Repository: hive Updated Branches: refs/heads/branch-3 8df3f67d8 -> dd3798656
HIVE-20455: Log spew from security.authorization.PrivilegeSynchonizer.run (Daniel Dai, reviewed by Gopal V) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/dd379865 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/dd379865 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/dd379865 Branch: refs/heads/branch-3 Commit: dd37986568847fc6b08d9e9e44160ca8cba429e1 Parents: 8df3f67 Author: Daniel Dai <dai...@gmail.com> Authored: Sat Aug 25 13:48:29 2018 -0700 Committer: Daniel Dai <dai...@gmail.com> Committed: Sat Aug 25 13:48:29 2018 -0700 ---------------------------------------------------------------------- .../authorization/PrivilegeSynchonizer.java | 225 ------------------ .../authorization/PrivilegeSynchronizer.java | 228 +++++++++++++++++++ .../apache/hive/service/server/HiveServer2.java | 22 +- 3 files changed, 239 insertions(+), 236 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/dd379865/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchonizer.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchonizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchonizer.java deleted file mode 100644 index 61e3cec..0000000 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchonizer.java +++ /dev/null @@ -1,225 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.hive.ql.security.authorization; - -import java.util.Map; -import java.util.concurrent.TimeUnit; - -import org.apache.curator.framework.recipes.leader.LeaderLatch; -import org.apache.hadoop.hive.conf.HiveConf; -import org.apache.hadoop.hive.conf.HiveConf.ConfVars; -import org.apache.hadoop.hive.metastore.DefaultMetaStoreFilterHookImpl; -import org.apache.hadoop.hive.metastore.IMetaStoreClient; -import org.apache.hadoop.hive.metastore.api.FieldSchema; -import org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege; -import org.apache.hadoop.hive.metastore.api.HiveObjectRef; -import org.apache.hadoop.hive.metastore.api.HiveObjectType; -import org.apache.hadoop.hive.metastore.api.PrincipalType; -import org.apache.hadoop.hive.metastore.api.PrivilegeBag; -import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo; -import org.apache.hadoop.hive.metastore.api.Table; -import org.apache.hadoop.hive.metastore.api.MetaException; -import org.apache.hadoop.hive.metastore.conf.MetastoreConf; -import org.apache.hadoop.hive.ql.metadata.Hive; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePolicyProvider; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * PrivilegeSynchonizer defines a thread to synchronize privileges from - * external authorizer to Hive metastore. - */ -public class PrivilegeSynchonizer implements Runnable { - - private static final Logger LOG = LoggerFactory.getLogger(PrivilegeSynchonizer.class); - public static final String GRANTOR = "ranger"; - private IMetaStoreClient hiveClient; - private LeaderLatch privilegeSynchonizerLatch; - private HiveConf hiveConf; - private PolicyProviderContainer policyProviderContainer; - - public PrivilegeSynchonizer(LeaderLatch privilegeSynchonizerLatch, - PolicyProviderContainer policyProviderContainer, HiveConf hiveConf) { - this.hiveConf = new HiveConf(hiveConf); - this.hiveConf.set(MetastoreConf.ConfVars.FILTER_HOOK.getVarname(), DefaultMetaStoreFilterHookImpl.class.getName()); - try { - hiveClient = Hive.get(this.hiveConf).getMSC(); - } catch (Exception e) { - throw new RuntimeException("Error creating HiveMetastoreClient", e); - } - this.privilegeSynchonizerLatch = privilegeSynchonizerLatch; - this.policyProviderContainer = policyProviderContainer; - this.hiveConf = hiveConf; - } - - private void addACLsToBag( - Map<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> principalAclsMap, - PrivilegeBag privBag, HiveObjectType objectType, String dbName, String tblName, String columnName, - PrincipalType principalType, String authorizer) { - - for (Map.Entry<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> principalAcls - : principalAclsMap.entrySet()) { - String principal = principalAcls.getKey(); - for (Map.Entry<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult> acl : principalAcls.getValue() - .entrySet()) { - if (acl.getValue() == HiveResourceACLs.AccessResult.ALLOWED) { - switch (objectType) { - case DATABASE: - privBag.addToPrivileges( - new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.DATABASE, dbName, null, null, null), principal, - principalType, new PrivilegeGrantInfo(acl.getKey().toString(), - (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false), authorizer)); - break; - case TABLE: - privBag.addToPrivileges( - new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, dbName, tblName, null, null), principal, - principalType, new PrivilegeGrantInfo(acl.getKey().toString(), - (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false), authorizer)); - break; - case COLUMN: - privBag.addToPrivileges( - new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.COLUMN, dbName, tblName, null, columnName), - principal, principalType, new PrivilegeGrantInfo(acl.getKey().toString(), - (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false), authorizer)); - break; - default: - throw new RuntimeException("Get unknown object type " + objectType); - } - } - } - } - } - - private HiveObjectRef getObjToRefresh(HiveObjectType type, String dbName, String tblName) throws Exception { - HiveObjectRef objToRefresh = null; - switch (type) { - case DATABASE: - objToRefresh = new HiveObjectRef(HiveObjectType.DATABASE, dbName, null, null, null); - break; - case TABLE: - objToRefresh = new HiveObjectRef(HiveObjectType.TABLE, dbName, tblName, null, null); - break; - case COLUMN: - objToRefresh = new HiveObjectRef(HiveObjectType.COLUMN, dbName, tblName, null, null); - break; - default: - throw new RuntimeException("Get unknown object type " + type); - } - return objToRefresh; - } - - private void addGrantPrivilegesToBag(HivePolicyProvider policyProvider, PrivilegeBag privBag, HiveObjectType type, - String dbName, String tblName, String columnName, String authorizer) throws Exception { - - HiveResourceACLs objectAcls = null; - - switch (type) { - case DATABASE: - objectAcls = policyProvider - .getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.DATABASE, dbName, null)); - break; - - case TABLE: - objectAcls = policyProvider - .getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, dbName, tblName)); - break; - - case COLUMN: - objectAcls = policyProvider - .getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.COLUMN, dbName, tblName, null, columnName)); - break; - - default: - throw new RuntimeException("Get unknown object type " + type); - } - - if (objectAcls == null) { - return; - } - - addACLsToBag(objectAcls.getUserPermissions(), privBag, type, dbName, tblName, columnName, - PrincipalType.USER, authorizer); - addACLsToBag(objectAcls.getGroupPermissions(), privBag, type, dbName, tblName, columnName, - PrincipalType.GROUP, authorizer); - } - - @Override - public void run() { - while (true) { - long interval = HiveConf.getTimeVar(hiveConf, ConfVars.HIVE_PRIVILEGE_SYNCHRONIZER_INTERVAL, TimeUnit.SECONDS); - try { - for (HivePolicyProvider policyProvider : policyProviderContainer) { - LOG.info("Start synchronize privilege " + policyProvider.getClass().getName()); - String authorizer = policyProvider.getClass().getSimpleName(); - if (!privilegeSynchonizerLatch.await(interval, TimeUnit.SECONDS)) { - LOG.info("Not selected as leader, skip"); - continue; - } - int numDb = 0, numTbl = 0; - for (String dbName : hiveClient.getAllDatabases()) { - numDb++; - HiveObjectRef dbToRefresh = getObjToRefresh(HiveObjectType.DATABASE, dbName, null); - PrivilegeBag grantDatabaseBag = new PrivilegeBag(); - addGrantPrivilegesToBag(policyProvider, grantDatabaseBag, HiveObjectType.DATABASE, - dbName, null, null, authorizer); - hiveClient.refresh_privileges(dbToRefresh, authorizer, grantDatabaseBag); - LOG.debug("processing " + dbName); - - for (String tblName : hiveClient.getAllTables(dbName)) { - numTbl++; - LOG.debug("processing " + dbName + "." + tblName); - HiveObjectRef tableToRefresh = getObjToRefresh(HiveObjectType.TABLE, dbName, tblName); - PrivilegeBag grantTableBag = new PrivilegeBag(); - addGrantPrivilegesToBag(policyProvider, grantTableBag, HiveObjectType.TABLE, - dbName, tblName, null, authorizer); - hiveClient.refresh_privileges(tableToRefresh, authorizer, grantTableBag); - - HiveObjectRef tableOfColumnsToRefresh = getObjToRefresh(HiveObjectType.COLUMN, dbName, tblName); - PrivilegeBag grantColumnBag = new PrivilegeBag(); - Table tbl = null; - try { - tbl = hiveClient.getTable(dbName, tblName); - for (FieldSchema fs : tbl.getPartitionKeys()) { - addGrantPrivilegesToBag(policyProvider, grantColumnBag, HiveObjectType.COLUMN, - dbName, tblName, fs.getName(), authorizer); - } - for (FieldSchema fs : tbl.getSd().getCols()) { - addGrantPrivilegesToBag(policyProvider, grantColumnBag, HiveObjectType.COLUMN, - dbName, tblName, fs.getName(), authorizer); - } - hiveClient.refresh_privileges(tableOfColumnsToRefresh, authorizer, grantColumnBag); - } catch (MetaException e) { - LOG.debug("Unable to synchronize " + tblName + ":" + e.getMessage()); - } - } - } - LOG.info("Success synchronize privilege " + policyProvider.getClass().getName() + ":" + numDb + " databases, " - + numTbl + " tables"); - } - // Wait if no exception happens, otherwise, retry immediately - LOG.info("Wait for " + interval + " seconds"); - Thread.sleep(interval * 1000); - } catch (Exception e) { - LOG.error("Error initializing PrivilegeSynchronizer: " + e.getMessage(), e); - } - } - } -} http://git-wip-us.apache.org/repos/asf/hive/blob/dd379865/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchronizer.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchronizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchronizer.java new file mode 100644 index 0000000..c7a4843 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchronizer.java @@ -0,0 +1,228 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.hive.ql.security.authorization; + +import java.util.Map; +import java.util.concurrent.TimeUnit; + +import org.apache.curator.framework.recipes.leader.LeaderLatch; +import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.conf.HiveConf.ConfVars; +import org.apache.hadoop.hive.metastore.DefaultMetaStoreFilterHookImpl; +import org.apache.hadoop.hive.metastore.IMetaStoreClient; +import org.apache.hadoop.hive.metastore.api.FieldSchema; +import org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege; +import org.apache.hadoop.hive.metastore.api.HiveObjectRef; +import org.apache.hadoop.hive.metastore.api.HiveObjectType; +import org.apache.hadoop.hive.metastore.api.PrincipalType; +import org.apache.hadoop.hive.metastore.api.PrivilegeBag; +import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo; +import org.apache.hadoop.hive.metastore.api.Table; +import org.apache.hadoop.hive.metastore.api.MetaException; +import org.apache.hadoop.hive.metastore.conf.MetastoreConf; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePolicyProvider; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * PrivilegeSynchronizer defines a thread to synchronize privileges from + * external authorizer to Hive metastore. + */ +public class PrivilegeSynchronizer implements Runnable { + + private static final Logger LOG = LoggerFactory.getLogger(PrivilegeSynchronizer.class); + public static final String GRANTOR = "ranger"; + private IMetaStoreClient hiveClient; + private LeaderLatch privilegeSynchronizerLatch; + private HiveConf hiveConf; + private PolicyProviderContainer policyProviderContainer; + + public PrivilegeSynchronizer(LeaderLatch privilegeSynchronizerLatch, + PolicyProviderContainer policyProviderContainer, HiveConf hiveConf) { + this.hiveConf = new HiveConf(hiveConf); + this.hiveConf.set(MetastoreConf.ConfVars.FILTER_HOOK.getVarname(), DefaultMetaStoreFilterHookImpl.class.getName()); + try { + hiveClient = Hive.get(this.hiveConf).getMSC(); + } catch (Exception e) { + throw new RuntimeException("Error creating HiveMetastoreClient", e); + } + this.privilegeSynchronizerLatch = privilegeSynchronizerLatch; + this.policyProviderContainer = policyProviderContainer; + this.hiveConf = hiveConf; + } + + private void addACLsToBag( + Map<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> principalAclsMap, + PrivilegeBag privBag, HiveObjectType objectType, String dbName, String tblName, String columnName, + PrincipalType principalType, String authorizer) { + + for (Map.Entry<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> principalAcls + : principalAclsMap.entrySet()) { + String principal = principalAcls.getKey(); + for (Map.Entry<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult> acl : principalAcls.getValue() + .entrySet()) { + if (acl.getValue() == HiveResourceACLs.AccessResult.ALLOWED) { + switch (objectType) { + case DATABASE: + privBag.addToPrivileges( + new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.DATABASE, dbName, null, null, null), principal, + principalType, new PrivilegeGrantInfo(acl.getKey().toString(), + (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false), authorizer)); + break; + case TABLE: + privBag.addToPrivileges( + new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, dbName, tblName, null, null), principal, + principalType, new PrivilegeGrantInfo(acl.getKey().toString(), + (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false), authorizer)); + break; + case COLUMN: + privBag.addToPrivileges( + new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.COLUMN, dbName, tblName, null, columnName), + principal, principalType, new PrivilegeGrantInfo(acl.getKey().toString(), + (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false), authorizer)); + break; + default: + throw new RuntimeException("Get unknown object type " + objectType); + } + } + } + } + } + + private HiveObjectRef getObjToRefresh(HiveObjectType type, String dbName, String tblName) throws Exception { + HiveObjectRef objToRefresh = null; + switch (type) { + case DATABASE: + objToRefresh = new HiveObjectRef(HiveObjectType.DATABASE, dbName, null, null, null); + break; + case TABLE: + objToRefresh = new HiveObjectRef(HiveObjectType.TABLE, dbName, tblName, null, null); + break; + case COLUMN: + objToRefresh = new HiveObjectRef(HiveObjectType.COLUMN, dbName, tblName, null, null); + break; + default: + throw new RuntimeException("Get unknown object type " + type); + } + return objToRefresh; + } + + private void addGrantPrivilegesToBag(HivePolicyProvider policyProvider, PrivilegeBag privBag, HiveObjectType type, + String dbName, String tblName, String columnName, String authorizer) throws Exception { + + HiveResourceACLs objectAcls = null; + + switch (type) { + case DATABASE: + objectAcls = policyProvider + .getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.DATABASE, dbName, null)); + break; + + case TABLE: + objectAcls = policyProvider + .getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, dbName, tblName)); + break; + + case COLUMN: + objectAcls = policyProvider + .getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.COLUMN, dbName, tblName, null, columnName)); + break; + + default: + throw new RuntimeException("Get unknown object type " + type); + } + + if (objectAcls == null) { + return; + } + + addACLsToBag(objectAcls.getUserPermissions(), privBag, type, dbName, tblName, columnName, + PrincipalType.USER, authorizer); + addACLsToBag(objectAcls.getGroupPermissions(), privBag, type, dbName, tblName, columnName, + PrincipalType.GROUP, authorizer); + } + + @Override + public void run() { + while (true) { + long interval = HiveConf.getTimeVar(hiveConf, ConfVars.HIVE_PRIVILEGE_SYNCHRONIZER_INTERVAL, TimeUnit.SECONDS); + try { + for (HivePolicyProvider policyProvider : policyProviderContainer) { + LOG.info("Start synchronize privilege " + policyProvider.getClass().getName()); + String authorizer = policyProvider.getClass().getSimpleName(); + if (!privilegeSynchronizerLatch.await(interval, TimeUnit.SECONDS)) { + LOG.info("Not selected as leader, skip"); + continue; + } + int numDb = 0, numTbl = 0; + for (String dbName : hiveClient.getAllDatabases()) { + numDb++; + HiveObjectRef dbToRefresh = getObjToRefresh(HiveObjectType.DATABASE, dbName, null); + PrivilegeBag grantDatabaseBag = new PrivilegeBag(); + addGrantPrivilegesToBag(policyProvider, grantDatabaseBag, HiveObjectType.DATABASE, + dbName, null, null, authorizer); + hiveClient.refresh_privileges(dbToRefresh, authorizer, grantDatabaseBag); + LOG.debug("processing " + dbName); + + for (String tblName : hiveClient.getAllTables(dbName)) { + numTbl++; + LOG.debug("processing " + dbName + "." + tblName); + HiveObjectRef tableToRefresh = getObjToRefresh(HiveObjectType.TABLE, dbName, tblName); + PrivilegeBag grantTableBag = new PrivilegeBag(); + addGrantPrivilegesToBag(policyProvider, grantTableBag, HiveObjectType.TABLE, + dbName, tblName, null, authorizer); + hiveClient.refresh_privileges(tableToRefresh, authorizer, grantTableBag); + + HiveObjectRef tableOfColumnsToRefresh = getObjToRefresh(HiveObjectType.COLUMN, dbName, tblName); + PrivilegeBag grantColumnBag = new PrivilegeBag(); + Table tbl = null; + try { + tbl = hiveClient.getTable(dbName, tblName); + for (FieldSchema fs : tbl.getPartitionKeys()) { + addGrantPrivilegesToBag(policyProvider, grantColumnBag, HiveObjectType.COLUMN, + dbName, tblName, fs.getName(), authorizer); + } + for (FieldSchema fs : tbl.getSd().getCols()) { + addGrantPrivilegesToBag(policyProvider, grantColumnBag, HiveObjectType.COLUMN, + dbName, tblName, fs.getName(), authorizer); + } + hiveClient.refresh_privileges(tableOfColumnsToRefresh, authorizer, grantColumnBag); + } catch (MetaException e) { + LOG.debug("Unable to synchronize " + tblName + ":" + e.getMessage()); + } + } + } + LOG.info("Success synchronize privilege " + policyProvider.getClass().getName() + ":" + numDb + " databases, " + + numTbl + " tables"); + } + } catch (Exception e) { + LOG.error("Error initializing PrivilegeSynchronizer: " + e.getMessage(), e); + } + LOG.info("Wait for " + interval + " seconds"); + try { + Thread.sleep(interval * 1000); + } catch (InterruptedException e) { + // do nothing + } + } + } +} http://git-wip-us.apache.org/repos/asf/hive/blob/dd379865/service/src/java/org/apache/hive/service/server/HiveServer2.java ---------------------------------------------------------------------- diff --git a/service/src/java/org/apache/hive/service/server/HiveServer2.java b/service/src/java/org/apache/hive/service/server/HiveServer2.java index ed48064..7bfa203 100644 --- a/service/src/java/org/apache/hive/service/server/HiveServer2.java +++ b/service/src/java/org/apache/hive/service/server/HiveServer2.java @@ -84,7 +84,7 @@ import org.apache.hadoop.hive.ql.metadata.events.NotificationEventPoll; import org.apache.hadoop.hive.ql.plan.mapper.StatsSources; import org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider; import org.apache.hadoop.hive.ql.security.authorization.PolicyProviderContainer; -import org.apache.hadoop.hive.ql.security.authorization.PrivilegeSynchonizer; +import org.apache.hadoop.hive.ql.security.authorization.PrivilegeSynchronizer; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; import org.apache.hadoop.hive.ql.session.ClearDanglingScratchDir; import org.apache.hadoop.hive.ql.session.SessionState; @@ -723,9 +723,9 @@ public class HiveServer2 extends CompositeService { } try { - startPrivilegeSynchonizer(hiveConf); + startPrivilegeSynchronizer(hiveConf); } catch (Exception e) { - LOG.error("Error starting priviledge synchonizer: ", e); + LOG.error("Error starting priviledge synchronizer: ", e); throw new ServiceException(e); } @@ -978,7 +978,7 @@ public class HiveServer2 extends CompositeService { } } - public void startPrivilegeSynchonizer(HiveConf hiveConf) throws Exception { + public void startPrivilegeSynchronizer(HiveConf hiveConf) throws Exception { if (!HiveConf.getBoolVar(hiveConf, ConfVars.HIVE_PRIVILEGE_SYNCHRONIZER)) { return; @@ -1006,15 +1006,15 @@ public class HiveServer2 extends CompositeService { String rootNamespace = hiveConf.getVar(HiveConf.ConfVars.HIVE_SERVER2_ZOOKEEPER_NAMESPACE); String path = ZooKeeperHiveHelper.ZOOKEEPER_PATH_SEPARATOR + rootNamespace + ZooKeeperHiveHelper.ZOOKEEPER_PATH_SEPARATOR + "leader"; - LeaderLatch privilegeSynchonizerLatch = new LeaderLatch(zKClientForPrivSync, path); - privilegeSynchonizerLatch.start(); - LOG.info("Find " + policyContainer.size() + " policy to synchronize, start PrivilegeSynchonizer"); - Thread privilegeSynchonizerThread = new Thread( - new PrivilegeSynchonizer(privilegeSynchonizerLatch, policyContainer, hiveConf), "PrivilegeSynchonizer"); - privilegeSynchonizerThread.start(); + LeaderLatch privilegeSynchronizerLatch = new LeaderLatch(zKClientForPrivSync, path); + privilegeSynchronizerLatch.start(); + LOG.info("Find " + policyContainer.size() + " policy to synchronize, start PrivilegeSynchronizer"); + Thread privilegeSynchronizerThread = new Thread( + new PrivilegeSynchronizer(privilegeSynchronizerLatch, policyContainer, hiveConf), "PrivilegeSynchronizer"); + privilegeSynchronizerThread.start(); } else { LOG.warn( - "No policy provider found, skip creating PrivilegeSynchonizer"); + "No policy provider found, skip creating PrivilegeSynchronizer"); } }
