http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/ql/src/test/results/clientpositive/llap/resourceplan.q.out ---------------------------------------------------------------------- diff --git a/ql/src/test/results/clientpositive/llap/resourceplan.q.out b/ql/src/test/results/clientpositive/llap/resourceplan.q.out index 8e58b16..c7e9638 100644 --- a/ql/src/test/results/clientpositive/llap/resourceplan.q.out +++ b/ql/src/test/results/clientpositive/llap/resourceplan.q.out @@ -300,6 +300,7 @@ PREHOOK: query: CREATE TABLE IF NOT EXISTS `DB_PRIVS` ( `PRINCIPAL_NAME` string, `PRINCIPAL_TYPE` string, `DB_PRIV` string, + `AUTHORIZER` string, CONSTRAINT `SYS_PK_DB_PRIVS` PRIMARY KEY (`DB_GRANT_ID`) DISABLE ) STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler' @@ -315,7 +316,8 @@ TBLPROPERTIES ( \"GRANTOR_TYPE\", \"PRINCIPAL_NAME\", \"PRINCIPAL_TYPE\", - \"DB_PRIV\" + \"DB_PRIV\", + \"AUTHORIZER\" FROM \"DB_PRIVS\"" ) @@ -332,6 +334,7 @@ POSTHOOK: query: CREATE TABLE IF NOT EXISTS `DB_PRIVS` ( `PRINCIPAL_NAME` string, `PRINCIPAL_TYPE` string, `DB_PRIV` string, + `AUTHORIZER` string, CONSTRAINT `SYS_PK_DB_PRIVS` PRIMARY KEY (`DB_GRANT_ID`) DISABLE ) STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler' @@ -347,7 +350,8 @@ TBLPROPERTIES ( \"GRANTOR_TYPE\", \"PRINCIPAL_NAME\", \"PRINCIPAL_TYPE\", - \"DB_PRIV\" + \"DB_PRIV\", + \"AUTHORIZER\" FROM \"DB_PRIVS\"" ) @@ -363,6 +367,7 @@ PREHOOK: query: CREATE TABLE IF NOT EXISTS `GLOBAL_PRIVS` ( `PRINCIPAL_NAME` string, `PRINCIPAL_TYPE` string, `USER_PRIV` string, + `AUTHORIZER` string, CONSTRAINT `SYS_PK_GLOBAL_PRIVS` PRIMARY KEY (`USER_GRANT_ID`) DISABLE ) STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler' @@ -377,7 +382,8 @@ TBLPROPERTIES ( \"GRANTOR_TYPE\", \"PRINCIPAL_NAME\", \"PRINCIPAL_TYPE\", - \"USER_PRIV\" + \"USER_PRIV\", + \"AUTHORIZER\" FROM \"GLOBAL_PRIVS\"" ) @@ -393,6 +399,7 @@ POSTHOOK: query: CREATE TABLE IF NOT EXISTS `GLOBAL_PRIVS` ( `PRINCIPAL_NAME` string, `PRINCIPAL_TYPE` string, `USER_PRIV` string, + `AUTHORIZER` string, CONSTRAINT `SYS_PK_GLOBAL_PRIVS` PRIMARY KEY (`USER_GRANT_ID`) DISABLE ) STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler' @@ -407,7 +414,8 @@ TBLPROPERTIES ( \"GRANTOR_TYPE\", \"PRINCIPAL_NAME\", \"PRINCIPAL_TYPE\", - \"USER_PRIV\" + \"USER_PRIV\", + \"AUTHORIZER\" FROM \"GLOBAL_PRIVS\"" ) @@ -605,6 +613,7 @@ PREHOOK: query: CREATE TABLE IF NOT EXISTS `PART_COL_PRIVS` ( `PRINCIPAL_NAME` string, `PRINCIPAL_TYPE` string, `PART_COL_PRIV` string, + `AUTHORIZER` string, CONSTRAINT `SYS_PK_PART_COL_PRIVS` PRIMARY KEY (`PART_COLUMN_GRANT_ID`) DISABLE ) STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler' @@ -621,7 +630,8 @@ TBLPROPERTIES ( \"PART_ID\", \"PRINCIPAL_NAME\", \"PRINCIPAL_TYPE\", - \"PART_COL_PRIV\" + \"PART_COL_PRIV\", + \"AUTHORIZER\" FROM \"PART_COL_PRIVS\"" ) @@ -639,6 +649,7 @@ POSTHOOK: query: CREATE TABLE IF NOT EXISTS `PART_COL_PRIVS` ( `PRINCIPAL_NAME` string, `PRINCIPAL_TYPE` string, `PART_COL_PRIV` string, + `AUTHORIZER` string, CONSTRAINT `SYS_PK_PART_COL_PRIVS` PRIMARY KEY (`PART_COLUMN_GRANT_ID`) DISABLE ) STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler' @@ -655,7 +666,8 @@ TBLPROPERTIES ( \"PART_ID\", \"PRINCIPAL_NAME\", \"PRINCIPAL_TYPE\", - \"PART_COL_PRIV\" + \"PART_COL_PRIV\", + \"AUTHORIZER\" FROM \"PART_COL_PRIVS\"" ) @@ -672,6 +684,7 @@ PREHOOK: query: CREATE TABLE IF NOT EXISTS `PART_PRIVS` ( `PRINCIPAL_NAME` string, `PRINCIPAL_TYPE` string, `PART_PRIV` string, + `AUTHORIZER` string, CONSTRAINT `SYS_PK_PART_PRIVS` PRIMARY KEY (`PART_GRANT_ID`) DISABLE ) STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler' @@ -687,7 +700,8 @@ TBLPROPERTIES ( \"PART_ID\", \"PRINCIPAL_NAME\", \"PRINCIPAL_TYPE\", - \"PART_PRIV\" + \"PART_PRIV\", + \"AUTHORIZER\" FROM \"PART_PRIVS\"" ) @@ -704,6 +718,7 @@ POSTHOOK: query: CREATE TABLE IF NOT EXISTS `PART_PRIVS` ( `PRINCIPAL_NAME` string, `PRINCIPAL_TYPE` string, `PART_PRIV` string, + `AUTHORIZER` string, CONSTRAINT `SYS_PK_PART_PRIVS` PRIMARY KEY (`PART_GRANT_ID`) DISABLE ) STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler' @@ -719,7 +734,8 @@ TBLPROPERTIES ( \"PART_ID\", \"PRINCIPAL_NAME\", \"PRINCIPAL_TYPE\", - \"PART_PRIV\" + \"PART_PRIV\", + \"AUTHORIZER\" FROM \"PART_PRIVS\"" ) @@ -1485,6 +1501,7 @@ PREHOOK: query: CREATE TABLE IF NOT EXISTS `TBL_COL_PRIVS` ( `PRINCIPAL_TYPE` string, `TBL_COL_PRIV` string, `TBL_ID` bigint, + `AUTHORIZER` string, CONSTRAINT `SYS_PK_TBL_COL_PRIVS` PRIMARY KEY (`TBL_COLUMN_GRANT_ID`) DISABLE ) STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler' @@ -1501,7 +1518,8 @@ TBLPROPERTIES ( \"PRINCIPAL_NAME\", \"PRINCIPAL_TYPE\", \"TBL_COL_PRIV\", - \"TBL_ID\" + \"TBL_ID\", + \"AUTHORIZER\" FROM \"TBL_COL_PRIVS\"" ) @@ -1519,6 +1537,7 @@ POSTHOOK: query: CREATE TABLE IF NOT EXISTS `TBL_COL_PRIVS` ( `PRINCIPAL_TYPE` string, `TBL_COL_PRIV` string, `TBL_ID` bigint, + `AUTHORIZER` string, CONSTRAINT `SYS_PK_TBL_COL_PRIVS` PRIMARY KEY (`TBL_COLUMN_GRANT_ID`) DISABLE ) STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler' @@ -1535,7 +1554,8 @@ TBLPROPERTIES ( \"PRINCIPAL_NAME\", \"PRINCIPAL_TYPE\", \"TBL_COL_PRIV\", - \"TBL_ID\" + \"TBL_ID\", + \"AUTHORIZER\" FROM \"TBL_COL_PRIVS\"" ) @@ -1552,6 +1572,7 @@ PREHOOK: query: CREATE TABLE IF NOT EXISTS `TBL_PRIVS` ( `PRINCIPAL_TYPE` string, `TBL_PRIV` string, `TBL_ID` bigint, + `AUTHORIZER` string, CONSTRAINT `SYS_PK_TBL_PRIVS` PRIMARY KEY (`TBL_GRANT_ID`) DISABLE ) STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler' @@ -1567,7 +1588,8 @@ TBLPROPERTIES ( \"PRINCIPAL_NAME\", \"PRINCIPAL_TYPE\", \"TBL_PRIV\", - \"TBL_ID\" + \"TBL_ID\", + \"AUTHORIZER\" FROM \"TBL_PRIVS\"" ) @@ -1584,6 +1606,7 @@ POSTHOOK: query: CREATE TABLE IF NOT EXISTS `TBL_PRIVS` ( `PRINCIPAL_TYPE` string, `TBL_PRIV` string, `TBL_ID` bigint, + `AUTHORIZER` string, CONSTRAINT `SYS_PK_TBL_PRIVS` PRIMARY KEY (`TBL_GRANT_ID`) DISABLE ) STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler' @@ -1599,7 +1622,8 @@ TBLPROPERTIES ( \"PRINCIPAL_NAME\", \"PRINCIPAL_TYPE\", \"TBL_PRIV\", - \"TBL_ID\" + \"TBL_ID\", + \"AUTHORIZER\" FROM \"TBL_PRIVS\"" ) @@ -2397,6 +2421,7 @@ WHERE AND T.`TBL_ID` = P.`TBL_ID` AND (P.`PRINCIPAL_NAME`=current_user() AND P.`PRINCIPAL_TYPE`='USER' OR ((array_contains(current_groups(), P.`PRINCIPAL_NAME`) OR P.`PRINCIPAL_NAME` = 'public') AND P.`PRINCIPAL_TYPE`='GROUP')) + AND current_authorizer() = P.`AUTHORIZER` PREHOOK: type: CREATEVIEW PREHOOK: Input: sys@dbs PREHOOK: Input: sys@tbl_privs @@ -2429,6 +2454,7 @@ WHERE AND T.`TBL_ID` = P.`TBL_ID` AND (P.`PRINCIPAL_NAME`=current_user() AND P.`PRINCIPAL_TYPE`='USER' OR ((array_contains(current_groups(), P.`PRINCIPAL_NAME`) OR P.`PRINCIPAL_NAME` = 'public') AND P.`PRINCIPAL_TYPE`='GROUP')) + AND current_authorizer() = P.`AUTHORIZER` POSTHOOK: type: CREATEVIEW POSTHOOK: Input: sys@dbs POSTHOOK: Input: sys@tbl_privs @@ -2476,8 +2502,8 @@ WHERE D.`DB_ID` = T.`DB_ID` AND (NOT restrict_information_schema() OR T.`TBL_ID` = P.`TBL_ID` AND (P.`PRINCIPAL_NAME`=current_user() AND P.`PRINCIPAL_TYPE`='USER' - OR ((array_contains(current_groups(), P.`PRINCIPAL_NAME`) OR P.`PRINCIPAL_NAME` = 'public') AND P.`PRINCIPAL_TYPE`='GROUP')) - AND P.`TBL_PRIV`='SELECT') + OR ((array_contains(current_groups(), P.`PRINCIPAL_NAME`) OR P.`PRINCIPAL_NAME` = 'public') AND P.`PRINCIPAL_TYPE`='GROUP'))) + AND P.`TBL_PRIV`='SELECT' AND P.`AUTHORIZER`=current_authorizer() PREHOOK: type: CREATEVIEW PREHOOK: Input: sys@dbs PREHOOK: Input: sys@tbl_privs @@ -2518,8 +2544,8 @@ WHERE D.`DB_ID` = T.`DB_ID` AND (NOT restrict_information_schema() OR T.`TBL_ID` = P.`TBL_ID` AND (P.`PRINCIPAL_NAME`=current_user() AND P.`PRINCIPAL_TYPE`='USER' - OR ((array_contains(current_groups(), P.`PRINCIPAL_NAME`) OR P.`PRINCIPAL_NAME` = 'public') AND P.`PRINCIPAL_TYPE`='GROUP')) - AND P.`TBL_PRIV`='SELECT') + OR ((array_contains(current_groups(), P.`PRINCIPAL_NAME`) OR P.`PRINCIPAL_NAME` = 'public') AND P.`PRINCIPAL_TYPE`='GROUP'))) + AND P.`TBL_PRIV`='SELECT' AND P.`AUTHORIZER`=current_authorizer() POSTHOOK: type: CREATEVIEW POSTHOOK: Input: sys@dbs POSTHOOK: Input: sys@tbl_privs @@ -2569,8 +2595,8 @@ WHERE AND (NOT restrict_information_schema() OR P.`TBL_ID` = P2.`TBL_ID` AND P.`PRINCIPAL_NAME` = P2.`PRINCIPAL_NAME` AND P.`PRINCIPAL_TYPE` = P2.`PRINCIPAL_TYPE` AND (P2.`PRINCIPAL_NAME`=current_user() AND P2.`PRINCIPAL_TYPE`='USER' - OR ((array_contains(current_groups(), P2.`PRINCIPAL_NAME`) OR P2.`PRINCIPAL_NAME` = 'public') AND P2.`PRINCIPAL_TYPE`='GROUP')) - AND P2.`TBL_PRIV`='SELECT') + OR ((array_contains(current_groups(), P2.`PRINCIPAL_NAME`) OR P2.`PRINCIPAL_NAME` = 'public') AND P2.`PRINCIPAL_TYPE`='GROUP'))) + AND P2.`TBL_PRIV`='SELECT' AND P.`AUTHORIZER` = current_authorizer() AND P2.`AUTHORIZER` = current_authorizer() PREHOOK: type: CREATEVIEW PREHOOK: Input: sys@dbs PREHOOK: Input: sys@tbl_privs @@ -2608,8 +2634,8 @@ WHERE AND (NOT restrict_information_schema() OR P.`TBL_ID` = P2.`TBL_ID` AND P.`PRINCIPAL_NAME` = P2.`PRINCIPAL_NAME` AND P.`PRINCIPAL_TYPE` = P2.`PRINCIPAL_TYPE` AND (P2.`PRINCIPAL_NAME`=current_user() AND P2.`PRINCIPAL_TYPE`='USER' - OR ((array_contains(current_groups(), P2.`PRINCIPAL_NAME`) OR P2.`PRINCIPAL_NAME` = 'public') AND P2.`PRINCIPAL_TYPE`='GROUP')) - AND P2.`TBL_PRIV`='SELECT') + OR ((array_contains(current_groups(), P2.`PRINCIPAL_NAME`) OR P2.`PRINCIPAL_NAME` = 'public') AND P2.`PRINCIPAL_TYPE`='GROUP'))) + AND P2.`TBL_PRIV`='SELECT' AND P.`AUTHORIZER` = current_authorizer() AND P2.`AUTHORIZER` = current_authorizer() POSTHOOK: type: CREATEVIEW POSTHOOK: Input: sys@dbs POSTHOOK: Input: sys@tbl_privs @@ -2777,7 +2803,7 @@ WHERE AND C.`COLUMN_NAME` = P.`COLUMN_NAME` AND (P.`PRINCIPAL_NAME`=current_user() AND P.`PRINCIPAL_TYPE`='USER' OR ((array_contains(current_groups(), P.`PRINCIPAL_NAME`) OR P.`PRINCIPAL_NAME` = 'public') AND P.`PRINCIPAL_TYPE`='GROUP')) - AND P.`TBL_COL_PRIV`='SELECT') + AND P.`TBL_COL_PRIV`='SELECT' AND P.`AUTHORIZER`=current_authorizer()) PREHOOK: type: CREATEVIEW PREHOOK: Input: sys@columns_v2 PREHOOK: Input: sys@dbs @@ -2939,7 +2965,7 @@ WHERE AND C.`COLUMN_NAME` = P.`COLUMN_NAME` AND (P.`PRINCIPAL_NAME`=current_user() AND P.`PRINCIPAL_TYPE`='USER' OR ((array_contains(current_groups(), P.`PRINCIPAL_NAME`) OR P.`PRINCIPAL_NAME` = 'public') AND P.`PRINCIPAL_TYPE`='GROUP')) - AND P.`TBL_COL_PRIV`='SELECT') + AND P.`TBL_COL_PRIV`='SELECT' AND P.`AUTHORIZER`=current_authorizer()) POSTHOOK: type: CREATEVIEW POSTHOOK: Input: sys@columns_v2 POSTHOOK: Input: sys@dbs @@ -3029,7 +3055,7 @@ WHERE P.`TBL_ID` = P2.`TBL_ID` AND P.`PRINCIPAL_NAME` = P2.`PRINCIPAL_NAME` AND P.`PRINCIPAL_TYPE` = P2.`PRINCIPAL_TYPE` AND (P2.`PRINCIPAL_NAME`=current_user() AND P2.`PRINCIPAL_TYPE`='USER' OR ((array_contains(current_groups(), P2.`PRINCIPAL_NAME`) OR P2.`PRINCIPAL_NAME` = 'public') AND P2.`PRINCIPAL_TYPE`='GROUP')) - AND P2.`TBL_PRIV`='SELECT') + AND P2.`TBL_PRIV`='SELECT' AND P.`AUTHORIZER`=current_authorizer() AND P2.`AUTHORIZER`=current_authorizer()) PREHOOK: type: CREATEVIEW PREHOOK: Input: sys@dbs PREHOOK: Input: sys@sds @@ -3072,7 +3098,7 @@ WHERE P.`TBL_ID` = P2.`TBL_ID` AND P.`PRINCIPAL_NAME` = P2.`PRINCIPAL_NAME` AND P.`PRINCIPAL_TYPE` = P2.`PRINCIPAL_TYPE` AND (P2.`PRINCIPAL_NAME`=current_user() AND P2.`PRINCIPAL_TYPE`='USER' OR ((array_contains(current_groups(), P2.`PRINCIPAL_NAME`) OR P2.`PRINCIPAL_NAME` = 'public') AND P2.`PRINCIPAL_TYPE`='GROUP')) - AND P2.`TBL_PRIV`='SELECT') + AND P2.`TBL_PRIV`='SELECT' AND P.`AUTHORIZER`=current_authorizer() AND P2.`AUTHORIZER`=current_authorizer()) POSTHOOK: type: CREATEVIEW POSTHOOK: Input: sys@dbs POSTHOOK: Input: sys@sds @@ -3124,7 +3150,7 @@ WHERE T.`TBL_ID` = P.`TBL_ID` AND (P.`PRINCIPAL_NAME`=current_user() AND P.`PRINCIPAL_TYPE`='USER' OR ((array_contains(current_groups(), P.`PRINCIPAL_NAME`) OR P.`PRINCIPAL_NAME` = 'public') AND P.`PRINCIPAL_TYPE`='GROUP')) - AND P.`TBL_PRIV`='SELECT') + AND P.`TBL_PRIV`='SELECT' AND P.`AUTHORIZER`=current_authorizer()) PREHOOK: type: CREATEVIEW PREHOOK: Input: sys@dbs PREHOOK: Input: sys@tbl_privs @@ -3166,7 +3192,7 @@ WHERE T.`TBL_ID` = P.`TBL_ID` AND (P.`PRINCIPAL_NAME`=current_user() AND P.`PRINCIPAL_TYPE`='USER' OR ((array_contains(current_groups(), P.`PRINCIPAL_NAME`) OR P.`PRINCIPAL_NAME` = 'public') AND P.`PRINCIPAL_TYPE`='GROUP')) - AND P.`TBL_PRIV`='SELECT') + AND P.`TBL_PRIV`='SELECT' AND P.`AUTHORIZER`=current_authorizer()) POSTHOOK: type: CREATEVIEW POSTHOOK: Input: sys@dbs POSTHOOK: Input: sys@tbl_privs
http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/ql/src/test/results/clientpositive/show_functions.q.out ---------------------------------------------------------------------- diff --git a/ql/src/test/results/clientpositive/show_functions.q.out b/ql/src/test/results/clientpositive/show_functions.q.out index 923a967..91d3660 100644 --- a/ql/src/test/results/clientpositive/show_functions.q.out +++ b/ql/src/test/results/clientpositive/show_functions.q.out @@ -63,6 +63,7 @@ covar_samp crc32 create_union cume_dist +current_authorizer current_database current_date current_groups @@ -319,6 +320,7 @@ covar_samp crc32 create_union cume_dist +current_authorizer current_database current_date current_groups http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/service/src/java/org/apache/hive/service/server/HiveServer2.java ---------------------------------------------------------------------- diff --git a/service/src/java/org/apache/hive/service/server/HiveServer2.java b/service/src/java/org/apache/hive/service/server/HiveServer2.java index f9116ff..a402d35 100644 --- a/service/src/java/org/apache/hive/service/server/HiveServer2.java +++ b/service/src/java/org/apache/hive/service/server/HiveServer2.java @@ -74,6 +74,7 @@ import org.apache.hadoop.hive.llap.registry.impl.LlapRegistryService; import org.apache.hadoop.hive.metastore.api.WMFullResourcePlan; import org.apache.hadoop.hive.metastore.api.WMPool; import org.apache.hadoop.hive.metastore.api.WMResourcePlan; +import org.apache.hadoop.hive.metastore.conf.MetastoreConf; import org.apache.hadoop.hive.ql.cache.results.QueryResultsCache; import org.apache.hadoop.hive.ql.exec.spark.session.SparkSessionManagerImpl; import org.apache.hadoop.hive.ql.exec.tez.TezSessionPoolManager; @@ -81,8 +82,11 @@ import org.apache.hadoop.hive.ql.exec.tez.WorkloadManager; import org.apache.hadoop.hive.ql.metadata.Hive; import org.apache.hadoop.hive.ql.metadata.HiveException; import org.apache.hadoop.hive.ql.metadata.HiveMaterializedViewsRegistry; +import org.apache.hadoop.hive.ql.metadata.HiveUtils; import org.apache.hadoop.hive.ql.metadata.events.NotificationEventPoll; import org.apache.hadoop.hive.ql.plan.mapper.StatsSources; +import org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider; +import org.apache.hadoop.hive.ql.security.authorization.PolicyProviderContainer; import org.apache.hadoop.hive.ql.security.authorization.PrivilegeSynchonizer; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; import org.apache.hadoop.hive.ql.session.ClearDanglingScratchDir; @@ -973,23 +977,38 @@ public class HiveServer2 extends CompositeService { } public void startPrivilegeSynchonizer(HiveConf hiveConf) throws Exception { - if (hiveConf.getBoolVar(ConfVars.HIVE_PRIVILEGE_SYNCHRONIZER)) { + + PolicyProviderContainer policyContainer = new PolicyProviderContainer(); + HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2(); + if (authorizer.getHivePolicyProvider() != null) { + policyContainer.addAuthorizer(authorizer); + } + if (hiveConf.get(MetastoreConf.ConfVars.PRE_EVENT_LISTENERS.getVarname()) != null && + hiveConf.get(MetastoreConf.ConfVars.PRE_EVENT_LISTENERS.getVarname()).contains( + "org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener") && + hiveConf.get(MetastoreConf.ConfVars.HIVE_AUTHORIZATION_MANAGER.getVarname())!= null) { + List<HiveMetastoreAuthorizationProvider> providers = HiveUtils.getMetaStoreAuthorizeProviderManagers( + hiveConf, HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_MANAGER, SessionState.get().getAuthenticator()); + for (HiveMetastoreAuthorizationProvider provider : providers) { + if (provider.getHivePolicyProvider() != null) { + policyContainer.addAuthorizationProvider(provider); + } + } + } + + if (policyContainer.size() > 0) { zKClientForPrivSync = startZookeeperClient(hiveConf); String rootNamespace = hiveConf.getVar(HiveConf.ConfVars.HIVE_SERVER2_ZOOKEEPER_NAMESPACE); String path = ZooKeeperHiveHelper.ZOOKEEPER_PATH_SEPARATOR + rootNamespace + ZooKeeperHiveHelper.ZOOKEEPER_PATH_SEPARATOR + "leader"; LeaderLatch privilegeSynchonizerLatch = new LeaderLatch(zKClientForPrivSync, path); privilegeSynchonizerLatch.start(); - HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2(); - if (authorizer.getHivePolicyProvider() == null) { - LOG.warn( - "Cannot start PrivilegeSynchonizer, policyProvider of " + authorizer.getClass().getName() + " is null"); - privilegeSynchonizerLatch.close(); - return; - } Thread privilegeSynchonizerThread = new Thread( - new PrivilegeSynchonizer(privilegeSynchonizerLatch, authorizer, hiveConf), "PrivilegeSynchonizer"); + new PrivilegeSynchonizer(privilegeSynchonizerLatch, policyContainer, hiveConf), "PrivilegeSynchonizer"); privilegeSynchonizerThread.start(); + } else { + LOG.warn( + "No policy provider found, skip creating PrivilegeSynchonizer"); } } http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/pom.xml ---------------------------------------------------------------------- diff --git a/standalone-metastore/pom.xml b/standalone-metastore/pom.xml index 9bb318c..36f4d32 100644 --- a/standalone-metastore/pom.xml +++ b/standalone-metastore/pom.xml @@ -30,7 +30,7 @@ <name>Hive Standalone Metastore</name> <properties> - <hive.version.shortname>3.0.0</hive.version.shortname> + <hive.version.shortname>3.1.0</hive.version.shortname> <!-- Build properties --> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp b/standalone-metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp index a25ebe5..ddb175e 100644 --- a/standalone-metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp +++ b/standalone-metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp @@ -33259,6 +33259,14 @@ uint32_t ThriftHiveMetastore_refresh_privileges_args::read(::apache::thrift::pro } break; case 2: + if (ftype == ::apache::thrift::protocol::T_STRING) { + xfer += iprot->readString(this->authorizer); + this->__isset.authorizer = true; + } else { + xfer += iprot->skip(ftype); + } + break; + case 3: if (ftype == ::apache::thrift::protocol::T_STRUCT) { xfer += this->grantRequest.read(iprot); this->__isset.grantRequest = true; @@ -33287,7 +33295,11 @@ uint32_t ThriftHiveMetastore_refresh_privileges_args::write(::apache::thrift::pr xfer += this->objToRefresh.write(oprot); xfer += oprot->writeFieldEnd(); - xfer += oprot->writeFieldBegin("grantRequest", ::apache::thrift::protocol::T_STRUCT, 2); + xfer += oprot->writeFieldBegin("authorizer", ::apache::thrift::protocol::T_STRING, 2); + xfer += oprot->writeString(this->authorizer); + xfer += oprot->writeFieldEnd(); + + xfer += oprot->writeFieldBegin("grantRequest", ::apache::thrift::protocol::T_STRUCT, 3); xfer += this->grantRequest.write(oprot); xfer += oprot->writeFieldEnd(); @@ -33310,7 +33322,11 @@ uint32_t ThriftHiveMetastore_refresh_privileges_pargs::write(::apache::thrift::p xfer += (*(this->objToRefresh)).write(oprot); xfer += oprot->writeFieldEnd(); - xfer += oprot->writeFieldBegin("grantRequest", ::apache::thrift::protocol::T_STRUCT, 2); + xfer += oprot->writeFieldBegin("authorizer", ::apache::thrift::protocol::T_STRING, 2); + xfer += oprot->writeString((*(this->authorizer))); + xfer += oprot->writeFieldEnd(); + + xfer += oprot->writeFieldBegin("grantRequest", ::apache::thrift::protocol::T_STRUCT, 3); xfer += (*(this->grantRequest)).write(oprot); xfer += oprot->writeFieldEnd(); @@ -58204,19 +58220,20 @@ void ThriftHiveMetastoreClient::recv_grant_revoke_privileges(GrantRevokePrivileg throw ::apache::thrift::TApplicationException(::apache::thrift::TApplicationException::MISSING_RESULT, "grant_revoke_privileges failed: unknown result"); } -void ThriftHiveMetastoreClient::refresh_privileges(GrantRevokePrivilegeResponse& _return, const HiveObjectRef& objToRefresh, const GrantRevokePrivilegeRequest& grantRequest) +void ThriftHiveMetastoreClient::refresh_privileges(GrantRevokePrivilegeResponse& _return, const HiveObjectRef& objToRefresh, const std::string& authorizer, const GrantRevokePrivilegeRequest& grantRequest) { - send_refresh_privileges(objToRefresh, grantRequest); + send_refresh_privileges(objToRefresh, authorizer, grantRequest); recv_refresh_privileges(_return); } -void ThriftHiveMetastoreClient::send_refresh_privileges(const HiveObjectRef& objToRefresh, const GrantRevokePrivilegeRequest& grantRequest) +void ThriftHiveMetastoreClient::send_refresh_privileges(const HiveObjectRef& objToRefresh, const std::string& authorizer, const GrantRevokePrivilegeRequest& grantRequest) { int32_t cseqid = 0; oprot_->writeMessageBegin("refresh_privileges", ::apache::thrift::protocol::T_CALL, cseqid); ThriftHiveMetastore_refresh_privileges_pargs args; args.objToRefresh = &objToRefresh; + args.authorizer = &authorizer; args.grantRequest = &grantRequest; args.write(oprot_); @@ -70714,7 +70731,7 @@ void ThriftHiveMetastoreProcessor::process_refresh_privileges(int32_t seqid, ::a ThriftHiveMetastore_refresh_privileges_result result; try { - iface_->refresh_privileges(result.success, args.objToRefresh, args.grantRequest); + iface_->refresh_privileges(result.success, args.objToRefresh, args.authorizer, args.grantRequest); result.__isset.success = true; } catch (MetaException &o1) { result.o1 = o1; @@ -87024,13 +87041,13 @@ void ThriftHiveMetastoreConcurrentClient::recv_grant_revoke_privileges(GrantRevo } // end while(true) } -void ThriftHiveMetastoreConcurrentClient::refresh_privileges(GrantRevokePrivilegeResponse& _return, const HiveObjectRef& objToRefresh, const GrantRevokePrivilegeRequest& grantRequest) +void ThriftHiveMetastoreConcurrentClient::refresh_privileges(GrantRevokePrivilegeResponse& _return, const HiveObjectRef& objToRefresh, const std::string& authorizer, const GrantRevokePrivilegeRequest& grantRequest) { - int32_t seqid = send_refresh_privileges(objToRefresh, grantRequest); + int32_t seqid = send_refresh_privileges(objToRefresh, authorizer, grantRequest); recv_refresh_privileges(_return, seqid); } -int32_t ThriftHiveMetastoreConcurrentClient::send_refresh_privileges(const HiveObjectRef& objToRefresh, const GrantRevokePrivilegeRequest& grantRequest) +int32_t ThriftHiveMetastoreConcurrentClient::send_refresh_privileges(const HiveObjectRef& objToRefresh, const std::string& authorizer, const GrantRevokePrivilegeRequest& grantRequest) { int32_t cseqid = this->sync_.generateSeqId(); ::apache::thrift::async::TConcurrentSendSentry sentry(&this->sync_); @@ -87038,6 +87055,7 @@ int32_t ThriftHiveMetastoreConcurrentClient::send_refresh_privileges(const HiveO ThriftHiveMetastore_refresh_privileges_pargs args; args.objToRefresh = &objToRefresh; + args.authorizer = &authorizer; args.grantRequest = &grantRequest; args.write(oprot_); http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h b/standalone-metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h index dac6983..b7987e3 100644 --- a/standalone-metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h +++ b/standalone-metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h @@ -149,7 +149,7 @@ class ThriftHiveMetastoreIf : virtual public ::facebook::fb303::FacebookService virtual bool grant_privileges(const PrivilegeBag& privileges) = 0; virtual bool revoke_privileges(const PrivilegeBag& privileges) = 0; virtual void grant_revoke_privileges(GrantRevokePrivilegeResponse& _return, const GrantRevokePrivilegeRequest& request) = 0; - virtual void refresh_privileges(GrantRevokePrivilegeResponse& _return, const HiveObjectRef& objToRefresh, const GrantRevokePrivilegeRequest& grantRequest) = 0; + virtual void refresh_privileges(GrantRevokePrivilegeResponse& _return, const HiveObjectRef& objToRefresh, const std::string& authorizer, const GrantRevokePrivilegeRequest& grantRequest) = 0; virtual void set_ugi(std::vector<std::string> & _return, const std::string& user_name, const std::vector<std::string> & group_names) = 0; virtual void get_delegation_token(std::string& _return, const std::string& token_owner, const std::string& renewer_kerberos_principal_name) = 0; virtual int64_t renew_delegation_token(const std::string& token_str_form) = 0; @@ -660,7 +660,7 @@ class ThriftHiveMetastoreNull : virtual public ThriftHiveMetastoreIf , virtual p void grant_revoke_privileges(GrantRevokePrivilegeResponse& /* _return */, const GrantRevokePrivilegeRequest& /* request */) { return; } - void refresh_privileges(GrantRevokePrivilegeResponse& /* _return */, const HiveObjectRef& /* objToRefresh */, const GrantRevokePrivilegeRequest& /* grantRequest */) { + void refresh_privileges(GrantRevokePrivilegeResponse& /* _return */, const HiveObjectRef& /* objToRefresh */, const std::string& /* authorizer */, const GrantRevokePrivilegeRequest& /* grantRequest */) { return; } void set_ugi(std::vector<std::string> & /* _return */, const std::string& /* user_name */, const std::vector<std::string> & /* group_names */) { @@ -17173,8 +17173,9 @@ class ThriftHiveMetastore_grant_revoke_privileges_presult { }; typedef struct _ThriftHiveMetastore_refresh_privileges_args__isset { - _ThriftHiveMetastore_refresh_privileges_args__isset() : objToRefresh(false), grantRequest(false) {} + _ThriftHiveMetastore_refresh_privileges_args__isset() : objToRefresh(false), authorizer(false), grantRequest(false) {} bool objToRefresh :1; + bool authorizer :1; bool grantRequest :1; } _ThriftHiveMetastore_refresh_privileges_args__isset; @@ -17183,23 +17184,28 @@ class ThriftHiveMetastore_refresh_privileges_args { ThriftHiveMetastore_refresh_privileges_args(const ThriftHiveMetastore_refresh_privileges_args&); ThriftHiveMetastore_refresh_privileges_args& operator=(const ThriftHiveMetastore_refresh_privileges_args&); - ThriftHiveMetastore_refresh_privileges_args() { + ThriftHiveMetastore_refresh_privileges_args() : authorizer() { } virtual ~ThriftHiveMetastore_refresh_privileges_args() throw(); HiveObjectRef objToRefresh; + std::string authorizer; GrantRevokePrivilegeRequest grantRequest; _ThriftHiveMetastore_refresh_privileges_args__isset __isset; void __set_objToRefresh(const HiveObjectRef& val); + void __set_authorizer(const std::string& val); + void __set_grantRequest(const GrantRevokePrivilegeRequest& val); bool operator == (const ThriftHiveMetastore_refresh_privileges_args & rhs) const { if (!(objToRefresh == rhs.objToRefresh)) return false; + if (!(authorizer == rhs.authorizer)) + return false; if (!(grantRequest == rhs.grantRequest)) return false; return true; @@ -17222,6 +17228,7 @@ class ThriftHiveMetastore_refresh_privileges_pargs { virtual ~ThriftHiveMetastore_refresh_privileges_pargs() throw(); const HiveObjectRef* objToRefresh; + const std::string* authorizer; const GrantRevokePrivilegeRequest* grantRequest; uint32_t write(::apache::thrift::protocol::TProtocol* oprot) const; @@ -26473,8 +26480,8 @@ class ThriftHiveMetastoreClient : virtual public ThriftHiveMetastoreIf, public void grant_revoke_privileges(GrantRevokePrivilegeResponse& _return, const GrantRevokePrivilegeRequest& request); void send_grant_revoke_privileges(const GrantRevokePrivilegeRequest& request); void recv_grant_revoke_privileges(GrantRevokePrivilegeResponse& _return); - void refresh_privileges(GrantRevokePrivilegeResponse& _return, const HiveObjectRef& objToRefresh, const GrantRevokePrivilegeRequest& grantRequest); - void send_refresh_privileges(const HiveObjectRef& objToRefresh, const GrantRevokePrivilegeRequest& grantRequest); + void refresh_privileges(GrantRevokePrivilegeResponse& _return, const HiveObjectRef& objToRefresh, const std::string& authorizer, const GrantRevokePrivilegeRequest& grantRequest); + void send_refresh_privileges(const HiveObjectRef& objToRefresh, const std::string& authorizer, const GrantRevokePrivilegeRequest& grantRequest); void recv_refresh_privileges(GrantRevokePrivilegeResponse& _return); void set_ugi(std::vector<std::string> & _return, const std::string& user_name, const std::vector<std::string> & group_names); void send_set_ugi(const std::string& user_name, const std::vector<std::string> & group_names); @@ -28385,13 +28392,13 @@ class ThriftHiveMetastoreMultiface : virtual public ThriftHiveMetastoreIf, publi return; } - void refresh_privileges(GrantRevokePrivilegeResponse& _return, const HiveObjectRef& objToRefresh, const GrantRevokePrivilegeRequest& grantRequest) { + void refresh_privileges(GrantRevokePrivilegeResponse& _return, const HiveObjectRef& objToRefresh, const std::string& authorizer, const GrantRevokePrivilegeRequest& grantRequest) { size_t sz = ifaces_.size(); size_t i = 0; for (; i < (sz - 1); ++i) { - ifaces_[i]->refresh_privileges(_return, objToRefresh, grantRequest); + ifaces_[i]->refresh_privileges(_return, objToRefresh, authorizer, grantRequest); } - ifaces_[i]->refresh_privileges(_return, objToRefresh, grantRequest); + ifaces_[i]->refresh_privileges(_return, objToRefresh, authorizer, grantRequest); return; } @@ -29546,8 +29553,8 @@ class ThriftHiveMetastoreConcurrentClient : virtual public ThriftHiveMetastoreIf void grant_revoke_privileges(GrantRevokePrivilegeResponse& _return, const GrantRevokePrivilegeRequest& request); int32_t send_grant_revoke_privileges(const GrantRevokePrivilegeRequest& request); void recv_grant_revoke_privileges(GrantRevokePrivilegeResponse& _return, const int32_t seqid); - void refresh_privileges(GrantRevokePrivilegeResponse& _return, const HiveObjectRef& objToRefresh, const GrantRevokePrivilegeRequest& grantRequest); - int32_t send_refresh_privileges(const HiveObjectRef& objToRefresh, const GrantRevokePrivilegeRequest& grantRequest); + void refresh_privileges(GrantRevokePrivilegeResponse& _return, const HiveObjectRef& objToRefresh, const std::string& authorizer, const GrantRevokePrivilegeRequest& grantRequest); + int32_t send_refresh_privileges(const HiveObjectRef& objToRefresh, const std::string& authorizer, const GrantRevokePrivilegeRequest& grantRequest); void recv_refresh_privileges(GrantRevokePrivilegeResponse& _return, const int32_t seqid); void set_ugi(std::vector<std::string> & _return, const std::string& user_name, const std::vector<std::string> & group_names); int32_t send_set_ugi(const std::string& user_name, const std::vector<std::string> & group_names); http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp b/standalone-metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp index c4a8baf..3d9d75e 100644 --- a/standalone-metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp +++ b/standalone-metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp @@ -657,7 +657,7 @@ class ThriftHiveMetastoreHandler : virtual public ThriftHiveMetastoreIf { printf("grant_revoke_privileges\n"); } - void refresh_privileges(GrantRevokePrivilegeResponse& _return, const HiveObjectRef& objToRefresh, const GrantRevokePrivilegeRequest& grantRequest) { + void refresh_privileges(GrantRevokePrivilegeResponse& _return, const HiveObjectRef& objToRefresh, const std::string& authorizer, const GrantRevokePrivilegeRequest& grantRequest) { // Your implementation goes here printf("refresh_privileges\n"); } http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/gen/thrift/gen-cpp/hive_metastore_types.cpp ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/gen/thrift/gen-cpp/hive_metastore_types.cpp b/standalone-metastore/src/gen/thrift/gen-cpp/hive_metastore_types.cpp index af975fc..8925fe2 100644 --- a/standalone-metastore/src/gen/thrift/gen-cpp/hive_metastore_types.cpp +++ b/standalone-metastore/src/gen/thrift/gen-cpp/hive_metastore_types.cpp @@ -2658,6 +2658,10 @@ void HiveObjectPrivilege::__set_grantInfo(const PrivilegeGrantInfo& val) { this->grantInfo = val; } +void HiveObjectPrivilege::__set_authorizer(const std::string& val) { + this->authorizer = val; +} + uint32_t HiveObjectPrivilege::read(::apache::thrift::protocol::TProtocol* iprot) { apache::thrift::protocol::TInputRecursionTracker tracker(*iprot); @@ -2713,6 +2717,14 @@ uint32_t HiveObjectPrivilege::read(::apache::thrift::protocol::TProtocol* iprot) xfer += iprot->skip(ftype); } break; + case 5: + if (ftype == ::apache::thrift::protocol::T_STRING) { + xfer += iprot->readString(this->authorizer); + this->__isset.authorizer = true; + } else { + xfer += iprot->skip(ftype); + } + break; default: xfer += iprot->skip(ftype); break; @@ -2746,6 +2758,10 @@ uint32_t HiveObjectPrivilege::write(::apache::thrift::protocol::TProtocol* oprot xfer += this->grantInfo.write(oprot); xfer += oprot->writeFieldEnd(); + xfer += oprot->writeFieldBegin("authorizer", ::apache::thrift::protocol::T_STRING, 5); + xfer += oprot->writeString(this->authorizer); + xfer += oprot->writeFieldEnd(); + xfer += oprot->writeFieldStop(); xfer += oprot->writeStructEnd(); return xfer; @@ -2757,6 +2773,7 @@ void swap(HiveObjectPrivilege &a, HiveObjectPrivilege &b) { swap(a.principalName, b.principalName); swap(a.principalType, b.principalType); swap(a.grantInfo, b.grantInfo); + swap(a.authorizer, b.authorizer); swap(a.__isset, b.__isset); } @@ -2765,6 +2782,7 @@ HiveObjectPrivilege::HiveObjectPrivilege(const HiveObjectPrivilege& other37) { principalName = other37.principalName; principalType = other37.principalType; grantInfo = other37.grantInfo; + authorizer = other37.authorizer; __isset = other37.__isset; } HiveObjectPrivilege& HiveObjectPrivilege::operator=(const HiveObjectPrivilege& other38) { @@ -2772,6 +2790,7 @@ HiveObjectPrivilege& HiveObjectPrivilege::operator=(const HiveObjectPrivilege& o principalName = other38.principalName; principalType = other38.principalType; grantInfo = other38.grantInfo; + authorizer = other38.authorizer; __isset = other38.__isset; return *this; } @@ -2782,6 +2801,7 @@ void HiveObjectPrivilege::printTo(std::ostream& out) const { out << ", " << "principalName=" << to_string(principalName); out << ", " << "principalType=" << to_string(principalType); out << ", " << "grantInfo=" << to_string(grantInfo); + out << ", " << "authorizer=" << to_string(authorizer); out << ")"; } http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/gen/thrift/gen-cpp/hive_metastore_types.h ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/gen/thrift/gen-cpp/hive_metastore_types.h b/standalone-metastore/src/gen/thrift/gen-cpp/hive_metastore_types.h index 7b42182..78656d9 100644 --- a/standalone-metastore/src/gen/thrift/gen-cpp/hive_metastore_types.h +++ b/standalone-metastore/src/gen/thrift/gen-cpp/hive_metastore_types.h @@ -1622,11 +1622,12 @@ inline std::ostream& operator<<(std::ostream& out, const PrivilegeGrantInfo& obj } typedef struct _HiveObjectPrivilege__isset { - _HiveObjectPrivilege__isset() : hiveObject(false), principalName(false), principalType(false), grantInfo(false) {} + _HiveObjectPrivilege__isset() : hiveObject(false), principalName(false), principalType(false), grantInfo(false), authorizer(false) {} bool hiveObject :1; bool principalName :1; bool principalType :1; bool grantInfo :1; + bool authorizer :1; } _HiveObjectPrivilege__isset; class HiveObjectPrivilege { @@ -1634,7 +1635,7 @@ class HiveObjectPrivilege { HiveObjectPrivilege(const HiveObjectPrivilege&); HiveObjectPrivilege& operator=(const HiveObjectPrivilege&); - HiveObjectPrivilege() : principalName(), principalType((PrincipalType::type)0) { + HiveObjectPrivilege() : principalName(), principalType((PrincipalType::type)0), authorizer() { } virtual ~HiveObjectPrivilege() throw(); @@ -1642,6 +1643,7 @@ class HiveObjectPrivilege { std::string principalName; PrincipalType::type principalType; PrivilegeGrantInfo grantInfo; + std::string authorizer; _HiveObjectPrivilege__isset __isset; @@ -1653,6 +1655,8 @@ class HiveObjectPrivilege { void __set_grantInfo(const PrivilegeGrantInfo& val); + void __set_authorizer(const std::string& val); + bool operator == (const HiveObjectPrivilege & rhs) const { if (!(hiveObject == rhs.hiveObject)) @@ -1663,6 +1667,8 @@ class HiveObjectPrivilege { return false; if (!(grantInfo == rhs.grantInfo)) return false; + if (!(authorizer == rhs.authorizer)) + return false; return true; } bool operator != (const HiveObjectPrivilege &rhs) const { http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/HiveObjectPrivilege.java ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/HiveObjectPrivilege.java b/standalone-metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/HiveObjectPrivilege.java index ef2e535..8b2817d 100644 --- a/standalone-metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/HiveObjectPrivilege.java +++ b/standalone-metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/HiveObjectPrivilege.java @@ -42,6 +42,7 @@ import org.slf4j.LoggerFactory; private static final org.apache.thrift.protocol.TField PRINCIPAL_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("principalName", org.apache.thrift.protocol.TType.STRING, (short)2); private static final org.apache.thrift.protocol.TField PRINCIPAL_TYPE_FIELD_DESC = new org.apache.thrift.protocol.TField("principalType", org.apache.thrift.protocol.TType.I32, (short)3); private static final org.apache.thrift.protocol.TField GRANT_INFO_FIELD_DESC = new org.apache.thrift.protocol.TField("grantInfo", org.apache.thrift.protocol.TType.STRUCT, (short)4); + private static final org.apache.thrift.protocol.TField AUTHORIZER_FIELD_DESC = new org.apache.thrift.protocol.TField("authorizer", org.apache.thrift.protocol.TType.STRING, (short)5); private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>(); static { @@ -53,6 +54,7 @@ import org.slf4j.LoggerFactory; private String principalName; // required private PrincipalType principalType; // required private PrivilegeGrantInfo grantInfo; // required + private String authorizer; // required /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ public enum _Fields implements org.apache.thrift.TFieldIdEnum { @@ -63,7 +65,8 @@ import org.slf4j.LoggerFactory; * @see PrincipalType */ PRINCIPAL_TYPE((short)3, "principalType"), - GRANT_INFO((short)4, "grantInfo"); + GRANT_INFO((short)4, "grantInfo"), + AUTHORIZER((short)5, "authorizer"); private static final Map<String, _Fields> byName = new HashMap<String, _Fields>(); @@ -86,6 +89,8 @@ import org.slf4j.LoggerFactory; return PRINCIPAL_TYPE; case 4: // GRANT_INFO return GRANT_INFO; + case 5: // AUTHORIZER + return AUTHORIZER; default: return null; } @@ -137,6 +142,8 @@ import org.slf4j.LoggerFactory; new org.apache.thrift.meta_data.EnumMetaData(org.apache.thrift.protocol.TType.ENUM, PrincipalType.class))); tmpMap.put(_Fields.GRANT_INFO, new org.apache.thrift.meta_data.FieldMetaData("grantInfo", org.apache.thrift.TFieldRequirementType.DEFAULT, new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, PrivilegeGrantInfo.class))); + tmpMap.put(_Fields.AUTHORIZER, new org.apache.thrift.meta_data.FieldMetaData("authorizer", org.apache.thrift.TFieldRequirementType.DEFAULT, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); metaDataMap = Collections.unmodifiableMap(tmpMap); org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(HiveObjectPrivilege.class, metaDataMap); } @@ -148,13 +155,15 @@ import org.slf4j.LoggerFactory; HiveObjectRef hiveObject, String principalName, PrincipalType principalType, - PrivilegeGrantInfo grantInfo) + PrivilegeGrantInfo grantInfo, + String authorizer) { this(); this.hiveObject = hiveObject; this.principalName = principalName; this.principalType = principalType; this.grantInfo = grantInfo; + this.authorizer = authorizer; } /** @@ -173,6 +182,9 @@ import org.slf4j.LoggerFactory; if (other.isSetGrantInfo()) { this.grantInfo = new PrivilegeGrantInfo(other.grantInfo); } + if (other.isSetAuthorizer()) { + this.authorizer = other.authorizer; + } } public HiveObjectPrivilege deepCopy() { @@ -185,6 +197,7 @@ import org.slf4j.LoggerFactory; this.principalName = null; this.principalType = null; this.grantInfo = null; + this.authorizer = null; } public HiveObjectRef getHiveObject() { @@ -287,6 +300,29 @@ import org.slf4j.LoggerFactory; } } + public String getAuthorizer() { + return this.authorizer; + } + + public void setAuthorizer(String authorizer) { + this.authorizer = authorizer; + } + + public void unsetAuthorizer() { + this.authorizer = null; + } + + /** Returns true if field authorizer is set (has been assigned a value) and false otherwise */ + public boolean isSetAuthorizer() { + return this.authorizer != null; + } + + public void setAuthorizerIsSet(boolean value) { + if (!value) { + this.authorizer = null; + } + } + public void setFieldValue(_Fields field, Object value) { switch (field) { case HIVE_OBJECT: @@ -321,6 +357,14 @@ import org.slf4j.LoggerFactory; } break; + case AUTHORIZER: + if (value == null) { + unsetAuthorizer(); + } else { + setAuthorizer((String)value); + } + break; + } } @@ -338,6 +382,9 @@ import org.slf4j.LoggerFactory; case GRANT_INFO: return getGrantInfo(); + case AUTHORIZER: + return getAuthorizer(); + } throw new IllegalStateException(); } @@ -357,6 +404,8 @@ import org.slf4j.LoggerFactory; return isSetPrincipalType(); case GRANT_INFO: return isSetGrantInfo(); + case AUTHORIZER: + return isSetAuthorizer(); } throw new IllegalStateException(); } @@ -410,6 +459,15 @@ import org.slf4j.LoggerFactory; return false; } + boolean this_present_authorizer = true && this.isSetAuthorizer(); + boolean that_present_authorizer = true && that.isSetAuthorizer(); + if (this_present_authorizer || that_present_authorizer) { + if (!(this_present_authorizer && that_present_authorizer)) + return false; + if (!this.authorizer.equals(that.authorizer)) + return false; + } + return true; } @@ -437,6 +495,11 @@ import org.slf4j.LoggerFactory; if (present_grantInfo) list.add(grantInfo); + boolean present_authorizer = true && (isSetAuthorizer()); + list.add(present_authorizer); + if (present_authorizer) + list.add(authorizer); + return list.hashCode(); } @@ -488,6 +551,16 @@ import org.slf4j.LoggerFactory; return lastComparison; } } + lastComparison = Boolean.valueOf(isSetAuthorizer()).compareTo(other.isSetAuthorizer()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetAuthorizer()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.authorizer, other.authorizer); + if (lastComparison != 0) { + return lastComparison; + } + } return 0; } @@ -539,6 +612,14 @@ import org.slf4j.LoggerFactory; sb.append(this.grantInfo); } first = false; + if (!first) sb.append(", "); + sb.append("authorizer:"); + if (this.authorizer == null) { + sb.append("null"); + } else { + sb.append(this.authorizer); + } + first = false; sb.append(")"); return sb.toString(); } @@ -622,6 +703,14 @@ import org.slf4j.LoggerFactory; org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; + case 5: // AUTHORIZER + if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { + struct.authorizer = iprot.readString(); + struct.setAuthorizerIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; default: org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } @@ -655,6 +744,11 @@ import org.slf4j.LoggerFactory; struct.grantInfo.write(oprot); oprot.writeFieldEnd(); } + if (struct.authorizer != null) { + oprot.writeFieldBegin(AUTHORIZER_FIELD_DESC); + oprot.writeString(struct.authorizer); + oprot.writeFieldEnd(); + } oprot.writeFieldStop(); oprot.writeStructEnd(); } @@ -685,7 +779,10 @@ import org.slf4j.LoggerFactory; if (struct.isSetGrantInfo()) { optionals.set(3); } - oprot.writeBitSet(optionals, 4); + if (struct.isSetAuthorizer()) { + optionals.set(4); + } + oprot.writeBitSet(optionals, 5); if (struct.isSetHiveObject()) { struct.hiveObject.write(oprot); } @@ -698,12 +795,15 @@ import org.slf4j.LoggerFactory; if (struct.isSetGrantInfo()) { struct.grantInfo.write(oprot); } + if (struct.isSetAuthorizer()) { + oprot.writeString(struct.authorizer); + } } @Override public void read(org.apache.thrift.protocol.TProtocol prot, HiveObjectPrivilege struct) throws org.apache.thrift.TException { TTupleProtocol iprot = (TTupleProtocol) prot; - BitSet incoming = iprot.readBitSet(4); + BitSet incoming = iprot.readBitSet(5); if (incoming.get(0)) { struct.hiveObject = new HiveObjectRef(); struct.hiveObject.read(iprot); @@ -722,6 +822,10 @@ import org.slf4j.LoggerFactory; struct.grantInfo.read(iprot); struct.setGrantInfoIsSet(true); } + if (incoming.get(4)) { + struct.authorizer = iprot.readString(); + struct.setAuthorizerIsSet(true); + } } } http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java b/standalone-metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java index 3139058..929f328 100644 --- a/standalone-metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java +++ b/standalone-metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java @@ -296,7 +296,7 @@ import org.slf4j.LoggerFactory; public GrantRevokePrivilegeResponse grant_revoke_privileges(GrantRevokePrivilegeRequest request) throws MetaException, org.apache.thrift.TException; - public GrantRevokePrivilegeResponse refresh_privileges(HiveObjectRef objToRefresh, GrantRevokePrivilegeRequest grantRequest) throws MetaException, org.apache.thrift.TException; + public GrantRevokePrivilegeResponse refresh_privileges(HiveObjectRef objToRefresh, String authorizer, GrantRevokePrivilegeRequest grantRequest) throws MetaException, org.apache.thrift.TException; public List<String> set_ugi(String user_name, List<String> group_names) throws MetaException, org.apache.thrift.TException; @@ -712,7 +712,7 @@ import org.slf4j.LoggerFactory; public void grant_revoke_privileges(GrantRevokePrivilegeRequest request, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException; - public void refresh_privileges(HiveObjectRef objToRefresh, GrantRevokePrivilegeRequest grantRequest, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException; + public void refresh_privileges(HiveObjectRef objToRefresh, String authorizer, GrantRevokePrivilegeRequest grantRequest, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException; public void set_ugi(String user_name, List<String> group_names, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException; @@ -4706,16 +4706,17 @@ import org.slf4j.LoggerFactory; throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "grant_revoke_privileges failed: unknown result"); } - public GrantRevokePrivilegeResponse refresh_privileges(HiveObjectRef objToRefresh, GrantRevokePrivilegeRequest grantRequest) throws MetaException, org.apache.thrift.TException + public GrantRevokePrivilegeResponse refresh_privileges(HiveObjectRef objToRefresh, String authorizer, GrantRevokePrivilegeRequest grantRequest) throws MetaException, org.apache.thrift.TException { - send_refresh_privileges(objToRefresh, grantRequest); + send_refresh_privileges(objToRefresh, authorizer, grantRequest); return recv_refresh_privileges(); } - public void send_refresh_privileges(HiveObjectRef objToRefresh, GrantRevokePrivilegeRequest grantRequest) throws org.apache.thrift.TException + public void send_refresh_privileges(HiveObjectRef objToRefresh, String authorizer, GrantRevokePrivilegeRequest grantRequest) throws org.apache.thrift.TException { refresh_privileges_args args = new refresh_privileges_args(); args.setObjToRefresh(objToRefresh); + args.setAuthorizer(authorizer); args.setGrantRequest(grantRequest); sendBase("refresh_privileges", args); } @@ -11369,19 +11370,21 @@ import org.slf4j.LoggerFactory; } } - public void refresh_privileges(HiveObjectRef objToRefresh, GrantRevokePrivilegeRequest grantRequest, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException { + public void refresh_privileges(HiveObjectRef objToRefresh, String authorizer, GrantRevokePrivilegeRequest grantRequest, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException { checkReady(); - refresh_privileges_call method_call = new refresh_privileges_call(objToRefresh, grantRequest, resultHandler, this, ___protocolFactory, ___transport); + refresh_privileges_call method_call = new refresh_privileges_call(objToRefresh, authorizer, grantRequest, resultHandler, this, ___protocolFactory, ___transport); this.___currentMethod = method_call; ___manager.call(method_call); } @org.apache.hadoop.classification.InterfaceAudience.Public @org.apache.hadoop.classification.InterfaceStability.Stable public static class refresh_privileges_call extends org.apache.thrift.async.TAsyncMethodCall { private HiveObjectRef objToRefresh; + private String authorizer; private GrantRevokePrivilegeRequest grantRequest; - public refresh_privileges_call(HiveObjectRef objToRefresh, GrantRevokePrivilegeRequest grantRequest, org.apache.thrift.async.AsyncMethodCallback resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException { + public refresh_privileges_call(HiveObjectRef objToRefresh, String authorizer, GrantRevokePrivilegeRequest grantRequest, org.apache.thrift.async.AsyncMethodCallback resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException { super(client, protocolFactory, transport, resultHandler, false); this.objToRefresh = objToRefresh; + this.authorizer = authorizer; this.grantRequest = grantRequest; } @@ -11389,6 +11392,7 @@ import org.slf4j.LoggerFactory; prot.writeMessageBegin(new org.apache.thrift.protocol.TMessage("refresh_privileges", org.apache.thrift.protocol.TMessageType.CALL, 0)); refresh_privileges_args args = new refresh_privileges_args(); args.setObjToRefresh(objToRefresh); + args.setAuthorizer(authorizer); args.setGrantRequest(grantRequest); args.write(prot); prot.writeMessageEnd(); @@ -17507,7 +17511,7 @@ import org.slf4j.LoggerFactory; public refresh_privileges_result getResult(I iface, refresh_privileges_args args) throws org.apache.thrift.TException { refresh_privileges_result result = new refresh_privileges_result(); try { - result.success = iface.refresh_privileges(args.objToRefresh, args.grantRequest); + result.success = iface.refresh_privileges(args.objToRefresh, args.authorizer, args.grantRequest); } catch (MetaException o1) { result.o1 = o1; } @@ -27655,7 +27659,7 @@ import org.slf4j.LoggerFactory; } public void start(I iface, refresh_privileges_args args, org.apache.thrift.async.AsyncMethodCallback<GrantRevokePrivilegeResponse> resultHandler) throws TException { - iface.refresh_privileges(args.objToRefresh, args.grantRequest,resultHandler); + iface.refresh_privileges(args.objToRefresh, args.authorizer, args.grantRequest,resultHandler); } } @@ -169811,7 +169815,8 @@ import org.slf4j.LoggerFactory; private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("refresh_privileges_args"); private static final org.apache.thrift.protocol.TField OBJ_TO_REFRESH_FIELD_DESC = new org.apache.thrift.protocol.TField("objToRefresh", org.apache.thrift.protocol.TType.STRUCT, (short)1); - private static final org.apache.thrift.protocol.TField GRANT_REQUEST_FIELD_DESC = new org.apache.thrift.protocol.TField("grantRequest", org.apache.thrift.protocol.TType.STRUCT, (short)2); + private static final org.apache.thrift.protocol.TField AUTHORIZER_FIELD_DESC = new org.apache.thrift.protocol.TField("authorizer", org.apache.thrift.protocol.TType.STRING, (short)2); + private static final org.apache.thrift.protocol.TField GRANT_REQUEST_FIELD_DESC = new org.apache.thrift.protocol.TField("grantRequest", org.apache.thrift.protocol.TType.STRUCT, (short)3); private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>(); static { @@ -169820,12 +169825,14 @@ import org.slf4j.LoggerFactory; } private HiveObjectRef objToRefresh; // required + private String authorizer; // required private GrantRevokePrivilegeRequest grantRequest; // required /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ public enum _Fields implements org.apache.thrift.TFieldIdEnum { OBJ_TO_REFRESH((short)1, "objToRefresh"), - GRANT_REQUEST((short)2, "grantRequest"); + AUTHORIZER((short)2, "authorizer"), + GRANT_REQUEST((short)3, "grantRequest"); private static final Map<String, _Fields> byName = new HashMap<String, _Fields>(); @@ -169842,7 +169849,9 @@ import org.slf4j.LoggerFactory; switch(fieldId) { case 1: // OBJ_TO_REFRESH return OBJ_TO_REFRESH; - case 2: // GRANT_REQUEST + case 2: // AUTHORIZER + return AUTHORIZER; + case 3: // GRANT_REQUEST return GRANT_REQUEST; default: return null; @@ -169889,6 +169898,8 @@ import org.slf4j.LoggerFactory; Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class); tmpMap.put(_Fields.OBJ_TO_REFRESH, new org.apache.thrift.meta_data.FieldMetaData("objToRefresh", org.apache.thrift.TFieldRequirementType.DEFAULT, new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, HiveObjectRef.class))); + tmpMap.put(_Fields.AUTHORIZER, new org.apache.thrift.meta_data.FieldMetaData("authorizer", org.apache.thrift.TFieldRequirementType.DEFAULT, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); tmpMap.put(_Fields.GRANT_REQUEST, new org.apache.thrift.meta_data.FieldMetaData("grantRequest", org.apache.thrift.TFieldRequirementType.DEFAULT, new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, GrantRevokePrivilegeRequest.class))); metaDataMap = Collections.unmodifiableMap(tmpMap); @@ -169900,10 +169911,12 @@ import org.slf4j.LoggerFactory; public refresh_privileges_args( HiveObjectRef objToRefresh, + String authorizer, GrantRevokePrivilegeRequest grantRequest) { this(); this.objToRefresh = objToRefresh; + this.authorizer = authorizer; this.grantRequest = grantRequest; } @@ -169914,6 +169927,9 @@ import org.slf4j.LoggerFactory; if (other.isSetObjToRefresh()) { this.objToRefresh = new HiveObjectRef(other.objToRefresh); } + if (other.isSetAuthorizer()) { + this.authorizer = other.authorizer; + } if (other.isSetGrantRequest()) { this.grantRequest = new GrantRevokePrivilegeRequest(other.grantRequest); } @@ -169926,6 +169942,7 @@ import org.slf4j.LoggerFactory; @Override public void clear() { this.objToRefresh = null; + this.authorizer = null; this.grantRequest = null; } @@ -169952,6 +169969,29 @@ import org.slf4j.LoggerFactory; } } + public String getAuthorizer() { + return this.authorizer; + } + + public void setAuthorizer(String authorizer) { + this.authorizer = authorizer; + } + + public void unsetAuthorizer() { + this.authorizer = null; + } + + /** Returns true if field authorizer is set (has been assigned a value) and false otherwise */ + public boolean isSetAuthorizer() { + return this.authorizer != null; + } + + public void setAuthorizerIsSet(boolean value) { + if (!value) { + this.authorizer = null; + } + } + public GrantRevokePrivilegeRequest getGrantRequest() { return this.grantRequest; } @@ -169985,6 +170025,14 @@ import org.slf4j.LoggerFactory; } break; + case AUTHORIZER: + if (value == null) { + unsetAuthorizer(); + } else { + setAuthorizer((String)value); + } + break; + case GRANT_REQUEST: if (value == null) { unsetGrantRequest(); @@ -170001,6 +170049,9 @@ import org.slf4j.LoggerFactory; case OBJ_TO_REFRESH: return getObjToRefresh(); + case AUTHORIZER: + return getAuthorizer(); + case GRANT_REQUEST: return getGrantRequest(); @@ -170017,6 +170068,8 @@ import org.slf4j.LoggerFactory; switch (field) { case OBJ_TO_REFRESH: return isSetObjToRefresh(); + case AUTHORIZER: + return isSetAuthorizer(); case GRANT_REQUEST: return isSetGrantRequest(); } @@ -170045,6 +170098,15 @@ import org.slf4j.LoggerFactory; return false; } + boolean this_present_authorizer = true && this.isSetAuthorizer(); + boolean that_present_authorizer = true && that.isSetAuthorizer(); + if (this_present_authorizer || that_present_authorizer) { + if (!(this_present_authorizer && that_present_authorizer)) + return false; + if (!this.authorizer.equals(that.authorizer)) + return false; + } + boolean this_present_grantRequest = true && this.isSetGrantRequest(); boolean that_present_grantRequest = true && that.isSetGrantRequest(); if (this_present_grantRequest || that_present_grantRequest) { @@ -170066,6 +170128,11 @@ import org.slf4j.LoggerFactory; if (present_objToRefresh) list.add(objToRefresh); + boolean present_authorizer = true && (isSetAuthorizer()); + list.add(present_authorizer); + if (present_authorizer) + list.add(authorizer); + boolean present_grantRequest = true && (isSetGrantRequest()); list.add(present_grantRequest); if (present_grantRequest) @@ -170092,6 +170159,16 @@ import org.slf4j.LoggerFactory; return lastComparison; } } + lastComparison = Boolean.valueOf(isSetAuthorizer()).compareTo(other.isSetAuthorizer()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetAuthorizer()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.authorizer, other.authorizer); + if (lastComparison != 0) { + return lastComparison; + } + } lastComparison = Boolean.valueOf(isSetGrantRequest()).compareTo(other.isSetGrantRequest()); if (lastComparison != 0) { return lastComparison; @@ -170130,6 +170207,14 @@ import org.slf4j.LoggerFactory; } first = false; if (!first) sb.append(", "); + sb.append("authorizer:"); + if (this.authorizer == null) { + sb.append("null"); + } else { + sb.append(this.authorizer); + } + first = false; + if (!first) sb.append(", "); sb.append("grantRequest:"); if (this.grantRequest == null) { sb.append("null"); @@ -170195,7 +170280,15 @@ import org.slf4j.LoggerFactory; org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; - case 2: // GRANT_REQUEST + case 2: // AUTHORIZER + if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { + struct.authorizer = iprot.readString(); + struct.setAuthorizerIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 3: // GRANT_REQUEST if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) { struct.grantRequest = new GrantRevokePrivilegeRequest(); struct.grantRequest.read(iprot); @@ -170222,6 +170315,11 @@ import org.slf4j.LoggerFactory; struct.objToRefresh.write(oprot); oprot.writeFieldEnd(); } + if (struct.authorizer != null) { + oprot.writeFieldBegin(AUTHORIZER_FIELD_DESC); + oprot.writeString(struct.authorizer); + oprot.writeFieldEnd(); + } if (struct.grantRequest != null) { oprot.writeFieldBegin(GRANT_REQUEST_FIELD_DESC); struct.grantRequest.write(oprot); @@ -170248,13 +170346,19 @@ import org.slf4j.LoggerFactory; if (struct.isSetObjToRefresh()) { optionals.set(0); } - if (struct.isSetGrantRequest()) { + if (struct.isSetAuthorizer()) { optionals.set(1); } - oprot.writeBitSet(optionals, 2); + if (struct.isSetGrantRequest()) { + optionals.set(2); + } + oprot.writeBitSet(optionals, 3); if (struct.isSetObjToRefresh()) { struct.objToRefresh.write(oprot); } + if (struct.isSetAuthorizer()) { + oprot.writeString(struct.authorizer); + } if (struct.isSetGrantRequest()) { struct.grantRequest.write(oprot); } @@ -170263,13 +170367,17 @@ import org.slf4j.LoggerFactory; @Override public void read(org.apache.thrift.protocol.TProtocol prot, refresh_privileges_args struct) throws org.apache.thrift.TException { TTupleProtocol iprot = (TTupleProtocol) prot; - BitSet incoming = iprot.readBitSet(2); + BitSet incoming = iprot.readBitSet(3); if (incoming.get(0)) { struct.objToRefresh = new HiveObjectRef(); struct.objToRefresh.read(iprot); struct.setObjToRefreshIsSet(true); } if (incoming.get(1)) { + struct.authorizer = iprot.readString(); + struct.setAuthorizerIsSet(true); + } + if (incoming.get(2)) { struct.grantRequest = new GrantRevokePrivilegeRequest(); struct.grantRequest.read(iprot); struct.setGrantRequestIsSet(true); http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/gen/thrift/gen-php/metastore/ThriftHiveMetastore.php ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/gen/thrift/gen-php/metastore/ThriftHiveMetastore.php b/standalone-metastore/src/gen/thrift/gen-php/metastore/ThriftHiveMetastore.php index 250d990..4a37568 100644 --- a/standalone-metastore/src/gen/thrift/gen-php/metastore/ThriftHiveMetastore.php +++ b/standalone-metastore/src/gen/thrift/gen-php/metastore/ThriftHiveMetastore.php @@ -1062,11 +1062,12 @@ interface ThriftHiveMetastoreIf extends \FacebookServiceIf { public function grant_revoke_privileges(\metastore\GrantRevokePrivilegeRequest $request); /** * @param \metastore\HiveObjectRef $objToRefresh + * @param string $authorizer * @param \metastore\GrantRevokePrivilegeRequest $grantRequest * @return \metastore\GrantRevokePrivilegeResponse * @throws \metastore\MetaException */ - public function refresh_privileges(\metastore\HiveObjectRef $objToRefresh, \metastore\GrantRevokePrivilegeRequest $grantRequest); + public function refresh_privileges(\metastore\HiveObjectRef $objToRefresh, $authorizer, \metastore\GrantRevokePrivilegeRequest $grantRequest); /** * @param string $user_name * @param string[] $group_names @@ -8927,16 +8928,17 @@ class ThriftHiveMetastoreClient extends \FacebookServiceClient implements \metas throw new \Exception("grant_revoke_privileges failed: unknown result"); } - public function refresh_privileges(\metastore\HiveObjectRef $objToRefresh, \metastore\GrantRevokePrivilegeRequest $grantRequest) + public function refresh_privileges(\metastore\HiveObjectRef $objToRefresh, $authorizer, \metastore\GrantRevokePrivilegeRequest $grantRequest) { - $this->send_refresh_privileges($objToRefresh, $grantRequest); + $this->send_refresh_privileges($objToRefresh, $authorizer, $grantRequest); return $this->recv_refresh_privileges(); } - public function send_refresh_privileges(\metastore\HiveObjectRef $objToRefresh, \metastore\GrantRevokePrivilegeRequest $grantRequest) + public function send_refresh_privileges(\metastore\HiveObjectRef $objToRefresh, $authorizer, \metastore\GrantRevokePrivilegeRequest $grantRequest) { $args = new \metastore\ThriftHiveMetastore_refresh_privileges_args(); $args->objToRefresh = $objToRefresh; + $args->authorizer = $authorizer; $args->grantRequest = $grantRequest; $bin_accel = ($this->output_ instanceof TBinaryProtocolAccelerated) && function_exists('thrift_protocol_write_binary'); if ($bin_accel) @@ -44513,6 +44515,10 @@ class ThriftHiveMetastore_refresh_privileges_args { */ public $objToRefresh = null; /** + * @var string + */ + public $authorizer = null; + /** * @var \metastore\GrantRevokePrivilegeRequest */ public $grantRequest = null; @@ -44526,6 +44532,10 @@ class ThriftHiveMetastore_refresh_privileges_args { 'class' => '\metastore\HiveObjectRef', ), 2 => array( + 'var' => 'authorizer', + 'type' => TType::STRING, + ), + 3 => array( 'var' => 'grantRequest', 'type' => TType::STRUCT, 'class' => '\metastore\GrantRevokePrivilegeRequest', @@ -44536,6 +44546,9 @@ class ThriftHiveMetastore_refresh_privileges_args { if (isset($vals['objToRefresh'])) { $this->objToRefresh = $vals['objToRefresh']; } + if (isset($vals['authorizer'])) { + $this->authorizer = $vals['authorizer']; + } if (isset($vals['grantRequest'])) { $this->grantRequest = $vals['grantRequest']; } @@ -44570,6 +44583,13 @@ class ThriftHiveMetastore_refresh_privileges_args { } break; case 2: + if ($ftype == TType::STRING) { + $xfer += $input->readString($this->authorizer); + } else { + $xfer += $input->skip($ftype); + } + break; + case 3: if ($ftype == TType::STRUCT) { $this->grantRequest = new \metastore\GrantRevokePrivilegeRequest(); $xfer += $this->grantRequest->read($input); @@ -44598,11 +44618,16 @@ class ThriftHiveMetastore_refresh_privileges_args { $xfer += $this->objToRefresh->write($output); $xfer += $output->writeFieldEnd(); } + if ($this->authorizer !== null) { + $xfer += $output->writeFieldBegin('authorizer', TType::STRING, 2); + $xfer += $output->writeString($this->authorizer); + $xfer += $output->writeFieldEnd(); + } if ($this->grantRequest !== null) { if (!is_object($this->grantRequest)) { throw new TProtocolException('Bad type in structure.', TProtocolException::INVALID_DATA); } - $xfer += $output->writeFieldBegin('grantRequest', TType::STRUCT, 2); + $xfer += $output->writeFieldBegin('grantRequest', TType::STRUCT, 3); $xfer += $this->grantRequest->write($output); $xfer += $output->writeFieldEnd(); } http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/gen/thrift/gen-php/metastore/Types.php ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/gen/thrift/gen-php/metastore/Types.php b/standalone-metastore/src/gen/thrift/gen-php/metastore/Types.php index 353c0de..fe54515 100644 --- a/standalone-metastore/src/gen/thrift/gen-php/metastore/Types.php +++ b/standalone-metastore/src/gen/thrift/gen-php/metastore/Types.php @@ -2719,6 +2719,10 @@ class HiveObjectPrivilege { * @var \metastore\PrivilegeGrantInfo */ public $grantInfo = null; + /** + * @var string + */ + public $authorizer = null; public function __construct($vals=null) { if (!isset(self::$_TSPEC)) { @@ -2741,6 +2745,10 @@ class HiveObjectPrivilege { 'type' => TType::STRUCT, 'class' => '\metastore\PrivilegeGrantInfo', ), + 5 => array( + 'var' => 'authorizer', + 'type' => TType::STRING, + ), ); } if (is_array($vals)) { @@ -2756,6 +2764,9 @@ class HiveObjectPrivilege { if (isset($vals['grantInfo'])) { $this->grantInfo = $vals['grantInfo']; } + if (isset($vals['authorizer'])) { + $this->authorizer = $vals['authorizer']; + } } } @@ -2808,6 +2819,13 @@ class HiveObjectPrivilege { $xfer += $input->skip($ftype); } break; + case 5: + if ($ftype == TType::STRING) { + $xfer += $input->readString($this->authorizer); + } else { + $xfer += $input->skip($ftype); + } + break; default: $xfer += $input->skip($ftype); break; @@ -2847,6 +2865,11 @@ class HiveObjectPrivilege { $xfer += $this->grantInfo->write($output); $xfer += $output->writeFieldEnd(); } + if ($this->authorizer !== null) { + $xfer += $output->writeFieldBegin('authorizer', TType::STRING, 5); + $xfer += $output->writeString($this->authorizer); + $xfer += $output->writeFieldEnd(); + } $xfer += $output->writeFieldStop(); $xfer += $output->writeStructEnd(); return $xfer; http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote b/standalone-metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote index 58afb24..8fa5fe4 100755 --- a/standalone-metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote +++ b/standalone-metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote @@ -151,7 +151,7 @@ if len(sys.argv) <= 1 or sys.argv[1] == '--help': print(' bool grant_privileges(PrivilegeBag privileges)') print(' bool revoke_privileges(PrivilegeBag privileges)') print(' GrantRevokePrivilegeResponse grant_revoke_privileges(GrantRevokePrivilegeRequest request)') - print(' GrantRevokePrivilegeResponse refresh_privileges(HiveObjectRef objToRefresh, GrantRevokePrivilegeRequest grantRequest)') + print(' GrantRevokePrivilegeResponse refresh_privileges(HiveObjectRef objToRefresh, string authorizer, GrantRevokePrivilegeRequest grantRequest)') print(' set_ugi(string user_name, group_names)') print(' string get_delegation_token(string token_owner, string renewer_kerberos_principal_name)') print(' i64 renew_delegation_token(string token_str_form)') @@ -1062,10 +1062,10 @@ elif cmd == 'grant_revoke_privileges': pp.pprint(client.grant_revoke_privileges(eval(args[0]),)) elif cmd == 'refresh_privileges': - if len(args) != 2: - print('refresh_privileges requires 2 args') + if len(args) != 3: + print('refresh_privileges requires 3 args') sys.exit(1) - pp.pprint(client.refresh_privileges(eval(args[0]),eval(args[1]),)) + pp.pprint(client.refresh_privileges(eval(args[0]),args[1],eval(args[2]),)) elif cmd == 'set_ugi': if len(args) != 2: http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py b/standalone-metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py index 768c0e3..11881d3 100644 --- a/standalone-metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py +++ b/standalone-metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py @@ -1061,10 +1061,11 @@ class Iface(fb303.FacebookService.Iface): """ pass - def refresh_privileges(self, objToRefresh, grantRequest): + def refresh_privileges(self, objToRefresh, authorizer, grantRequest): """ Parameters: - objToRefresh + - authorizer - grantRequest """ pass @@ -6338,19 +6339,21 @@ class Client(fb303.FacebookService.Client, Iface): raise result.o1 raise TApplicationException(TApplicationException.MISSING_RESULT, "grant_revoke_privileges failed: unknown result") - def refresh_privileges(self, objToRefresh, grantRequest): + def refresh_privileges(self, objToRefresh, authorizer, grantRequest): """ Parameters: - objToRefresh + - authorizer - grantRequest """ - self.send_refresh_privileges(objToRefresh, grantRequest) + self.send_refresh_privileges(objToRefresh, authorizer, grantRequest) return self.recv_refresh_privileges() - def send_refresh_privileges(self, objToRefresh, grantRequest): + def send_refresh_privileges(self, objToRefresh, authorizer, grantRequest): self._oprot.writeMessageBegin('refresh_privileges', TMessageType.CALL, self._seqid) args = refresh_privileges_args() args.objToRefresh = objToRefresh + args.authorizer = authorizer args.grantRequest = grantRequest args.write(self._oprot) self._oprot.writeMessageEnd() @@ -12429,7 +12432,7 @@ class Processor(fb303.FacebookService.Processor, Iface, TProcessor): iprot.readMessageEnd() result = refresh_privileges_result() try: - result.success = self._handler.refresh_privileges(args.objToRefresh, args.grantRequest) + result.success = self._handler.refresh_privileges(args.objToRefresh, args.authorizer, args.grantRequest) msg_type = TMessageType.REPLY except (TTransport.TTransportException, KeyboardInterrupt, SystemExit): raise @@ -36878,17 +36881,20 @@ class refresh_privileges_args: """ Attributes: - objToRefresh + - authorizer - grantRequest """ thrift_spec = ( None, # 0 (1, TType.STRUCT, 'objToRefresh', (HiveObjectRef, HiveObjectRef.thrift_spec), None, ), # 1 - (2, TType.STRUCT, 'grantRequest', (GrantRevokePrivilegeRequest, GrantRevokePrivilegeRequest.thrift_spec), None, ), # 2 + (2, TType.STRING, 'authorizer', None, None, ), # 2 + (3, TType.STRUCT, 'grantRequest', (GrantRevokePrivilegeRequest, GrantRevokePrivilegeRequest.thrift_spec), None, ), # 3 ) - def __init__(self, objToRefresh=None, grantRequest=None,): + def __init__(self, objToRefresh=None, authorizer=None, grantRequest=None,): self.objToRefresh = objToRefresh + self.authorizer = authorizer self.grantRequest = grantRequest def read(self, iprot): @@ -36907,6 +36913,11 @@ class refresh_privileges_args: else: iprot.skip(ftype) elif fid == 2: + if ftype == TType.STRING: + self.authorizer = iprot.readString() + else: + iprot.skip(ftype) + elif fid == 3: if ftype == TType.STRUCT: self.grantRequest = GrantRevokePrivilegeRequest() self.grantRequest.read(iprot) @@ -36926,8 +36937,12 @@ class refresh_privileges_args: oprot.writeFieldBegin('objToRefresh', TType.STRUCT, 1) self.objToRefresh.write(oprot) oprot.writeFieldEnd() + if self.authorizer is not None: + oprot.writeFieldBegin('authorizer', TType.STRING, 2) + oprot.writeString(self.authorizer) + oprot.writeFieldEnd() if self.grantRequest is not None: - oprot.writeFieldBegin('grantRequest', TType.STRUCT, 2) + oprot.writeFieldBegin('grantRequest', TType.STRUCT, 3) self.grantRequest.write(oprot) oprot.writeFieldEnd() oprot.writeFieldStop() @@ -36940,6 +36955,7 @@ class refresh_privileges_args: def __hash__(self): value = 17 value = (value * 31) ^ hash(self.objToRefresh) + value = (value * 31) ^ hash(self.authorizer) value = (value * 31) ^ hash(self.grantRequest) return value http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/gen/thrift/gen-py/hive_metastore/ttypes.py ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/gen/thrift/gen-py/hive_metastore/ttypes.py b/standalone-metastore/src/gen/thrift/gen-py/hive_metastore/ttypes.py index fdec32e..786c8c5 100644 --- a/standalone-metastore/src/gen/thrift/gen-py/hive_metastore/ttypes.py +++ b/standalone-metastore/src/gen/thrift/gen-py/hive_metastore/ttypes.py @@ -2013,6 +2013,7 @@ class HiveObjectPrivilege: - principalName - principalType - grantInfo + - authorizer """ thrift_spec = ( @@ -2021,13 +2022,15 @@ class HiveObjectPrivilege: (2, TType.STRING, 'principalName', None, None, ), # 2 (3, TType.I32, 'principalType', None, None, ), # 3 (4, TType.STRUCT, 'grantInfo', (PrivilegeGrantInfo, PrivilegeGrantInfo.thrift_spec), None, ), # 4 + (5, TType.STRING, 'authorizer', None, None, ), # 5 ) - def __init__(self, hiveObject=None, principalName=None, principalType=None, grantInfo=None,): + def __init__(self, hiveObject=None, principalName=None, principalType=None, grantInfo=None, authorizer=None,): self.hiveObject = hiveObject self.principalName = principalName self.principalType = principalType self.grantInfo = grantInfo + self.authorizer = authorizer def read(self, iprot): if iprot.__class__ == TBinaryProtocol.TBinaryProtocolAccelerated and isinstance(iprot.trans, TTransport.CReadableTransport) and self.thrift_spec is not None and fastbinary is not None: @@ -2060,6 +2063,11 @@ class HiveObjectPrivilege: self.grantInfo.read(iprot) else: iprot.skip(ftype) + elif fid == 5: + if ftype == TType.STRING: + self.authorizer = iprot.readString() + else: + iprot.skip(ftype) else: iprot.skip(ftype) iprot.readFieldEnd() @@ -2086,6 +2094,10 @@ class HiveObjectPrivilege: oprot.writeFieldBegin('grantInfo', TType.STRUCT, 4) self.grantInfo.write(oprot) oprot.writeFieldEnd() + if self.authorizer is not None: + oprot.writeFieldBegin('authorizer', TType.STRING, 5) + oprot.writeString(self.authorizer) + oprot.writeFieldEnd() oprot.writeFieldStop() oprot.writeStructEnd() @@ -2099,6 +2111,7 @@ class HiveObjectPrivilege: value = (value * 31) ^ hash(self.principalName) value = (value * 31) ^ hash(self.principalType) value = (value * 31) ^ hash(self.grantInfo) + value = (value * 31) ^ hash(self.authorizer) return value def __repr__(self): http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/gen/thrift/gen-rb/hive_metastore_types.rb ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/gen/thrift/gen-rb/hive_metastore_types.rb b/standalone-metastore/src/gen/thrift/gen-rb/hive_metastore_types.rb index fb73b28..9174596 100644 --- a/standalone-metastore/src/gen/thrift/gen-rb/hive_metastore_types.rb +++ b/standalone-metastore/src/gen/thrift/gen-rb/hive_metastore_types.rb @@ -507,12 +507,14 @@ class HiveObjectPrivilege PRINCIPALNAME = 2 PRINCIPALTYPE = 3 GRANTINFO = 4 + AUTHORIZER = 5 FIELDS = { HIVEOBJECT => {:type => ::Thrift::Types::STRUCT, :name => 'hiveObject', :class => ::HiveObjectRef}, PRINCIPALNAME => {:type => ::Thrift::Types::STRING, :name => 'principalName'}, PRINCIPALTYPE => {:type => ::Thrift::Types::I32, :name => 'principalType', :enum_class => ::PrincipalType}, - GRANTINFO => {:type => ::Thrift::Types::STRUCT, :name => 'grantInfo', :class => ::PrivilegeGrantInfo} + GRANTINFO => {:type => ::Thrift::Types::STRUCT, :name => 'grantInfo', :class => ::PrivilegeGrantInfo}, + AUTHORIZER => {:type => ::Thrift::Types::STRING, :name => 'authorizer'} } def struct_fields; FIELDS; end http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb b/standalone-metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb index d394f72..4ef99bd 100644 --- a/standalone-metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb +++ b/standalone-metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb @@ -2161,13 +2161,13 @@ module ThriftHiveMetastore raise ::Thrift::ApplicationException.new(::Thrift::ApplicationException::MISSING_RESULT, 'grant_revoke_privileges failed: unknown result') end - def refresh_privileges(objToRefresh, grantRequest) - send_refresh_privileges(objToRefresh, grantRequest) + def refresh_privileges(objToRefresh, authorizer, grantRequest) + send_refresh_privileges(objToRefresh, authorizer, grantRequest) return recv_refresh_privileges() end - def send_refresh_privileges(objToRefresh, grantRequest) - send_message('refresh_privileges', Refresh_privileges_args, :objToRefresh => objToRefresh, :grantRequest => grantRequest) + def send_refresh_privileges(objToRefresh, authorizer, grantRequest) + send_message('refresh_privileges', Refresh_privileges_args, :objToRefresh => objToRefresh, :authorizer => authorizer, :grantRequest => grantRequest) end def recv_refresh_privileges() @@ -5141,7 +5141,7 @@ module ThriftHiveMetastore args = read_args(iprot, Refresh_privileges_args) result = Refresh_privileges_result.new() begin - result.success = @handler.refresh_privileges(args.objToRefresh, args.grantRequest) + result.success = @handler.refresh_privileges(args.objToRefresh, args.authorizer, args.grantRequest) rescue ::MetaException => o1 result.o1 = o1 end @@ -10926,10 +10926,12 @@ module ThriftHiveMetastore class Refresh_privileges_args include ::Thrift::Struct, ::Thrift::Struct_Union OBJTOREFRESH = 1 - GRANTREQUEST = 2 + AUTHORIZER = 2 + GRANTREQUEST = 3 FIELDS = { OBJTOREFRESH => {:type => ::Thrift::Types::STRUCT, :name => 'objToRefresh', :class => ::HiveObjectRef}, + AUTHORIZER => {:type => ::Thrift::Types::STRING, :name => 'authorizer'}, GRANTREQUEST => {:type => ::Thrift::Types::STRUCT, :name => 'grantRequest', :class => ::GrantRevokePrivilegeRequest} }
