[hive] branch master updated: HIVE-26219 Encapsulate the API change for FileUtils.isActionPermittedForFileHierarchy (#3278)
This is an automated email from the ASF dual-hosted git repository. rameshkumar pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/hive.git The following commit(s) were added to refs/heads/master by this push: new 4622860b8c HIVE-26219 Encapsulate the API change for FileUtils.isActionPermittedForFileHierarchy (#3278) 4622860b8c is described below commit 4622860b8c7dbddaf4c556e65c5039c60da15e82 Author: Ramesh Kumar AuthorDate: Tue May 10 16:17:25 2022 -0700 HIVE-26219 Encapsulate the API change for FileUtils.isActionPermittedForFileHierarchy (#3278) --- .../src/java/org/apache/hadoop/hive/common/FileUtils.java | 14 ++ 1 file changed, 14 insertions(+) diff --git a/common/src/java/org/apache/hadoop/hive/common/FileUtils.java b/common/src/java/org/apache/hadoop/hive/common/FileUtils.java index f3290f69a1..e9410ec4d0 100644 --- a/common/src/java/org/apache/hadoop/hive/common/FileUtils.java +++ b/common/src/java/org/apache/hadoop/hive/common/FileUtils.java @@ -532,6 +532,20 @@ public final class FileUtils { return isPermitted; } + public static boolean isActionPermittedForFileHierarchy(FileSystem fs, FileStatus fileStatus, + String userName, FsAction action, boolean recurse) throws Exception { +UserGroupInformation proxyUser = null; +boolean isPermitted; +try { + proxyUser = getProxyUser(userName); + FileSystem fsAsUser = getFsAsUser(fs, proxyUser); + isPermitted = isActionPermittedForFileHierarchy(fs, fileStatus, userName, action, recurse, fsAsUser); +} finally { + closeFs(proxyUser); +} +return isPermitted; + } + @SuppressFBWarnings(value = "DLS_DEAD_LOCAL_STORE", justification = "Intended, dir privilege all-around bug") public static boolean isActionPermittedForFileHierarchy(FileSystem fs, FileStatus fileStatus, String userName, FsAction action, boolean recurse, FileSystem fsAsUser) throws Exception {
[hive] branch master updated: HVIE-26199 Reduce FileSystem init during user impersonation (#3264)
This is an automated email from the ASF dual-hosted git repository. rameshkumar pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/hive.git The following commit(s) were added to refs/heads/master by this push: new f298ebc51d HVIE-26199 Reduce FileSystem init during user impersonation (#3264) f298ebc51d is described below commit f298ebc51d8073e2bcefae8bdf331fab2b91d4d0 Author: Ramesh Kumar AuthorDate: Tue May 10 07:44:50 2022 -0700 HVIE-26199 Reduce FileSystem init during user impersonation (#3264) --- .../org/apache/hadoop/hive/common/FileUtils.java | 92 +++--- .../org/apache/hadoop/hive/ql/metadata/Hive.java | 16 +++- .../plugin/sqlstd/SQLAuthorizationUtils.java | 20 +++-- 3 files changed, 91 insertions(+), 37 deletions(-) diff --git a/common/src/java/org/apache/hadoop/hive/common/FileUtils.java b/common/src/java/org/apache/hadoop/hive/common/FileUtils.java index e92b700195..f3290f69a1 100644 --- a/common/src/java/org/apache/hadoop/hive/common/FileUtils.java +++ b/common/src/java/org/apache/hadoop/hive/common/FileUtils.java @@ -67,6 +67,8 @@ import org.apache.hive.common.util.SuppressFBWarnings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.security.auth.login.LoginException; + /** * Collection of file manipulation utilities common across Hive. */ @@ -408,10 +410,16 @@ public final class FileUtils { return getPathOrParentThatExists(fs, parentPath); } - public static void checkFileAccessWithImpersonation(final FileSystem fs, final FileStatus stat, - final FsAction action, final String user) - throws IOException, AccessControlException, InterruptedException, Exception { -checkFileAccessWithImpersonation(fs, stat, action, user, null); + public static void checkFileAccessWithImpersonation(final FileSystem fs, final FileStatus stat, final FsAction action, + final String user) throws Exception { +UserGroupInformation proxyUser = null; +try { + proxyUser = getProxyUser(user); + FileSystem fsAsUser = FileUtils.getFsAsUser(fs, proxyUser); + checkFileAccessWithImpersonation(fs, stat, action, user, null, fsAsUser); +} finally { + closeFs(proxyUser); +} } /** @@ -435,9 +443,9 @@ public final class FileUtils { * @throws InterruptedException * @throws Exception */ - public static void checkFileAccessWithImpersonation(final FileSystem fs, - final FileStatus stat, final FsAction action, final String user, final List children) - throws IOException, AccessControlException, InterruptedException, Exception { + public static void checkFileAccessWithImpersonation(final FileSystem fs, final FileStatus stat, final FsAction action, + final String user, final List children, final FileSystem fsAsUser) + throws IOException, AccessControlException, InterruptedException, Exception { UserGroupInformation ugi = Utils.getUGI(); String currentUser = ugi.getShortUserName(); @@ -449,25 +457,17 @@ public final class FileUtils { } // Otherwise, try user impersonation. Current user must be configured to do user impersonation. -UserGroupInformation proxyUser = UserGroupInformation.createProxyUser( -user, UserGroupInformation.getLoginUser()); -try { - proxyUser.doAs(new PrivilegedExceptionAction() { -@Override -public Object run() throws Exception { - FileSystem fsAsUser = FileSystem.get(fs.getUri(), fs.getConf()); - ShimLoader.getHadoopShims().checkFileAccess(fsAsUser, stat, action); - addChildren(fsAsUser, stat.getPath(), children); - return null; -} - }); -} finally { - FileSystem.closeAllForUGI(proxyUser); -} +UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser()); +proxyUser.doAs(new PrivilegedExceptionAction() { + @Override public Object run() throws Exception { +ShimLoader.getHadoopShims().checkFileAccess(fsAsUser, stat, action); +addChildren(fsAsUser, stat.getPath(), children); +return null; + } +}); } - private static void addChildren(FileSystem fsAsUser, Path path, List children) - throws IOException { + private static void addChildren(FileSystem fsAsUser, Path path, List children) throws IOException { if (children != null) { FileStatus[] listStatus; try { @@ -480,6 +480,33 @@ public final class FileUtils { } } + public static UserGroupInformation getProxyUser(final String user) throws LoginException, IOException { +UserGroupInformation ugi = Utils.getUGI(); +String currentUser = ugi.getShortUserName(); +UserGroupInformation proxyUser = null; +if (user != null && !user.equals(currentUser)) { + proxyUser = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser()); +} +return proxyUser;
[hive] branch master updated: HIVE-25969: Unable to reference table column named default (Krisztian Kasa, reviewed by Zoltan Haindrich)
This is an automated email from the ASF dual-hosted git repository. krisztiankasa pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/hive.git The following commit(s) were added to refs/heads/master by this push: new 62834fbdd3 HIVE-25969: Unable to reference table column named default (Krisztian Kasa, reviewed by Zoltan Haindrich) 62834fbdd3 is described below commit 62834fbdd3bd4065413b59448759c6a25aa1dbf0 Author: Krisztian Kasa AuthorDate: Tue May 10 13:46:13 2022 +0200 HIVE-25969: Unable to reference table column named default (Krisztian Kasa, reviewed by Zoltan Haindrich) --- .../apache/hadoop/hive/ql/parse/FromClauseParser.g | 7 ++ .../org/apache/hadoop/hive/ql/parse/HiveParser.g | 9 +- .../hadoop/hive/ql/parse/IdentifiersParser.g | 14 ++- .../hadoop/hive/ql/parse/TestParseDefault.java | 108 .../hive/ql/parse/MergeSemanticAnalyzer.java | 49 - .../hive/ql/parse/RewriteSemanticAnalyzer.java | 4 + .../hadoop/hive/ql/parse/SemanticAnalyzer.java | 25 +++-- .../hadoop/hive/ql/parse/UnparseTranslator.java| 13 +++ .../clientpositive/insert_into_default_keyword_2.q | 15 +++ .../llap/insert_into_default_keyword_2.q.out | 113 + 10 files changed, 311 insertions(+), 46 deletions(-) diff --git a/parser/src/java/org/apache/hadoop/hive/ql/parse/FromClauseParser.g b/parser/src/java/org/apache/hadoop/hive/ql/parse/FromClauseParser.g index 34a91fbe0e..dbad0f7f33 100644 --- a/parser/src/java/org/apache/hadoop/hive/ql/parse/FromClauseParser.g +++ b/parser/src/java/org/apache/hadoop/hive/ql/parse/FromClauseParser.g @@ -62,6 +62,13 @@ tableOrColumn identifier -> ^(TOK_TABLE_OR_COL identifier) ; +defaultValue +@init { gParent.pushMsg("default value", state); } +@after { gParent.popMsg(state); } +: +KW_DEFAULT -> ^(TOK_TABLE_OR_COL TOK_DEFAULT_VALUE) +; + expressionList @init { gParent.pushMsg("expression list", state); } @after { gParent.popMsg(state); } diff --git a/parser/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g b/parser/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g index ce63d0bc63..538d0a7127 100644 --- a/parser/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g +++ b/parser/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g @@ -2777,9 +2777,16 @@ deleteStatement /*SET = (3 + col2)*/ columnAssignmentClause : - tableOrColumn EQUAL^ precedencePlusExpression + | tableOrColumn EQUAL^ precedencePlusExpressionOrDefault ; +precedencePlusExpressionOrDefault +: +(KW_DEFAULT (~DOT|EOF)) => defaultValue +| precedencePlusExpression +; + + /*SET col1 = 5, col2 = (4 + col4), ...*/ setColumnsClause : diff --git a/parser/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g b/parser/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g index 31f437d63b..4d807a7ef6 100644 --- a/parser/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g +++ b/parser/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g @@ -160,7 +160,7 @@ expressionsInParenthesis[boolean isStruct, boolean forceStruct] expressionsNotInParenthesis[boolean isStruct, boolean forceStruct] : -first=expression more=expressionPart[$expression.tree, isStruct]? +first=expressionOrDefault more=expressionPart[$expressionOrDefault.tree, isStruct]? -> {forceStruct && more==null}? ^(TOK_FUNCTION Identifier["struct"] {$first.tree}) -> {more==null}? @@ -170,9 +170,15 @@ expressionsNotInParenthesis[boolean isStruct, boolean forceStruct] expressionPart[CommonTree firstExprTree, boolean isStruct] : -(COMMA expression)+ --> {isStruct}? ^(TOK_FUNCTION Identifier["struct"] {$firstExprTree} expression+) --> {$firstExprTree} expression+ +(COMMA expressionOrDefault)+ +-> {isStruct}? ^(TOK_FUNCTION Identifier["struct"] {$firstExprTree} expressionOrDefault+) +-> {$firstExprTree} expressionOrDefault+ +; + +expressionOrDefault +: +(KW_DEFAULT ~DOT) => defaultValue +| expression ; // Parses comma separated list of expressions with optionally specified aliases. diff --git a/parser/src/test/org/apache/hadoop/hive/ql/parse/TestParseDefault.java b/parser/src/test/org/apache/hadoop/hive/ql/parse/TestParseDefault.java new file mode 100644 index 00..707b46b7f8 --- /dev/null +++ b/parser/src/test/org/apache/hadoop/hive/ql/parse/TestParseDefault.java @@ -0,0 +1,108 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + *