Repository: incubator-sentry Updated Branches: refs/heads/master 7f123002c -> cda611aee
SENTRY-997: Update HiveAuthorizer of Sentry after HiveAuthorizer interface changes (Dapeng Sun, reviewed by Colin Ma) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/cda611ae Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/cda611ae Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/cda611ae Branch: refs/heads/master Commit: cda611aee5f93862e1e3db3f27aa6e37672d1d91 Parents: 7f12300 Author: Sun Dapeng <[email protected]> Authored: Wed Feb 3 09:50:55 2016 +0800 Committer: Sun Dapeng <[email protected]> Committed: Wed Feb 3 09:50:55 2016 +0800 ---------------------------------------------------------------------- .../v2/authorizer/SentryHiveAuthorizer.java | 53 +++++++++----------- 1 file changed, 25 insertions(+), 28 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/cda611ae/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/SentryHiveAuthorizer.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/SentryHiveAuthorizer.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/SentryHiveAuthorizer.java index 9d227b8..14b952f 100644 --- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/SentryHiveAuthorizer.java +++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/SentryHiveAuthorizer.java @@ -19,11 +19,10 @@ import java.util.List; import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.ql.exec.SentryHivePrivilegeObjectDesc; import org.apache.hadoop.hive.ql.metadata.HiveException; -import org.apache.hadoop.hive.ql.plan.PrincipalDesc; -import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; -import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils; +import org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationTranslator; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationTranslator; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException; @@ -45,6 +44,8 @@ public class SentryHiveAuthorizer implements HiveAuthorizer { private SentryHiveAccessController accessController; private SentryHiveAuthorizationValidator authValidator; + static private HiveAuthorizationTranslator hiveTranslator = + new SentryHiveAuthorizationTranslator(); public SentryHiveAuthorizer(SentryHiveAccessController accessController, SentryHiveAuthorizationValidator authValidator) { @@ -152,31 +153,6 @@ public class SentryHiveAuthorizer implements HiveAuthorizer { return authValidator.filterListCmdObjects(listObjs, context); } - @Override - public List<HivePrincipal> getHivePrincipals(List<PrincipalDesc> principals) throws HiveException { - return AuthorizationUtils.getHivePrincipals(principals); - } - - @Override - public List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges) { - return AuthorizationUtils.getHivePrivileges(privileges); - } - - @Override - public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) - throws HiveException { - SentryHivePrivilegeObjectDesc sPrivSubjectDesc = null; - if (privSubjectDesc instanceof SentryHivePrivilegeObjectDesc) { - sPrivSubjectDesc = (SentryHivePrivilegeObjectDesc) privSubjectDesc; - } - if (sPrivSubjectDesc != null && sPrivSubjectDesc.isSentryPrivObjectDesc()) { - HivePrivilegeObjectType objectType = getPrivObjectType(sPrivSubjectDesc); - return new SentryHivePrivilegeObject(objectType, privSubjectDesc.getObject()); - } else { - return AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc); - } - } - protected static HivePrivilegeObjectType getPrivObjectType( SentryHivePrivilegeObjectDesc privSubjectDesc) { if (privSubjectDesc.getObject() == null) { @@ -192,4 +168,25 @@ public class SentryHiveAuthorizer implements HiveAuthorizer { } } + @Override + public Object getHiveAuthorizationTranslator() throws HiveAuthzPluginException { + return hiveTranslator; + } + + private static class SentryHiveAuthorizationTranslator extends DefaultHiveAuthorizationTranslator { + + @Override + public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) + throws HiveException { + if (privSubjectDesc != null && privSubjectDesc instanceof SentryHivePrivilegeObjectDesc) { + SentryHivePrivilegeObjectDesc sPrivSubjectDesc = + (SentryHivePrivilegeObjectDesc) privSubjectDesc; + if (sPrivSubjectDesc.isSentryPrivObjectDesc()) { + HivePrivilegeObjectType objectType = getPrivObjectType(sPrivSubjectDesc); + return new SentryHivePrivilegeObject(objectType, privSubjectDesc.getObject()); + } + } + return super.getHivePrivilegeObject(privSubjectDesc); + } + } }
