You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by th...@apache.org on 2014/02/01 22:33:43 UTC
svn commit: r1563472 - in /hive/trunk/ql/src:
java/org/apache/hadoop/hive/ql/session/SessionState.java
test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java
Author: thejas
Date: Sat Feb 1 21:33:43 2014
New Revision: 1563472
URL: http://svn.apache.org/r1563472
Log:
HIVE-6334 : sql std auth - pass username from sessionstate to v2 authorization interface (Thejas Nair, reviewed by Ashutosh Chauhan)
Added:
hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java
Modified:
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java?rev=1563472&r1=1563471&r2=1563472&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java Sat Feb 1 21:33:43 2014
@@ -156,6 +156,9 @@ public class SessionState {
LineageState ls;
private PerfLogger perfLogger;
+
+ private final String userName;
+
/**
* Get the lineage state stored in this session.
*
@@ -205,7 +208,12 @@ public class SessionState {
}
public SessionState(HiveConf conf) {
+ this(conf, null);
+ }
+
+ public SessionState(HiveConf conf, String userName) {
this.conf = conf;
+ this.userName = userName;
isSilent = conf.getBoolVar(HiveConf.ConfVars.HIVESESSIONSILENT);
ls = new LineageState();
overriddenConfigurations = new HashMap<String, String>();
@@ -338,7 +346,7 @@ public class SessionState {
}
try {
- authenticator = HiveUtils.getAuthenticator(
+ authenticator = HiveUtils.getAuthenticator(
getConf(),HiveConf.ConfVars.HIVE_AUTHENTICATOR_MANAGER);
authorizer = HiveUtils.getAuthorizeProviderManager(
getConf(), HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER,
@@ -348,8 +356,9 @@ public class SessionState {
//if it was null, the new authorization plugin must be specified in config
HiveAuthorizerFactory authorizerFactory =
HiveUtils.getAuthorizerFactory(getConf(), HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER);
+ String authUser = userName == null ? authenticator.getUserName() : userName;
authorizerV2 = authorizerFactory.createHiveAuthorizer(new HiveMetastoreClientFactoryImpl(),
- getConf(), authenticator.getUserName());
+ getConf(), authUser);
}
else{
createTableGrants = CreateTableAutomaticGrant.create(getConf());
Added: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java?rev=1563472&view=auto
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java (added)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java Sat Feb 1 21:33:43 2014
@@ -0,0 +1,115 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.parse.authorization;
+
+import junit.framework.Assert;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.metastore.api.MetaException;
+import org.apache.hadoop.hive.ql.metadata.Hive;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerImpl;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
+import org.apache.hadoop.hive.ql.session.SessionState;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+
+public class TestSessionUserName {
+
+ @Before
+ public void setup() throws Exception {
+ //clear the username
+ HiveAuthorizerStoringUserNameFactory.username = null;
+ }
+
+ /**
+ * Test if the authorization factory gets the username provided by
+ * the authenticator, if SesstionState is created without username
+ * @throws Exception
+ */
+ @Test
+ public void testSessionDefaultUser() throws Exception {
+ SessionState ss = new SessionState(getAuthV2HiveConf());
+ setupDataNucleusFreeHive(ss.getConf());
+ SessionState.start(ss);
+
+ Assert.assertEquals("check username", ss.getAuthenticator().getUserName(),
+ HiveAuthorizerStoringUserNameFactory.username);
+ }
+
+ /**
+ * Test if the authorization factory gets the username set in the SessionState constructor
+ * @throws Exception
+ */
+ @Test
+ public void testSessionConstructorUser() throws Exception {
+ final String USER_NAME = "authtestuser";
+ SessionState ss = new SessionState(getAuthV2HiveConf(), USER_NAME);
+ setupDataNucleusFreeHive(ss.getConf());
+ SessionState.start(ss);
+ ss.getAuthenticator();
+
+ Assert.assertEquals("check username", USER_NAME,
+ HiveAuthorizerStoringUserNameFactory.username);
+ }
+
+ /**
+ * Get a mocked Hive object that does not create a real meta store client object
+ * This gets rid of the datanucleus initializtion which makes it easier
+ * to run test from IDEs
+ * @param hiveConf
+ * @throws MetaException
+ *
+ */
+ private void setupDataNucleusFreeHive(HiveConf hiveConf) throws MetaException {
+ Hive db = Mockito.mock(Hive.class);
+ Mockito.when(db.getMSC()).thenReturn(null);
+ Mockito.when(db.getConf()).thenReturn(hiveConf);
+ Hive.set(db);
+ }
+
+
+ /**
+ * @return HiveConf with authorization V2 enabled with a dummy authorization factory
+ * that captures the given user name
+ */
+ private HiveConf getAuthV2HiveConf() {
+ HiveConf conf = new HiveConf();
+ conf.setVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER,
+ HiveAuthorizerStoringUserNameFactory.class.getName());
+ return conf;
+ }
+
+ /**
+ * dummy hive authorizer that stores the user name
+ */
+ static class HiveAuthorizerStoringUserNameFactory implements HiveAuthorizerFactory{
+ static String username;
+
+ @Override
+ public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
+ HiveConf conf, String hiveCurrentUser) {
+ username = hiveCurrentUser;
+ return new HiveAuthorizerImpl(null, null);
+ }
+ }
+
+}