You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2014/09/27 01:21:54 UTC
[1/2] git commit: ARGUS-86: Hive plug-in updated to support
operations added in Hive (UPDATE and DELETE). Also updated mapping of some of
the operations to permissions, to be in sync with SQLStdAuthorizer.
Repository: incubator-argus
Updated Branches:
refs/heads/master dc66161a9 -> 8bc6a08ab
ARGUS-86: Hive plug-in updated to support operations added in Hive
(UPDATE and DELETE). Also updated mapping of some of the operations to
permissions, to be in sync with SQLStdAuthorizer.
Updating Hive libraries to the latest build (to get the recent changes
in Hive during build time).
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/f154dfe6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/f154dfe6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/f154dfe6
Branch: refs/heads/master
Commit: f154dfe696920dbcc6f0c5ef1ea36c5b0ac8049c
Parents: dc66161
Author: mneethiraj <mn...@hortonworks.com>
Authored: Fri Sep 26 14:23:30 2014 -0700
Committer: mneethiraj <mn...@hortonworks.com>
Committed: Fri Sep 26 14:23:30 2014 -0700
----------------------------------------------------------------------
.../hive/XaHiveObjectAccessInfo.java | 2 +-
.../hive/authorizer/XaSecureHiveAuthorizer.java | 35 ++++++++++---------
.../authorizer/XaSecureHiveAuthorizerBase.java | 2 --
.../hive-common-0.14.0-SNAPSHOT.jar | Bin 219782 -> 254642 bytes
.../hive-exec-0.14.0-SNAPSHOT.jar | Bin 16302377 -> 17297089 bytes
.../hive-metastore-0.14.0-SNAPSHOT.jar | Bin 4887086 -> 5085205 bytes
.../hive-service-0.14.0-SNAPSHOT.jar | Bin 1841820 -> 1858532 bytes
7 files changed, 20 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f154dfe6/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveObjectAccessInfo.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveObjectAccessInfo.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveObjectAccessInfo.java
index c0b8035..36a6a42 100644
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveObjectAccessInfo.java
+++ b/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveObjectAccessInfo.java
@@ -26,7 +26,7 @@ import com.xasecure.authorization.utils.StringUtil;
public class XaHiveObjectAccessInfo {
public enum HiveObjectType { NONE, DATABASE, TABLE, VIEW, PARTITION, INDEX, COLUMN, FUNCTION, URI };
- public enum HiveAccessType { NONE, CREATE, ALTER, DROP, INDEX, LOCK, INSERT, SELECT, UPDATE, USE, ALL, ADMIN };
+ public enum HiveAccessType { NONE, CREATE, ALTER, DROP, INDEX, LOCK, SELECT, UPDATE, USE, ALL, ADMIN };
private String mOperType = null;
private XaHiveAccessContext mContext = null;
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f154dfe6/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
index 9acad11..13eec11 100644
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
+++ b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
@@ -399,10 +399,14 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
HiveAccessType accessType = HiveAccessType.NONE;
HivePrivObjectActionType objectActionType = hiveObj.getActionType();
- if(objectActionType == HivePrivObjectActionType.INSERT ||
- objectActionType == HivePrivObjectActionType.INSERT_OVERWRITE) {
- accessType = HiveAccessType.INSERT;
- } else {
+ switch(objectActionType) {
+ case INSERT:
+ case INSERT_OVERWRITE:
+ case UPDATE:
+ case DELETE:
+ accessType = HiveAccessType.UPDATE;
+ break;
+ case OTHER:
switch(hiveOpType) {
case CREATEDATABASE:
if(hiveObj.getType() == HivePrivilegeObjectType.DATABASE) {
@@ -426,8 +430,6 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
case ALTERDATABASE:
case ALTERDATABASE_OWNER:
- case ALTERINDEX_PROPS:
- case ALTERINDEX_REBUILD:
case ALTERPARTITION_BUCKETNUM:
case ALTERPARTITION_FILEFORMAT:
case ALTERPARTITION_LOCATION:
@@ -436,12 +438,10 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
case ALTERPARTITION_SERDEPROPERTIES:
case ALTERPARTITION_SERIALIZER:
case ALTERTABLE_ADDCOLS:
- case ALTERTABLE_ADDPARTS:
case ALTERTABLE_ARCHIVE:
case ALTERTABLE_BUCKETNUM:
case ALTERTABLE_CLUSTER_SORT:
case ALTERTABLE_COMPACT:
- case ALTERTABLE_DROPPARTS:
case ALTERTABLE_FILEFORMAT:
case ALTERTABLE_LOCATION:
case ALTERTABLE_MERGEFILES:
@@ -460,15 +460,14 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
case ALTERTABLE_UPDATEPARTSTATS:
case ALTERTABLE_UPDATETABLESTATS:
case ALTERTBLPART_SKEWED_LOCATION:
+ case ALTERVIEW_AS:
case ALTERVIEW_PROPERTIES:
case ALTERVIEW_RENAME:
case DROPVIEW_PROPERTIES:
accessType = HiveAccessType.ALTER;
break;
- case DELETE:
case DROPFUNCTION:
- case DROPINDEX:
case DROPTABLE:
case DROPVIEW:
case DROPDATABASE:
@@ -476,13 +475,16 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
break;
case CREATEINDEX:
+ case ALTERINDEX_PROPS:
+ case ALTERINDEX_REBUILD:
+ case DROPINDEX:
accessType = HiveAccessType.INDEX;
break;
case IMPORT:
case EXPORT:
case LOAD:
- accessType = isInput ? HiveAccessType.SELECT : HiveAccessType.INSERT;
+ accessType = isInput ? HiveAccessType.SELECT : HiveAccessType.UPDATE;
break;
case LOCKDB:
@@ -495,6 +497,7 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
case QUERY:
case SHOW_TABLESTATUS:
case SHOW_CREATETABLE:
+ case SHOWCOLUMNS:
case SHOWINDEXES:
case SHOWPARTITIONS:
case SHOW_TBLPROPERTIES:
@@ -508,6 +511,8 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
accessType = HiveAccessType.USE;
break;
+ case ALTERTABLE_ADDPARTS:
+ case ALTERTABLE_DROPPARTS:
case TRUNCATETABLE:
accessType = HiveAccessType.UPDATE;
break;
@@ -518,12 +523,13 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
break;
case ADD:
+ case DELETE:
case COMPILE:
case CREATEMACRO:
+ case DROPMACRO:
case CREATEROLE:
case DESCFUNCTION:
case DFS:
- case DROPMACRO:
case DROPROLE:
case EXPLAIN:
case GRANT_ROLE:
@@ -531,7 +537,6 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
case REVOKE_ROLE:
case RESET:
case SET:
- case SHOWCOLUMNS:
case SHOWCONF:
case SHOWDATABASES:
case SHOWFUNCTIONS:
@@ -545,6 +550,7 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
case SHOW_TRANSACTIONS:
break;
}
+ break;
}
return accessType;
@@ -561,7 +567,6 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
case UPDATE:
case DROP:
case INDEX:
- case INSERT:
case LOCK:
case ADMIN:
case ALL:
@@ -675,8 +680,6 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
permMap.addPerm(HiveAccessType.DROP.name());
} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.INDEX.name())) {
permMap.addPerm(HiveAccessType.INDEX.name());
- } else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.INSERT.name())) {
- permMap.addPerm(HiveAccessType.INSERT.name());
} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.LOCK.name())) {
permMap.addPerm(HiveAccessType.LOCK.name());
} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.SELECT.name())) {
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f154dfe6/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
index 586d6c9..f8ca40e 100644
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
+++ b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
@@ -31,9 +31,7 @@ import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant;
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f154dfe6/lib/local/hive-0.14.0-SNAPSHOT/hive-common-0.14.0-SNAPSHOT.jar
----------------------------------------------------------------------
diff --git a/lib/local/hive-0.14.0-SNAPSHOT/hive-common-0.14.0-SNAPSHOT.jar b/lib/local/hive-0.14.0-SNAPSHOT/hive-common-0.14.0-SNAPSHOT.jar
index 7ec88ef..78cd6a5 100644
Binary files a/lib/local/hive-0.14.0-SNAPSHOT/hive-common-0.14.0-SNAPSHOT.jar and b/lib/local/hive-0.14.0-SNAPSHOT/hive-common-0.14.0-SNAPSHOT.jar differ
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f154dfe6/lib/local/hive-0.14.0-SNAPSHOT/hive-exec-0.14.0-SNAPSHOT.jar
----------------------------------------------------------------------
diff --git a/lib/local/hive-0.14.0-SNAPSHOT/hive-exec-0.14.0-SNAPSHOT.jar b/lib/local/hive-0.14.0-SNAPSHOT/hive-exec-0.14.0-SNAPSHOT.jar
index 430435d..1d47415 100644
Binary files a/lib/local/hive-0.14.0-SNAPSHOT/hive-exec-0.14.0-SNAPSHOT.jar and b/lib/local/hive-0.14.0-SNAPSHOT/hive-exec-0.14.0-SNAPSHOT.jar differ
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f154dfe6/lib/local/hive-0.14.0-SNAPSHOT/hive-metastore-0.14.0-SNAPSHOT.jar
----------------------------------------------------------------------
diff --git a/lib/local/hive-0.14.0-SNAPSHOT/hive-metastore-0.14.0-SNAPSHOT.jar b/lib/local/hive-0.14.0-SNAPSHOT/hive-metastore-0.14.0-SNAPSHOT.jar
index fbb30db..773f87a 100644
Binary files a/lib/local/hive-0.14.0-SNAPSHOT/hive-metastore-0.14.0-SNAPSHOT.jar and b/lib/local/hive-0.14.0-SNAPSHOT/hive-metastore-0.14.0-SNAPSHOT.jar differ
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/f154dfe6/lib/local/hive-0.14.0-SNAPSHOT/hive-service-0.14.0-SNAPSHOT.jar
----------------------------------------------------------------------
diff --git a/lib/local/hive-0.14.0-SNAPSHOT/hive-service-0.14.0-SNAPSHOT.jar b/lib/local/hive-0.14.0-SNAPSHOT/hive-service-0.14.0-SNAPSHOT.jar
index abc08d8..0edaaf2 100644
Binary files a/lib/local/hive-0.14.0-SNAPSHOT/hive-service-0.14.0-SNAPSHOT.jar and b/lib/local/hive-0.14.0-SNAPSHOT/hive-service-0.14.0-SNAPSHOT.jar differ
[2/2] git commit: ARGUS-86: update per review comments
Posted by ma...@apache.org.
ARGUS-86: update per review comments
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/8bc6a08a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/8bc6a08a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/8bc6a08a
Branch: refs/heads/master
Commit: 8bc6a08abc57aa4cc84d7feb435350a84a0c4c96
Parents: f154dfe
Author: mneethiraj <mn...@hortonworks.com>
Authored: Fri Sep 26 16:21:46 2014 -0700
Committer: mneethiraj <mn...@hortonworks.com>
Committed: Fri Sep 26 16:21:46 2014 -0700
----------------------------------------------------------------------
.../hive/authorizer/XaSecureHiveAuthorizer.java | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/8bc6a08a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
index 13eec11..2c2dd80 100644
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
+++ b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
@@ -430,6 +430,8 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
case ALTERDATABASE:
case ALTERDATABASE_OWNER:
+ case ALTERINDEX_PROPS:
+ case ALTERINDEX_REBUILD:
case ALTERPARTITION_BUCKETNUM:
case ALTERPARTITION_FILEFORMAT:
case ALTERPARTITION_LOCATION:
@@ -438,10 +440,12 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
case ALTERPARTITION_SERDEPROPERTIES:
case ALTERPARTITION_SERIALIZER:
case ALTERTABLE_ADDCOLS:
+ case ALTERTABLE_ADDPARTS:
case ALTERTABLE_ARCHIVE:
case ALTERTABLE_BUCKETNUM:
case ALTERTABLE_CLUSTER_SORT:
case ALTERTABLE_COMPACT:
+ case ALTERTABLE_DROPPARTS:
case ALTERTABLE_FILEFORMAT:
case ALTERTABLE_LOCATION:
case ALTERTABLE_MERGEFILES:
@@ -468,6 +472,7 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
break;
case DROPFUNCTION:
+ case DROPINDEX:
case DROPTABLE:
case DROPVIEW:
case DROPDATABASE:
@@ -475,9 +480,6 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
break;
case CREATEINDEX:
- case ALTERINDEX_PROPS:
- case ALTERINDEX_REBUILD:
- case DROPINDEX:
accessType = HiveAccessType.INDEX;
break;
@@ -511,8 +513,6 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
accessType = HiveAccessType.USE;
break;
- case ALTERTABLE_ADDPARTS:
- case ALTERTABLE_DROPPARTS:
case TRUNCATETABLE:
accessType = HiveAccessType.UPDATE;
break;
@@ -526,10 +526,10 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
case DELETE:
case COMPILE:
case CREATEMACRO:
- case DROPMACRO:
case CREATEROLE:
case DESCFUNCTION:
case DFS:
+ case DROPMACRO:
case DROPROLE:
case EXPLAIN:
case GRANT_ROLE: