You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by br...@apache.org on 2014/08/16 02:23:51 UTC
svn commit: r1618297 [1/2] - in /hive/branches/spark: ./
ant/src/org/apache/hadoop/hive/ant/
common/src/java/org/apache/hadoop/hive/conf/
itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/
itests/hive-unit/src/test/java/org/apache/hadoo...
Author: brock
Date: Sat Aug 16 00:23:49 2014
New Revision: 1618297
URL: http://svn.apache.org/r1618297
Log:
Merge trunk to spark
Added:
hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestCLIAuthzSessionContext.java
- copied unchanged from r1618296, hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestCLIAuthzSessionContext.java
hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzSessionContext.java
- copied unchanged from r1618296, hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzSessionContext.java
hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzSessionContext.java
- copied unchanged from r1618296, hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzSessionContext.java
hive/branches/spark/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java
- copied unchanged from r1618296, hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java
hive/branches/spark/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerHS2.java
- copied unchanged from r1618296, hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerHS2.java
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cli_auth_enable.q
- copied unchanged from r1618296, hive/trunk/ql/src/test/queries/clientnegative/authorization_cli_auth_enable.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_cli_createtab.q
- copied unchanged from r1618296, hive/trunk/ql/src/test/queries/clientpositive/authorization_cli_createtab.q
hive/branches/spark/ql/src/test/results/clientnegative/authorization_cli_auth_enable.q.out
- copied unchanged from r1618296, hive/trunk/ql/src/test/results/clientnegative/authorization_cli_auth_enable.q.out
hive/branches/spark/ql/src/test/results/clientpositive/authorization_cli_createtab.q.out
- copied unchanged from r1618296, hive/trunk/ql/src/test/results/clientpositive/authorization_cli_createtab.q.out
hive/branches/spark/shims/0.23/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge23.java
- copied unchanged from r1618296, hive/trunk/shims/0.23/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge23.java
Removed:
hive/branches/spark/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessController.java
Modified:
hive/branches/spark/ (props changed)
hive/branches/spark/ant/src/org/apache/hadoop/hive/ant/QTestGenTask.java
hive/branches/spark/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java
hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java
hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzContext.java
hive/branches/spark/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java
hive/branches/spark/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java
hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java
hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandUtil.java
hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java
hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerFactory.java
hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzContext.java
hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactory.java
hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java
hive/branches/spark/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_addjar.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_addpartition.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_alter_db_owner.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cannot_create_all_role.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cannot_create_default_role.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cannot_create_none_role.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_caseinsensitivity.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_compile.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_func1.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_func2.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_index.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_macro1.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_createview.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_ctas.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_deletejar.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_desc_table_nosel.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_dfs.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_disallow_transform.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_admin_role.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_db_empty.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_index.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_role_no_admin.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_droppartition.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_fail_8.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_allpriv.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_fail1.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_fail_nogrant.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_insert_noinspriv.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_insertoverwrite_nodel.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_rename.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_serdeprop.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_not_owner_drop_view.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_priv_current_role_neg.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_revoke_table_fail1.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_revoke_table_fail2.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_role_cycles1.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_role_cycles2.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_role_grant.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_role_grant2.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_role_grant_nosuchrole.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_role_grant_otherrole.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_role_grant_otheruser.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_rolehierarchy_privs.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_select.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_select_view.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_set_role_neg1.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_set_role_neg2.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_show_grant_otherrole.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_all.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_alltabs.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_wtab.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_show_parts_nosel.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_show_role_principals_no_admin.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_show_roles_no_admin.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_table_grant_nosuchrole.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_truncate.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_uri_add_partition.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_uri_alterpart_loc.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_uri_altertab_setloc.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_uri_create_table1.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_uri_create_table_ext.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_uri_createdb.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_uri_index.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_uri_insert.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_uri_insert_local.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorization_uri_load_data.q
hive/branches/spark/ql/src/test/queries/clientnegative/authorize_create_tbl.q
hive/branches/spark/ql/src/test/queries/clientnegative/temp_table_authorize_create_tbl.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_1_sql_std.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_admin_almighty1.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_admin_almighty2.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_create_func1.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_create_macro1.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_create_table_owner_privs.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_create_temp_table.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_grant_public_role.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_grant_table_priv.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_index.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_insert.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_owner_actions.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_owner_actions_db.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_parts.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_reset.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_revoke_table_priv.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_role_grant1.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_role_grant2.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_show_grant.q
hive/branches/spark/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q
hive/branches/spark/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpCLIService.java
hive/branches/spark/shims/common/src/main/java/org/apache/hadoop/hive/shims/ShimLoader.java
Propchange: hive/branches/spark/
------------------------------------------------------------------------------
Merged /hive/trunk:r1618212-1618296
Modified: hive/branches/spark/ant/src/org/apache/hadoop/hive/ant/QTestGenTask.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/ant/src/org/apache/hadoop/hive/ant/QTestGenTask.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ant/src/org/apache/hadoop/hive/ant/QTestGenTask.java (original)
+++ hive/branches/spark/ant/src/org/apache/hadoop/hive/ant/QTestGenTask.java Sat Aug 16 00:23:49 2014
@@ -93,15 +93,15 @@ public class QTestGenTask extends Task {
}
}
- public class QFileRegexFilter extends QFileFilter {
+ public class QFileRegexFilter implements FileFilter {
Pattern filterPattern;
- public QFileRegexFilter(String filter, Set<String> includeOnly) {
- super(includeOnly);
+ public QFileRegexFilter(String filter) {
filterPattern = Pattern.compile(filter);
}
public boolean accept(File filePath) {
- if (!super.accept(filePath)) {
+ if (filePath.isDirectory() ||
+ !filePath.getName().endsWith(".q")) {
return false;
}
String testName = StringUtils.chomp(filePath.getName(), ".q");
@@ -350,6 +350,13 @@ public class QTestGenTask extends Task {
File logDir = null;
try {
+
+ System.out.println("Starting Generation of: " + className);
+ System.out.println("Include Files: " + includeQueryFile);
+ System.out.println("Excluded Files: " + excludeQueryFile);
+ System.out.println("Query Files: " + queryFile);
+ System.out.println("Query Files Regex: " + queryFileRegex);
+
// queryDirectory should not be null
queryDir = new File(queryDirectory);
@@ -358,9 +365,6 @@ public class QTestGenTask extends Task {
if (queryFile != null && !queryFile.equals("")) {
// The user may have passed a list of files - comma separated
for (String qFile : CSV_SPLITTER.split(queryFile)) {
- if (includeOnly != null && !includeOnly.contains(qFile)) {
- continue;
- }
if (null != queryDir) {
testFiles.add(new File(queryDir, qFile));
} else {
@@ -370,7 +374,7 @@ public class QTestGenTask extends Task {
} else if (queryFileRegex != null && !queryFileRegex.equals("")) {
for (String regex : CSV_SPLITTER.split(queryFileRegex)) {
testFiles.addAll(Arrays.asList(queryDir.listFiles(
- new QFileRegexFilter(regex, includeOnly))));
+ new QFileRegexFilter(regex))));
}
} else if (runDisabled != null && runDisabled.equals("true")) {
testFiles.addAll(Arrays.asList(queryDir.listFiles(new DisabledQFileFilter(includeOnly))));
Modified: hive/branches/spark/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java (original)
+++ hive/branches/spark/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java Sat Aug 16 00:23:49 2014
@@ -36,12 +36,14 @@ import java.util.regex.Pattern;
import javax.security.auth.login.LoginException;
-import static org.apache.hadoop.hive.conf.Validator.*;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate;
+import org.apache.hadoop.hive.conf.Validator.PatternSet;
+import org.apache.hadoop.hive.conf.Validator.RangeValidator;
+import org.apache.hadoop.hive.conf.Validator.StringSet;
import org.apache.hadoop.hive.shims.ShimLoader;
import org.apache.hadoop.mapred.JobConf;
import org.apache.hadoop.security.UserGroupInformation;
@@ -296,9 +298,9 @@ public class HiveConf extends Configurat
LOCALMODEAUTO("hive.exec.mode.local.auto", false,
"Let Hive determine whether to run in local mode automatically"),
- LOCALMODEMAXBYTES("hive.exec.mode.local.auto.inputbytes.max", 134217728L,
+ LOCALMODEMAXBYTES("hive.exec.mode.local.auto.inputbytes.max", 134217728L,
"When hive.exec.mode.local.auto is true, input bytes should less than this for local mode."),
- LOCALMODEMAXINPUTFILES("hive.exec.mode.local.auto.input.files.max", 4,
+ LOCALMODEMAXINPUTFILES("hive.exec.mode.local.auto.input.files.max", 4,
"When hive.exec.mode.local.auto is true, the number of tasks should less than this for local mode."),
DROPIGNORESNONEXISTENT("hive.exec.drop.ignorenonexistent", true,
@@ -369,7 +371,7 @@ public class HiveConf extends Configurat
"The number of times to retry a HMSHandler call if there were a connection error"),
HMSHANDLERINTERVAL("hive.hmshandler.retry.interval", 1000,
"The number of milliseconds between HMSHandler retry attempts"),
- HMSHANDLERFORCERELOADCONF("hive.hmshandler.force.reload.conf", false,
+ HMSHANDLERFORCERELOADCONF("hive.hmshandler.force.reload.conf", false,
"Whether to force reloading of the HMSHandler configuration (including\n" +
"the connection URL, before the next metastore query that accesses the\n" +
"datastore. Once reloaded, this value is reset to false. Used for\n" +
@@ -382,7 +384,7 @@ public class HiveConf extends Configurat
"Whether to enable TCP keepalive for the metastore server. Keepalive will prevent accumulation of half-open connections."),
METASTORE_INT_ORIGINAL("hive.metastore.archive.intermediate.original",
- "_INTERMEDIATE_ORIGINAL",
+ "_INTERMEDIATE_ORIGINAL",
"Intermediate dir suffixes used for archiving. Not important what they\n" +
"are, as long as collisions are avoided"),
METASTORE_INT_ARCHIVED("hive.metastore.archive.intermediate.archived",
@@ -558,7 +560,7 @@ public class HiveConf extends Configurat
HIVE_SESSION_HISTORY_ENABLED("hive.session.history.enabled", false,
"Whether to log Hive query, query plan, runtime statistics etc."),
- HIVEQUERYSTRING("hive.query.string", "",
+ HIVEQUERYSTRING("hive.query.string", "",
"Query being executed (might be multiple per a session)"),
HIVEQUERYID("hive.query.id", "",
@@ -797,7 +799,7 @@ public class HiveConf extends Configurat
" for small ORC files. Note that enabling this config will not honor padding tolerance\n" +
" config (hive.exec.orc.block.padding.tolerance)."),
HIVEMERGEINPUTFORMATSTRIPELEVEL("hive.merge.input.format.stripe.level",
- "org.apache.hadoop.hive.ql.io.orc.OrcFileStripeMergeInputFormat",
+ "org.apache.hadoop.hive.ql.io.orc.OrcFileStripeMergeInputFormat",
"Input file format to use for ORC stripe level merging (for internal use only)"),
HIVEMERGECURRENTJOBHASDYNAMICPARTITIONS(
"hive.merge.current.job.has.dynamic.partitions", false, ""),
@@ -813,7 +815,7 @@ public class HiveConf extends Configurat
HIVE_RCFILE_TOLERATE_CORRUPTIONS("hive.io.rcfile.tolerate.corruptions", false, ""),
HIVE_RCFILE_RECORD_BUFFER_SIZE("hive.io.rcfile.record.buffer.size", 4194304, ""), // 4M
- HIVE_ORC_FILE_MEMORY_POOL("hive.exec.orc.memory.pool", 0.5f,
+ HIVE_ORC_FILE_MEMORY_POOL("hive.exec.orc.memory.pool", 0.5f,
"Maximum fraction of heap that can be used by ORC file writers"),
HIVE_ORC_WRITE_FORMAT("hive.exec.orc.write.format", null,
"Define the version of the file to write"),
@@ -1099,8 +1101,8 @@ public class HiveConf extends Configurat
"The Java class (implementing the StatsAggregator interface) that is used by default if hive.stats.dbclass is custom type."),
HIVE_STATS_JDBC_TIMEOUT("hive.stats.jdbc.timeout", 30,
"Timeout value (number of seconds) used by JDBC connection and statements."),
- HIVE_STATS_ATOMIC("hive.stats.atomic", false,
- "whether to update metastore stats only if all stats are available"),
+ HIVE_STATS_ATOMIC("hive.stats.atomic", false,
+ "whether to update metastore stats only if all stats are available"),
HIVE_STATS_RETRIES_MAX("hive.stats.retries.max", 0,
"Maximum number of retries when stats publisher/aggregator got an exception updating intermediate database. \n" +
"Default is no tries on failures."),
@@ -1328,6 +1330,8 @@ public class HiveConf extends Configurat
"Enables type checking for registered Hive configurations"),
SEMANTIC_ANALYZER_HOOK("hive.semantic.analyzer.hook", "", ""),
+ HIVE_TEST_AUTHORIZATION_SQLSTD_HS2_MODE(
+ "hive.test.authz.sstd.hs2.mode", false, "test hs2 mode from .q tests", true),
HIVE_AUTHORIZATION_ENABLED("hive.security.authorization.enabled", false,
"enable or disable the Hive client authorization"),
HIVE_AUTHORIZATION_MANAGER("hive.security.authorization.manager",
@@ -1472,6 +1476,8 @@ public class HiveConf extends Configurat
"Minimum number of worker threads when in HTTP mode."),
HIVE_SERVER2_THRIFT_HTTP_MAX_WORKER_THREADS("hive.server2.thrift.http.max.worker.threads", 500,
"Maximum number of worker threads when in HTTP mode."),
+ HIVE_SERVER2_THRIFT_HTTP_MAX_IDLE_TIME("hive.server2.thrift.http.max.idle.time", 1800000,
+ "Maximum idle time in milliseconds for a connection on the server when in HTTP mode."),
// binary transport settings
HIVE_SERVER2_THRIFT_PORT("hive.server2.thrift.port", 10000,
@@ -1659,7 +1665,7 @@ public class HiveConf extends Configurat
"Exceeding this will trigger a flush irrelevant of memory pressure condition."),
HIVE_VECTORIZATION_GROUPBY_FLUSH_PERCENT("hive.vectorized.groupby.flush.percent", (float) 0.1,
"Percent of entries in the group by aggregation hash flushed when the memory threshold is exceeded."),
-
+
HIVE_TYPE_CHECK_ON_INSERT("hive.typecheck.on.insert", true, ""),
Modified: hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java (original)
+++ hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java Sat Aug 16 00:23:49 2014
@@ -24,6 +24,7 @@ import java.util.List;
import junit.framework.TestCase;
+import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hive.cli.CliSessionState;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
@@ -172,6 +173,17 @@ public class TestMetastoreAuthorizationP
String.format("create table %s (a string) partitioned by (b string)", tblName));
assertEquals(1,ret.getResponseCode());
+
+ // Even if table location is specified table creation should fail
+ String tblNameLoc = tblName + "_loc";
+ String tblLocation = new Path(dbLocn).getParent().toUri() + "/" + tblNameLoc;
+
+ driver.run("use " + dbName);
+ ret = driver.run(
+ String.format("create table %s (a string) partitioned by (b string) location '" +
+ tblLocation + "'", tblNameLoc));
+ assertEquals(1, ret.getResponseCode());
+
// failure from not having permissions to create table
ArrayList<FieldSchema> fields = new ArrayList<FieldSchema>(2);
@@ -215,6 +227,15 @@ public class TestMetastoreAuthorizationP
validateCreateTable(tbl,tblName, dbName);
+ // Table creation should succeed even if location is specified
+ driver.run("use " + dbName);
+ ret = driver.run(
+ String.format("create table %s (a string) partitioned by (b string) location '" +
+ tblLocation + "'", tblNameLoc));
+ assertEquals(0, ret.getResponseCode());
+ Table tblLoc = msc.getTable(dbName, tblNameLoc);
+ validateCreateTable(tblLoc, tblNameLoc, dbName);
+
String fakeUser = "mal";
List<String> fakeGroupNames = new ArrayList<String>();
fakeGroupNames.add("groupygroup");
Modified: hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java (original)
+++ hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java Sat Aug 16 00:23:49 2014
@@ -62,7 +62,7 @@ public class TestHiveAuthorizerCheckInvo
static class MockedHiveAuthorizerFactory implements HiveAuthorizerFactory {
@Override
public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
- HiveConf conf, HiveAuthenticationProvider authenticator) {
+ HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) {
TestHiveAuthorizerCheckInvocation.mockedAuthorizer = Mockito.mock(HiveAuthorizer.class);
return TestHiveAuthorizerCheckInvocation.mockedAuthorizer;
}
Modified: hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzContext.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzContext.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzContext.java (original)
+++ hive/branches/spark/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzContext.java Sat Aug 16 00:23:49 2014
@@ -33,9 +33,12 @@ import org.apache.hadoop.hive.conf.HiveC
import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
import org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
@@ -60,7 +63,7 @@ public class TestHS2AuthzContext {
static class MockedHiveAuthorizerFactory implements HiveAuthorizerFactory {
@Override
public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
- HiveConf conf, HiveAuthenticationProvider authenticator) {
+ HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) {
TestHS2AuthzContext.mockedAuthorizer = Mockito.mock(HiveAuthorizer.class);
return TestHS2AuthzContext.mockedAuthorizer;
}
@@ -88,12 +91,21 @@ public class TestHS2AuthzContext {
}
@Test
- public void testAuthzContextContents() throws Exception {
+ public void testAuthzContextContentsDriverCmd() throws Exception {
+ String cmd = "show tables";
+ verifyContextContents(cmd, cmd);
+ }
+
+ @Test
+ public void testAuthzContextContentsCmdProcessorCmd() throws Exception {
+ verifyContextContents("dfs -ls /", "-ls /");
+ }
+ private void verifyContextContents(final String cmd, String ctxCmd) throws SQLException,
+ HiveAuthzPluginException, HiveAccessControlException {
Connection hs2Conn = getConnection("user1");
Statement stmt = hs2Conn.createStatement();
- final String cmd = "show tables";
stmt.execute(cmd);
stmt.close();
hs2Conn.close();
@@ -107,13 +119,10 @@ public class TestHS2AuthzContext {
HiveAuthzContext context = contextCapturer.getValue();
- assertEquals("Command ", cmd, context.getCommandString());
+ assertEquals("Command ", ctxCmd, context.getCommandString());
assertTrue("ip address pattern check", context.getIpAddress().contains("."));
// ip address size check - check for something better than non zero
assertTrue("ip address size check", context.getIpAddress().length() > 7);
- // session string is supposed to be unique, so its got to be of some reasonable size
- assertTrue("session string size check", context.getSessionString().length() > 10);
- assertEquals("Client type ", HiveAuthzContext.CLIENT_TYPE.HIVESERVER2, context.getClientType());
}
private Connection getConnection(String userName) throws SQLException {
Modified: hive/branches/spark/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java (original)
+++ hive/branches/spark/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java Sat Aug 16 00:23:49 2014
@@ -21,6 +21,7 @@ import org.apache.hadoop.classification.
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
/**
@@ -32,8 +33,8 @@ import org.apache.hadoop.hive.ql.securit
public class SQLStdHiveAccessControllerForTest extends SQLStdHiveAccessController {
SQLStdHiveAccessControllerForTest(HiveMetastoreClientFactory metastoreClientFactory, HiveConf conf,
- HiveAuthenticationProvider authenticator) throws HiveAuthzPluginException {
- super(metastoreClientFactory, conf, authenticator);
+ HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
+ super(metastoreClientFactory, conf, authenticator, ctx);
}
Modified: hive/branches/spark/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java (original)
+++ hive/branches/spark/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java Sat Aug 16 00:23:49 2014
@@ -24,15 +24,16 @@ import org.apache.hadoop.hive.ql.securit
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerImpl;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
@Private
public class SQLStdHiveAuthorizerFactoryForTest implements HiveAuthorizerFactory{
@Override
public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
- HiveConf conf, HiveAuthenticationProvider authenticator) throws HiveAuthzPluginException {
+ HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
SQLStdHiveAccessController privilegeManager =
- new SQLStdHiveAccessControllerForTest(metastoreClientFactory, conf, authenticator);
+ new SQLStdHiveAccessControllerForTest(metastoreClientFactory, conf, authenticator, ctx);
return new HiveAuthorizerImpl(
privilegeManager,
new SQLStdHiveAuthorizationValidatorForTest(metastoreClientFactory, conf, authenticator,
Modified: hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/Driver.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/Driver.java (original)
+++ hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/Driver.java Sat Aug 16 00:23:49 2014
@@ -103,7 +103,6 @@ import org.apache.hadoop.hive.ql.process
import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext.CLIENT_TYPE;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivObjectActionType;
@@ -703,11 +702,7 @@ public class Driver implements CommandPr
HashSet<WriteEntity> outputs, String command, Map<String, List<String>> tab2cols) throws HiveException {
HiveAuthzContext.Builder authzContextBuilder = new HiveAuthzContext.Builder();
-
- authzContextBuilder.setClientType(ss.isHiveServerQuery() ? CLIENT_TYPE.HIVESERVER2
- : CLIENT_TYPE.HIVECLI);
authzContextBuilder.setUserIpAddress(ss.getUserIpAddress());
- authzContextBuilder.setSessionString(ss.getSessionId());
authzContextBuilder.setCommandString(command);
HiveOperationType hiveOpType = getHiveOperationType(op);
Modified: hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java (original)
+++ hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java Sat Aug 16 00:23:49 2014
@@ -979,7 +979,7 @@ public class Hive {
tTable = getMSC().getTable(dbName, tableName);
} catch (NoSuchObjectException e) {
if (throwException) {
- LOG.error(StringUtils.stringifyException(e));
+ LOG.error("Table " + tableName + " not found: " + e.getMessage());
throw new InvalidTableException(tableName);
}
return null;
Modified: hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandUtil.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandUtil.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandUtil.java (original)
+++ hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandUtil.java Sat Aug 16 00:23:49 2014
@@ -22,11 +22,14 @@ import java.util.Arrays;
import java.util.List;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.hadoop.hive.ql.session.SessionState;
+import com.google.common.base.Joiner;
+
class CommandUtil {
/**
@@ -68,7 +71,10 @@ class CommandUtil {
static void authorizeCommandThrowEx(SessionState ss, HiveOperationType type,
List<String> command) throws HiveAuthzPluginException, HiveAccessControlException {
HivePrivilegeObject commandObj = HivePrivilegeObject.createHivePrivilegeObject(command);
- ss.getAuthorizerV2().checkPrivileges(type, Arrays.asList(commandObj), null, null);
+ HiveAuthzContext.Builder ctxBuilder = new HiveAuthzContext.Builder();
+ ctxBuilder.setCommandString(Joiner.on(' ').join(command));
+ ctxBuilder.setUserIpAddress(ss.getUserIpAddress());
+ ss.getAuthorizerV2().checkPrivileges(type, Arrays.asList(commandObj), null, ctxBuilder.build());
}
Modified: hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java (original)
+++ hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java Sat Aug 16 00:23:49 2014
@@ -148,22 +148,19 @@ public class StorageBasedAuthorizationPr
public void authorize(Table table, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv)
throws HiveException, AuthorizationException {
- // Table path can be null in the case of a new create table - in this case,
- // we try to determine what the path would be after the create table is issued.
- Path path = null;
+ // To create/drop/alter a table, the owner should have WRITE permission on the database directory
+ authorize(hive_db.getDatabase(table.getDbName()), readRequiredPriv, writeRequiredPriv);
+
+ // If the user has specified a location - external or not, check if the user has the
try {
initWh();
String location = table.getTTable().getSd().getLocation();
- if (location == null || location.isEmpty()) {
- path = wh.getTablePath(hive_db.getDatabase(table.getDbName()), table.getTableName());
- } else {
- path = new Path(location);
+ if (location != null && !location.isEmpty()) {
+ authorize(new Path(location), readRequiredPriv, writeRequiredPriv);
}
} catch (MetaException ex) {
throw hiveException(ex);
}
-
- authorize(path, readRequiredPriv, writeRequiredPriv);
}
@Override
Modified: hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerFactory.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerFactory.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerFactory.java (original)
+++ hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerFactory.java Sat Aug 16 00:23:49 2014
@@ -37,9 +37,11 @@ public interface HiveAuthorizerFactory {
* different thread, so get the current instance in each method invocation.
* @param conf - current HiveConf
* @param hiveAuthenticator - authenticator, provides user name
+ * @param ctx - session context information
* @return new instance of HiveAuthorizer
* @throws HiveAuthzPluginException
*/
HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
- HiveConf conf, HiveAuthenticationProvider hiveAuthenticator) throws HiveAuthzPluginException;
+ HiveConf conf, HiveAuthenticationProvider hiveAuthenticator, HiveAuthzSessionContext ctx)
+ throws HiveAuthzPluginException;
}
Modified: hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzContext.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzContext.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzContext.java (original)
+++ hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzContext.java Sat Aug 16 00:23:49 2014
@@ -29,14 +29,8 @@ import org.apache.hadoop.hive.common.cla
@Evolving
public final class HiveAuthzContext {
- public enum CLIENT_TYPE {
- HIVESERVER2, HIVECLI
- };
-
public static class Builder {
private String userIpAddress;
- private String sessionString;
- private CLIENT_TYPE clientType;
private String commandString;
/**
@@ -50,18 +44,6 @@ public final class HiveAuthzContext {
public void setUserIpAddress(String userIpAddress) {
this.userIpAddress = userIpAddress;
}
- public String getSessionString() {
- return sessionString;
- }
- public void setSessionString(String sessionString) {
- this.sessionString = sessionString;
- }
- public CLIENT_TYPE getClientType() {
- return clientType;
- }
- public void setClientType(CLIENT_TYPE clientType) {
- this.clientType = clientType;
- }
public String getCommandString() {
return commandString;
}
@@ -76,14 +58,10 @@ public final class HiveAuthzContext {
}
private final String userIpAddress;
- private final String sessionString;
- private final CLIENT_TYPE clientType;
private final String commandString;
private HiveAuthzContext(Builder builder) {
this.userIpAddress = builder.userIpAddress;
- this.sessionString = builder.sessionString;
- this.clientType = builder.clientType;
this.commandString = builder.commandString;
}
@@ -92,22 +70,14 @@ public final class HiveAuthzContext {
return userIpAddress;
}
- public String getSessionString() {
- return sessionString;
- }
-
- public CLIENT_TYPE getClientType() {
- return clientType;
- }
-
public String getCommandString() {
return commandString;
}
@Override
public String toString() {
- return "HiveAuthzContext [userIpAddress=" + userIpAddress + ", sessionString=" + sessionString
- + ", clientType=" + clientType + ", commandString=" + commandString + "]";
+ return "HiveAuthzContext [userIpAddress=" + userIpAddress + ", commandString=" + commandString
+ + "]";
}
}
Modified: hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java (original)
+++ hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java Sat Aug 16 00:23:49 2014
@@ -50,6 +50,8 @@ import org.apache.hadoop.hive.ql.securit
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessController;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext.CLIENT_TYPE;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
@@ -81,13 +83,46 @@ public class SQLStdHiveAccessController
+ "have it as current role, for this action.";
private final String HAS_ADMIN_PRIV_MSG = "grantor need to have ADMIN OPTION on role being"
+ " granted and have it as a current role for this action.";
+ private final HiveAuthzSessionContext sessionCtx;
public static final Log LOG = LogFactory.getLog(SQLStdHiveAccessController.class);
public SQLStdHiveAccessController(HiveMetastoreClientFactory metastoreClientFactory, HiveConf conf,
- HiveAuthenticationProvider authenticator) throws HiveAuthzPluginException {
+ HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
this.metastoreClientFactory = metastoreClientFactory;
this.authenticator = authenticator;
+ this.sessionCtx = applyTestSettings(ctx, conf);
+
+ assertHiveCliAuthDisabled(conf);
initUserRoles();
+ LOG.info("Created SQLStdHiveAccessController for session context : " + sessionCtx);
+ }
+
+ /**
+ * Change the session context based on configuration to aid in testing of sql std auth
+ * @param ctx
+ * @param conf
+ * @return
+ */
+ private HiveAuthzSessionContext applyTestSettings(HiveAuthzSessionContext ctx, HiveConf conf) {
+ if(conf.getBoolVar(ConfVars.HIVE_TEST_AUTHORIZATION_SQLSTD_HS2_MODE) &&
+ ctx.getClientType() == CLIENT_TYPE.HIVECLI
+ ){
+ // create new session ctx object with HS2 as client type
+ HiveAuthzSessionContext.Builder ctxBuilder = new HiveAuthzSessionContext.Builder(ctx);
+ ctxBuilder.setClientType(CLIENT_TYPE.HIVESERVER2);
+ return ctxBuilder.build();
+ }
+ return ctx;
+ }
+
+ private void assertHiveCliAuthDisabled(HiveConf conf) throws HiveAuthzPluginException {
+ if (sessionCtx.getClientType() == CLIENT_TYPE.HIVECLI
+ && conf.getBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED)) {
+ throw new HiveAuthzPluginException(
+ "SQL standards based authorization should not be enabled from hive cli"
+ + "Instead the use of storage based authorization in hive metastore is reccomended. Set "
+ + ConfVars.HIVE_AUTHORIZATION_ENABLED.varname + "=false to disable authz within cli");
+ }
}
/**
@@ -671,31 +706,37 @@ public class SQLStdHiveAccessController
@Override
public void applyAuthorizationConfigPolicy(HiveConf hiveConf) {
- // grant all privileges for table to its owner
+ // First apply configuration applicable to both Hive Cli and HiveServer2
+ // Not adding any authorization related restrictions to hive cli
+ // grant all privileges for table to its owner - set this in cli as well so that owner
+ // has permissions via HiveServer2 as well.
hiveConf.setVar(ConfVars.HIVE_AUTHORIZATION_TABLE_OWNER_GRANTS, "INSERT,SELECT,UPDATE,DELETE");
- // Configure PREEXECHOOKS with DisallowTransformHook to disallow transform queries
- String hooks = hiveConf.getVar(ConfVars.PREEXECHOOKS).trim();
- if (hooks.isEmpty()) {
- hooks = DisallowTransformHook.class.getName();
- } else {
- hooks = hooks + "," +DisallowTransformHook.class.getName();
- }
- LOG.debug("Configuring hooks : " + hooks);
- hiveConf.setVar(ConfVars.PREEXECHOOKS, hooks);
-
- // restrict the variables that can be set using set command to a list in whitelist
- hiveConf.setIsModWhiteListEnabled(true);
- String whiteListParamsStr = hiveConf.getVar(ConfVars.HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST);
- if (whiteListParamsStr == null || whiteListParamsStr.trim().equals("")){
- // set the default configs in whitelist
- whiteListParamsStr = Joiner.on(",").join(defaultModWhiteListSqlStdAuth);
- hiveConf.setVar(ConfVars.HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST, whiteListParamsStr);
- }
- for(String whiteListParam : whiteListParamsStr.split(",")){
- hiveConf.addToModifiableWhiteList(whiteListParam);
- }
+ // Apply rest of the configuration only to HiveServer2
+ if(sessionCtx.getClientType() == CLIENT_TYPE.HIVESERVER2) {
+ // Configure PREEXECHOOKS with DisallowTransformHook to disallow transform queries
+ String hooks = hiveConf.getVar(ConfVars.PREEXECHOOKS).trim();
+ if (hooks.isEmpty()) {
+ hooks = DisallowTransformHook.class.getName();
+ } else {
+ hooks = hooks + "," +DisallowTransformHook.class.getName();
+ }
+ LOG.debug("Configuring hooks : " + hooks);
+ hiveConf.setVar(ConfVars.PREEXECHOOKS, hooks);
+ // restrict the variables that can be set using set command to a list in whitelist
+ hiveConf.setIsModWhiteListEnabled(true);
+ String whiteListParamsStr = hiveConf.getVar(ConfVars.HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST);
+ if (whiteListParamsStr == null || whiteListParamsStr.trim().equals("")){
+ // set the default configs in whitelist
+ whiteListParamsStr = Joiner.on(",").join(defaultModWhiteListSqlStdAuth);
+ hiveConf.setVar(ConfVars.HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST, whiteListParamsStr);
+ }
+ for(String whiteListParam : whiteListParamsStr.split(",")){
+ hiveConf.addToModifiableWhiteList(whiteListParam);
+ }
+ }
}
+
}
Modified: hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactory.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactory.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactory.java (original)
+++ hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactory.java Sat Aug 16 00:23:49 2014
@@ -24,15 +24,16 @@ import org.apache.hadoop.hive.ql.securit
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerImpl;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
@Private
public class SQLStdHiveAuthorizerFactory implements HiveAuthorizerFactory{
@Override
public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
- HiveConf conf, HiveAuthenticationProvider authenticator) throws HiveAuthzPluginException {
+ HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
SQLStdHiveAccessController privilegeManager =
- new SQLStdHiveAccessController(metastoreClientFactory, conf, authenticator);
+ new SQLStdHiveAccessController(metastoreClientFactory, conf, authenticator, ctx);
return new HiveAuthorizerImpl(
privilegeManager,
new SQLStdHiveAuthorizationValidator(metastoreClientFactory, conf, authenticator,
Modified: hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java (original)
+++ hive/branches/spark/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java Sat Aug 16 00:23:49 2014
@@ -62,6 +62,8 @@ import org.apache.hadoop.hive.ql.securit
import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext.CLIENT_TYPE;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactoryImpl;
import org.apache.hadoop.hive.ql.util.DosToUnix;
import org.apache.hadoop.hive.shims.ShimLoader;
@@ -504,8 +506,13 @@ public class SessionState {
HiveAuthorizerFactory authorizerFactory = HiveUtils.getAuthorizerFactory(conf,
HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER);
+ HiveAuthzSessionContext.Builder authzContextBuilder = new HiveAuthzSessionContext.Builder();
+ authzContextBuilder.setClientType(isHiveServerQuery() ? CLIENT_TYPE.HIVESERVER2
+ : CLIENT_TYPE.HIVECLI);
+ authzContextBuilder.setSessionString(getSessionId());
+
authorizerV2 = authorizerFactory.createHiveAuthorizer(new HiveMetastoreClientFactoryImpl(),
- conf, authenticator);
+ conf, authenticator, authzContextBuilder.build());
authorizerV2.applyAuthorizationConfigPolicy(conf);
// create the create table grants with new config
Modified: hive/branches/spark/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java (original)
+++ hive/branches/spark/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java Sat Aug 16 00:23:49 2014
@@ -28,6 +28,7 @@ import org.apache.hadoop.hive.ql.securit
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerImpl;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.junit.Before;
@@ -111,7 +112,7 @@ public class TestSessionUserName {
@Override
public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
- HiveConf conf, HiveAuthenticationProvider authenticator) {
+ HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) {
username = authenticator.getUserName();
HiveAccessController acontroller = Mockito.mock(HiveAccessController.class);
return new HiveAuthorizerImpl(acontroller, null);
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_addjar.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_addjar.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_addjar.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_addjar.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.enabled=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_addpartition.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_addpartition.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_addpartition.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_addpartition.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_alter_db_owner.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_alter_db_owner.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_alter_db_owner.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_alter_db_owner.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cannot_create_all_role.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cannot_create_all_role.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cannot_create_all_role.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cannot_create_all_role.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set user.name=hive_admin_user;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cannot_create_default_role.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cannot_create_default_role.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cannot_create_default_role.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cannot_create_default_role.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set user.name=hive_admin_user;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cannot_create_none_role.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cannot_create_none_role.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cannot_create_none_role.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_cannot_create_none_role.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set user.name=hive_admin_user;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_caseinsensitivity.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_caseinsensitivity.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_caseinsensitivity.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_caseinsensitivity.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set user.name=hive_admin_user;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_compile.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_compile.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_compile.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_compile.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.enabled=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_func1.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_func1.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_func1.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_func1.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_func2.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_func2.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_func2.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_func2.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_index.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_index.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_index.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_index.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_macro1.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_macro1.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_macro1.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_macro1.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
-- this test will fail because hive_test_user is not in admin role.
create role r1;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_createview.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_createview.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_createview.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_createview.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_ctas.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_ctas.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_ctas.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_ctas.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_deletejar.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_deletejar.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_deletejar.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_deletejar.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.enabled=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_desc_table_nosel.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_desc_table_nosel.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_desc_table_nosel.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_desc_table_nosel.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_dfs.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_dfs.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_dfs.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_dfs.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.enabled=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_disallow_transform.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_disallow_transform.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_disallow_transform.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_disallow_transform.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set role ALL;
SELECT TRANSFORM (*) USING 'cat' AS (key, value) FROM src;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_admin_role.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_admin_role.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_admin_role.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_admin_role.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set user.name=hive_admin_user;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_db_empty.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_db_empty.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_db_empty.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_db_empty.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_index.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_index.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_index.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_index.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_role_no_admin.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_role_no_admin.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_role_no_admin.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_drop_role_no_admin.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set user.name=hive_admin_user;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_droppartition.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_droppartition.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_droppartition.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_droppartition.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_fail_8.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_fail_8.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_fail_8.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_fail_8.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_allpriv.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_allpriv.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_allpriv.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_allpriv.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_fail1.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_fail1.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_fail1.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_fail1.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_fail_nogrant.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_fail_nogrant.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_fail_nogrant.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_grant_table_fail_nogrant.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_insert_noinspriv.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_insert_noinspriv.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_insert_noinspriv.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_insert_noinspriv.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_insertoverwrite_nodel.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_insertoverwrite_nodel.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_insertoverwrite_nodel.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_insertoverwrite_nodel.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;
Modified: hive/branches/spark/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q
URL: http://svn.apache.org/viewvc/hive/branches/spark/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q?rev=1618297&r1=1618296&r2=1618297&view=diff
==============================================================================
--- hive/branches/spark/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q (original)
+++ hive/branches/spark/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q Sat Aug 16 00:23:49 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
create table if not exists authorization_invalid_v2 (key int, value string);