You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by th...@apache.org on 2015/12/18 20:49:37 UTC
hive git commit: HIVE-12698 : Remove exposure to internal privilege
and principal classes in HiveAuthorizer (Thejas Nair,
reviewed by Ferdinand Xu )
Repository: hive
Updated Branches:
refs/heads/branch-2.0 178a6bf3a -> 1420e65f5
HIVE-12698 : Remove exposure to internal privilege and principal classes in HiveAuthorizer (Thejas Nair, reviewed by Ferdinand Xu )
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/1420e65f
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/1420e65f
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/1420e65f
Branch: refs/heads/branch-2.0
Commit: 1420e65f5fea62109c8ff5485ddae65a4606feed
Parents: 178a6bf
Author: Thejas Nair <th...@hortonworks.com>
Authored: Fri Dec 18 11:49:28 2015 -0800
Committer: Thejas Nair <th...@hortonworks.com>
Committed: Fri Dec 18 11:49:28 2015 -0800
----------------------------------------------------------------------
.../org/apache/hadoop/hive/ql/exec/DDLTask.java | 31 ++++++--
.../authorization/AuthorizationUtils.java | 50 +++---------
.../DefaultHiveAuthorizationTranslator.java | 81 ++++++++++++++++++++
.../plugin/HiveAuthorizationTranslator.java | 46 +++++++++++
.../authorization/plugin/HiveAuthorizer.java | 26 ++++---
.../plugin/HiveAuthorizerImpl.java | 26 +++----
.../authorization/plugin/HiveV1Authorizer.java | 18 +----
7 files changed, 188 insertions(+), 90 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/1420e65f/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
index ea12fe1..f4b688a 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
@@ -19,6 +19,7 @@
package org.apache.hadoop.hive.ql.exec;
import com.google.common.collect.Iterables;
+
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.mapreduce.MRJobConfig;
@@ -153,7 +154,10 @@ import org.apache.hadoop.hive.ql.plan.UnlockDatabaseDesc;
import org.apache.hadoop.hive.ql.plan.UnlockTableDesc;
import org.apache.hadoop.hive.ql.plan.api.StageType;
import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
+import org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationTranslator;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationTranslator;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo;
@@ -237,6 +241,7 @@ public class DDLTask extends Task<DDLWork> implements Serializable {
private static String INTERMEDIATE_EXTRACTED_DIR_SUFFIX;
private MetaDataFormatter formatter;
+ private final HiveAuthorizationTranslator defaultAuthorizationTranslator = new DefaultHiveAuthorizationTranslator();
@Override
public boolean requireLock() {
@@ -661,8 +666,8 @@ public class DDLTask extends Task<DDLWork> implements Serializable {
grantorPrinc = new HivePrincipal(grantOrRevokeRoleDDL.getGrantor(),
AuthorizationUtils.getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType()));
}
- List<HivePrincipal> principals =
- authorizer.getHivePrincipals(grantOrRevokeRoleDDL.getPrincipalDesc());
+ List<HivePrincipal> principals = AuthorizationUtils.getHivePrincipals(
+ grantOrRevokeRoleDDL.getPrincipalDesc(), getAuthorizationTranslator(authorizer));
List<String> roles = grantOrRevokeRoleDDL.getRoles();
boolean grantOption = grantOrRevokeRoleDDL.isGrantOption();
@@ -674,13 +679,22 @@ public class DDLTask extends Task<DDLWork> implements Serializable {
return 0;
}
+ private HiveAuthorizationTranslator getAuthorizationTranslator(HiveAuthorizer authorizer)
+ throws HiveAuthzPluginException {
+ if (authorizer.getHiveAuthorizationTranslator() == null) {
+ return defaultAuthorizationTranslator;
+ } else {
+ return (HiveAuthorizationTranslator)authorizer.getHiveAuthorizationTranslator();
+ }
+ }
+
private int showGrants(ShowGrantDesc showGrantDesc) throws HiveException {
HiveAuthorizer authorizer = getSessionAuthorizer();
try {
List<HivePrivilegeInfo> privInfos = authorizer.showPrivileges(
- AuthorizationUtils.getHivePrincipal(showGrantDesc.getPrincipalDesc()),
- authorizer.getHivePrivilegeObject(showGrantDesc.getHiveObj()));
+ getAuthorizationTranslator(authorizer).getHivePrincipal(showGrantDesc.getPrincipalDesc()),
+ getAuthorizationTranslator(authorizer).getHivePrivilegeObject(showGrantDesc.getHiveObj()));
boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST);
writeToFile(writeGrantInfo(privInfos, testMode), showGrantDesc.getResFile());
} catch (IOException e) {
@@ -697,9 +711,12 @@ public class DDLTask extends Task<DDLWork> implements Serializable {
HiveAuthorizer authorizer = getSessionAuthorizer();
//Convert to object types used by the authorization plugin interface
- List<HivePrincipal> hivePrincipals = authorizer.getHivePrincipals(principals);
- List<HivePrivilege> hivePrivileges = authorizer.getHivePrivileges(privileges);
- HivePrivilegeObject hivePrivObject = authorizer.getHivePrivilegeObject(privSubjectDesc);
+ List<HivePrincipal> hivePrincipals = AuthorizationUtils.getHivePrincipals(
+ principals, getAuthorizationTranslator(authorizer));
+ List<HivePrivilege> hivePrivileges = AuthorizationUtils.getHivePrivileges(
+ privileges, getAuthorizationTranslator(authorizer));
+ HivePrivilegeObject hivePrivObject = getAuthorizationTranslator(authorizer)
+ .getHivePrivilegeObject(privSubjectDesc);
HivePrincipal grantorPrincipal = new HivePrincipal(
grantor, AuthorizationUtils.getHivePrincipalType(grantorType));
http://git-wip-us.apache.org/repos/asf/hive/blob/1420e65f/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
index 1e1f3da..04e5565 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
@@ -36,6 +36,7 @@ import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationTranslator;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal.HivePrincipalType;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
@@ -111,32 +112,25 @@ public class AuthorizationUtils {
HivePrivilegeObjectType.DATABASE;
}
- public static List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges) {
- List<HivePrivilege> hivePrivileges = new ArrayList<HivePrivilege>();
+ public static List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges,
+ HiveAuthorizationTranslator trans) {
+ List<HivePrivilege> hivePrivileges = new ArrayList<HivePrivilege>();
for(PrivilegeDesc privilege : privileges){
- Privilege priv = privilege.getPrivilege();
- hivePrivileges.add(
- new HivePrivilege(priv.toString(), privilege.getColumns(), priv.getScopeList()));
+ hivePrivileges.add(trans.getHivePrivilege(privilege));
}
return hivePrivileges;
}
- public static List<HivePrincipal> getHivePrincipals(List<PrincipalDesc> principals)
+ public static List<HivePrincipal> getHivePrincipals(List<PrincipalDesc> principals,
+ HiveAuthorizationTranslator trans)
throws HiveException {
-
- ArrayList<HivePrincipal> hivePrincipals = new ArrayList<HivePrincipal>();
+ ArrayList<HivePrincipal> hivePrincipals = new ArrayList<HivePrincipal>();
for(PrincipalDesc principal : principals){
- hivePrincipals.add(getHivePrincipal(principal));
+ hivePrincipals.add(trans.getHivePrincipal(principal));
}
return hivePrincipals;
}
- public static HivePrincipal getHivePrincipal(PrincipalDesc principal) throws HiveException {
- if (principal == null) {
- return null;
- }
- return getHivePrincipal(principal.getName(), principal.getType());
- }
public static HivePrincipal getHivePrincipal(String name, PrincipalType type) throws HiveException {
return new HivePrincipal(name, AuthorizationUtils.getHivePrincipalType(type));
@@ -169,32 +163,6 @@ public class AuthorizationUtils {
privObj.getPartValues(), privObj.getColumnName());
}
- public static HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc)
- throws HiveException {
-
- // null means ALL for show grants, GLOBAL for grant/revoke
- HivePrivilegeObjectType objectType = null;
-
- String[] dbTable;
- List<String> partSpec = null;
- List<String> columns = null;
- if (privSubjectDesc == null) {
- dbTable = new String[] {null, null};
- } else {
- if (privSubjectDesc.getTable()) {
- dbTable = Utilities.getDbTableName(privSubjectDesc.getObject());
- } else {
- dbTable = new String[] {privSubjectDesc.getObject(), null};
- }
- if (privSubjectDesc.getPartSpec() != null) {
- partSpec = new ArrayList<String>(privSubjectDesc.getPartSpec().values());
- }
- columns = privSubjectDesc.getColumns();
- objectType = getPrivObjectType(privSubjectDesc);
- }
- return new HivePrivilegeObject(objectType, dbTable[0], dbTable[1], partSpec, columns, null);
- }
-
/**
* Convert authorization plugin principal type to thrift principal type
* @param type
http://git-wip-us.apache.org/repos/asf/hive/blob/1420e65f/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java
new file mode 100644
index 0000000..319a801
--- /dev/null
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java
@@ -0,0 +1,81 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.security.authorization;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.hadoop.hive.ql.exec.Utilities;
+import org.apache.hadoop.hive.ql.metadata.HiveException;
+import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationTranslator;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType;
+
+
+/**
+ * Default implementation of HiveAuthorizationTranslator
+ */
+public class DefaultHiveAuthorizationTranslator implements HiveAuthorizationTranslator {
+
+ @Override
+ public HivePrincipal getHivePrincipal(PrincipalDesc principal) throws HiveException {
+ if (principal == null) {
+ return null;
+ }
+ return AuthorizationUtils.getHivePrincipal(principal.getName(), principal.getType());
+ }
+
+ @Override
+ public HivePrivilege getHivePrivilege(PrivilegeDesc privilege) {
+ Privilege priv = privilege.getPrivilege();
+ return new HivePrivilege(priv.toString(), privilege.getColumns(), priv.getScopeList());
+ }
+
+ @Override
+ public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc)
+ throws HiveException {
+ // null means ALL for show grants, GLOBAL for grant/revoke
+ HivePrivilegeObjectType objectType = null;
+
+ String[] dbTable;
+ List<String> partSpec = null;
+ List<String> columns = null;
+ if (privSubjectDesc == null) {
+ dbTable = new String[] {null, null};
+ } else {
+ if (privSubjectDesc.getTable()) {
+ dbTable = Utilities.getDbTableName(privSubjectDesc.getObject());
+ } else {
+ dbTable = new String[] {privSubjectDesc.getObject(), null};
+ }
+ if (privSubjectDesc.getPartSpec() != null) {
+ partSpec = new ArrayList<String>(privSubjectDesc.getPartSpec().values());
+ }
+ columns = privSubjectDesc.getColumns();
+ objectType = AuthorizationUtils.getPrivObjectType(privSubjectDesc);
+ }
+ return new HivePrivilegeObject(objectType, dbTable[0], dbTable[1], partSpec, columns, null);
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/hive/blob/1420e65f/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java
new file mode 100644
index 0000000..540f1f3
--- /dev/null
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.security.authorization.plugin;
+
+import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate;
+import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving;
+import org.apache.hadoop.hive.ql.metadata.HiveException;
+import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
+
+/**
+ * This interface has functions that provide the ability to customize the translation
+ * from Hive internal representations of Authorization objects to the public API objects
+ * This is an interface that is not meant for general use, it is targeted to some
+ * specific use cases of Apache Sentry (incubating).
+ * The API uses several classes that are considered internal to Hive, and it is
+ * subject to change across releases.
+ */
+@LimitedPrivate(value = { "Apache Sentry (incubating)" })
+@Evolving
+public interface HiveAuthorizationTranslator {
+
+ public HivePrincipal getHivePrincipal(PrincipalDesc principal)
+ throws HiveException;
+
+ public HivePrivilege getHivePrivilege(PrivilegeDesc privilege);
+
+ public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privObject)
+ throws HiveException;
+}
http://git-wip-us.apache.org/repos/asf/hive/blob/1420e65f/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
index 512772b..09112fe 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
@@ -23,9 +23,6 @@ import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPri
import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.ql.metadata.HiveException;
-import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
-import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
-import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider;
/**
@@ -212,14 +209,23 @@ public interface HiveAuthorizer {
* @param hiveConf
* @throws HiveAuthzPluginException
*/
- public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException;
+ void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException;
- public List<HivePrincipal> getHivePrincipals(List<PrincipalDesc> principals)
- throws HiveException;
-
- public List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges);
+ /**
+ * Get a {@link HiveAuthorizationTranslator} implementation. See
+ * {@link HiveAuthorizationTranslator} for details. Return null if no
+ * customization is needed. Most implementations are expected to return null.
+ *
+ * The java signature of the method makes it necessary to only return Object
+ * type so that older implementations can extend the interface to build
+ * against older versions of Hive that don't include this additional method
+ * and HiveAuthorizationTranslator class. However, if a non null value is
+ * returned, the Object has to be of type HiveAuthorizationTranslator
+ *
+ * @return
+ * @throws HiveException
+ */
+ Object getHiveAuthorizationTranslator() throws HiveAuthzPluginException;
- public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc)
- throws HiveException;
}
http://git-wip-us.apache.org/repos/asf/hive/blob/1420e65f/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java
index 76a80e0..37ea1c4 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java
@@ -23,10 +23,6 @@ import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPri
import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.ql.metadata.HiveException;
-import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
-import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
-import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
-import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
/**
* Convenience implementation of HiveAuthorizer.
@@ -140,20 +136,16 @@ public class HiveAuthorizerImpl implements HiveAuthorizer {
accessController.applyAuthorizationConfigPolicy(hiveConf);
}
+ /* (non-Javadoc)
+ * @see org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer#getHiveAuthorizationTranslator()
+ *
+ * No customization of this API is done for most Authorization implementations. It is meant
+ * to be used for special cases in Apache Sentry (incubating)
+ *
+ */
@Override
- public List<HivePrincipal> getHivePrincipals(
- List<PrincipalDesc> principals) throws HiveException {
- return AuthorizationUtils.getHivePrincipals(principals);
+ public HiveAuthorizationTranslator getHiveAuthorizationTranslator() throws HiveAuthzPluginException{
+ return null;
}
- @Override
- public List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges) {
- return AuthorizationUtils.getHivePrivileges(privileges);
- }
-
- @Override
- public HivePrivilegeObject getHivePrivilegeObject(
- PrivilegeObjectDesc privSubjectDesc) throws HiveException {
- return AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc);
- }
}
http://git-wip-us.apache.org/repos/asf/hive/blob/1420e65f/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java
index c387800..c7f9e13 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java
@@ -37,9 +37,6 @@ import org.apache.hadoop.hive.metastore.api.RolePrincipalGrant;
import org.apache.hadoop.hive.ql.metadata.Hive;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.metadata.Table;
-import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
-import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
-import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
import org.apache.hadoop.hive.ql.security.authorization.PrivilegeScope;
import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessController;
@@ -383,19 +380,10 @@ public class HiveV1Authorizer implements HiveAuthorizer {
}
@Override
- public List<HivePrincipal> getHivePrincipals(
- List<PrincipalDesc> principals) throws HiveException {
- return AuthorizationUtils.getHivePrincipals(principals);
+ public HiveAuthorizationTranslator getHiveAuthorizationTranslator() throws HiveAuthzPluginException {
+ // custom translator is not needed, so return null
+ return null;
}
- @Override
- public List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges) {
- return AuthorizationUtils.getHivePrivileges(privileges);
- }
- @Override
- public HivePrivilegeObject getHivePrivilegeObject(
- PrivilegeObjectDesc privSubjectDesc) throws HiveException {
- return AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc);
- }
}