org.apache.hadoop.hive.metastore.api.HiveObjectRef Java Examples

The following examples show how to use org.apache.hadoop.hive.metastore.api.HiveObjectRef. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AWSCatalogMetastoreClient.java    From aws-glue-data-catalog-client-for-apache-hive-metastore with Apache License 2.0 7 votes vote down vote up
@Override
public List<org.apache.hadoop.hive.metastore.api.Partition> listPartitionsWithAuthInfo(String database, String table,
                                                                                       List<String> partVals, short maxParts,
                                                                                       String user, List<String> groups) throws MetaException, TException, NoSuchObjectException {
  List<org.apache.hadoop.hive.metastore.api.Partition> partitions = listPartitions(database, table, partVals, maxParts);

  for (org.apache.hadoop.hive.metastore.api.Partition p : partitions) {
    HiveObjectRef obj = new HiveObjectRef();
    obj.setObjectType(HiveObjectType.PARTITION);
    obj.setDbName(database);
    obj.setObjectName(table);
    obj.setPartValues(p.getValues());
    org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet set;
    try {
      set = get_privilege_set(obj, user, groups);
    } catch (MetaException e) {
      logger.info(String.format("No privileges found for user: %s, "
            + "groups: [%s]", user, LoggingHelper.concatCollectionToStringForLogging(groups, ",")));
      set = new org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet();
    }
    p.setPrivileges(set);
  }

  return partitions;
}
 
Example #2
Source File: ThriftHiveMetastore.java    From presto with Apache License 2.0 6 votes vote down vote up
private PrivilegeBag buildPrivilegeBag(
        String databaseName,
        String tableName,
        HivePrincipal grantee,
        Set<PrivilegeGrantInfo> privilegeGrantInfos)
{
    ImmutableList.Builder<HiveObjectPrivilege> privilegeBagBuilder = ImmutableList.builder();
    for (PrivilegeGrantInfo privilegeGrantInfo : privilegeGrantInfos) {
        privilegeBagBuilder.add(
                new HiveObjectPrivilege(
                        new HiveObjectRef(TABLE, databaseName, tableName, null, null),
                        grantee.getName(),
                        fromPrestoPrincipalType(grantee.getType()),
                        privilegeGrantInfo));
    }
    return new PrivilegeBag(privilegeBagBuilder.build());
}
 
Example #3
Source File: CatalogThriftHiveMetastore.java    From metacat with Apache License 2.0 6 votes vote down vote up
/**
 * {@inheritDoc}
 */
@Override
public PrincipalPrivilegeSet get_privilege_set(final HiveObjectRef hiveObject, final String userName,
                                               final List<String> groupNames)
    throws TException {
    MetacatContextManager.getContext().setUserName(userName);
    return requestWrapper("get_privilege_set", new Object[]{hiveObject, userName, groupNames},
        () -> {
            Map<String, List<PrivilegeGrantInfo>> groupPrivilegeSet = null;
            Map<String, List<PrivilegeGrantInfo>> userPrivilegeSet = null;

            if (groupNames != null) {
                groupPrivilegeSet = groupNames.stream()
                    .collect(Collectors.toMap(p -> p, p -> Lists.newArrayList()));
            }
            if (userName != null) {
                userPrivilegeSet = ImmutableMap.of(userName, Lists.newArrayList());
            }
            return new PrincipalPrivilegeSet(userPrivilegeSet,
                groupPrivilegeSet,
                defaultRolesPrivilegeSet);
        });
}
 
Example #4
Source File: AWSCatalogMetastoreClient.java    From aws-glue-data-catalog-client-for-apache-hive-metastore with Apache License 2.0 6 votes vote down vote up
@Override
public org.apache.hadoop.hive.metastore.api.Partition getPartitionWithAuthInfo(
      String databaseName, String tableName, List<String> values,
      String userName, List<String> groupNames)
      throws MetaException, UnknownTableException, NoSuchObjectException, TException {

    // TODO move this into the service
    org.apache.hadoop.hive.metastore.api.Partition partition = getPartition(databaseName, tableName, values);
    org.apache.hadoop.hive.metastore.api.Table table = getTable(databaseName, tableName);
    if ("TRUE".equalsIgnoreCase(table.getParameters().get("PARTITION_LEVEL_PRIVILEGE"))) {
        String partName = Warehouse.makePartName(table.getPartitionKeys(), values);
        HiveObjectRef obj = new HiveObjectRef();
        obj.setObjectType(HiveObjectType.PARTITION);
        obj.setDbName(databaseName);
        obj.setObjectName(tableName);
        obj.setPartValues(values);
        org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet privilegeSet =
              this.get_privilege_set(obj, userName, groupNames);
        partition.setPrivileges(privilegeSet);
    }

    return partition;
}
 
Example #5
Source File: FederatedHMSHandlerTest.java    From waggle-dance with Apache License 2.0 6 votes vote down vote up
@Test
public void grant_revoke_privileges() throws TException {
  HiveObjectRef hiveObjectRef = new HiveObjectRef();
  hiveObjectRef.setDbName(DB_P);
  HiveObjectPrivilege hiveObjectPrivilege = new HiveObjectPrivilege();
  hiveObjectPrivilege.setHiveObject(hiveObjectRef);
  PrivilegeBag privileges = new PrivilegeBag(Collections.singletonList((hiveObjectPrivilege)));

  GrantRevokeType grantRevokeType = GrantRevokeType.GRANT;

  GrantRevokePrivilegeRequest request = new GrantRevokePrivilegeRequest(grantRevokeType, privileges);
  GrantRevokePrivilegeRequest inboundRequest = new GrantRevokePrivilegeRequest();
  GrantRevokePrivilegeResponse expected = new GrantRevokePrivilegeResponse();
  when(primaryMapping.transformInboundGrantRevokePrivilegesRequest(request)).thenReturn(inboundRequest);
  when(primaryClient.grant_revoke_privileges(inboundRequest)).thenReturn(expected);
  GrantRevokePrivilegeResponse response = handler.grant_revoke_privileges(request);
  assertThat(response, is(expected));
  verify(primaryMapping).checkWritePermissions(DB_P);
}
 
Example #6
Source File: AWSCatalogMetastoreClient.java    From aws-glue-data-catalog-client-for-apache-hive-metastore with Apache License 2.0 6 votes vote down vote up
@Override
public List<org.apache.hadoop.hive.metastore.api.Partition> listPartitionsWithAuthInfo(String database, String table, short maxParts,
                                                                                       String user, List<String> groups)
      throws MetaException, TException, NoSuchObjectException {
    List<org.apache.hadoop.hive.metastore.api.Partition> partitions = listPartitions(database, table, maxParts);

    for (org.apache.hadoop.hive.metastore.api.Partition p : partitions) {
        HiveObjectRef obj = new HiveObjectRef();
        obj.setObjectType(HiveObjectType.PARTITION);
        obj.setDbName(database);
        obj.setObjectName(table);
        obj.setPartValues(p.getValues());
        org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet set = this.get_privilege_set(obj, user, groups);
        p.setPrivileges(set);
    }

    return partitions;
}
 
Example #7
Source File: AWSCatalogMetastoreClient.java    From aws-glue-data-catalog-client-for-apache-hive-metastore with Apache License 2.0 6 votes vote down vote up
@Override
public List<org.apache.hadoop.hive.metastore.api.Partition> listPartitionsWithAuthInfo(String database, String table,
                                                                                       List<String> partVals, short maxParts,
                                                                                       String user, List<String> groups) throws MetaException, TException, NoSuchObjectException {
  List<org.apache.hadoop.hive.metastore.api.Partition> partitions = listPartitions(database, table, partVals, maxParts);

  for (org.apache.hadoop.hive.metastore.api.Partition p : partitions) {
    HiveObjectRef obj = new HiveObjectRef();
    obj.setObjectType(HiveObjectType.PARTITION);
    obj.setDbName(database);
    obj.setObjectName(table);
    obj.setPartValues(p.getValues());
    org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet set;
    try {
      set = get_privilege_set(obj, user, groups);
    } catch (MetaException e) {
      logger.info(String.format("No privileges found for user: %s, "
          + "groups: [%s]", user, LoggingHelper.concatCollectionToStringForLogging(groups, ",")));
      set = new org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet();
    }
    p.setPrivileges(set);
  }

  return partitions;
}
 
Example #8
Source File: AWSCatalogMetastoreClient.java    From aws-glue-data-catalog-client-for-apache-hive-metastore with Apache License 2.0 6 votes vote down vote up
@Override
public org.apache.hadoop.hive.metastore.api.Partition getPartitionWithAuthInfo(
      String databaseName, String tableName, List<String> values,
      String userName, List<String> groupNames)
      throws MetaException, UnknownTableException, NoSuchObjectException, TException {

  // TODO move this into the service
  org.apache.hadoop.hive.metastore.api.Partition partition = getPartition(databaseName, tableName, values);
  org.apache.hadoop.hive.metastore.api.Table table = getTable(databaseName, tableName);
  if ("TRUE".equalsIgnoreCase(table.getParameters().get("PARTITION_LEVEL_PRIVILEGE"))) {
    String partName = Warehouse.makePartName(table.getPartitionKeys(), values);
    HiveObjectRef obj = new HiveObjectRef();
    obj.setObjectType(HiveObjectType.PARTITION);
    obj.setDbName(databaseName);
    obj.setObjectName(tableName);
    obj.setPartValues(values);
    org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet privilegeSet =
          this.get_privilege_set(obj, userName, groupNames);
    partition.setPrivileges(privilegeSet);
  }

  return partition;
}
 
Example #9
Source File: AWSCatalogMetastoreClient.java    From aws-glue-data-catalog-client-for-apache-hive-metastore with Apache License 2.0 6 votes vote down vote up
@Override
public List<org.apache.hadoop.hive.metastore.api.Partition> listPartitionsWithAuthInfo(String database, String table, short maxParts,
                                                                                       String user, List<String> groups)
      throws MetaException, TException, NoSuchObjectException {
  List<org.apache.hadoop.hive.metastore.api.Partition> partitions = listPartitions(database, table, maxParts);

  for (org.apache.hadoop.hive.metastore.api.Partition p : partitions) {
    HiveObjectRef obj = new HiveObjectRef();
    obj.setObjectType(HiveObjectType.PARTITION);
    obj.setDbName(database);
    obj.setObjectName(table);
    obj.setPartValues(p.getValues());
    org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet set = this.get_privilege_set(obj, user, groups);
    p.setPrivileges(set);
  }

  return partitions;
}
 
Example #10
Source File: DatabaseMappingImplTest.java    From waggle-dance with Apache License 2.0 5 votes vote down vote up
@Test
public void transformInboundHiveObjectRef() throws Exception {
  HiveObjectRef result = databaseMapping.transformInboundHiveObjectRef(hiveObjectRef);
  assertThat(result, is(sameInstance(hiveObjectRef)));
  assertThat(result.getDbName(), is(IN_DB_NAME));
  assertThat(result.getObjectName(), is(IN_DB_NAME));
}
 
Example #11
Source File: DatabaseMappingImplTest.java    From waggle-dance with Apache License 2.0 5 votes vote down vote up
private void assertHiveObjectPrivileges(List<HiveObjectPrivilege> result, String expectedDatabaseName) {
  assertThat(result, is(sameInstance(hiveObjectPrivileges)));
  HiveObjectPrivilege resultPrivilege = result.get(0);
  assertThat(resultPrivilege, is(sameInstance(hiveObjectPrivileges.get(0))));
  HiveObjectRef resultHiveObjectRef = resultPrivilege.getHiveObject();
  assertThat(resultHiveObjectRef, is(sameInstance(hiveObjectRef)));
  assertThat(resultHiveObjectRef.getDbName(), is(expectedDatabaseName));
  assertThat(resultHiveObjectRef.getObjectName(), is(expectedDatabaseName));
}
 
Example #12
Source File: DatabaseMappingImplTest.java    From waggle-dance with Apache License 2.0 5 votes vote down vote up
@Test
public void transformOutboundHiveObjectRefObjectTypeIsNotDatabase() throws Exception {
  hiveObjectRef.setObjectType(HiveObjectType.TABLE);
  hiveObjectRef.setObjectName("table");
  HiveObjectRef result = databaseMapping.transformOutboundHiveObjectRef(hiveObjectRef);
  assertThat(result, is(sameInstance(hiveObjectRef)));
  assertThat(result.getDbName(), is(OUT_DB_NAME));
  assertThat(result.getObjectName(), is("table"));
}
 
Example #13
Source File: DatabaseMappingImplTest.java    From waggle-dance with Apache License 2.0 5 votes vote down vote up
@Test
public void transformOutboundHiveObjectRef() throws Exception {
  HiveObjectRef result = databaseMapping.transformOutboundHiveObjectRef(hiveObjectRef);
  assertThat(result, is(sameInstance(hiveObjectRef)));
  assertThat(result.getDbName(), is(OUT_DB_NAME));
  assertThat(result.getObjectName(), is(OUT_DB_NAME));
}
 
Example #14
Source File: DatabaseMappingImplTest.java    From waggle-dance with Apache License 2.0 5 votes vote down vote up
@Test
public void transformInboundHiveObjectRefObjectTypeIsNotDatabase() throws Exception {
  hiveObjectRef.setObjectType(HiveObjectType.TABLE);
  hiveObjectRef.setObjectName("table");
  HiveObjectRef result = databaseMapping.transformInboundHiveObjectRef(hiveObjectRef);
  assertThat(result, is(sameInstance(hiveObjectRef)));
  assertThat(result.getDbName(), is(IN_DB_NAME));
  assertThat(result.getObjectName(), is("table"));
}
 
Example #15
Source File: FederatedHMSHandler.java    From waggle-dance with Apache License 2.0 5 votes vote down vote up
@Override
@Loggable(value = Loggable.DEBUG, skipResult = true, name = INVOCATION_LOG_NAME)
public List<HiveObjectPrivilege> list_privileges(
    String principal_name,
    PrincipalType principal_type,
    HiveObjectRef hiveObject)
    throws MetaException, TException {
  DatabaseMapping mapping = databaseMappingService.databaseMapping(hiveObject.getDbName());
  List<HiveObjectPrivilege> privileges = mapping
      .getClient()
      .list_privileges(principal_name, principal_type, mapping.transformInboundHiveObjectRef(hiveObject));
  return mapping.transformOutboundHiveObjectPrivileges(privileges);
}
 
Example #16
Source File: DatabaseMappingImplTest.java    From waggle-dance with Apache License 2.0 5 votes vote down vote up
@Before
public void setUp() {
  databaseMapping = new DatabaseMappingImpl(metastoreMapping, queryMapping);
  database = new Database();
  database.setName(DB_NAME);
  partition = new Partition();
  partition.setDbName(DB_NAME);
  partitions = Lists.newArrayList(partition);
  index = new Index();
  index.setDbName(DB_NAME);
  hiveObjectRef = new HiveObjectRef();
  hiveObjectRef.setDbName(DB_NAME);
  hiveObjectRef.setObjectType(HiveObjectType.DATABASE);
  hiveObjectRef.setObjectName(DB_NAME);
  hiveObjectPrivileges = new ArrayList<>();
  HiveObjectPrivilege hiveObjectPrivilege = new HiveObjectPrivilege();
  hiveObjectPrivilege.setHiveObject(hiveObjectRef);
  hiveObjectPrivileges.add(hiveObjectPrivilege);
  partitionSpec = new PartitionSpec();
  partitionSpec.setDbName(DB_NAME);
  when(metastoreMapping.transformInboundDatabaseName(anyString())).thenReturn(IN_DB_NAME);
  when(metastoreMapping.transformOutboundDatabaseName(anyString())).thenReturn(OUT_DB_NAME);
  when(queryMapping.transformOutboundDatabaseName(metastoreMapping, VIEW_EXPANDED_TEXT))
      .thenReturn(VIEW_EXPANDED_TEXT_TRANSFORMED);
  when(queryMapping.transformOutboundDatabaseName(metastoreMapping, VIEW_ORIGINAL_TEXT))
      .thenReturn(VIEW_ORIGINAL_TEXT_TRANSFORMED);
}
 
Example #17
Source File: FederatedHMSHandler.java    From waggle-dance with Apache License 2.0 5 votes vote down vote up
private DatabaseMapping checkWritePermissionsForPrivileges(PrivilegeBag privileges) throws NoSuchObjectException {
  DatabaseMapping mapping = databaseMappingService
      .databaseMapping(privileges.getPrivileges().get(0).getHiveObject().getDbName());
  for (HiveObjectPrivilege privilege : privileges.getPrivileges()) {
    HiveObjectRef obj = privilege.getHiveObject();
    mapping.checkWritePermissions(obj.getDbName());
    if (obj.getObjectType() == HiveObjectType.DATABASE) {
      mapping.checkWritePermissions(obj.getObjectName());
    }
  }
  return mapping;
}
 
Example #18
Source File: HiveTableManagerTest.java    From data-highway with Apache License 2.0 5 votes vote down vote up
@Test
public void grantPublicSelect() throws Exception {
  underTest.grantPublicSelect(TABLE, "grantor");

  ArgumentCaptor<PrivilegeBag> privilegeBagCaptor = ArgumentCaptor.forClass(PrivilegeBag.class);
  verify(metaStoreClient).grant_privileges(privilegeBagCaptor.capture());

  PrivilegeBag privilegeBag = privilegeBagCaptor.getValue();
  assertThat(privilegeBag.getPrivilegesSize(), is(1));
  HiveObjectPrivilege privilege = privilegeBag.getPrivileges().get(0);

  HiveObjectRef hiveObject = privilege.getHiveObject();
  assertThat(hiveObject.getObjectType(), is(HiveObjectType.TABLE));
  assertThat(hiveObject.getDbName(), is(DATABASE));
  assertThat(hiveObject.getObjectName(), is(TABLE));
  assertThat(hiveObject.getPartValues(), is(nullValue()));
  assertThat(hiveObject.getColumnName(), is(nullValue()));

  assertThat(privilege.getPrincipalName(), is("public"));
  assertThat(privilege.getPrincipalType(), is(ROLE));

  PrivilegeGrantInfo grantInfo = privilege.getGrantInfo();
  assertThat(grantInfo.getPrivilege(), is("SELECT"));
  assertThat(grantInfo.getCreateTime(), is(0));
  assertThat(grantInfo.getGrantor(), is("grantor"));
  assertThat(grantInfo.getGrantorType(), is(ROLE));
  assertThat(grantInfo.isGrantOption(), is(false));
}
 
Example #19
Source File: FederatedHMSHandlerTest.java    From waggle-dance with Apache License 2.0 5 votes vote down vote up
@Test
public void getPrivilegeSet() throws TException {
  String userName = "user";
  List<String> groupNames = Lists.newArrayList("group");
  HiveObjectRef hiveObjectRef = new HiveObjectRef();
  hiveObjectRef.setDbName(DB_P);
  when(databaseMappingService.databaseMapping(DB_P)).thenReturn(primaryMapping);
  when(primaryMapping.transformInboundHiveObjectRef(hiveObjectRef)).thenReturn(hiveObjectRef);
  PrincipalPrivilegeSet principalPrivilegeSet = new PrincipalPrivilegeSet();
  when(primaryClient.get_privilege_set(hiveObjectRef, userName, groupNames)).thenReturn(principalPrivilegeSet);
  PrincipalPrivilegeSet result = handler.get_privilege_set(hiveObjectRef, userName, groupNames);
  assertThat(result, is(principalPrivilegeSet));
}
 
Example #20
Source File: FederatedHMSHandlerTest.java    From waggle-dance with Apache License 2.0 5 votes vote down vote up
@Test
public void getPrivilegeSetDbNameIsNullShouldUsePrimary() throws TException {
  String userName = "user";
  List<String> groupNames = Lists.newArrayList("group");
  HiveObjectRef hiveObjectRef = new HiveObjectRef();
  hiveObjectRef.setDbName(null);
  when(primaryMapping.transformInboundHiveObjectRef(hiveObjectRef)).thenReturn(hiveObjectRef);
  PrincipalPrivilegeSet principalPrivilegeSet = new PrincipalPrivilegeSet();
  when(primaryClient.get_privilege_set(hiveObjectRef, userName, groupNames)).thenReturn(principalPrivilegeSet);
  PrincipalPrivilegeSet result = handler.get_privilege_set(hiveObjectRef, userName, groupNames);
  assertThat(result, is(principalPrivilegeSet));
  verify(databaseMappingService, never()).databaseMapping(DB_P);
}
 
Example #21
Source File: FederatedHMSHandlerTest.java    From waggle-dance with Apache License 2.0 5 votes vote down vote up
@Test
public void list_privileges() throws TException {
  PrincipalType principalType = PrincipalType.findByValue(3);
  HiveObjectRef hiveObjectRef = new HiveObjectRef();
  hiveObjectRef.setDbName(DB_P);
  HiveObjectRef inboundHiveObjectRef = new HiveObjectRef();
  when(primaryMapping.transformInboundHiveObjectRef(hiveObjectRef)).thenReturn(inboundHiveObjectRef);
  handler.list_privileges("name", principalType, hiveObjectRef);
  verify(primaryClient).list_privileges("name", principalType, inboundHiveObjectRef);
}
 
Example #22
Source File: FederatedHMSHandlerTest.java    From waggle-dance with Apache License 2.0 5 votes vote down vote up
@Test
public void grant_privileges() throws TException {
  HiveObjectRef hiveObjectRef = new HiveObjectRef();
  hiveObjectRef.setDbName(DB_P);
  HiveObjectPrivilege hiveObjectPrivilege = new HiveObjectPrivilege();
  hiveObjectPrivilege.setHiveObject(hiveObjectRef);
  PrivilegeBag privileges = new PrivilegeBag(Collections.singletonList((hiveObjectPrivilege)));
  PrivilegeBag inboundPrivileges = new PrivilegeBag();
  when(primaryMapping.transformInboundPrivilegeBag(privileges)).thenReturn(inboundPrivileges);
  handler.grant_privileges(privileges);
  verify(primaryMapping).checkWritePermissions(DB_P);
  verify(primaryClient).grant_privileges(inboundPrivileges);
}
 
Example #23
Source File: FederatedHMSHandlerTest.java    From waggle-dance with Apache License 2.0 5 votes vote down vote up
@Test
public void revoke_privileges() throws TException {
  HiveObjectRef hiveObjectRef = new HiveObjectRef();
  hiveObjectRef.setDbName(DB_P);
  HiveObjectPrivilege hiveObjectPrivilege = new HiveObjectPrivilege();
  hiveObjectPrivilege.setHiveObject(hiveObjectRef);
  PrivilegeBag privileges = new PrivilegeBag(Collections.singletonList((hiveObjectPrivilege)));
  PrivilegeBag inboundPrivileges = new PrivilegeBag();
  when(primaryMapping.transformInboundPrivilegeBag(privileges)).thenReturn(inboundPrivileges);
  handler.revoke_privileges(privileges);
  verify(primaryMapping).checkWritePermissions(DB_P);
  verify(primaryClient).revoke_privileges(inboundPrivileges);
}
 
Example #24
Source File: RangerHiveAuthorizer.java    From ranger with Apache License 2.0 5 votes vote down vote up
@Override
public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal,
											  HivePrivilegeObject privObj) throws HiveAuthzPluginException {
	List<HivePrivilegeInfo> ret;

	if (LOG.isDebugEnabled()) {
		LOG.debug("==> RangerHiveAuthorizer.showPrivileges ==>  principal: " +  principal+ "HivePrivilegeObject : " + privObj.getObjectName());
	}

	if ( hivePlugin == null) {
		new HiveAuthzPluginException("RangerHiveAuthorizer.showPrivileges error: hivePlugin is null");
	}

	try {
		HiveObjectRef msObjRef = AuthorizationUtils.getThriftHiveObjectRef(privObj);

		if (msObjRef.getObjectName() == null) {
			throw new HiveAuthzPluginException("RangerHiveAuthorizer.showPrivileges() only supports SHOW PRIVILEGES for Hive resources and not user level");
		}

		ret = getHivePrivilegeInfos(principal, privObj);

	} catch (Exception e) {
		LOG.error("RangerHiveAuthorizer.showPrivileges() error", e);
		throw new HiveAuthzPluginException("RangerHiveAuthorizer.showPrivileges() error: " + e.getMessage(), e);
	}

	if (LOG.isDebugEnabled()) {
		LOG.debug("<== RangerHiveAuthorizer.showPrivileges() Result: " + ret);
	}

	return ret;
}
 
Example #25
Source File: RangerHiveAuthorizer.java    From ranger with Apache License 2.0 5 votes vote down vote up
static HiveObjectRef getThriftHiveObjectRef(HivePrivilegeObject privObj)
		throws HiveAuthzPluginException {
	try {
		return AuthorizationUtils.getThriftHiveObjectRef(privObj);
	} catch (HiveException e) {
		throw new HiveAuthzPluginException(e);
	}
}
 
Example #26
Source File: HiveHelper.java    From Hue-Ctrip-DI with MIT License 5 votes vote down vote up
public boolean hasPrivilegeToSetCleanAlert(String database, String table,
		String user) {
	HiveMetaStoreClient hiveClient = getHiveMetaStoreClient();
	HiveObjectRef hiveObject = new HiveObjectRef();
	hiveObject.setDbName(database);
	hiveObject.setObjectName(table);
	hiveObject.setObjectType(HiveObjectType.TABLE);
	List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
	try {
		privileges = hiveClient.list_privileges(user, PrincipalType.USER,
				hiveObject);
	} catch (Exception e) {
		logger.error("Error to get privileges:", e);
		return false;
	}
	for (HiveObjectPrivilege privilege : privileges) {
		String privilegeName = privilege.getGrantInfo().getPrivilege();
		if (privilegeName != null
				&& ("all".equalsIgnoreCase(privilegeName)
						|| "create".equalsIgnoreCase(privilegeName) || "ALTER"
							.equalsIgnoreCase(privilegeName))) {
			return true;
		}
	}

	return false;
}
 
Example #27
Source File: HiveTableManager.java    From data-highway with Apache License 2.0 5 votes vote down vote up
public void grantPublicSelect(String tableName, String grantor) {
  HiveObjectRef hiveObject = new HiveObjectRef(TABLE, databaseName, tableName, null, null);
  PrivilegeGrantInfo grantInfo = new PrivilegeGrantInfo("SELECT", 0, grantor, ROLE, false);
  HiveObjectPrivilege privilege = new HiveObjectPrivilege(hiveObject, "public", ROLE, grantInfo);
  PrivilegeBag privilegeBag = new PrivilegeBag(singletonList(privilege));
  try {
    metaStoreClient.grant_privileges(privilegeBag);
  } catch (TException e) {
    throw new MetaStoreException(e);
  }
}
 
Example #28
Source File: GlueMetastoreClientDelegate.java    From aws-glue-data-catalog-client-for-apache-hive-metastore with Apache License 2.0 5 votes vote down vote up
public org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet getPrivilegeSet(
  HiveObjectRef objectRef,
  String user, List<String> groups
) throws TException {
  // getPrivilegeSet is NOT yet supported.
  // return null not to break due to optional info
  // Hive return null when every condition fail
  // https://code.amazon.com/packages/Aws157Hive/blobs/c1ced60e67765d27086b3621255cd843947c151e/
  // --/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java#L5237
  return null;
}
 
Example #29
Source File: GlueMetastoreClientDelegate.java    From aws-glue-data-catalog-client-for-apache-hive-metastore with Apache License 2.0 5 votes vote down vote up
public List<HiveObjectPrivilege> listPrivileges(
  String principal,
  org.apache.hadoop.hive.metastore.api.PrincipalType principalType,
  HiveObjectRef objectRef
) throws TException {
  throw new UnsupportedOperationException("listPrivileges is not supported");
}
 
Example #30
Source File: TestObjects.java    From aws-glue-data-catalog-client-for-apache-hive-metastore with Apache License 2.0 5 votes vote down vote up
public static HiveObjectRef getHiveObjectRef() {
  HiveObjectRef obj = new HiveObjectRef();
  obj.setObjectType(HiveObjectType.TABLE);
  obj.setDbName("default");
  obj.setObjectName("foo");
  return obj;
}