org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory Java Examples

The following examples show how to use org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: RangerHiveAuthorizerBase.java    From ranger with Apache License 2.0 6 votes vote down vote up
public RangerHiveAuthorizerBase(HiveMetastoreClientFactory metastoreClientFactory,
								  HiveConf                   hiveConf,
								  HiveAuthenticationProvider hiveAuthenticator,
								  HiveAuthzSessionContext    context) {
	mMetastoreClientFactory = metastoreClientFactory;
	mHiveConf               = hiveConf;
	mHiveAuthenticator      = hiveAuthenticator;
	mSessionContext         = context;

	String userName = mHiveAuthenticator == null ? null : mHiveAuthenticator.getUserName();

	mUgi = userName == null ? null : UserGroupInformation.createRemoteUser(userName);

	if(mHiveAuthenticator == null) {
		LOG.warn("RangerHiveAuthorizerBase.RangerHiveAuthorizerBase(): hiveAuthenticator is null");
	} else if(StringUtil.isEmpty(userName)) {
		LOG.warn("RangerHiveAuthorizerBase.RangerHiveAuthorizerBase(): hiveAuthenticator.getUserName() returned null/empty");
	} else if(mUgi == null) {
		LOG.warn(String.format("RangerHiveAuthorizerBase.RangerHiveAuthorizerBase(): UserGroupInformation.createRemoteUser(%s) returned null", userName));
	}
}
 
Example #2
Source File: RangerHiveAuthorizerFactory.java    From ranger with Apache License 2.0 6 votes vote down vote up
@Override
public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
										   HiveConf                   conf,
										   HiveAuthenticationProvider hiveAuthenticator,
										   HiveAuthzSessionContext    sessionContext)
												   throws HiveAuthzPluginException {

	HiveAuthorizer ret = null;

	if(LOG.isDebugEnabled()) {
		LOG.debug("==> RangerHiveAuthorizerFactory.createHiveAuthorizer()");
	}
	
	try {
		activatePluginClassLoader();
		ret = rangerHiveAuthorizerFactoryImpl.createHiveAuthorizer(metastoreClientFactory, conf, hiveAuthenticator, sessionContext);
	} finally {
		deactivatePluginClassLoader();
	}
	if(LOG.isDebugEnabled()) {
		LOG.debug("<== RangerHiveAuthorizerFactory.createHiveAuthorizer()");
	}

	return ret;
}
 
Example #3
Source File: SentryAuthorizerFactory.java    From incubator-sentry with Apache License 2.0 6 votes vote down vote up
@Override
public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
    HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx)
        throws HiveAuthzPluginException {
  HiveAuthzSessionContext sessionContext;
  try {
    this.authzConf = HiveAuthzBindingHook.loadAuthzConf(conf);
    sessionContext = applyTestSettings(ctx, conf);
    assertHiveCliAuthDisabled(conf, sessionContext);
  } catch (Exception e) {
    throw new HiveAuthzPluginException(e);
  }
  SentryHiveAccessController accessController =
      getAccessController(conf, authzConf, authenticator, sessionContext);
  SentryHiveAuthorizationValidator authzValidator =
      getAuthzValidator(conf, authzConf, authenticator);

  return new SentryHiveAuthorizer(accessController, authzValidator);
}
 
Example #4
Source File: RelaxedSQLStdHiveAccessController.java    From beeju with Apache License 2.0 5 votes vote down vote up
public RelaxedSQLStdHiveAccessController(
    HiveMetastoreClientFactory metastoreClientFactory,
    HiveConf conf,
    HiveAuthenticationProvider authenticator,
    HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
  super(metastoreClientFactory, conf, authenticator, ctx);
}
 
Example #5
Source File: RelaxedSQLStdHiveAuthorizerFactory.java    From beeju with Apache License 2.0 5 votes vote down vote up
@Override
public HiveAuthorizer createHiveAuthorizer(
    HiveMetastoreClientFactory metastoreClientFactory,
    HiveConf conf,
    HiveAuthenticationProvider authenticator,
    HiveAuthzSessionContext ctx)
  throws HiveAuthzPluginException {
  RelaxedSQLStdHiveAccessControllerWrapper privilegeManager = new RelaxedSQLStdHiveAccessControllerWrapper(
      metastoreClientFactory, conf, authenticator, ctx);
  return new HiveAuthorizerImpl(privilegeManager,
      new SQLStdHiveAuthorizationValidator(metastoreClientFactory, conf, authenticator, privilegeManager, ctx));
}
 
Example #6
Source File: RelaxedSQLStdHiveAccessControllerWrapper.java    From beeju with Apache License 2.0 5 votes vote down vote up
public RelaxedSQLStdHiveAccessControllerWrapper(
    HiveMetastoreClientFactory metastoreClientFactory,
    HiveConf conf,
    HiveAuthenticationProvider authenticator,
    HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
  super(metastoreClientFactory, conf, authenticator, ctx);
  overrideHiveAccessController(
      new RelaxedSQLStdHiveAccessController(metastoreClientFactory, conf, authenticator, ctx));
}
 
Example #7
Source File: RangerHiveAuthorizerFactory.java    From ranger with Apache License 2.0 5 votes vote down vote up
@Override
public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
										   HiveConf                   conf,
										   HiveAuthenticationProvider hiveAuthenticator,
										   HiveAuthzSessionContext    sessionContext)
												   throws HiveAuthzPluginException {
	return new RangerHiveAuthorizer(metastoreClientFactory, conf, hiveAuthenticator, sessionContext);
}
 
Example #8
Source File: SentryAuthorizerFactory.java    From incubator-sentry with Apache License 2.0 5 votes vote down vote up
/**
 * just for testing
 */
@VisibleForTesting
protected HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
    HiveConf conf, HiveAuthzConf authzConf, HiveAuthenticationProvider authenticator,
    HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
  SentryHiveAccessController accessController =
      getAccessController(conf, authzConf, authenticator, ctx);
  SentryHiveAuthorizationValidator authzValidator =
      getAuthzValidator(conf, authzConf, authenticator);

  return new SentryHiveAuthorizer(accessController, authzValidator);
}
 
Example #9
Source File: HiveAuthorizationHelper.java    From dremio-oss with Apache License 2.0 4 votes vote down vote up
public HiveAuthorizationHelper(final IMetaStoreClient mClient, final HiveConf hiveConf, final String user) {
  authzEnabled = hiveConf.getBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED);
  if (!authzEnabled) {
    authorizerV2 = null;
    return;
  }

  try (final ContextClassLoaderSwapper cls = ContextClassLoaderSwapper.newInstance()) {
    final HiveConf hiveConfCopy = new HiveConf(hiveConf);
    hiveConfCopy.set("user.name", user);
    hiveConfCopy.set("proxy.user.name", user);

    final HiveAuthenticationProvider authenticator = HiveUtils.getAuthenticator(hiveConfCopy,
        HiveConf.ConfVars.HIVE_AUTHENTICATOR_MANAGER);

    // This must be retrieved before creating the session state, because creation of the
    // session state changes the given HiveConf's classloader to a UDF ClassLoader.
    final HiveAuthorizerFactory authorizerFactory =
      HiveUtils.getAuthorizerFactory(hiveConfCopy, HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER);

    SessionState ss = new SessionState(hiveConfCopy, user);
    authenticator.setSessionState(ss);

    HiveAuthzSessionContext.Builder authzContextBuilder = new HiveAuthzSessionContext.Builder();
    authzContextBuilder.setClientType(CLIENT_TYPE.HIVESERVER2); // Dremio is emulating HS2 here

    authorizerV2 = authorizerFactory.createHiveAuthorizer(
        new HiveMetastoreClientFactory() {
          @Override
          public IMetaStoreClient getHiveMetastoreClient() throws HiveAuthzPluginException {
            return mClient;
          }
        },
        hiveConf, authenticator, authzContextBuilder.build());

    authorizerV2.applyAuthorizationConfigPolicy(hiveConfCopy);
  } catch (final HiveException e) {
    throw new RuntimeException("Failed to initialize Hive authorization components: " + e.getMessage(), e);
  }

  logger.trace("Hive authorization enabled");
}
 
Example #10
Source File: RangerHiveAuthorizer.java    From ranger with Apache License 2.0 4 votes vote down vote up
public RangerHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
							  HiveConf                   hiveConf,
							  HiveAuthenticationProvider hiveAuthenticator,
							  HiveAuthzSessionContext    sessionContext) {
	super(metastoreClientFactory, hiveConf, hiveAuthenticator, sessionContext);

	LOG.debug("RangerHiveAuthorizer.RangerHiveAuthorizer()");

	RangerHivePlugin plugin = hivePlugin;
	
	if(plugin == null) {
		synchronized(RangerHiveAuthorizer.class) {
			plugin = hivePlugin;

			if(plugin == null) {
				String appType = "unknown";

				if(sessionContext != null) {
					switch(sessionContext.getClientType()) {
						case HIVECLI:
							appType = "hiveCLI";
						break;

						case HIVESERVER2:
							appType = "hiveServer2";
						break;

						/*
						case HIVEMETASTORE:
							appType = "hiveMetastore";
							break;

						case OTHER:
							appType = "other";
							break;

						 */
					}
				}

				plugin = new RangerHivePlugin(appType);
				plugin.init();

				hivePlugin = plugin;
			}
		}
	}
}
 
Example #11
Source File: RangerHiveAuthorizerBase.java    From ranger with Apache License 2.0 4 votes vote down vote up
public HiveMetastoreClientFactory getMetastoreClientFactory() {
	return mMetastoreClientFactory;
}
 
Example #12
Source File: HiveAuthzBindingSessionHook.java    From incubator-sentry with Apache License 2.0 4 votes vote down vote up
@Override
public HiveAuthorizer createHiveAuthorizer(
    HiveMetastoreClientFactory metastoreClientFactory, HiveConf conf,
    HiveAuthenticationProvider hiveAuthenticator,
    HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
  return new SentryHiveAuthorizerImpl(null, null);    }