You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by th...@apache.org on 2014/02/01 22:33:43 UTC
svn commit: r1563472 - in /hive/trunk/ql/src: java/org/apache/hadoop/hive/ql/session/SessionState.java test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java

Author: thejas
Date: Sat Feb  1 21:33:43 2014
New Revision: 1563472

URL: http://svn.apache.org/r1563472
Log:
HIVE-6334 : sql std auth - pass username from sessionstate to v2 authorization interface (Thejas Nair, reviewed by Ashutosh Chauhan)

Added:
    hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java
Modified:
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java?rev=1563472&r1=1563471&r2=1563472&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java Sat Feb  1 21:33:43 2014
@@ -156,6 +156,9 @@ public class SessionState {
   LineageState ls;
 
   private PerfLogger perfLogger;
+
+  private final String userName;
+
   /**
    * Get the lineage state stored in this session.
    *
@@ -205,7 +208,12 @@ public class SessionState {
   }
 
   public SessionState(HiveConf conf) {
+    this(conf, null);
+  }
+
+  public SessionState(HiveConf conf, String userName) {
     this.conf = conf;
+    this.userName = userName;
     isSilent = conf.getBoolVar(HiveConf.ConfVars.HIVESESSIONSILENT);
     ls = new LineageState();
     overriddenConfigurations = new HashMap<String, String>();
@@ -338,7 +346,7 @@ public class SessionState {
     }
 
     try {
-        authenticator = HiveUtils.getAuthenticator(
+      authenticator = HiveUtils.getAuthenticator(
           getConf(),HiveConf.ConfVars.HIVE_AUTHENTICATOR_MANAGER);
       authorizer = HiveUtils.getAuthorizeProviderManager(
           getConf(), HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER,
@@ -348,8 +356,9 @@ public class SessionState {
         //if it was null, the new authorization plugin must be specified in config
         HiveAuthorizerFactory authorizerFactory =
             HiveUtils.getAuthorizerFactory(getConf(), HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER);
+        String authUser = userName == null ? authenticator.getUserName() : userName;
         authorizerV2 = authorizerFactory.createHiveAuthorizer(new HiveMetastoreClientFactoryImpl(),
-            getConf(), authenticator.getUserName());
+            getConf(), authUser);
       }
       else{
         createTableGrants = CreateTableAutomaticGrant.create(getConf());

Added: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java?rev=1563472&view=auto
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java (added)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java Sat Feb  1 21:33:43 2014
@@ -0,0 +1,115 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.parse.authorization;
+
+import junit.framework.Assert;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.metastore.api.MetaException;
+import org.apache.hadoop.hive.ql.metadata.Hive;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerImpl;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
+import org.apache.hadoop.hive.ql.session.SessionState;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+
+public class TestSessionUserName {
+
+  @Before
+  public void setup() throws Exception {
+    //clear the username
+    HiveAuthorizerStoringUserNameFactory.username = null;
+  }
+
+  /**
+   * Test if the authorization factory gets the username provided by
+   * the authenticator, if SesstionState is created without username
+   * @throws Exception
+   */
+  @Test
+  public void testSessionDefaultUser() throws Exception {
+    SessionState ss = new SessionState(getAuthV2HiveConf());
+    setupDataNucleusFreeHive(ss.getConf());
+    SessionState.start(ss);
+
+    Assert.assertEquals("check username", ss.getAuthenticator().getUserName(),
+        HiveAuthorizerStoringUserNameFactory.username);
+  }
+
+  /**
+   * Test if the authorization factory gets the username set in the SessionState constructor
+   * @throws Exception
+   */
+  @Test
+  public void testSessionConstructorUser() throws Exception {
+    final String USER_NAME = "authtestuser";
+    SessionState ss = new SessionState(getAuthV2HiveConf(), USER_NAME);
+    setupDataNucleusFreeHive(ss.getConf());
+    SessionState.start(ss);
+    ss.getAuthenticator();
+
+    Assert.assertEquals("check username", USER_NAME,
+        HiveAuthorizerStoringUserNameFactory.username);
+  }
+
+  /**
+   * Get a mocked Hive object that does not create a real meta store client object
+   * This gets rid of the datanucleus initializtion which makes it easier
+   * to run test from IDEs
+   * @param hiveConf
+   * @throws MetaException
+   *
+   */
+  private void setupDataNucleusFreeHive(HiveConf hiveConf) throws MetaException {
+    Hive db = Mockito.mock(Hive.class);
+    Mockito.when(db.getMSC()).thenReturn(null);
+    Mockito.when(db.getConf()).thenReturn(hiveConf);
+    Hive.set(db);
+  }
+
+
+  /**
+   * @return HiveConf with authorization V2 enabled with a dummy authorization factory
+   * that captures the given user name
+   */
+  private HiveConf getAuthV2HiveConf() {
+    HiveConf conf = new HiveConf();
+    conf.setVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER,
+        HiveAuthorizerStoringUserNameFactory.class.getName());
+    return conf;
+  }
+
+  /**
+   * dummy hive authorizer that stores the user name
+   */
+  static class HiveAuthorizerStoringUserNameFactory implements HiveAuthorizerFactory{
+    static String username;
+
+    @Override
+    public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
+        HiveConf conf, String hiveCurrentUser) {
+      username = hiveCurrentUser;
+      return new HiveAuthorizerImpl(null, null);
+    }
+  }
+
+}