Java Code Examples for org.apache.hadoop.hive.ql.plan.HiveOperation

The following examples show how to use org.apache.hadoop.hive.ql.plan.HiveOperation. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: atlas   Source File: HiveHookIT.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testCreateView() throws Exception {
    String tableName = createTable();
    String viewName  = tableName();
    String query     = "create view " + viewName + " as select * from " + tableName;

    runCommand(query);

    HiveEventContext hiveEventContext = constructEvent(query, HiveOperation.CREATEVIEW, getInputs(tableName,
            Entity.Type.TABLE), getOutputs(viewName, Entity.Type.TABLE));
    AtlasEntity processEntity1 = validateProcess(hiveEventContext);
    AtlasEntity processExecutionEntity1 = validateProcessExecution(processEntity1, hiveEventContext);
    AtlasObjectId process1 = toAtlasObjectId(processExecutionEntity1.getRelationshipAttribute(
            BaseHiveEvent.ATTRIBUTE_PROCESS));
    Assert.assertEquals(process1.getGuid(), processEntity1.getGuid());
    Assert.assertEquals(numberOfProcessExecutions(processEntity1), 1);
    assertTableIsRegistered(DEFAULT_DB, viewName);

    String viewId          = assertTableIsRegistered(DEFAULT_DB, viewName);
    AtlasEntity viewEntity = atlasClientV2.getEntityByGuid(viewId).getEntity();
    List ddlQueries        = (List) viewEntity.getRelationshipAttribute(ATTRIBUTE_DDL_QUERIES);

    Assert.assertNotNull(ddlQueries);
    Assert.assertEquals(ddlQueries.size(), 1);
}
 
Example 2
Source Project: atlas   Source File: HiveHookIT.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testLoadLocalPath() throws Exception {
    String tableName = createTable(false);
    String loadFile  = file("load");
    String query     = "load data local inpath 'file://" + loadFile + "' into table " + tableName;

    String tblId = assertTableIsRegistered(DEFAULT_DB, tableName);

    runCommand(query);

    AtlasEntity tblEntity  = atlasClientV2.getEntityByGuid(tblId).getEntity();
    List ddlQueries        = (List) tblEntity.getRelationshipAttribute(ATTRIBUTE_DDL_QUERIES);

    Assert.assertNotNull(ddlQueries);
    Assert.assertEquals(ddlQueries.size(), 1);

    assertProcessIsRegistered(constructEvent(query, HiveOperation.LOAD, null, getOutputs(tableName, Entity.Type.TABLE)));
}
 
Example 3
Source Project: atlas   Source File: HiveHookIT.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testLoadLocalPathIntoPartition() throws Exception {
    String tableName = createTable(true);
    String loadFile  = file("load");
    String query     = "load data local inpath 'file://" + loadFile + "' into table " + tableName +  " partition(dt = '"+ PART_FILE + "')";

    String tblId = assertTableIsRegistered(DEFAULT_DB, tableName);

    runCommand(query);

    AtlasEntity tblEntity  = atlasClientV2.getEntityByGuid(tblId).getEntity();
    List ddlQueries        = (List) tblEntity.getRelationshipAttribute(ATTRIBUTE_DDL_QUERIES);

    Assert.assertNotNull(ddlQueries);
    Assert.assertEquals(ddlQueries.size(), 1);

    assertProcessIsRegistered(constructEvent(query, HiveOperation.LOAD, null, getOutputs(tableName, Entity.Type.TABLE)));
}
 
Example 4
Source Project: atlas   Source File: HiveITBase.java    License: Apache License 2.0 6 votes vote down vote up
protected static boolean addQueryType(HiveOperation op, WriteEntity entity) {
    if (entity.getWriteType() != null && HiveOperation.QUERY.equals(op)) {
        switch (entity.getWriteType()) {
            case INSERT:
            case INSERT_OVERWRITE:
            case UPDATE:
            case DELETE:
                return true;
            case PATH_WRITE:
                //Add query type only for DFS paths and ignore local paths since they are not added as outputs
                if ( !Entity.Type.LOCAL_DIR.equals(entity.getType())) {
                    return true;
                }
                break;
            default:
        }
    }
    return false;
}
 
Example 5
public SentryOnFailureHookContextImpl(String command,
    Set<ReadEntity> inputs, Set<WriteEntity> outputs, HiveOperation hiveOp,
    Database db, Table tab, AccessURI udfURI, AccessURI partitionURI,
    String userName, String ipAddress, AuthorizationException e,
    Configuration conf) {
  this.command = command;
  this.inputs = inputs;
  this.outputs = outputs;
  this.hiveOp = hiveOp;
  this.userName = userName;
  this.ipAddress = ipAddress;
  this.database = db;
  this.table = tab;
  this.udfURI = udfURI;
  this.partitionURI = partitionURI;
  this.authException = e;
  this.conf = conf;
}
 
Example 6
Source Project: incubator-sentry   Source File: HiveAuthzBindingHookV2.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Post analyze hook that invokes hive auth bindings
 */
@Override
public void postAnalyze(HiveSemanticAnalyzerHookContext context,
    List<Task<? extends Serializable>> rootTasks) throws SemanticException {
  HiveOperation stmtOperation = getCurrentHiveStmtOp();
  Subject subject = new Subject(context.getUserName());
  for (int i = 0; i < rootTasks.size(); i++) {
    Task<? extends Serializable> task = rootTasks.get(i);
    if (task instanceof DDLTask) {
      SentryFilterDDLTask filterTask =
          new SentryFilterDDLTask(hiveAuthzBinding, subject, stmtOperation);
      filterTask.setWork((DDLWork)task.getWork());
      rootTasks.set(i, filterTask);
    }
  }
}
 
Example 7
Source Project: incubator-atlas   Source File: HiveHookIT.java    License: Apache License 2.0 6 votes vote down vote up
@Test(enabled = false)
public void testInsertIntoTempTable() throws Exception {
    String tableName = createTable();
    String insertTableName = createTable(false, false, true);
    assertTableIsRegistered(DEFAULT_DB, tableName);
    assertTableIsNotRegistered(DEFAULT_DB, insertTableName, true);

    String query =
        "insert into " + insertTableName + " select id, name from " + tableName;

    runCommand(query);

    Set<ReadEntity> inputs = getInputs(tableName, Entity.Type.TABLE);
    Set<WriteEntity> outputs = getOutputs(insertTableName, Entity.Type.TABLE);
    outputs.iterator().next().setName(getQualifiedTblName(insertTableName + HiveMetaStoreBridge.TEMP_TABLE_PREFIX + SessionState.get().getSessionId()));
    outputs.iterator().next().setWriteType(WriteEntity.WriteType.INSERT);

    validateProcess(constructEvent(query,  HiveOperation.QUERY, inputs, outputs));

    assertTableIsRegistered(DEFAULT_DB, tableName);
    assertTableIsRegistered(DEFAULT_DB, insertTableName, null, true);
}
 
Example 8
Source Project: incubator-sentry   Source File: TestHiveAuthzBindings.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Positive test case for MSCK REPAIR TABLE. User has privileges to execute the
 * operation.
 */
@Test
public void testMsckRepairTable() throws Exception {
  outputTabHierarcyList.add(buildObjectHierarchy(SERVER1, JUNIOR_ANALYST_DB, PURCHASES_TAB));
  testAuth.authorize(HiveOperation.MSCK, alterTabPrivileges, MANAGER_SUBJECT,
    inputTabHierarcyList, outputTabHierarcyList);

  // Should also succeed for the admin.
  testAuth.authorize(HiveOperation.MSCK, alterTabPrivileges, ADMIN_SUBJECT,
    inputTabHierarcyList, outputTabHierarcyList);

  // Admin can also run this against tables in the ANALYST_DB.
  inputTabHierarcyList.add(buildObjectHierarchy(SERVER1, ANALYST_DB, PURCHASES_TAB));
  testAuth.authorize(HiveOperation.MSCK, alterTabPrivileges, ADMIN_SUBJECT,
    inputTabHierarcyList, outputTabHierarcyList);
}
 
Example 9
private void verifyFailureHook(HiveOperation expectedOp,
    String dbName, String tableName, boolean checkSentryAccessDeniedException)
    throws Exception {
  if (!isInternalServer) {
    return;
  }

  Assert.assertTrue(DummySentryOnFailureHook.invoked);
  if (expectedOp != null) {
    Assert.assertNotNull("Hive op is null for op: " + expectedOp, DummySentryOnFailureHook.hiveOp);
    Assert.assertTrue(expectedOp.equals(DummySentryOnFailureHook.hiveOp));
  }
  if (checkSentryAccessDeniedException) {
    Assert.assertTrue("Expected SentryDeniedException for op: " + expectedOp,
        DummySentryOnFailureHook.exception.getCause() instanceof SentryAccessDeniedException);
  }
  if(tableName != null) {
    Assert.assertNotNull("Table object is null for op: " + expectedOp, DummySentryOnFailureHook.table);
    Assert.assertTrue(tableName.equalsIgnoreCase(DummySentryOnFailureHook.table.getName()));
  }
  if(dbName != null) {
    Assert.assertNotNull("Database object is null for op: " + expectedOp, DummySentryOnFailureHook.db);
    Assert.assertTrue(dbName.equalsIgnoreCase(DummySentryOnFailureHook.db.getName()));
  }
}
 
Example 10
Source Project: atlas   Source File: AtlasHiveHookContext.java    License: Apache License 2.0 5 votes vote down vote up
public AtlasHiveHookContext(HiveHook hook, HiveOperation hiveOperation, HookContext hiveContext, HiveHookObjectNamesCache knownObjects,
                            HiveMetastoreHook metastoreHook, ListenerEvent listenerEvent) throws Exception {
    this.hook             = hook;
    this.hiveOperation    = hiveOperation;
    this.hiveContext      = hiveContext;
    this.hive             = hiveContext != null ? Hive.get(hiveContext.getConf()) : null;
    this.knownObjects     = knownObjects;
    this.metastoreHook    = metastoreHook;
    this.metastoreEvent   = listenerEvent;
    this.metastoreHandler = (listenerEvent != null) ? metastoreEvent.getIHMSHandler() : null;

    init();
}
 
Example 11
Source Project: incubator-sentry   Source File: TestHiveAuthzBindings.java    License: Apache License 2.0 5 votes vote down vote up
@Test(expected=AuthorizationException.class)
public void testValidateCreateFunctionRejectionForUserWithoutURI() throws Exception {
  inputTabHierarcyList.add(Arrays.asList(new DBModelAuthorizable[] {
      new Server(SERVER1), new Database(CUSTOMER_DB), new Table(AccessConstants.ALL)
  }));
  inputTabHierarcyList.add(Arrays.asList(new DBModelAuthorizable[] {
      new Server(SERVER1), new AccessURI("file:///some/path/to/a.jar")
  }));
  testAuth.authorize(HiveOperation.CREATEFUNCTION, createFuncPrivileges, ANALYST_SUBJECT,
      inputTabHierarcyList, outputTabHierarcyList);
}
 
Example 12
Source Project: incubator-sentry   Source File: MetastoreAuthzBinding.java    License: Apache License 2.0 5 votes vote down vote up
private void authorizeAddPartition(PreAddPartitionEvent context)
    throws InvalidOperationException, MetaException, NoSuchObjectException {
  for (Partition mapiPart : context.getPartitions()) {
   HierarcyBuilder inputBuilder = new HierarcyBuilder();
    inputBuilder.addTableToOutput(getAuthServer(), mapiPart
        .getDbName(), mapiPart.getTableName());
    HierarcyBuilder outputBuilder = new HierarcyBuilder();
   outputBuilder.addTableToOutput(getAuthServer(), mapiPart
       .getDbName(), mapiPart.getTableName());
   // check if we need to validate URI permissions when storage location is
   // non-default, ie something not under the parent table

    String partitionLocation = null;
    if (mapiPart.isSetSd()) {
      partitionLocation = mapiPart.getSd().getLocation();
   }
   if (!StringUtils.isEmpty(partitionLocation)) {
     String tableLocation = context
         .getHandler()
         .get_table(mapiPart.getDbName(),
             mapiPart.getTableName()).getSd().getLocation();
     String uriPath;
     try {
       uriPath = PathUtils.parseDFSURI(warehouseDir, mapiPart
           .getSd().getLocation());
     } catch (URISyntaxException e) {
       throw new MetaException(e.getMessage());
     }
      if (!partitionLocation.equals(tableLocation) &&
          !partitionLocation.startsWith(tableLocation + File.separator)) {
        outputBuilder.addUriToOutput(getAuthServer(), uriPath, warehouseDir);
     }
   }
    authorizeMetastoreAccess(HiveOperation.ALTERTABLE_ADDPARTS,
       inputBuilder.build(), outputBuilder.build());
  }
}
 
Example 13
Source Project: incubator-sentry   Source File: TestHiveAuthzBindings.java    License: Apache License 2.0 5 votes vote down vote up
@Test(expected = SentryGroupNotFoundException.class)
public void testValidateCreateFunctionRejectionForUnknownUser() throws Exception {
  inputTabHierarcyList.add(Arrays.asList(new DBModelAuthorizable[] {
      new Server(SERVER1), new AccessURI("file:///path/to/some/lib/dir/my.jar")
  }));
  testAuth.authorize(HiveOperation.CREATEFUNCTION, createFuncPrivileges, NO_SUCH_SUBJECT,
      inputTabHierarcyList, outputTabHierarcyList);
}
 
Example 14
Source Project: atlas   Source File: CreateHiveProcess.java    License: Apache License 2.0 5 votes vote down vote up
private boolean skipProcess() {
    Set<ReadEntity>  inputs  = getInputs();
    Set<WriteEntity> outputs = getOutputs();

    boolean ret = CollectionUtils.isEmpty(inputs) && CollectionUtils.isEmpty(outputs);

    if (!ret) {
        if (getContext().getHiveOperation() == HiveOperation.QUERY) {
            // Select query has only one output
            if (outputs.size() == 1) {
                WriteEntity output = outputs.iterator().next();

                if (output.getType() == Entity.Type.DFS_DIR || output.getType() == Entity.Type.LOCAL_DIR) {
                    if (output.getWriteType() == WriteEntity.WriteType.PATH_WRITE && output.isTempURI()) {
                        ret = true;
                    }
                }
                // DELETE and UPDATE initially have one input and one output.
                // Since they do not support sub-query, they won't create a lineage that have one input and one output. (One input only)
                // It's safe to filter them out here.
                if (output.getWriteType() == WriteEntity.WriteType.DELETE || output.getWriteType() == WriteEntity.WriteType.UPDATE) {
                    ret = true;
                }
            }
        }
    }

    return ret;
}
 
Example 15
Source Project: incubator-sentry   Source File: HiveAuthzBindingHookV2.java    License: Apache License 2.0 5 votes vote down vote up
private HiveOperation getCurrentHiveStmtOp() {
  SessionState sessState = SessionState.get();
  if (sessState == null) {
    LOG.warn("SessionState is null");
    return null;
  }
  return sessState.getHiveOperation();
}
 
Example 16
Source Project: incubator-sentry   Source File: TestHiveAuthzBindings.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * validate load table permissions rejected for analyst on customer:purchases
 */
@Test(expected=AuthorizationException.class)
public void testValidateLoadTabPrivilegesRejectionForUser() throws Exception {
  outputTabHierarcyList.add(buildObjectHierarchy(SERVER1, CUSTOMER_DB, PURCHASES_TAB));
  testAuth.authorize(HiveOperation.LOAD, loadTabPrivileges, ANALYST_SUBJECT,
      inputTabHierarcyList, outputTabHierarcyList);
}
 
Example 17
Source Project: incubator-sentry   Source File: AuthorizingObjectStore.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Invoke Hive table filtering that removes the entries which use has no
 * privileges to access
 * @param dbList
 * @return
 * @throws MetaException
 */
protected List<String> filterTables(String dbName, List<String> tabList)
    throws MetaException {
  if (needsAuthorization(getUserName())) {
    try {
      return HiveAuthzBindingHook.filterShowTables(getHiveAuthzBinding(),
          tabList, HiveOperation.SHOWTABLES, getUserName(), dbName);
    } catch (SemanticException e) {
      throw new MetaException("Error getting Table list " + e.getMessage());
    }
  } else {
    return tabList;
  }
}
 
Example 18
Source Project: incubator-sentry   Source File: SentryAuthorizerUtil.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Convert HiveOperationType to HiveOperation
 *
 * @param type
 */
public static HiveOperation convert2HiveOperation(String typeName) {
  try {
    return HiveOperation.valueOf(typeName);
  } catch (Exception e) {
    return null;
  }
}
 
Example 19
Source Project: atlas   Source File: HiveHookIT.java    License: Apache License 2.0 5 votes vote down vote up
@Test(enabled = false)
public void testInsertIntoTempTable() throws Exception {
    String tableName       = createTable();
    String insertTableName = createTable(false, false, true);

    assertTableIsRegistered(DEFAULT_DB, tableName);
    assertTableIsNotRegistered(DEFAULT_DB, insertTableName, true);

    String query = "insert into " + insertTableName + " select id, name from " + tableName;

    runCommand(query);

    Set<ReadEntity> inputs = getInputs(tableName, Entity.Type.TABLE);
    Set<WriteEntity> outputs = getOutputs(insertTableName, Entity.Type.TABLE);

    outputs.iterator().next().setWriteType(WriteEntity.WriteType.INSERT);

    HiveEventContext event = constructEvent(query,  HiveOperation.QUERY, inputs, outputs);
    AtlasEntity hiveProcess = validateProcess(event);
    AtlasEntity hiveProcessExecution = validateProcessExecution(hiveProcess, event);
    AtlasObjectId process = toAtlasObjectId(hiveProcessExecution.getRelationshipAttribute(
            BaseHiveEvent.ATTRIBUTE_PROCESS));
    Assert.assertEquals(process.getGuid(), hiveProcess.getGuid());
    Assert.assertEquals(numberOfProcessExecutions(hiveProcess), 1);

    assertTableIsRegistered(DEFAULT_DB, tableName);
    assertTableIsRegistered(DEFAULT_DB, insertTableName, null, true);
}
 
Example 20
Source Project: incubator-sentry   Source File: HiveAuthzBindingHook.java    License: Apache License 2.0 5 votes vote down vote up
private HiveOperation getCurrentHiveStmtOp() {
  SessionState sessState = SessionState.get();
  if (sessState == null) {
    // TODO: Warn
    return null;
  }
  return sessState.getHiveOperation();
}
 
Example 21
Source Project: atlas   Source File: HiveHookIT.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testIgnoreTruncateTable() throws Exception {
    String tableName = createTable(false);
    String query     = String.format("truncate table %s", tableName);

    runCommand(query);

    Set<WriteEntity> outputs = getOutputs(tableName, Entity.Type.TABLE);
    HiveEventContext event   = constructEvent(query, HiveOperation.TRUNCATETABLE, null, outputs);

    assertTableIsRegistered(DEFAULT_DB, tableName);
    assertProcessIsNotRegistered(event);
}
 
Example 22
Source Project: incubator-sentry   Source File: MetastoreAuthzBinding.java    License: Apache License 2.0 5 votes vote down vote up
private void authorizeAlterTable(PreAlterTableEvent context)
    throws InvalidOperationException, MetaException {
  /*
   * There are multiple alter table options and it's tricky to figure which is
   * attempted here. Currently all alter table needs full level privilege
   * except the for setting location which also needs a privile on URI. Hence
   * we set initially set the operation to ALTERTABLE_ADDCOLS. If the client
   * has specified the location, then change to ALTERTABLE_LOCATION
   */
  HiveOperation operation = HiveOperation.ALTERTABLE_ADDCOLS;
  HierarcyBuilder inputBuilder = new HierarcyBuilder();
  inputBuilder.addTableToOutput(getAuthServer(), context.getOldTable()
      .getDbName(), context.getOldTable().getTableName());
  HierarcyBuilder outputBuilder = new HierarcyBuilder();
  outputBuilder.addTableToOutput(getAuthServer(), context.getOldTable()
      .getDbName(), context.getOldTable().getTableName());

  // if the operation requires location change, then add URI privilege check
  String oldLocationUri;
  String newLocationUri;
  try {
    oldLocationUri = PathUtils.parseDFSURI(warehouseDir,
        getSdLocation(context.getOldTable().getSd()));
    newLocationUri = PathUtils.parseDFSURI(warehouseDir,
        getSdLocation(context.getNewTable().getSd()));
  } catch (URISyntaxException e) {
    throw new MetaException(e.getMessage());
  }
  if (oldLocationUri.compareTo(newLocationUri) != 0) {
    outputBuilder.addUriToOutput(getAuthServer(), newLocationUri,
        warehouseDir);
    operation = HiveOperation.ALTERTABLE_LOCATION;
  }
  authorizeMetastoreAccess(
      operation,
      inputBuilder.build(), outputBuilder.build());

}
 
Example 23
Source Project: atlas   Source File: HiveITBase.java    License: Apache License 2.0 5 votes vote down vote up
@VisibleForTesting
protected static String getProcessQualifiedName(HiveMetaStoreBridge dgiBridge, HiveEventContext eventContext,
                                      final SortedSet<ReadEntity> sortedHiveInputs,
                                      final SortedSet<WriteEntity> sortedHiveOutputs,
                                      SortedMap<ReadEntity, AtlasEntity> hiveInputsMap,
                                      SortedMap<WriteEntity, AtlasEntity> hiveOutputsMap) throws HiveException {
    HiveOperation op = eventContext.getOperation();
    if (isCreateOp(eventContext)) {
        Entity entity = getEntityByType(sortedHiveOutputs, Entity.Type.TABLE);

        if (entity != null) {
            Table outTable = entity.getTable();
            //refresh table
            outTable = dgiBridge.getHiveClient().getTable(outTable.getDbName(), outTable.getTableName());
            return HiveMetaStoreBridge.getTableProcessQualifiedName(dgiBridge.getMetadataNamespace(), outTable);
        }
    }

    StringBuilder buffer = new StringBuilder(op.getOperationName());

    boolean ignoreHDFSPathsinQFName = ignoreHDFSPathsinQFName(op, sortedHiveInputs, sortedHiveOutputs);
    if ( ignoreHDFSPathsinQFName && LOG.isDebugEnabled()) {
        LOG.debug("Ignoring HDFS paths in qualifiedName for {} {} ", op, eventContext.getQueryStr());
    }

    addInputs(dgiBridge, op, sortedHiveInputs, buffer, hiveInputsMap, ignoreHDFSPathsinQFName);
    buffer.append(IO_SEP);
    addOutputs(dgiBridge, op, sortedHiveOutputs, buffer, hiveOutputsMap, ignoreHDFSPathsinQFName);
    LOG.info("Setting process qualified name to {}", buffer);
    return buffer.toString();
}
 
Example 24
Source Project: incubator-sentry   Source File: TestHiveAuthzBindings.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * validate read permission for admin on customer:purchase
 */
@Test
public void testValidateSelectPrivilegesForAdmin() throws Exception {
  inputTabHierarcyList.add(buildObjectHierarchy(SERVER1, CUSTOMER_DB, PURCHASES_TAB));
  testAuth.authorize(HiveOperation.QUERY, queryPrivileges, ADMIN_SUBJECT,
      inputTabHierarcyList, outputTabHierarcyList);
}
 
Example 25
Source Project: atlas   Source File: HiveITBase.java    License: Apache License 2.0 5 votes vote down vote up
protected static boolean isCreateOp(HiveEventContext hiveEvent) {
    return HiveOperation.CREATETABLE.equals(hiveEvent.getOperation())
            || HiveOperation.CREATEVIEW.equals(hiveEvent.getOperation())
            || HiveOperation.ALTERVIEW_AS.equals(hiveEvent.getOperation())
            || HiveOperation.ALTERTABLE_LOCATION.equals(hiveEvent.getOperation())
            || HiveOperation.CREATETABLE_AS_SELECT.equals(hiveEvent.getOperation());
}
 
Example 26
Source Project: incubator-sentry   Source File: TestHiveAuthzBindings.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * validate create table permissions denided to junior_analyst in customer db
 */
@Test(expected=AuthorizationException.class)
public void testValidateCreateTabPrivilegesRejectionForUser() throws Exception {
  outputTabHierarcyList.add(buildObjectHierarchy(SERVER1, CUSTOMER_DB, null));
  testAuth.authorize(HiveOperation.CREATETABLE, createTabPrivileges, JUNIOR_ANALYST_SUBJECT,
      inputTabHierarcyList, outputTabHierarcyList);
}
 
Example 27
Source Project: incubator-sentry   Source File: AuthorizingObjectStoreV2.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Invoke Hive database filtering that removes the entries which use has no
 * privileges to access
 * @param dbList
 * @return
 * @throws MetaException
 */
private List<String> filterDatabases(List<String> dbList)
    throws MetaException {
  if (needsAuthorization(getUserName())) {
    try {
      return HiveAuthzBindingHook.filterShowDatabases(getHiveAuthzBinding(),
          dbList, HiveOperation.SHOWDATABASES, getUserName());
    } catch (SemanticException e) {
      throw new MetaException("Error getting DB list " + e.getMessage());
    }
  } else {
    return dbList;
  }
}
 
Example 28
Source Project: incubator-atlas   Source File: HiveHook.java    License: Apache License 2.0 5 votes vote down vote up
private static boolean isCreateOp(HiveEventContext hiveEvent) {
    return HiveOperation.CREATETABLE.equals(hiveEvent.getOperation())
            || HiveOperation.CREATEVIEW.equals(hiveEvent.getOperation())
            || HiveOperation.ALTERVIEW_AS.equals(hiveEvent.getOperation())
            || HiveOperation.ALTERTABLE_LOCATION.equals(hiveEvent.getOperation())
            || HiveOperation.CREATETABLE_AS_SELECT.equals(hiveEvent.getOperation());
}
 
Example 29
Source Project: incubator-atlas   Source File: HiveHook.java    License: Apache License 2.0 5 votes vote down vote up
@VisibleForTesting
static String getProcessQualifiedName(HiveMetaStoreBridge dgiBridge, HiveEventContext eventContext,
                                      final SortedSet<ReadEntity> sortedHiveInputs,
                                      final SortedSet<WriteEntity> sortedHiveOutputs,
                                      SortedMap<ReadEntity, Referenceable> hiveInputsMap,
                                      SortedMap<WriteEntity, Referenceable> hiveOutputsMap) throws HiveException {
    HiveOperation op = eventContext.getOperation();
    if (isCreateOp(eventContext)) {
        Entity entity = getEntityByType(sortedHiveOutputs, Type.TABLE);

        if (entity != null) {
            Table outTable = entity.getTable();
            //refresh table
            outTable = dgiBridge.hiveClient.getTable(outTable.getDbName(), outTable.getTableName());
            return HiveMetaStoreBridge.getTableProcessQualifiedName(dgiBridge.getClusterName(), outTable);
        }
    }

    StringBuilder buffer = new StringBuilder(op.getOperationName());

    boolean ignoreHDFSPathsinQFName = ignoreHDFSPathsinQFName(op, sortedHiveInputs, sortedHiveOutputs);
    if ( ignoreHDFSPathsinQFName && LOG.isDebugEnabled()) {
        LOG.debug("Ignoring HDFS paths in qualifiedName for {} {} ", op, eventContext.getQueryStr());
    }

    addInputs(dgiBridge, op, sortedHiveInputs, buffer, hiveInputsMap, ignoreHDFSPathsinQFName);
    buffer.append(IO_SEP);
    addOutputs(dgiBridge, op, sortedHiveOutputs, buffer, hiveOutputsMap, ignoreHDFSPathsinQFName);
    LOG.info("Setting process qualified name to {}", buffer);
    return buffer.toString();
}
 
Example 30
Source Project: incubator-atlas   Source File: HiveHook.java    License: Apache License 2.0 5 votes vote down vote up
private static boolean ignoreHDFSPathsinQFName(final HiveOperation op, final Set<ReadEntity> inputs, final Set<WriteEntity> outputs) {
    switch (op) {
    case LOAD:
    case IMPORT:
        return isPartitionBasedQuery(outputs);
    case EXPORT:
        return isPartitionBasedQuery(inputs);
    case QUERY:
        return true;
    }
    return false;
}