You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by ha...@apache.org on 2014/03/23 17:49:40 UTC
svn commit: r1580527 - in /hive/branches/branch-0.13/ql/src:
java/org/apache/hadoop/hive/ql/exec/
java/org/apache/hadoop/hive/ql/security/authorization/
java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/
test/queries/clientpositive/ t...
Author: hashutosh
Date: Sun Mar 23 16:49:39 2014
New Revision: 1580527
URL: http://svn.apache.org/r1580527
Log:
HIVE-6673 : sql std auth - show grant statement for all principals throws NPE (Thejas Nair via Ashutosh Chauhan)
Modified:
hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
hive/branches/branch-0.13/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q
hive/branches/branch-0.13/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out
Modified: hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
URL: http://svn.apache.org/viewvc/hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java?rev=1580527&r1=1580526&r2=1580527&view=diff
==============================================================================
--- hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java (original)
+++ hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java Sun Mar 23 16:49:39 2014
@@ -890,6 +890,9 @@ public class DDLTask extends Task<DDLWor
}
private HivePrincipal getHivePrincipal(PrincipalDesc principal) throws HiveException {
+ if (principal == null) {
+ return null;
+ }
return new HivePrincipal(principal.getName(),
AuthorizationUtils.getHivePrincipalType(principal.getType()));
}
Modified: hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
URL: http://svn.apache.org/viewvc/hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java?rev=1580527&r1=1580526&r2=1580527&view=diff
==============================================================================
--- hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java (original)
+++ hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java Sun Mar 23 16:49:39 2014
@@ -153,6 +153,9 @@ public class AuthorizationUtils {
* @throws HiveException
*/
public static HiveObjectRef getThriftHiveObjectRef(HivePrivilegeObject privObj) throws HiveException {
+ if (privObj == null) {
+ return null;
+ }
HiveObjectType objType = getThriftHiveObjType(privObj.getType());
return new HiveObjectRef(objType, privObj.getDbname(), privObj.getTableViewURI(), null, null);
}
Modified: hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
URL: http://svn.apache.org/viewvc/hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java?rev=1580527&r1=1580526&r2=1580527&view=diff
==============================================================================
--- hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java (original)
+++ hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java Sun Mar 23 16:49:39 2014
@@ -17,8 +17,6 @@
*/
package org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd;
-import com.google.common.collect.ImmutableSet;
-
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
@@ -56,6 +54,8 @@ import org.apache.hadoop.hive.ql.securit
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant;
import org.apache.thrift.TException;
+import com.google.common.collect.ImmutableSet;
+
/**
* Implements functionality of access control statements for sql standard based
* authorization
@@ -368,9 +368,13 @@ public class SQLStdHiveAccessController
try {
IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient();
List<HivePrivilegeInfo> resPrivInfos = new ArrayList<HivePrivilegeInfo>();
+ String principalName = principal == null ? null : principal.getName();
+ PrincipalType principalType = principal == null ? null :
+ AuthorizationUtils.getThriftPrincipalType(principal.getType());
+
// get metastore/thrift privilege object using metastore api
- List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(principal.getName(),
- AuthorizationUtils.getThriftPrincipalType(principal.getType()),
+ List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(principalName,
+ principalType,
SQLAuthorizationUtils.getThriftHiveObjectRef(privObj));
Modified: hive/branches/branch-0.13/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q
URL: http://svn.apache.org/viewvc/hive/branches/branch-0.13/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q?rev=1580527&r1=1580526&r2=1580527&view=diff
==============================================================================
--- hive/branches/branch-0.13/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q (original)
+++ hive/branches/branch-0.13/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q Sun Mar 23 16:49:39 2014
@@ -4,7 +4,10 @@ set hive.security.authenticator.manager=
set hive.security.authorization.enabled=true;
set user.name=user1;
+-- Test view authorization , and 'show grant' variants
+
create table t1(i int, j int, k int);
+show grant on table t1;
-- protecting certain columns
create view vt1 as select i,k from t1;
@@ -36,6 +39,9 @@ show grant user user2 on all;
revoke all on vt2 from user user2;
show grant user user2 on table vt2;
+show grant on table vt2;
+
+
revoke select on table vt1 from user user2;
show grant user user2 on table vt1;
@@ -57,3 +63,4 @@ show grant role role_v on table vt2;
revoke delete on table vt2 from role role_v;
show grant role role_v on table vt2;
+show grant on table vt2;
Modified: hive/branches/branch-0.13/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out
URL: http://svn.apache.org/viewvc/hive/branches/branch-0.13/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out?rev=1580527&r1=1580526&r2=1580527&view=diff
==============================================================================
--- hive/branches/branch-0.13/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out (original)
+++ hive/branches/branch-0.13/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out Sun Mar 23 16:49:39 2014
@@ -1,10 +1,22 @@
-PREHOOK: query: create table t1(i int, j int, k int)
+PREHOOK: query: -- Test view authorization , and 'show grant' variants
+
+create table t1(i int, j int, k int)
PREHOOK: type: CREATETABLE
PREHOOK: Output: database:default
-POSTHOOK: query: create table t1(i int, j int, k int)
+POSTHOOK: query: -- Test view authorization , and 'show grant' variants
+
+create table t1(i int, j int, k int)
POSTHOOK: type: CREATETABLE
POSTHOOK: Output: database:default
POSTHOOK: Output: default@t1
+PREHOOK: query: show grant on table t1
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant on table t1
+POSTHOOK: type: SHOW_GRANT
+default t1 user1 USER DELETE true -1 user1
+default t1 user1 USER INSERT true -1 user1
+default t1 user1 USER SELECT true -1 user1
+default t1 user1 USER UPDATE true -1 user1
PREHOOK: query: -- protecting certain columns
create view vt1 as select i,k from t1
PREHOOK: type: CREATEVIEW
@@ -110,6 +122,14 @@ PREHOOK: query: show grant user user2 on
PREHOOK: type: SHOW_GRANT
POSTHOOK: query: show grant user user2 on table vt2
POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant on table vt2
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant on table vt2
+POSTHOOK: type: SHOW_GRANT
+default vt2 user1 USER DELETE true -1 user1
+default vt2 user1 USER INSERT true -1 user1
+default vt2 user1 USER SELECT true -1 user1
+default vt2 user1 USER UPDATE true -1 user1
PREHOOK: query: revoke select on table vt1 from user user2
PREHOOK: type: REVOKE_PRIVILEGE
PREHOOK: Output: default@vt1
@@ -190,3 +210,14 @@ POSTHOOK: type: SHOW_GRANT
default vt2 role_v ROLE INSERT false -1 hive_admin_user
default vt2 role_v ROLE SELECT false -1 hive_admin_user
default vt2 role_v ROLE UPDATE false -1 hive_admin_user
+PREHOOK: query: show grant on table vt2
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant on table vt2
+POSTHOOK: type: SHOW_GRANT
+default vt2 role_v ROLE INSERT false -1 hive_admin_user
+default vt2 role_v ROLE SELECT false -1 hive_admin_user
+default vt2 role_v ROLE UPDATE false -1 hive_admin_user
+default vt2 user1 USER DELETE true -1 user1
+default vt2 user1 USER INSERT true -1 user1
+default vt2 user1 USER SELECT true -1 user1
+default vt2 user1 USER UPDATE true -1 user1