You are viewing a plain text version of this content. The canonical link for it is here.
Posted to gitbox@hive.apache.org by "saihemanth-cloudera (via GitHub)" <gi...@apache.org> on 2023/03/01 17:25:26 UTC
[GitHub] [hive] saihemanth-cloudera opened a new pull request, #4092: HIVE-27116: HS2 need to send owner info for UDFs in the HivePrivilege…
saihemanth-cloudera opened a new pull request, #4092:
URL: https://github.com/apache/hive/pull/4092
…Object for authorization
<!--
Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, please read our contributor guidelines: https://cwiki.apache.org/confluence/display/Hive/HowToContribute
2. Ensure that you have created an issue on the Hive project JIRA: https://issues.apache.org/jira/projects/HIVE/summary
3. Ensure you have added or run the appropriate tests for your PR:
4. If the PR is unfinished, add '[WIP]' in your PR title, e.g., '[WIP]HIVE-XXXXX: Your PR title ...'.
5. Be sure to keep the PR description updated to reflect all changes.
6. Please write your PR title to summarize what this PR proposes.
7. If possible, provide a concise example to reproduce the issue for a faster review.
-->
### What changes were proposed in this pull request?
Added owner info for the UDFs in the HivePrivilegeObjects
<!--
Please clarify what changes you are proposing. The purpose of this section is to outline the changes and how this PR fixes the issue.
If possible, please consider writing useful notes for better and faster reviews in your PR. See the examples below.
1. If you refactor some codes with changing classes, showing the class hierarchy will help reviewers.
2. If you fix some SQL features, you can provide some references of other DBMSes.
3. If there is design documentation, please add the link.
4. If there is a discussion in the mailing list, please add the link.
-->
### Why are the changes needed?
{owner} policies would be honored in ranger service with this patch.
<!--
Please clarify why the changes are needed. For instance,
1. If you propose a new API, clarify the use case for a new API.
2. If you fix a bug, you can clarify why it is a bug.
-->
### Does this PR introduce _any_ user-facing change?
No.
<!--
Note that it means *any* user-facing change including all aspects such as the documentation fix.
If yes, please clarify the previous behavior and the change this PR proposes - provide the console output, description, screenshot and/or a reproducable example to show the behavior difference if possible.
If possible, please also clarify if this is a user-facing change compared to the released Hive versions or within the unreleased branches such as master.
If no, write 'No'.
-->
### How was this patch tested?
Local machine, remote cluster
<!--
If tests were added, say they were added here. Please make sure to add some test cases that check the changes thoroughly including negative and positive cases if possible.
If it was tested in a way different from regular unit tests, please clarify how you tested step by step, ideally copy and paste-able, so that other reviewers can test and check, and descendants can verify in the future.
If tests were not added, please describe why they were not added and/or why it was difficult to add.
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] saihemanth-cloudera commented on a diff in pull request #4092: HIVE-27116: HS2 need to send owner info for UDFs in the HivePrivilege…
Posted by "saihemanth-cloudera (via GitHub)" <gi...@apache.org>.
saihemanth-cloudera commented on code in PR #4092:
URL: https://github.com/apache/hive/pull/4092#discussion_r1127445348
##########
ql/src/java/org/apache/hadoop/hive/ql/ddl/function/AbstractFunctionAnalyzer.java:
##########
@@ -66,11 +70,24 @@ protected void addEntities(String functionName, String className, boolean isTemp
}
if (database != null) {
outputs.add(new WriteEntity(database, WriteEntity.WriteType.DDL_NO_LOCK));
+ // Add the permanent function as a WriteEntity
+ Function function;
+ if (isCreate) {
Review Comment:
Ack
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] dengzhhu653 commented on a diff in pull request #4092: HIVE-27116: HS2 need to send owner info for UDFs in the HivePrivilege…
Posted by "dengzhhu653 (via GitHub)" <gi...@apache.org>.
dengzhhu653 commented on code in PR #4092:
URL: https://github.com/apache/hive/pull/4092#discussion_r1125883742
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java:
##########
@@ -83,17 +84,16 @@ static void doAuthorization(HiveOperation op, BaseSemanticAnalyzer sem, SessionS
ss.getAuthorizerV2().checkPrivileges(hiveOpType, inputsHObjs, outputHObjs, authzContextBuilder.build());
}
- private static void addPermanentFunctionEntities(SessionState ss, List<ReadEntity> inputList) throws HiveException {
+ private static void addPermanentFunctionEntities(SessionState ss, List<ReadEntity> inputList, BaseSemanticAnalyzer sem) throws HiveException {
for (Entry<String, FunctionInfo> function : ss.getCurrentFunctionsInUse().entrySet()) {
if (function.getValue().getFunctionType() != FunctionType.PERSISTENT) {
// Built-in function access is allowed to all users. If user can create a temp function, they may use it.
continue;
}
String[] qualifiedFunctionName = FunctionUtils.getQualifiedFunctionNameParts(function.getKey());
- // this is only for the purpose of authorization, only the name matters.
- Database db = new Database(qualifiedFunctionName[0], "", "", null);
- inputList.add(new ReadEntity(db, qualifiedFunctionName[1], function.getValue().getClassName(), Type.FUNCTION));
+ // For the purpose of authorization, we need to send full function object.
+ inputList.add(new ReadEntity(sem.getDb().getFunction(qualifiedFunctionName[0], qualifiedFunctionName[1])));
Review Comment:
Why we fetch the function here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] dengzhhu653 commented on a diff in pull request #4092: HIVE-27116: HS2 need to send owner info for UDFs in the HivePrivilege…
Posted by "dengzhhu653 (via GitHub)" <gi...@apache.org>.
dengzhhu653 commented on code in PR #4092:
URL: https://github.com/apache/hive/pull/4092#discussion_r1125883060
##########
ql/src/java/org/apache/hadoop/hive/ql/ddl/function/AbstractFunctionAnalyzer.java:
##########
@@ -66,11 +70,24 @@ protected void addEntities(String functionName, String className, boolean isTemp
}
if (database != null) {
outputs.add(new WriteEntity(database, WriteEntity.WriteType.DDL_NO_LOCK));
+ // Add the permanent function as a WriteEntity
+ Function function;
+ if (isCreate) {
+ function = new Function(functionName, database.getName(), className,
+ SessionState.getUserFromAuthenticator(), PrincipalType.USER,
+ (int) (System.currentTimeMillis() / 1000), FunctionType.JAVA, resources);
+ } else {
+ try {
+ function = db.getFunction(database.getName(), functionName);
Review Comment:
Why we fetch the function here, can we just create the function as the temporary function does?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] dengzhhu653 commented on a diff in pull request #4092: HIVE-27116: HS2 need to send owner info for UDFs in the HivePrivilege…
Posted by "dengzhhu653 (via GitHub)" <gi...@apache.org>.
dengzhhu653 commented on code in PR #4092:
URL: https://github.com/apache/hive/pull/4092#discussion_r1128911839
##########
ql/src/java/org/apache/hadoop/hive/ql/ddl/function/AbstractFunctionAnalyzer.java:
##########
@@ -66,11 +70,24 @@ protected void addEntities(String functionName, String className, boolean isTemp
}
if (database != null) {
outputs.add(new WriteEntity(database, WriteEntity.WriteType.DDL_NO_LOCK));
+ // Add the permanent function as a WriteEntity
+ Function function;
+ if (isCreate) {
+ function = new Function(functionName, database.getName(), className,
+ SessionState.getUserFromAuthenticator(), PrincipalType.USER,
+ (int) (System.currentTimeMillis() / 1000), FunctionType.JAVA, resources);
+ } else {
+ try {
+ function = db.getFunction(database.getName(), functionName);
Review Comment:
So the authorization policy will check the current user and the internal fields of Function(which including owner info), am I right?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] dengzhhu653 commented on a diff in pull request #4092: HIVE-27116: HS2 need to send owner info for UDFs in the HivePrivilege…
Posted by "dengzhhu653 (via GitHub)" <gi...@apache.org>.
dengzhhu653 commented on code in PR #4092:
URL: https://github.com/apache/hive/pull/4092#discussion_r1125882214
##########
ql/src/java/org/apache/hadoop/hive/ql/ddl/function/AbstractFunctionAnalyzer.java:
##########
@@ -66,11 +70,24 @@ protected void addEntities(String functionName, String className, boolean isTemp
}
if (database != null) {
outputs.add(new WriteEntity(database, WriteEntity.WriteType.DDL_NO_LOCK));
+ // Add the permanent function as a WriteEntity
+ Function function;
+ if (isCreate) {
Review Comment:
Can we use `queryState.getHiveOperation() == HiveOperation.CREATEFUNCTION` instead of passing an argument `isCreate`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] sonarcloud[bot] commented on pull request #4092: HIVE-27116: HS2 need to send owner info for UDFs in the HivePrivilege…
Posted by "sonarcloud[bot] (via GitHub)" <gi...@apache.org>.
sonarcloud[bot] commented on PR #4092:
URL: https://github.com/apache/hive/pull/4092#issuecomment-1453261896
Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=4092)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=4092&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=4092&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=4092&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=CODE_SMELL) [2 Code Smells](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=4092&metric=coverage&view=list) No Coverage information
[](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=4092&metric=duplicated_lines_density&view=list) No Duplication information
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] sonarcloud[bot] commented on pull request #4092: HIVE-27116: HS2 need to send owner info for UDFs in the HivePrivilege…
Posted by "sonarcloud[bot] (via GitHub)" <gi...@apache.org>.
sonarcloud[bot] commented on PR #4092:
URL: https://github.com/apache/hive/pull/4092#issuecomment-1454099756
Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=4092)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=4092&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=4092&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=4092&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=CODE_SMELL) [2 Code Smells](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=4092&metric=coverage&view=list) No Coverage information
[](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=4092&metric=duplicated_lines_density&view=list) No Duplication information
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] sonarcloud[bot] commented on pull request #4092: HIVE-27116: HS2 need to send owner info for UDFs in the HivePrivilege…
Posted by "sonarcloud[bot] (via GitHub)" <gi...@apache.org>.
sonarcloud[bot] commented on PR #4092:
URL: https://github.com/apache/hive/pull/4092#issuecomment-1458331474
Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=4092)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=4092&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=4092&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=4092&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=CODE_SMELL) [2 Code Smells](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=4092&metric=coverage&view=list) No Coverage information
[](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=4092&metric=duplicated_lines_density&view=list) No Duplication information
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] saihemanth-cloudera commented on a diff in pull request #4092: HIVE-27116: HS2 need to send owner info for UDFs in the HivePrivilege…
Posted by "saihemanth-cloudera (via GitHub)" <gi...@apache.org>.
saihemanth-cloudera commented on code in PR #4092:
URL: https://github.com/apache/hive/pull/4092#discussion_r1127446733
##########
ql/src/java/org/apache/hadoop/hive/ql/ddl/function/AbstractFunctionAnalyzer.java:
##########
@@ -66,11 +70,24 @@ protected void addEntities(String functionName, String className, boolean isTemp
}
if (database != null) {
outputs.add(new WriteEntity(database, WriteEntity.WriteType.DDL_NO_LOCK));
+ // Add the permanent function as a WriteEntity
+ Function function;
+ if (isCreate) {
+ function = new Function(functionName, database.getName(), className,
+ SessionState.getUserFromAuthenticator(), PrincipalType.USER,
+ (int) (System.currentTimeMillis() / 1000), FunctionType.JAVA, resources);
+ } else {
+ try {
+ function = db.getFunction(database.getName(), functionName);
Review Comment:
We need to fetch the function for desc or drop function queries, we need to know whether the current user has required permissions by looking at the function object.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] saihemanth-cloudera commented on a diff in pull request #4092: HIVE-27116: HS2 need to send owner info for UDFs in the HivePrivilege…
Posted by "saihemanth-cloudera (via GitHub)" <gi...@apache.org>.
saihemanth-cloudera commented on code in PR #4092:
URL: https://github.com/apache/hive/pull/4092#discussion_r1128964275
##########
ql/src/java/org/apache/hadoop/hive/ql/ddl/function/AbstractFunctionAnalyzer.java:
##########
@@ -66,11 +70,24 @@ protected void addEntities(String functionName, String className, boolean isTemp
}
if (database != null) {
outputs.add(new WriteEntity(database, WriteEntity.WriteType.DDL_NO_LOCK));
+ // Add the permanent function as a WriteEntity
+ Function function;
+ if (isCreate) {
+ function = new Function(functionName, database.getName(), className,
+ SessionState.getUserFromAuthenticator(), PrincipalType.USER,
+ (int) (System.currentTimeMillis() / 1000), FunctionType.JAVA, resources);
+ } else {
+ try {
+ function = db.getFunction(database.getName(), functionName);
Review Comment:
Yeah that's correct
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] sonarcloud[bot] commented on pull request #4092: HIVE-27116: HS2 need to send owner info for UDFs in the HivePrivilege…
Posted by "sonarcloud[bot] (via GitHub)" <gi...@apache.org>.
sonarcloud[bot] commented on PR #4092:
URL: https://github.com/apache/hive/pull/4092#issuecomment-1450690762
Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=4092)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=BUG) [2 Bugs](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=4092&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=4092&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=4092&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=CODE_SMELL) [3 Code Smells](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=4092&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=4092&metric=coverage&view=list) No Coverage information
[](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=4092&metric=duplicated_lines_density&view=list) No Duplication information
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] saihemanth-cloudera commented on a diff in pull request #4092: HIVE-27116: HS2 need to send owner info for UDFs in the HivePrivilege…
Posted by "saihemanth-cloudera (via GitHub)" <gi...@apache.org>.
saihemanth-cloudera commented on code in PR #4092:
URL: https://github.com/apache/hive/pull/4092#discussion_r1127451194
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java:
##########
@@ -83,17 +84,16 @@ static void doAuthorization(HiveOperation op, BaseSemanticAnalyzer sem, SessionS
ss.getAuthorizerV2().checkPrivileges(hiveOpType, inputsHObjs, outputHObjs, authzContextBuilder.build());
}
- private static void addPermanentFunctionEntities(SessionState ss, List<ReadEntity> inputList) throws HiveException {
+ private static void addPermanentFunctionEntities(SessionState ss, List<ReadEntity> inputList, BaseSemanticAnalyzer sem) throws HiveException {
for (Entry<String, FunctionInfo> function : ss.getCurrentFunctionsInUse().entrySet()) {
if (function.getValue().getFunctionType() != FunctionType.PERSISTENT) {
// Built-in function access is allowed to all users. If user can create a temp function, they may use it.
continue;
}
String[] qualifiedFunctionName = FunctionUtils.getQualifiedFunctionNameParts(function.getKey());
- // this is only for the purpose of authorization, only the name matters.
- Database db = new Database(qualifiedFunctionName[0], "", "", null);
- inputList.add(new ReadEntity(db, qualifiedFunctionName[1], function.getValue().getClassName(), Type.FUNCTION));
+ // For the purpose of authorization, we need to send full function object.
+ inputList.add(new ReadEntity(sem.getDb().getFunction(qualifiedFunctionName[0], qualifiedFunctionName[1])));
Review Comment:
I'll revert back on changes on this one. We don't need to fetch full-function objects for all the functions in the current session as it is a costly operation.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] dengzhhu653 merged pull request #4092: HIVE-27116: HS2 need to send owner info for UDFs in the HivePrivilege…
Posted by "dengzhhu653 (via GitHub)" <gi...@apache.org>.
dengzhhu653 merged PR #4092:
URL: https://github.com/apache/hive/pull/4092
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org