You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by ga...@apache.org on 2018/06/06 18:14:11 UTC
hive git commit: HIVE-19558 HiveAuthorizationProviderBase gets
catalog name from config rather than db object (Alan Gates reviewed by Daniel
Dai)
Repository: hive
Updated Branches:
refs/heads/master 9615f24b9 -> fa1ecaeee
HIVE-19558 HiveAuthorizationProviderBase gets catalog name from config rather than db object (Alan Gates reviewed by Daniel Dai)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/fa1ecaee
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/fa1ecaee
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/fa1ecaee
Branch: refs/heads/master
Commit: fa1ecaeee419f1b21b615baaf757811f152cf487
Parents: 9615f24
Author: Alan Gates <ga...@hortonworks.com>
Authored: Wed Jun 6 11:11:04 2018 -0700
Committer: Alan Gates <ga...@hortonworks.com>
Committed: Wed Jun 6 11:11:04 2018 -0700
----------------------------------------------------------------------
.../org/apache/hadoop/hive/ql/metadata/Hive.java | 17 +++++++++++++++++
.../org/apache/hadoop/hive/ql/metadata/Table.java | 4 ++++
.../BitSetCheckedAuthorizationProvider.java | 7 +++----
.../HiveAuthorizationProviderBase.java | 15 ++++++++++++---
.../StorageBasedAuthorizationProvider.java | 2 +-
5 files changed, 37 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/fa1ecaee/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java b/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java
index 3524294..2ec131e 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java
@@ -1626,6 +1626,23 @@ public class Hive {
}
/**
+ * Get the database by name.
+ * @param catName catalog name
+ * @param dbName the name of the database.
+ * @return a Database object if this database exists, null otherwise.
+ * @throws HiveException
+ */
+ public Database getDatabase(String catName, String dbName) throws HiveException {
+ try {
+ return getMSC().getDatabase(catName, dbName);
+ } catch (NoSuchObjectException e) {
+ return null;
+ } catch (Exception e) {
+ throw new HiveException(e);
+ }
+ }
+
+ /**
* Get the Database object for current database
* @return a Database object if this database exists, null otherwise.
* @throws HiveException
http://git-wip-us.apache.org/repos/asf/hive/blob/fa1ecaee/ql/src/java/org/apache/hadoop/hive/ql/metadata/Table.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/metadata/Table.java b/ql/src/java/org/apache/hadoop/hive/ql/metadata/Table.java
index ba16f84..f0061c0 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/metadata/Table.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/metadata/Table.java
@@ -685,6 +685,10 @@ public class Table implements Serializable {
tTable.setPartitionKeys(partCols);
}
+ public String getCatName() {
+ return tTable.getCatName();
+ }
+
public String getDbName() {
return tTable.getDbName();
}
http://git-wip-us.apache.org/repos/asf/hive/blob/fa1ecaee/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/BitSetCheckedAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/BitSetCheckedAuthorizationProvider.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/BitSetCheckedAuthorizationProvider.java
index 4e6e2b6..7c8affb 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/BitSetCheckedAuthorizationProvider.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/BitSetCheckedAuthorizationProvider.java
@@ -258,7 +258,7 @@ public abstract class BitSetCheckedAuthorizationProvider extends
Privilege[] inputRequiredPriv, Privilege[] outputRequiredPriv,
boolean[] inputCheck, boolean[] outputCheck) throws HiveException {
- if (authorizeUserAndDBPriv(hive_db.getDatabase(table.getDbName()),
+ if (authorizeUserAndDBPriv(hive_db.getDatabase(table.getCatName(), table.getDbName()),
inputRequiredPriv, outputRequiredPriv, inputCheck, outputCheck)) {
return true;
}
@@ -292,8 +292,8 @@ public abstract class BitSetCheckedAuthorizationProvider extends
boolean[] inputCheck, boolean[] outputCheck) throws HiveException {
if (authorizeUserAndDBPriv(
- hive_db.getDatabase(part.getTable().getDbName()), inputRequiredPriv,
- outputRequiredPriv, inputCheck, outputCheck)) {
+ hive_db.getDatabase(part.getTable().getCatName(), part.getTable().getDbName()),
+ inputRequiredPriv, outputRequiredPriv, inputCheck, outputCheck)) {
return true;
}
@@ -330,7 +330,6 @@ public abstract class BitSetCheckedAuthorizationProvider extends
/**
* try to match an array of privileges from user/groups/roles grants.
*
- * @param container
*/
private boolean matchPrivs(Privilege[] inputPriv,
PrincipalPrivilegeSet privileges, boolean[] check) {
http://git-wip-us.apache.org/repos/asf/hive/blob/fa1ecaee/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/HiveAuthorizationProviderBase.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/HiveAuthorizationProviderBase.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/HiveAuthorizationProviderBase.java
index d3e13a5..bd0d206 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/HiveAuthorizationProviderBase.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/HiveAuthorizationProviderBase.java
@@ -88,12 +88,21 @@ public abstract class HiveAuthorizationProviderBase implements
}
}
- public Database getDatabase(String dbName) throws HiveException {
+ /**
+ * Get the database object
+ * @param catName catalog name. If null, the default will be pulled from the conf. This
+ * means the caller does not have to check isCatNameSet()
+ * @param dbName database name.
+ * @return
+ * @throws HiveException
+ */
+ public Database getDatabase(String catName, String dbName) throws HiveException {
+ catName = catName == null ? MetaStoreUtils.getDefaultCatalog(conf) : catName;
if (!isRunFromMetaStore()) {
- return Hive.getWithFastCheck(conf).getDatabase(dbName);
+ return Hive.getWithFastCheck(conf).getDatabase(catName, dbName);
} else {
try {
- return handler.get_database_core(MetaStoreUtils.getDefaultCatalog(conf), dbName);
+ return handler.get_database_core(catName, dbName);
} catch (NoSuchObjectException e) {
throw new HiveException(e);
} catch (MetaException e) {
http://git-wip-us.apache.org/repos/asf/hive/blob/fa1ecaee/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java
index f074d39..de55044 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java
@@ -173,7 +173,7 @@ public class StorageBasedAuthorizationProvider extends HiveAuthorizationProvider
// the database directory
if (privExtractor.hasDropPrivilege || requireCreatePrivilege(readRequiredPriv)
|| requireCreatePrivilege(writeRequiredPriv)) {
- authorize(hive_db.getDatabase(table.getDbName()), new Privilege[] {},
+ authorize(hive_db.getDatabase(table.getCatName(), table.getDbName()), new Privilege[] {},
new Privilege[] { Privilege.ALTER_DATA });
}