Repository: hive Updated Branches: refs/heads/beeline-cli 0ac8f6c48 -> e6adedc1c
HIVE-11179: HIVE should allow custom converting from HivePrivilegeObjectDesc to privilegeObject for different authorizers(Dapeng Sun, Reviewed by Ferdinand Xu) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/02e762f9 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/02e762f9 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/02e762f9 Branch: refs/heads/beeline-cli Commit: 02e762f94762f0f2dcd71cd59a4d36f19522606e Parents: 10dc20f Author: Ferdinand Xu <cheng.a...@intel.com> Authored: Wed Jul 8 00:57:35 2015 -0400 Committer: Ferdinand Xu <cheng.a...@intel.com> Committed: Wed Jul 8 00:57:35 2015 -0400 ---------------------------------------------------------------------- .../org/apache/hadoop/hive/ql/exec/DDLTask.java | 10 ++++----- .../authorization/plugin/HiveAuthorizer.java | 11 ++++++++++ .../plugin/HiveAuthorizerImpl.java | 22 ++++++++++++++++++++ .../authorization/plugin/HiveV1Authorizer.java | 20 ++++++++++++++++++ 4 files changed, 58 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/02e762f9/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java index 8bcf860..049857b 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java @@ -640,7 +640,7 @@ public class DDLTask extends Task<DDLWork> implements Serializable { AuthorizationUtils.getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType())); } List<HivePrincipal> principals = - AuthorizationUtils.getHivePrincipals(grantOrRevokeRoleDDL.getPrincipalDesc()); + authorizer.getHivePrincipals(grantOrRevokeRoleDDL.getPrincipalDesc()); List<String> roles = grantOrRevokeRoleDDL.getRoles(); boolean grantOption = grantOrRevokeRoleDDL.isGrantOption(); @@ -658,7 +658,7 @@ public class DDLTask extends Task<DDLWork> implements Serializable { try { List<HivePrivilegeInfo> privInfos = authorizer.showPrivileges( AuthorizationUtils.getHivePrincipal(showGrantDesc.getPrincipalDesc()), - AuthorizationUtils.getHivePrivilegeObject(showGrantDesc.getHiveObj())); + authorizer.getHivePrivilegeObject(showGrantDesc.getHiveObj())); boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST); writeToFile(writeGrantInfo(privInfos, testMode), showGrantDesc.getResFile()); } catch (IOException e) { @@ -675,9 +675,9 @@ public class DDLTask extends Task<DDLWork> implements Serializable { HiveAuthorizer authorizer = getSessionAuthorizer(); //Convert to object types used by the authorization plugin interface - List<HivePrincipal> hivePrincipals = AuthorizationUtils.getHivePrincipals(principals); - List<HivePrivilege> hivePrivileges = AuthorizationUtils.getHivePrivileges(privileges); - HivePrivilegeObject hivePrivObject = AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc); + List<HivePrincipal> hivePrincipals = authorizer.getHivePrincipals(principals); + List<HivePrivilege> hivePrivileges = authorizer.getHivePrivileges(privileges); + HivePrivilegeObject hivePrivObject = authorizer.getHivePrivilegeObject(privSubjectDesc); HivePrincipal grantorPrincipal = new HivePrincipal( grantor, AuthorizationUtils.getHivePrincipalType(grantorType)); http://git-wip-us.apache.org/repos/asf/hive/blob/02e762f9/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java index 97d9aa9..512772b 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java @@ -22,6 +22,10 @@ import java.util.List; import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate; import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving; import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.ql.metadata.HiveException; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider; /** @@ -210,5 +214,12 @@ public interface HiveAuthorizer { */ public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException; + public List<HivePrincipal> getHivePrincipals(List<PrincipalDesc> principals) + throws HiveException; + + public List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges); + + public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) + throws HiveException; } http://git-wip-us.apache.org/repos/asf/hive/blob/02e762f9/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java index c555fbf..76a80e0 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java @@ -22,6 +22,11 @@ import java.util.List; import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate; import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving; import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.ql.metadata.HiveException; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; +import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils; /** * Convenience implementation of HiveAuthorizer. @@ -134,4 +139,21 @@ public class HiveAuthorizerImpl implements HiveAuthorizer { public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException { accessController.applyAuthorizationConfigPolicy(hiveConf); } + + @Override + public List<HivePrincipal> getHivePrincipals( + List<PrincipalDesc> principals) throws HiveException { + return AuthorizationUtils.getHivePrincipals(principals); + } + + @Override + public List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges) { + return AuthorizationUtils.getHivePrivileges(privileges); + } + + @Override + public HivePrivilegeObject getHivePrivilegeObject( + PrivilegeObjectDesc privSubjectDesc) throws HiveException { + return AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc); + } } http://git-wip-us.apache.org/repos/asf/hive/blob/02e762f9/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java index 86de47c..c387800 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java @@ -37,6 +37,9 @@ import org.apache.hadoop.hive.metastore.api.RolePrincipalGrant; import org.apache.hadoop.hive.ql.metadata.Hive; import org.apache.hadoop.hive.ql.metadata.HiveException; import org.apache.hadoop.hive.ql.metadata.Table; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils; import org.apache.hadoop.hive.ql.security.authorization.PrivilegeScope; import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessController; @@ -378,4 +381,21 @@ public class HiveV1Authorizer implements HiveAuthorizer { // do no filtering in old authorizer return listObjs; } + + @Override + public List<HivePrincipal> getHivePrincipals( + List<PrincipalDesc> principals) throws HiveException { + return AuthorizationUtils.getHivePrincipals(principals); + } + + @Override + public List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges) { + return AuthorizationUtils.getHivePrivileges(privileges); + } + + @Override + public HivePrivilegeObject getHivePrivilegeObject( + PrivilegeObjectDesc privSubjectDesc) throws HiveException { + return AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc); + } }