
Function localFunction = new Function("fn1", LOCAL_DATABASE, "com.hotels.hive.FN1", "hadoop", PrincipalType.USER, 0,
FunctionType.JAVA, resourceUris);
localServer.client().createFunction(localFunction);
Function remoteFunction = new Function("fn2", REMOTE_DATABASE, "com.hotels.hive.FN1", "hadoop", PrincipalType.USER,
0, FunctionType.JAVA, resourceUris);
remoteServer.client().createFunction(remoteFunction);
GetAllFunctionsResponse allFunctions = proxy.getAllFunctions();
List<Function> functions = allFunctions.getFunctions();
assertThat(functions.size(), is(3));
assertThat(functions.get(0).getFunctionName(), is("fn1"));
assertThat(functions.get(0).getDbName(), is("primary_" + LOCAL_DATABASE));
assertThat(functions.get(1).getFunctionName(), is("fn1"));
assertThat(functions.get(1).getDbName(), is(LOCAL_DATABASE));
assertThat(functions.get(2).getFunctionName(), is("fn2"));
assertThat(functions.get(2).getDbName(), is(PREFIXED_REMOTE_DATABASE));
}
Example #29
| Source File: MockThriftMetastoreClient.java From presto with Apache License 2.0 | 5 votes |
|
@Override
public List<RolePrincipalGrant> listRoleGrants(String name, PrincipalType principalType)
{
accessCount.incrementAndGet();
if (throwException) {
throw new IllegalStateException();
}
return TEST_ROLE_GRANTS;
}
Example #30
| Source File: InMemoryThriftMetastore.java From presto with Apache License 2.0 | 5 votes |
|
public PrincipalTableKey(String principalName, PrincipalType principalType, String table, String database)
{
this.principalName = requireNonNull(principalName, "principalName is null");
this.principalType = requireNonNull(principalType, "principalType is null");
this.table = requireNonNull(table, "table is null");
this.database = requireNonNull(database, "database is null");
}
