Java Code Examples for org.apache.hadoop.hive.ql.session.SessionState#get()
The following examples show how to use
org.apache.hadoop.hive.ql.session.SessionState#get() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SentryHiveAuthorizationTaskFactoryImpl.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
private Task<? extends Serializable> analyzeGrantRevokeRole(boolean isGrant, ASTNode ast,
HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) throws SemanticException {
List<PrincipalDesc> principalDesc = analyzePrincipalListDef(
(ASTNode) ast.getChild(0));
List<String> roles = new ArrayList<String>();
for (int i = 1; i < ast.getChildCount(); i++) {
roles.add(BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(i).getText()));
}
String roleOwnerName = "";
if (SessionState.get() != null
&& SessionState.get().getAuthenticator() != null) {
roleOwnerName = SessionState.get().getAuthenticator().getUserName();
}
for (PrincipalDesc princ : principalDesc) {
if (princ.getType() != PrincipalType.GROUP) {
String msg = SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_ON_OBJECT + princ.getType();
throw new SemanticException(msg);
}
}
GrantRevokeRoleDDL grantRevokeRoleDDL = new GrantRevokeRoleDDL(isGrant,
roles, principalDesc, roleOwnerName, PrincipalType.USER, false);
return createTask(new DDLWork(inputs, outputs, grantRevokeRoleDDL));
}
Example 2
| Source File: HiveAuthzBindingHook.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
public HiveAuthzBindingHook() throws Exception {
SessionState session = SessionState.get();
if(session == null) {
throw new IllegalStateException("Session has not been started");
}
// HACK: set a random classname to force the Auth V2 in Hive
SessionState.get().setAuthorizer(null);
HiveConf hiveConf = session.getConf();
if(hiveConf == null) {
throw new IllegalStateException("Session HiveConf is null");
}
authzConf = loadAuthzConf(hiveConf);
hiveAuthzBinding = new HiveAuthzBinding(hiveConf, authzConf);
String serdeWhiteLists = authzConf.get(HiveAuthzConf.HIVE_SENTRY_SERDE_WHITELIST,
HiveAuthzConf.HIVE_SENTRY_SERDE_WHITELIST_DEFAULT);
serdeWhiteList = Arrays.asList(serdeWhiteLists.split(","));
serdeURIPrivilegesEnabled = authzConf.getBoolean(HiveAuthzConf.HIVE_SENTRY_SERDE_URI_PRIVILIEGES_ENABLED,
HiveAuthzConf.HIVE_SENTRY_SERDE_URI_PRIVILIEGES_ENABLED_DEFAULT);
FunctionRegistry.setupPermissionsForBuiltinUDFs("", HiveAuthzConf.HIVE_UDF_BLACK_LIST);
}
Example 3
| Source File: HiveTableEnv.java From marble with Apache License 2.0 | 5 votes |
|
@Override protected void executeBeforeSqlQuery(String sql) {
//clear thread context
HiveUDFInstanceCollecterPerSqlQuery.clear();
//prepare hive session state per sql query
if (SessionState.get() == null) {
SessionState ss = new SessionState(HIVE_CONF);
SessionState.setCurrentSessionState(ss);
}
SessionState.get().setupQueryCurrentTimestamp();
}
Example 4
| Source File: HiveMetaStoreBridge.java From atlas with Apache License 2.0 | 5 votes |
|
/**
* Construct the qualified name used to uniquely identify a Table instance in Atlas.
* @param metadataNamespace Name of the cluster to which the Hive component belongs
* @param dbName Name of the Hive database to which the Table belongs
* @param tableName Name of the Hive table
* @param isTemporaryTable is this a temporary table
* @return Unique qualified name to identify the Table instance in Atlas.
*/
public static String getTableQualifiedName(String metadataNamespace, String dbName, String tableName, boolean isTemporaryTable) {
String tableTempName = tableName;
if (isTemporaryTable) {
if (SessionState.get() != null && SessionState.get().getSessionId() != null) {
tableTempName = tableName + TEMP_TABLE_PREFIX + SessionState.get().getSessionId();
} else {
tableTempName = tableName + TEMP_TABLE_PREFIX + RandomStringUtils.random(10);
}
}
return String.format("%s.%s@%s", dbName.toLowerCase(), tableTempName.toLowerCase(), metadataNamespace);
}
Example 5
| Source File: AtlasHiveHookContext.java From atlas with Apache License 2.0 | 5 votes |
|
public String getQualifiedName(Table table) {
String tableName = table.getTableName();
if (table.isTemporary()) {
if (SessionState.get() != null && SessionState.get().getSessionId() != null) {
tableName = tableName + TEMP_TABLE_PREFIX + SessionState.get().getSessionId();
} else {
tableName = tableName + TEMP_TABLE_PREFIX + RandomStringUtils.random(10);
}
}
return (table.getDbName() + QNAME_SEP_ENTITY_NAME + tableName + QNAME_SEP_METADATA_NAMESPACE).toLowerCase() + getMetadataNamespace();
}
Example 6
| Source File: HiveMetaStoreBridge.java From incubator-atlas with Apache License 2.0 | 5 votes |
|
/**
* Construct the qualified name used to uniquely identify a Table instance in Atlas.
* @param clusterName Name of the cluster to which the Hive component belongs
* @param dbName Name of the Hive database to which the Table belongs
* @param tableName Name of the Hive table
* @return Unique qualified name to identify the Table instance in Atlas.
*/
public static String getTableQualifiedName(String clusterName, String dbName, String tableName, boolean isTemporaryTable) {
String tableTempName = tableName;
if (isTemporaryTable) {
if (SessionState.get() != null && SessionState.get().getSessionId() != null) {
tableTempName = tableName + TEMP_TABLE_PREFIX + SessionState.get().getSessionId();
} else {
tableTempName = tableName + TEMP_TABLE_PREFIX + RandomStringUtils.random(10);
}
}
return String.format("%s.%s@%s", dbName.toLowerCase(), tableTempName.toLowerCase(), clusterName);
}
Example 7
| Source File: SentryHiveAuthorizationTaskFactoryImpl.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Override
public Task<? extends Serializable> createGrantTask(ASTNode ast, HashSet<ReadEntity> inputs,
HashSet<WriteEntity> outputs) throws SemanticException {
List<PrivilegeDesc> privilegeDesc = analyzePrivilegeListDef(
(ASTNode) ast.getChild(0));
List<PrincipalDesc> principalDesc = analyzePrincipalListDef(
(ASTNode) ast.getChild(1));
SentryHivePrivilegeObjectDesc privilegeObj = null;
boolean grantOption = false;
if (ast.getChildCount() > 2) {
for (int i = 2; i < ast.getChildCount(); i++) {
ASTNode astChild = (ASTNode) ast.getChild(i);
if (astChild.getType() == HiveParser.TOK_GRANT_WITH_OPTION) {
grantOption = true;
} else if (astChild.getType() == HiveParser.TOK_PRIV_OBJECT) {
privilegeObj = analyzePrivilegeObject(astChild);
}
}
}
String userName = null;
if (SessionState.get() != null
&& SessionState.get().getAuthenticator() != null) {
userName = SessionState.get().getAuthenticator().getUserName();
}
Preconditions.checkNotNull(privilegeObj, "privilegeObj is null for " + ast.dump());
if (privilegeObj.getPartSpec() != null) {
throw new SemanticException(SentryHiveConstants.PARTITION_PRIVS_NOT_SUPPORTED);
}
for (PrincipalDesc princ : principalDesc) {
if (princ.getType() != PrincipalType.ROLE) {
String msg = SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_FOR_PRINCIPAL + princ.getType();
throw new SemanticException(msg);
}
}
GrantDesc grantDesc = new GrantDesc(privilegeObj, privilegeDesc,
principalDesc, userName, PrincipalType.USER, grantOption);
return createTask(new DDLWork(inputs, outputs, grantDesc));
}
Example 8
| Source File: HiveAuthzBindingHook.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
private HiveOperation getCurrentHiveStmtOp() {
SessionState sessState = SessionState.get();
if (sessState == null) {
// TODO: Warn
return null;
}
return sessState.getHiveOperation();
}
Example 9
| Source File: HiveAuthzBindingHookV2.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
public HiveAuthzBindingHookV2() throws Exception {
SessionState session = SessionState.get();
if(session == null) {
throw new IllegalStateException("Session has not been started");
}
HiveConf hiveConf = session.getConf();
if(hiveConf == null) {
throw new IllegalStateException("Session HiveConf is null");
}
authzConf = HiveAuthzBindingHook.loadAuthzConf(hiveConf);
hiveAuthzBinding = new HiveAuthzBinding(hiveConf, authzConf);
}
Example 10
| Source File: HiveAuthzBindingHookV2.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
private HiveOperation getCurrentHiveStmtOp() {
SessionState sessState = SessionState.get();
if (sessState == null) {
LOG.warn("SessionState is null");
return null;
}
return sessState.getHiveOperation();
}
Example 11
| Source File: RangerHiveAuthorizer.java From ranger with Apache License 2.0 | 4 votes |
|
@Override
public void grantRole(List<HivePrincipal> hivePrincipals, List<String> roles,
boolean grantOption, HivePrincipal grantorPrinc)
throws HiveAuthzPluginException, HiveAccessControlException {
LOG.debug("RangerHiveAuthorizerBase.grantRole()");
boolean result = false;
RangerHiveAuditHandler auditHandler = new RangerHiveAuditHandler();
String username = getGrantorUsername(grantorPrinc);
List<String> principals = new ArrayList<>();
try {
GrantRevokeRoleRequest request = new GrantRevokeRoleRequest();
request.setGrantor(username);
request.setGrantorGroups(getGrantorGroupNames(grantorPrinc));
Set<String> userList = new HashSet<>();
Set<String> roleList = new HashSet<>();
Set<String> groupList = new HashSet<>();
for(HivePrincipal principal : hivePrincipals) {
String name = null;
switch(principal.getType()) {
case USER:
name = principal.getName();
userList.add(name);
principals.add("USER " + name);
break;
case GROUP:
name = principal.getName();
groupList.add(name);
principals.add("GROUP " + name);
break;
case ROLE:
name = principal.getName();
roleList.add(name);
principals.add("ROLE "+ name);
break;
case UNKNOWN:
break;
}
}
request.setUsers(userList);
request.setGroups(groupList);
request.setRoles(roleList);
request.setGrantOption(grantOption);
request.setTargetRoles(new HashSet<>(roles));
SessionState ss = SessionState.get();
if(ss != null) {
request.setClientIPAddress(ss.getUserIpAddress());
request.setSessionId(ss.getSessionId());
HiveConf hiveConf = ss.getConf();
if(hiveConf != null) {
request.setRequestData(hiveConf.get(HIVE_CONF_VAR_QUERY_STRING));
}
}
HiveAuthzSessionContext sessionContext = getHiveAuthzSessionContext();
if(sessionContext != null) {
request.setClientType(sessionContext.getClientType() == null ? null : sessionContext.getClientType().toString());
}
hivePlugin.grantRole(request, auditHandler);
result = true;
} catch(Exception excp) {
throw new HiveAccessControlException(excp);
} finally {
RangerAccessResult accessResult = createAuditEvent(hivePlugin, username, principals, HiveOperationType.GRANT_ROLE, HiveAccessType.ALTER, roles, result);
auditHandler.processResult(accessResult);
auditHandler.flushAudit();
}
}
Example 12
| Source File: RangerHiveAuthorizer.java From ranger with Apache License 2.0 | 4 votes |
|
@Override
public void revokeRole(List<HivePrincipal> hivePrincipals, List<String> roles,
boolean grantOption, HivePrincipal grantorPrinc)
throws HiveAuthzPluginException, HiveAccessControlException {
LOG.debug("RangerHiveAuthorizerBase.revokeRole()");
boolean result = false;
RangerHiveAuditHandler auditHandler = new RangerHiveAuditHandler();
String grantorUserName = getGrantorUsername(grantorPrinc);
List<String> principals = new ArrayList<>();
try {
GrantRevokeRoleRequest request = new GrantRevokeRoleRequest();
request.setGrantor(grantorUserName);
request.setGrantorGroups(getGrantorGroupNames(grantorPrinc));
Set<String> userList = new HashSet<>();
Set<String> roleList = new HashSet<>();
Set<String> groupList = new HashSet<>();
for(HivePrincipal principal : hivePrincipals) {
String principalName = null;
switch(principal.getType()) {
case USER:
principalName = principal.getName();
userList.add(principalName);
principals.add("USER " + principalName);
break;
case GROUP:
principalName = principal.getName();
groupList.add(principalName);
principals.add("GROUP " + principalName);
break;
case ROLE:
principalName = principal.getName();
roleList.add(principalName);
principals.add("ROLE " + principalName);
break;
case UNKNOWN:
break;
}
}
request.setUsers(userList);
request.setGroups(groupList);
request.setRoles(roleList);
request.setGrantOption(grantOption);
request.setTargetRoles(new HashSet<>(roles));
SessionState ss = SessionState.get();
if(ss != null) {
request.setClientIPAddress(ss.getUserIpAddress());
request.setSessionId(ss.getSessionId());
HiveConf hiveConf = ss.getConf();
if(hiveConf != null) {
request.setRequestData(hiveConf.get(HIVE_CONF_VAR_QUERY_STRING));
}
}
HiveAuthzSessionContext sessionContext = getHiveAuthzSessionContext();
if(sessionContext != null) {
request.setClientType(sessionContext.getClientType() == null ? null : sessionContext.getClientType().toString());
}
LOG.info("revokeRole(): " + request);
if(LOG.isDebugEnabled()) {
LOG.debug("revokeRole(): " + request);
}
hivePlugin.revokeRole(request, auditHandler);
result = true;
} catch(Exception excp) {
throw new HiveAccessControlException(excp);
} finally {
RangerAccessResult accessResult = createAuditEvent(hivePlugin, grantorUserName, principals, HiveOperationType.REVOKE_ROLE, HiveAccessType.ALTER, roles, result);
auditHandler.processResult(accessResult);
auditHandler.flushAudit();
}
}
Example 13
| Source File: RangerHiveAuthorizer.java From ranger with Apache License 2.0 | 4 votes |
|
private GrantRevokeRequest createGrantRevokeData(RangerHiveResource resource,
List<HivePrincipal> hivePrincipals,
List<HivePrivilege> hivePrivileges,
HivePrincipal grantorPrincipal,
boolean grantOption)
throws HiveAccessControlException {
if(resource == null ||
! ( resource.getObjectType() == HiveObjectType.DATABASE
|| resource.getObjectType() == HiveObjectType.TABLE
|| resource.getObjectType() == HiveObjectType.VIEW
|| resource.getObjectType() == HiveObjectType.COLUMN
)
) {
throw new HiveAccessControlException("grant/revoke: unexpected object type '" + (resource == null ? null : resource.getObjectType().name()));
}
GrantRevokeRequest ret = new GrantRevokeRequest();
ret.setGrantor(getGrantorUsername(grantorPrincipal));
ret.setGrantorGroups(getGrantorGroupNames(grantorPrincipal));
ret.setDelegateAdmin(grantOption ? Boolean.TRUE : Boolean.FALSE);
ret.setEnableAudit(Boolean.TRUE);
ret.setReplaceExistingPermissions(Boolean.FALSE);
String database = StringUtils.isEmpty(resource.getDatabase()) ? "*" : resource.getDatabase();
String table = StringUtils.isEmpty(resource.getTable()) ? "*" : resource.getTable();
String column = StringUtils.isEmpty(resource.getColumn()) ? "*" : resource.getColumn();
Map<String, String> mapResource = new HashMap<String, String>();
mapResource.put(RangerHiveResource.KEY_DATABASE, database);
mapResource.put(RangerHiveResource.KEY_TABLE, table);
mapResource.put(RangerHiveResource.KEY_COLUMN, column);
ret.setOwnerUser(resource.getOwnerUser());
ret.setResource(mapResource);
SessionState ss = SessionState.get();
if(ss != null) {
ret.setClientIPAddress(ss.getUserIpAddress());
ret.setSessionId(ss.getSessionId());
HiveConf hiveConf = ss.getConf();
if(hiveConf != null) {
ret.setRequestData(hiveConf.get(HIVE_CONF_VAR_QUERY_STRING));
}
}
HiveAuthzSessionContext sessionContext = getHiveAuthzSessionContext();
if(sessionContext != null) {
ret.setClientType(sessionContext.getClientType() == null ? null : sessionContext.getClientType().toString());
}
for(HivePrincipal principal : hivePrincipals) {
switch(principal.getType()) {
case USER:
ret.getUsers().add(principal.getName());
break;
case GROUP:
ret.getGroups().add(principal.getName());
break;
case ROLE:
ret.getRoles().add(principal.getName());
break;
case UNKNOWN:
break;
}
}
for(HivePrivilege privilege : hivePrivileges) {
String privName = privilege.getName();
if(StringUtils.equalsIgnoreCase(privName, HiveAccessType.ALL.name()) ||
StringUtils.equalsIgnoreCase(privName, HiveAccessType.ALTER.name()) ||
StringUtils.equalsIgnoreCase(privName, HiveAccessType.CREATE.name()) ||
StringUtils.equalsIgnoreCase(privName, HiveAccessType.DROP.name()) ||
StringUtils.equalsIgnoreCase(privName, HiveAccessType.INDEX.name()) ||
StringUtils.equalsIgnoreCase(privName, HiveAccessType.LOCK.name()) ||
StringUtils.equalsIgnoreCase(privName, HiveAccessType.SELECT.name()) ||
StringUtils.equalsIgnoreCase(privName, HiveAccessType.UPDATE.name())) {
ret.getAccessTypes().add(privName.toLowerCase());
} else if (StringUtils.equalsIgnoreCase(privName, "Insert") ||
StringUtils.equalsIgnoreCase(privName, "Delete")) {
// Mapping Insert/Delete to Update
ret.getAccessTypes().add(HiveAccessType.UPDATE.name().toLowerCase());
} else {
LOG.warn("grant/revoke: unexpected privilege type '" + privName + "'. Ignored");
}
}
return ret;
}
