You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by xu...@apache.org on 2015/08/10 09:29:54 UTC
hive git commit: HIVE-11179: HIVE should allow custom converting from
HivePrivilegeObjectDesc to privilegeObject for different authorizers(Dapeng
Sun, Reviewed by Ferdinand Xu)
Repository: hive
Updated Branches:
refs/heads/branch-1.2 c4dc7b5f7 -> abb308617
HIVE-11179: HIVE should allow custom converting from HivePrivilegeObjectDesc to privilegeObject for different authorizers(Dapeng Sun, Reviewed by Ferdinand Xu)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/abb30861
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/abb30861
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/abb30861
Branch: refs/heads/branch-1.2
Commit: abb308617c70acbbe80e95012d6fa60427b642a0
Parents: c4dc7b5
Author: Ferdinand Xu <ch...@intel.com>
Authored: Wed Jul 8 00:57:35 2015 -0400
Committer: Ferdinand Xu <ch...@intel.com>
Committed: Mon Aug 10 03:25:34 2015 -0400
----------------------------------------------------------------------
.../org/apache/hadoop/hive/ql/exec/DDLTask.java | 10 ++++-----
.../authorization/plugin/HiveAuthorizer.java | 11 ++++++++++
.../plugin/HiveAuthorizerImpl.java | 22 ++++++++++++++++++++
.../authorization/plugin/HiveV1Authorizer.java | 20 ++++++++++++++++++
4 files changed, 58 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/abb30861/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
index 04c89ae..650e253 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
@@ -639,7 +639,7 @@ public class DDLTask extends Task<DDLWork> implements Serializable {
AuthorizationUtils.getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType()));
}
List<HivePrincipal> principals =
- AuthorizationUtils.getHivePrincipals(grantOrRevokeRoleDDL.getPrincipalDesc());
+ authorizer.getHivePrincipals(grantOrRevokeRoleDDL.getPrincipalDesc());
List<String> roles = grantOrRevokeRoleDDL.getRoles();
boolean grantOption = grantOrRevokeRoleDDL.isGrantOption();
@@ -657,7 +657,7 @@ public class DDLTask extends Task<DDLWork> implements Serializable {
try {
List<HivePrivilegeInfo> privInfos = authorizer.showPrivileges(
AuthorizationUtils.getHivePrincipal(showGrantDesc.getPrincipalDesc()),
- AuthorizationUtils.getHivePrivilegeObject(showGrantDesc.getHiveObj()));
+ authorizer.getHivePrivilegeObject(showGrantDesc.getHiveObj()));
boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST);
writeToFile(writeGrantInfo(privInfos, testMode), showGrantDesc.getResFile());
} catch (IOException e) {
@@ -674,9 +674,9 @@ public class DDLTask extends Task<DDLWork> implements Serializable {
HiveAuthorizer authorizer = getSessionAuthorizer();
//Convert to object types used by the authorization plugin interface
- List<HivePrincipal> hivePrincipals = AuthorizationUtils.getHivePrincipals(principals);
- List<HivePrivilege> hivePrivileges = AuthorizationUtils.getHivePrivileges(privileges);
- HivePrivilegeObject hivePrivObject = AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc);
+ List<HivePrincipal> hivePrincipals = authorizer.getHivePrincipals(principals);
+ List<HivePrivilege> hivePrivileges = authorizer.getHivePrivileges(privileges);
+ HivePrivilegeObject hivePrivObject = authorizer.getHivePrivilegeObject(privSubjectDesc);
HivePrincipal grantorPrincipal = new HivePrincipal(
grantor, AuthorizationUtils.getHivePrincipalType(grantorType));
http://git-wip-us.apache.org/repos/asf/hive/blob/abb30861/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
index 97d9aa9..512772b 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
@@ -22,6 +22,10 @@ import java.util.List;
import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate;
import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving;
import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.ql.metadata.HiveException;
+import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider;
/**
@@ -210,5 +214,12 @@ public interface HiveAuthorizer {
*/
public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException;
+ public List<HivePrincipal> getHivePrincipals(List<PrincipalDesc> principals)
+ throws HiveException;
+
+ public List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges);
+
+ public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc)
+ throws HiveException;
}
http://git-wip-us.apache.org/repos/asf/hive/blob/abb30861/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java
index c555fbf..76a80e0 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java
@@ -22,6 +22,11 @@ import java.util.List;
import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate;
import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving;
import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.ql.metadata.HiveException;
+import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
+import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
/**
* Convenience implementation of HiveAuthorizer.
@@ -134,4 +139,21 @@ public class HiveAuthorizerImpl implements HiveAuthorizer {
public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException {
accessController.applyAuthorizationConfigPolicy(hiveConf);
}
+
+ @Override
+ public List<HivePrincipal> getHivePrincipals(
+ List<PrincipalDesc> principals) throws HiveException {
+ return AuthorizationUtils.getHivePrincipals(principals);
+ }
+
+ @Override
+ public List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges) {
+ return AuthorizationUtils.getHivePrivileges(privileges);
+ }
+
+ @Override
+ public HivePrivilegeObject getHivePrivilegeObject(
+ PrivilegeObjectDesc privSubjectDesc) throws HiveException {
+ return AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc);
+ }
}
http://git-wip-us.apache.org/repos/asf/hive/blob/abb30861/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java
index 86de47c..c387800 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java
@@ -37,6 +37,9 @@ import org.apache.hadoop.hive.metastore.api.RolePrincipalGrant;
import org.apache.hadoop.hive.ql.metadata.Hive;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.metadata.Table;
+import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
import org.apache.hadoop.hive.ql.security.authorization.PrivilegeScope;
import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessController;
@@ -378,4 +381,21 @@ public class HiveV1Authorizer implements HiveAuthorizer {
// do no filtering in old authorizer
return listObjs;
}
+
+ @Override
+ public List<HivePrincipal> getHivePrincipals(
+ List<PrincipalDesc> principals) throws HiveException {
+ return AuthorizationUtils.getHivePrincipals(principals);
+ }
+
+ @Override
+ public List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges) {
+ return AuthorizationUtils.getHivePrivileges(privileges);
+ }
+
+ @Override
+ public HivePrivilegeObject getHivePrivilegeObject(
+ PrivilegeObjectDesc privSubjectDesc) throws HiveException {
+ return AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc);
+ }
}