You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by da...@apache.org on 2018/08/25 20:47:28 UTC
hive git commit: HIVE-20455: Log spew from
security.authorization.PrivilegeSynchonizer.run (Daniel Dai,
reviewed by Gopal V)
Repository: hive
Updated Branches:
refs/heads/master fa36381fa -> b627fa8fa
HIVE-20455: Log spew from security.authorization.PrivilegeSynchonizer.run (Daniel Dai, reviewed by Gopal V)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/b627fa8f
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/b627fa8f
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/b627fa8f
Branch: refs/heads/master
Commit: b627fa8fa5e0049101326dd796e9b7011fd75ec5
Parents: fa36381
Author: Daniel Dai <da...@gmail.com>
Authored: Sat Aug 25 13:46:45 2018 -0700
Committer: Daniel Dai <da...@gmail.com>
Committed: Sat Aug 25 13:46:45 2018 -0700
----------------------------------------------------------------------
.../authorization/PrivilegeSynchonizer.java | 225 ------------------
.../authorization/PrivilegeSynchronizer.java | 228 +++++++++++++++++++
.../apache/hive/service/server/HiveServer2.java | 22 +-
3 files changed, 239 insertions(+), 236 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/b627fa8f/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchonizer.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchonizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchonizer.java
deleted file mode 100644
index 61e3cec..0000000
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchonizer.java
+++ /dev/null
@@ -1,225 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.hive.ql.security.authorization;
-
-import java.util.Map;
-import java.util.concurrent.TimeUnit;
-
-import org.apache.curator.framework.recipes.leader.LeaderLatch;
-import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
-import org.apache.hadoop.hive.metastore.DefaultMetaStoreFilterHookImpl;
-import org.apache.hadoop.hive.metastore.IMetaStoreClient;
-import org.apache.hadoop.hive.metastore.api.FieldSchema;
-import org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege;
-import org.apache.hadoop.hive.metastore.api.HiveObjectRef;
-import org.apache.hadoop.hive.metastore.api.HiveObjectType;
-import org.apache.hadoop.hive.metastore.api.PrincipalType;
-import org.apache.hadoop.hive.metastore.api.PrivilegeBag;
-import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo;
-import org.apache.hadoop.hive.metastore.api.Table;
-import org.apache.hadoop.hive.metastore.api.MetaException;
-import org.apache.hadoop.hive.metastore.conf.MetastoreConf;
-import org.apache.hadoop.hive.ql.metadata.Hive;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePolicyProvider;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * PrivilegeSynchonizer defines a thread to synchronize privileges from
- * external authorizer to Hive metastore.
- */
-public class PrivilegeSynchonizer implements Runnable {
-
- private static final Logger LOG = LoggerFactory.getLogger(PrivilegeSynchonizer.class);
- public static final String GRANTOR = "ranger";
- private IMetaStoreClient hiveClient;
- private LeaderLatch privilegeSynchonizerLatch;
- private HiveConf hiveConf;
- private PolicyProviderContainer policyProviderContainer;
-
- public PrivilegeSynchonizer(LeaderLatch privilegeSynchonizerLatch,
- PolicyProviderContainer policyProviderContainer, HiveConf hiveConf) {
- this.hiveConf = new HiveConf(hiveConf);
- this.hiveConf.set(MetastoreConf.ConfVars.FILTER_HOOK.getVarname(), DefaultMetaStoreFilterHookImpl.class.getName());
- try {
- hiveClient = Hive.get(this.hiveConf).getMSC();
- } catch (Exception e) {
- throw new RuntimeException("Error creating HiveMetastoreClient", e);
- }
- this.privilegeSynchonizerLatch = privilegeSynchonizerLatch;
- this.policyProviderContainer = policyProviderContainer;
- this.hiveConf = hiveConf;
- }
-
- private void addACLsToBag(
- Map<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> principalAclsMap,
- PrivilegeBag privBag, HiveObjectType objectType, String dbName, String tblName, String columnName,
- PrincipalType principalType, String authorizer) {
-
- for (Map.Entry<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> principalAcls
- : principalAclsMap.entrySet()) {
- String principal = principalAcls.getKey();
- for (Map.Entry<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult> acl : principalAcls.getValue()
- .entrySet()) {
- if (acl.getValue() == HiveResourceACLs.AccessResult.ALLOWED) {
- switch (objectType) {
- case DATABASE:
- privBag.addToPrivileges(
- new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.DATABASE, dbName, null, null, null), principal,
- principalType, new PrivilegeGrantInfo(acl.getKey().toString(),
- (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false), authorizer));
- break;
- case TABLE:
- privBag.addToPrivileges(
- new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, dbName, tblName, null, null), principal,
- principalType, new PrivilegeGrantInfo(acl.getKey().toString(),
- (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false), authorizer));
- break;
- case COLUMN:
- privBag.addToPrivileges(
- new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.COLUMN, dbName, tblName, null, columnName),
- principal, principalType, new PrivilegeGrantInfo(acl.getKey().toString(),
- (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false), authorizer));
- break;
- default:
- throw new RuntimeException("Get unknown object type " + objectType);
- }
- }
- }
- }
- }
-
- private HiveObjectRef getObjToRefresh(HiveObjectType type, String dbName, String tblName) throws Exception {
- HiveObjectRef objToRefresh = null;
- switch (type) {
- case DATABASE:
- objToRefresh = new HiveObjectRef(HiveObjectType.DATABASE, dbName, null, null, null);
- break;
- case TABLE:
- objToRefresh = new HiveObjectRef(HiveObjectType.TABLE, dbName, tblName, null, null);
- break;
- case COLUMN:
- objToRefresh = new HiveObjectRef(HiveObjectType.COLUMN, dbName, tblName, null, null);
- break;
- default:
- throw new RuntimeException("Get unknown object type " + type);
- }
- return objToRefresh;
- }
-
- private void addGrantPrivilegesToBag(HivePolicyProvider policyProvider, PrivilegeBag privBag, HiveObjectType type,
- String dbName, String tblName, String columnName, String authorizer) throws Exception {
-
- HiveResourceACLs objectAcls = null;
-
- switch (type) {
- case DATABASE:
- objectAcls = policyProvider
- .getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.DATABASE, dbName, null));
- break;
-
- case TABLE:
- objectAcls = policyProvider
- .getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, dbName, tblName));
- break;
-
- case COLUMN:
- objectAcls = policyProvider
- .getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.COLUMN, dbName, tblName, null, columnName));
- break;
-
- default:
- throw new RuntimeException("Get unknown object type " + type);
- }
-
- if (objectAcls == null) {
- return;
- }
-
- addACLsToBag(objectAcls.getUserPermissions(), privBag, type, dbName, tblName, columnName,
- PrincipalType.USER, authorizer);
- addACLsToBag(objectAcls.getGroupPermissions(), privBag, type, dbName, tblName, columnName,
- PrincipalType.GROUP, authorizer);
- }
-
- @Override
- public void run() {
- while (true) {
- long interval = HiveConf.getTimeVar(hiveConf, ConfVars.HIVE_PRIVILEGE_SYNCHRONIZER_INTERVAL, TimeUnit.SECONDS);
- try {
- for (HivePolicyProvider policyProvider : policyProviderContainer) {
- LOG.info("Start synchronize privilege " + policyProvider.getClass().getName());
- String authorizer = policyProvider.getClass().getSimpleName();
- if (!privilegeSynchonizerLatch.await(interval, TimeUnit.SECONDS)) {
- LOG.info("Not selected as leader, skip");
- continue;
- }
- int numDb = 0, numTbl = 0;
- for (String dbName : hiveClient.getAllDatabases()) {
- numDb++;
- HiveObjectRef dbToRefresh = getObjToRefresh(HiveObjectType.DATABASE, dbName, null);
- PrivilegeBag grantDatabaseBag = new PrivilegeBag();
- addGrantPrivilegesToBag(policyProvider, grantDatabaseBag, HiveObjectType.DATABASE,
- dbName, null, null, authorizer);
- hiveClient.refresh_privileges(dbToRefresh, authorizer, grantDatabaseBag);
- LOG.debug("processing " + dbName);
-
- for (String tblName : hiveClient.getAllTables(dbName)) {
- numTbl++;
- LOG.debug("processing " + dbName + "." + tblName);
- HiveObjectRef tableToRefresh = getObjToRefresh(HiveObjectType.TABLE, dbName, tblName);
- PrivilegeBag grantTableBag = new PrivilegeBag();
- addGrantPrivilegesToBag(policyProvider, grantTableBag, HiveObjectType.TABLE,
- dbName, tblName, null, authorizer);
- hiveClient.refresh_privileges(tableToRefresh, authorizer, grantTableBag);
-
- HiveObjectRef tableOfColumnsToRefresh = getObjToRefresh(HiveObjectType.COLUMN, dbName, tblName);
- PrivilegeBag grantColumnBag = new PrivilegeBag();
- Table tbl = null;
- try {
- tbl = hiveClient.getTable(dbName, tblName);
- for (FieldSchema fs : tbl.getPartitionKeys()) {
- addGrantPrivilegesToBag(policyProvider, grantColumnBag, HiveObjectType.COLUMN,
- dbName, tblName, fs.getName(), authorizer);
- }
- for (FieldSchema fs : tbl.getSd().getCols()) {
- addGrantPrivilegesToBag(policyProvider, grantColumnBag, HiveObjectType.COLUMN,
- dbName, tblName, fs.getName(), authorizer);
- }
- hiveClient.refresh_privileges(tableOfColumnsToRefresh, authorizer, grantColumnBag);
- } catch (MetaException e) {
- LOG.debug("Unable to synchronize " + tblName + ":" + e.getMessage());
- }
- }
- }
- LOG.info("Success synchronize privilege " + policyProvider.getClass().getName() + ":" + numDb + " databases, "
- + numTbl + " tables");
- }
- // Wait if no exception happens, otherwise, retry immediately
- LOG.info("Wait for " + interval + " seconds");
- Thread.sleep(interval * 1000);
- } catch (Exception e) {
- LOG.error("Error initializing PrivilegeSynchronizer: " + e.getMessage(), e);
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/hive/blob/b627fa8f/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchronizer.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchronizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchronizer.java
new file mode 100644
index 0000000..c7a4843
--- /dev/null
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchronizer.java
@@ -0,0 +1,228 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.security.authorization;
+
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+import org.apache.curator.framework.recipes.leader.LeaderLatch;
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
+import org.apache.hadoop.hive.metastore.DefaultMetaStoreFilterHookImpl;
+import org.apache.hadoop.hive.metastore.IMetaStoreClient;
+import org.apache.hadoop.hive.metastore.api.FieldSchema;
+import org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege;
+import org.apache.hadoop.hive.metastore.api.HiveObjectRef;
+import org.apache.hadoop.hive.metastore.api.HiveObjectType;
+import org.apache.hadoop.hive.metastore.api.PrincipalType;
+import org.apache.hadoop.hive.metastore.api.PrivilegeBag;
+import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo;
+import org.apache.hadoop.hive.metastore.api.Table;
+import org.apache.hadoop.hive.metastore.api.MetaException;
+import org.apache.hadoop.hive.metastore.conf.MetastoreConf;
+import org.apache.hadoop.hive.ql.metadata.Hive;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePolicyProvider;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * PrivilegeSynchronizer defines a thread to synchronize privileges from
+ * external authorizer to Hive metastore.
+ */
+public class PrivilegeSynchronizer implements Runnable {
+
+ private static final Logger LOG = LoggerFactory.getLogger(PrivilegeSynchronizer.class);
+ public static final String GRANTOR = "ranger";
+ private IMetaStoreClient hiveClient;
+ private LeaderLatch privilegeSynchronizerLatch;
+ private HiveConf hiveConf;
+ private PolicyProviderContainer policyProviderContainer;
+
+ public PrivilegeSynchronizer(LeaderLatch privilegeSynchronizerLatch,
+ PolicyProviderContainer policyProviderContainer, HiveConf hiveConf) {
+ this.hiveConf = new HiveConf(hiveConf);
+ this.hiveConf.set(MetastoreConf.ConfVars.FILTER_HOOK.getVarname(), DefaultMetaStoreFilterHookImpl.class.getName());
+ try {
+ hiveClient = Hive.get(this.hiveConf).getMSC();
+ } catch (Exception e) {
+ throw new RuntimeException("Error creating HiveMetastoreClient", e);
+ }
+ this.privilegeSynchronizerLatch = privilegeSynchronizerLatch;
+ this.policyProviderContainer = policyProviderContainer;
+ this.hiveConf = hiveConf;
+ }
+
+ private void addACLsToBag(
+ Map<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> principalAclsMap,
+ PrivilegeBag privBag, HiveObjectType objectType, String dbName, String tblName, String columnName,
+ PrincipalType principalType, String authorizer) {
+
+ for (Map.Entry<String, Map<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult>> principalAcls
+ : principalAclsMap.entrySet()) {
+ String principal = principalAcls.getKey();
+ for (Map.Entry<HiveResourceACLs.Privilege, HiveResourceACLs.AccessResult> acl : principalAcls.getValue()
+ .entrySet()) {
+ if (acl.getValue() == HiveResourceACLs.AccessResult.ALLOWED) {
+ switch (objectType) {
+ case DATABASE:
+ privBag.addToPrivileges(
+ new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.DATABASE, dbName, null, null, null), principal,
+ principalType, new PrivilegeGrantInfo(acl.getKey().toString(),
+ (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false), authorizer));
+ break;
+ case TABLE:
+ privBag.addToPrivileges(
+ new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, dbName, tblName, null, null), principal,
+ principalType, new PrivilegeGrantInfo(acl.getKey().toString(),
+ (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false), authorizer));
+ break;
+ case COLUMN:
+ privBag.addToPrivileges(
+ new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.COLUMN, dbName, tblName, null, columnName),
+ principal, principalType, new PrivilegeGrantInfo(acl.getKey().toString(),
+ (int) (System.currentTimeMillis() / 1000), GRANTOR, PrincipalType.USER, false), authorizer));
+ break;
+ default:
+ throw new RuntimeException("Get unknown object type " + objectType);
+ }
+ }
+ }
+ }
+ }
+
+ private HiveObjectRef getObjToRefresh(HiveObjectType type, String dbName, String tblName) throws Exception {
+ HiveObjectRef objToRefresh = null;
+ switch (type) {
+ case DATABASE:
+ objToRefresh = new HiveObjectRef(HiveObjectType.DATABASE, dbName, null, null, null);
+ break;
+ case TABLE:
+ objToRefresh = new HiveObjectRef(HiveObjectType.TABLE, dbName, tblName, null, null);
+ break;
+ case COLUMN:
+ objToRefresh = new HiveObjectRef(HiveObjectType.COLUMN, dbName, tblName, null, null);
+ break;
+ default:
+ throw new RuntimeException("Get unknown object type " + type);
+ }
+ return objToRefresh;
+ }
+
+ private void addGrantPrivilegesToBag(HivePolicyProvider policyProvider, PrivilegeBag privBag, HiveObjectType type,
+ String dbName, String tblName, String columnName, String authorizer) throws Exception {
+
+ HiveResourceACLs objectAcls = null;
+
+ switch (type) {
+ case DATABASE:
+ objectAcls = policyProvider
+ .getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.DATABASE, dbName, null));
+ break;
+
+ case TABLE:
+ objectAcls = policyProvider
+ .getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, dbName, tblName));
+ break;
+
+ case COLUMN:
+ objectAcls = policyProvider
+ .getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.COLUMN, dbName, tblName, null, columnName));
+ break;
+
+ default:
+ throw new RuntimeException("Get unknown object type " + type);
+ }
+
+ if (objectAcls == null) {
+ return;
+ }
+
+ addACLsToBag(objectAcls.getUserPermissions(), privBag, type, dbName, tblName, columnName,
+ PrincipalType.USER, authorizer);
+ addACLsToBag(objectAcls.getGroupPermissions(), privBag, type, dbName, tblName, columnName,
+ PrincipalType.GROUP, authorizer);
+ }
+
+ @Override
+ public void run() {
+ while (true) {
+ long interval = HiveConf.getTimeVar(hiveConf, ConfVars.HIVE_PRIVILEGE_SYNCHRONIZER_INTERVAL, TimeUnit.SECONDS);
+ try {
+ for (HivePolicyProvider policyProvider : policyProviderContainer) {
+ LOG.info("Start synchronize privilege " + policyProvider.getClass().getName());
+ String authorizer = policyProvider.getClass().getSimpleName();
+ if (!privilegeSynchronizerLatch.await(interval, TimeUnit.SECONDS)) {
+ LOG.info("Not selected as leader, skip");
+ continue;
+ }
+ int numDb = 0, numTbl = 0;
+ for (String dbName : hiveClient.getAllDatabases()) {
+ numDb++;
+ HiveObjectRef dbToRefresh = getObjToRefresh(HiveObjectType.DATABASE, dbName, null);
+ PrivilegeBag grantDatabaseBag = new PrivilegeBag();
+ addGrantPrivilegesToBag(policyProvider, grantDatabaseBag, HiveObjectType.DATABASE,
+ dbName, null, null, authorizer);
+ hiveClient.refresh_privileges(dbToRefresh, authorizer, grantDatabaseBag);
+ LOG.debug("processing " + dbName);
+
+ for (String tblName : hiveClient.getAllTables(dbName)) {
+ numTbl++;
+ LOG.debug("processing " + dbName + "." + tblName);
+ HiveObjectRef tableToRefresh = getObjToRefresh(HiveObjectType.TABLE, dbName, tblName);
+ PrivilegeBag grantTableBag = new PrivilegeBag();
+ addGrantPrivilegesToBag(policyProvider, grantTableBag, HiveObjectType.TABLE,
+ dbName, tblName, null, authorizer);
+ hiveClient.refresh_privileges(tableToRefresh, authorizer, grantTableBag);
+
+ HiveObjectRef tableOfColumnsToRefresh = getObjToRefresh(HiveObjectType.COLUMN, dbName, tblName);
+ PrivilegeBag grantColumnBag = new PrivilegeBag();
+ Table tbl = null;
+ try {
+ tbl = hiveClient.getTable(dbName, tblName);
+ for (FieldSchema fs : tbl.getPartitionKeys()) {
+ addGrantPrivilegesToBag(policyProvider, grantColumnBag, HiveObjectType.COLUMN,
+ dbName, tblName, fs.getName(), authorizer);
+ }
+ for (FieldSchema fs : tbl.getSd().getCols()) {
+ addGrantPrivilegesToBag(policyProvider, grantColumnBag, HiveObjectType.COLUMN,
+ dbName, tblName, fs.getName(), authorizer);
+ }
+ hiveClient.refresh_privileges(tableOfColumnsToRefresh, authorizer, grantColumnBag);
+ } catch (MetaException e) {
+ LOG.debug("Unable to synchronize " + tblName + ":" + e.getMessage());
+ }
+ }
+ }
+ LOG.info("Success synchronize privilege " + policyProvider.getClass().getName() + ":" + numDb + " databases, "
+ + numTbl + " tables");
+ }
+ } catch (Exception e) {
+ LOG.error("Error initializing PrivilegeSynchronizer: " + e.getMessage(), e);
+ }
+ LOG.info("Wait for " + interval + " seconds");
+ try {
+ Thread.sleep(interval * 1000);
+ } catch (InterruptedException e) {
+ // do nothing
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/hive/blob/b627fa8f/service/src/java/org/apache/hive/service/server/HiveServer2.java
----------------------------------------------------------------------
diff --git a/service/src/java/org/apache/hive/service/server/HiveServer2.java b/service/src/java/org/apache/hive/service/server/HiveServer2.java
index 1f8dc6d..4335574 100644
--- a/service/src/java/org/apache/hive/service/server/HiveServer2.java
+++ b/service/src/java/org/apache/hive/service/server/HiveServer2.java
@@ -78,7 +78,7 @@ import org.apache.hadoop.hive.ql.metadata.events.NotificationEventPoll;
import org.apache.hadoop.hive.ql.plan.mapper.StatsSources;
import org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider;
import org.apache.hadoop.hive.ql.security.authorization.PolicyProviderContainer;
-import org.apache.hadoop.hive.ql.security.authorization.PrivilegeSynchonizer;
+import org.apache.hadoop.hive.ql.security.authorization.PrivilegeSynchronizer;
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
import org.apache.hadoop.hive.ql.session.ClearDanglingScratchDir;
import org.apache.hadoop.hive.ql.session.SessionState;
@@ -721,9 +721,9 @@ public class HiveServer2 extends CompositeService {
}
try {
- startPrivilegeSynchonizer(hiveConf);
+ startPrivilegeSynchronizer(hiveConf);
} catch (Exception e) {
- LOG.error("Error starting priviledge synchonizer: ", e);
+ LOG.error("Error starting priviledge synchronizer: ", e);
throw new ServiceException(e);
}
@@ -984,7 +984,7 @@ public class HiveServer2 extends CompositeService {
}
}
- public void startPrivilegeSynchonizer(HiveConf hiveConf) throws Exception {
+ public void startPrivilegeSynchronizer(HiveConf hiveConf) throws Exception {
if (!HiveConf.getBoolVar(hiveConf, ConfVars.HIVE_PRIVILEGE_SYNCHRONIZER)) {
return;
@@ -1012,15 +1012,15 @@ public class HiveServer2 extends CompositeService {
String rootNamespace = hiveConf.getVar(HiveConf.ConfVars.HIVE_SERVER2_ZOOKEEPER_NAMESPACE);
String path = ZooKeeperHiveHelper.ZOOKEEPER_PATH_SEPARATOR + rootNamespace
+ ZooKeeperHiveHelper.ZOOKEEPER_PATH_SEPARATOR + "leader";
- LeaderLatch privilegeSynchonizerLatch = new LeaderLatch(zKClientForPrivSync, path);
- privilegeSynchonizerLatch.start();
- LOG.info("Find " + policyContainer.size() + " policy to synchronize, start PrivilegeSynchonizer");
- Thread privilegeSynchonizerThread = new Thread(
- new PrivilegeSynchonizer(privilegeSynchonizerLatch, policyContainer, hiveConf), "PrivilegeSynchonizer");
- privilegeSynchonizerThread.start();
+ LeaderLatch privilegeSynchronizerLatch = new LeaderLatch(zKClientForPrivSync, path);
+ privilegeSynchronizerLatch.start();
+ LOG.info("Find " + policyContainer.size() + " policy to synchronize, start PrivilegeSynchronizer");
+ Thread privilegeSynchronizerThread = new Thread(
+ new PrivilegeSynchronizer(privilegeSynchronizerLatch, policyContainer, hiveConf), "PrivilegeSynchronizer");
+ privilegeSynchronizerThread.start();
} else {
LOG.warn(
- "No policy provider found, skip creating PrivilegeSynchonizer");
+ "No policy provider found, skip creating PrivilegeSynchronizer");
}
}