Examples of HiveAuthorizer

• org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer
  Interface for hive authorization plugins. Used by the DDLTasks for access control statement, and for checking authorization from Driver.doAuthorization() This a more generic version of {@link HiveAuthorizationProvider} that lets you define the behavior of access controlstatements and does not make assumptions about the privileges needed for a hive operation. This is referred to as V2 authorizer in other parts of the code.

Examples of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer

    //no exception thrown, so looks good
    return 0;
  }

  private int roleDDL(RoleDDLDesc roleDDLDesc) throws Exception {
    HiveAuthorizer authorizer = getSessionAuthorizer();
    RoleDDLDesc.RoleOperation operation = roleDDLDesc.getOperation();
    //call the appropriate hive authorizer function
    switch(operation){
    case CREATE_ROLE:
      authorizer.createRole(roleDDLDesc.getName(), null);
      break;
    case DROP_ROLE:
      authorizer.dropRole(roleDDLDesc.getName());
      break;
    case SHOW_ROLE_GRANT:
      boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST);
      List<HiveRoleGrant> roles = authorizer.getRoleGrantInfoForPrincipal(
          AuthorizationUtils.getHivePrincipal(roleDDLDesc.getName(), roleDDLDesc.getPrincipalType()));
      writeToFile(writeRolesGrantedInfo(roles, testMode), roleDDLDesc.getResFile());
      break;
    case SHOW_ROLES:
      List<String> allRoles = authorizer.getAllRoles();
      writeListToFileAfterSort(allRoles, roleDDLDesc.getResFile());
      break;
    case SHOW_CURRENT_ROLE:
      List<String> roleNames = authorizer.getCurrentRoleNames();
      writeListToFileAfterSort(roleNames, roleDDLDesc.getResFile());
      break;
    case SET_ROLE:
      authorizer.setCurrentRole(roleDDLDesc.getName());
      break;
    case SHOW_ROLE_PRINCIPALS:
      testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST);
      List<HiveRoleGrant> roleGrants = authorizer.getPrincipalGrantInfoForRole(roleDDLDesc.getName());
      writeToFile(writeHiveRoleGrantInfo(roleGrants, testMode), roleDDLDesc.getResFile());
      break;
    default:
      throw new HiveException("Unkown role operation "
          + operation.getOperationName());

Examples of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer

    return ret;
  }

  private HiveAuthorizer getSessionAuthorizer() {
    HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2();
    if (authorizer == null) {
      authorizer = new HiveV1Authorizer(conf, db);
    }
    return authorizer;
  }

Examples of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer

    return authorizer;
  }

  private int grantOrRevokeRole(GrantRevokeRoleDDL grantOrRevokeRoleDDL)
      throws HiveException {
    HiveAuthorizer authorizer = getSessionAuthorizer();
    //convert to the types needed for plugin api
    HivePrincipal grantorPrinc = null;
    if(grantOrRevokeRoleDDL.getGrantor() != null){
      grantorPrinc = new HivePrincipal(grantOrRevokeRoleDDL.getGrantor(),
          AuthorizationUtils.getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType()));
    }
    List<HivePrincipal> principals =
        AuthorizationUtils.getHivePrincipals(grantOrRevokeRoleDDL.getPrincipalDesc());
    List<String> roles = grantOrRevokeRoleDDL.getRoles();

    boolean grantOption = grantOrRevokeRoleDDL.isGrantOption();
    if (grantOrRevokeRoleDDL.getGrant()) {
      authorizer.grantRole(principals, roles, grantOption, grantorPrinc);
    } else {
      authorizer.revokeRole(principals, roles, grantOption, grantorPrinc);
    }
    return 0;
  }

Examples of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer

    return 0;
  }

  private int showGrants(ShowGrantDesc showGrantDesc) throws HiveException {

    HiveAuthorizer authorizer = getSessionAuthorizer();
    try {
      List<HivePrivilegeInfo> privInfos = authorizer.showPrivileges(
          AuthorizationUtils.getHivePrincipal(showGrantDesc.getPrincipalDesc()),
          AuthorizationUtils.getHivePrivilegeObject(showGrantDesc.getHiveObj()));
      boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST);
      writeToFile(writeGrantInfo(privInfos, testMode), showGrantDesc.getResFile());
    } catch (IOException e) {

Examples of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer

  private int grantOrRevokePrivileges(List<PrincipalDesc> principals,
      List<PrivilegeDesc> privileges, PrivilegeObjectDesc privSubjectDesc,
      String grantor, PrincipalType grantorType, boolean grantOption, boolean isGrant)
          throws HiveException {

    HiveAuthorizer authorizer = getSessionAuthorizer();

    //Convert to object types used by the authorization plugin interface
    List<HivePrincipal> hivePrincipals = AuthorizationUtils.getHivePrincipals(principals);
    List<HivePrivilege> hivePrivileges = AuthorizationUtils.getHivePrivileges(privileges);
    HivePrivilegeObject hivePrivObject = AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc);

    HivePrincipal grantorPrincipal = new HivePrincipal(
        grantor, AuthorizationUtils.getHivePrincipalType(grantorType));

    if(isGrant){
      authorizer.grantPrivileges(hivePrincipals, hivePrivileges, hivePrivObject,
          grantorPrincipal, grantOption);
    }else {
      authorizer.revokePrivileges(hivePrincipals, hivePrivileges,
          hivePrivObject, grantorPrincipal, grantOption);
    }
    //no exception thrown, so looks good
    return 0;
  }

Examples of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer

  public void testAuthEnableError() {
    HiveConf processedConf = new HiveConf();
    processedConf.setBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED, true);
    try {
      HiveAuthorizerFactory authorizerFactory = new SQLStdHiveAuthorizerFactory();
      HiveAuthorizer authorizer = authorizerFactory.createHiveAuthorizer(null, processedConf,
          new HadoopDefaultAuthenticator(), getCLISessionCtx());
      fail("Exception expected");
    } catch (HiveAuthzPluginException e) {
      assertTrue(e.getMessage().contains(
          "SQL standards based authorization should not be enabled from hive cli"));

Examples of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer

    }
    return 0;
  }

  private int grantOrRevokeRoleV2(GrantRevokeRoleDDL grantOrRevokeRoleDDL) throws HiveException {
    HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2();
    //convert to the types needed for plugin api
    HivePrincipal grantorPrinc = null;
    if(grantOrRevokeRoleDDL.getGrantor() != null){
      grantorPrinc = new HivePrincipal(grantOrRevokeRoleDDL.getGrantor(),
          getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType()));
    }
    List<HivePrincipal> hivePrincipals = getHivePrincipals(grantOrRevokeRoleDDL.getPrincipalDesc());
    List<String> roles = grantOrRevokeRoleDDL.getRoles();

    if(grantOrRevokeRoleDDL.getGrant()){
      authorizer.grantRole(hivePrincipals, roles,
          grantOrRevokeRoleDDL.isGrantOption(), grantorPrinc);
    }
    else{
      authorizer.revokeRole(hivePrincipals, roles,
          grantOrRevokeRoleDDL.isGrantOption(), grantorPrinc);
    }
    return 0;
  }

Examples of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer

    }
    return 0;
  }

  private int showGrantsV2(ShowGrantDesc showGrantDesc) throws HiveException {
    HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2();
    try {
      List<HivePrivilegeInfo> privInfos = authorizer.showPrivileges(
          getHivePrincipal(showGrantDesc.getPrincipalDesc()),
          getHivePrivilegeObject(showGrantDesc.getHiveObj())
          );
      List<HiveObjectPrivilege> privList = new ArrayList<HiveObjectPrivilege>();
      for(HivePrivilegeInfo privInfo : privInfos){

Examples of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer

  }

  private int grantOrRevokePrivilegesV2(List<PrincipalDesc> principals,
      List<PrivilegeDesc> privileges, PrivilegeObjectDesc privSubjectDesc, String grantor,
      PrincipalType grantorType, boolean grantOption, boolean isGrant) throws HiveException {
    HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2();

    //Convert to object types used by the authorization plugin interface
    List<HivePrincipal> hivePrincipals = getHivePrincipals(principals);
    List<HivePrivilege> hivePrivileges = getHivePrivileges(privileges);
    HivePrivilegeObject hivePrivObject = getHivePrivilegeObject(privSubjectDesc);
    HivePrincipal grantorPrincipal = new HivePrincipal(grantor, getHivePrincipalType(grantorType));

    if(isGrant){
      authorizer.grantPrivileges(hivePrincipals, hivePrivileges, hivePrivObject,
          grantorPrincipal, grantOption);
    }else {
      authorizer.revokePrivileges(hivePrincipals, hivePrivileges,
          hivePrivObject, grantorPrincipal, grantOption);
    }
    //no exception thrown, so looks good
    return 0;
  }

Examples of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer

    }
    return 0;
  }

  private int grantOrRevokeRoleV2(GrantRevokeRoleDDL grantOrRevokeRoleDDL) throws HiveException {
    HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2();
    //convert to the types needed for plugin api
    HivePrincipal grantorPrinc = null;
    if(grantOrRevokeRoleDDL.getGrantor() != null){
      grantorPrinc = new HivePrincipal(grantOrRevokeRoleDDL.getGrantor(),
          getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType()));
    }
    List<HivePrincipal> hivePrincipals = getHivePrincipals(grantOrRevokeRoleDDL.getPrincipalDesc());
    List<String> roles = grantOrRevokeRoleDDL.getRoles();

    if(grantOrRevokeRoleDDL.getGrant()){
      authorizer.grantRole(hivePrincipals, roles,
          grantOrRevokeRoleDDL.isGrantOption(), grantorPrinc);
    }
    else{
      authorizer.revokeRole(hivePrincipals, roles,
          grantOrRevokeRoleDDL.isGrantOption(), grantorPrinc);
    }
    return 0;
  }