You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by da...@apache.org on 2018/05/29 19:05:59 UTC
[5/7] hive git commit: HIVE-19440: Make StorageBasedAuthorizer work
with information schema (Daniel Dai, reviewed by Thejas Nair)
http://git-wip-us.apache.org/repos/asf/hive/blob/83afdb4d/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
index c1d25db..d8b8414 100644
--- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
+++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
@@ -814,7 +814,7 @@ public class HiveMetaStore extends ThriftHiveMetastore {
PrivilegeBag privs = new PrivilegeBag();
privs.addToPrivileges(new HiveObjectPrivilege( new HiveObjectRef(HiveObjectType.GLOBAL, null,
null, null, null), ADMIN, PrincipalType.ROLE, new PrivilegeGrantInfo("All", 0, ADMIN,
- PrincipalType.ROLE, true)));
+ PrincipalType.ROLE, true), "SQL"));
try {
ms.grantPrivileges(privs);
} catch (InvalidObjectException e) {
@@ -6226,14 +6226,14 @@ public class HiveMetaStore extends ThriftHiveMetastore {
}
@Override
- public GrantRevokePrivilegeResponse refresh_privileges(HiveObjectRef objToRefresh,
+ public GrantRevokePrivilegeResponse refresh_privileges(HiveObjectRef objToRefresh, String authorizer,
GrantRevokePrivilegeRequest grantRequest)
throws TException {
incrementCounter("refresh_privileges");
firePreEvent(new PreAuthorizationCallEvent(this));
GrantRevokePrivilegeResponse response = new GrantRevokePrivilegeResponse();
try {
- boolean result = getMS().refreshPrivileges(objToRefresh, grantRequest.getPrivileges());
+ boolean result = getMS().refreshPrivileges(objToRefresh, authorizer, grantRequest.getPrivileges());
response.setSuccess(result);
} catch (MetaException e) {
throw e;
http://git-wip-us.apache.org/repos/asf/hive/blob/83afdb4d/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
index 6af2aa5..fd7546e 100644
--- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
+++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
@@ -2288,7 +2288,7 @@ public class HiveMetaStoreClient implements IMetaStoreClient, AutoCloseable {
}
@Override
- public boolean refresh_privileges(HiveObjectRef objToRefresh,
+ public boolean refresh_privileges(HiveObjectRef objToRefresh, String authorizer,
PrivilegeBag grantPrivileges) throws MetaException,
TException {
String defaultCat = getDefaultCatalog(conf);
@@ -2305,7 +2305,7 @@ public class HiveMetaStoreClient implements IMetaStoreClient, AutoCloseable {
grantReq.setRequestType(GrantRevokeType.GRANT);
grantReq.setPrivileges(grantPrivileges);
- GrantRevokePrivilegeResponse res = client.refresh_privileges(objToRefresh, grantReq);
+ GrantRevokePrivilegeResponse res = client.refresh_privileges(objToRefresh, authorizer, grantReq);
if (!res.isSetSuccess()) {
throw new MetaException("GrantRevokePrivilegeResponse missing success field");
}
http://git-wip-us.apache.org/repos/asf/hive/blob/83afdb4d/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java
index 09f9bb1..7ba286a 100644
--- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java
+++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java
@@ -2567,12 +2567,13 @@ public interface IMetaStoreClient {
/**
* @param revokePrivileges
+ * @param authorizer
* @param objToRefresh
* @return true on success
* @throws MetaException
* @throws TException
*/
- boolean refresh_privileges(HiveObjectRef objToRefresh, PrivilegeBag grantPrivileges)
+ boolean refresh_privileges(HiveObjectRef objToRefresh, String authorizer, PrivilegeBag grantPrivileges)
throws MetaException, TException;
/**
http://git-wip-us.apache.org/repos/asf/hive/blob/83afdb4d/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java
index 13ccdb1..446fe7d 100644
--- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java
+++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java
@@ -1097,7 +1097,7 @@ public class ObjectStore implements RawStore, Configurable {
MDatabase db = getMDatabase(catName, dbname);
pm.retrieve(db);
if (db != null) {
- List<MDBPrivilege> dbGrants = this.listDatabaseGrants(catName, dbname, queryWrapper);
+ List<MDBPrivilege> dbGrants = this.listDatabaseGrants(catName, dbname, null, queryWrapper);
if (CollectionUtils.isNotEmpty(dbGrants)) {
pm.deletePersistentAll(dbGrants);
}
@@ -1314,13 +1314,13 @@ public class ObjectStore implements RawStore, Configurable {
int now = (int)(System.currentTimeMillis()/1000);
Map<String, List<PrivilegeGrantInfo>> userPrivs = principalPrivs.getUserPrivileges();
- putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, userPrivs, PrincipalType.USER);
+ putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, userPrivs, PrincipalType.USER, "SQL");
Map<String, List<PrivilegeGrantInfo>> groupPrivs = principalPrivs.getGroupPrivileges();
- putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, groupPrivs, PrincipalType.GROUP);
+ putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, groupPrivs, PrincipalType.GROUP, "SQL");
Map<String, List<PrivilegeGrantInfo>> rolePrivs = principalPrivs.getRolePrivileges();
- putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, rolePrivs, PrincipalType.ROLE);
+ putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, rolePrivs, PrincipalType.ROLE, "SQL");
}
pm.makePersistentAll(toPersistPrivObjs);
commited = commitTransaction();
@@ -1350,7 +1350,7 @@ public class ObjectStore implements RawStore, Configurable {
* @param type
*/
private void putPersistentPrivObjects(MTable mtbl, List<Object> toPersistPrivObjs,
- int now, Map<String, List<PrivilegeGrantInfo>> privMap, PrincipalType type) {
+ int now, Map<String, List<PrivilegeGrantInfo>> privMap, PrincipalType type, String authorizer) {
if (privMap != null) {
for (Map.Entry<String, List<PrivilegeGrantInfo>> entry : privMap
.entrySet()) {
@@ -1364,7 +1364,7 @@ public class ObjectStore implements RawStore, Configurable {
MTablePrivilege mTblSec = new MTablePrivilege(
principalName, type.toString(), mtbl, priv.getPrivilege(),
now, priv.getGrantor(), priv.getGrantorType().toString(), priv
- .isGrantOption());
+ .isGrantOption(), authorizer);
toPersistPrivObjs.add(mTblSec);
}
}
@@ -2242,7 +2242,8 @@ public class ObjectStore implements RawStore, Configurable {
for (MTablePrivilege tab: tabGrants) {
toPersist.add(new MPartitionPrivilege(tab.getPrincipalName(),
tab.getPrincipalType(), mpart, tab.getPrivilege(), now,
- tab.getGrantor(), tab.getGrantorType(), tab.getGrantOption()));
+ tab.getGrantor(), tab.getGrantorType(), tab.getGrantOption(),
+ tab.getAuthorizer()));
}
}
@@ -2250,7 +2251,8 @@ public class ObjectStore implements RawStore, Configurable {
for (MTableColumnPrivilege col : tabColumnGrants) {
toPersist.add(new MPartitionColumnPrivilege(col.getPrincipalName(),
col.getPrincipalType(), mpart, col.getColumnName(), col.getPrivilege(),
- now, col.getGrantor(), col.getGrantorType(), col.getGrantOption()));
+ now, col.getGrantor(), col.getGrantorType(), col.getGrantOption(),
+ col.getAuthorizer()));
}
}
}
@@ -2314,7 +2316,8 @@ public class ObjectStore implements RawStore, Configurable {
for (MTablePrivilege tab : tabGrants) {
pm.makePersistent(new MPartitionPrivilege(tab.getPrincipalName(),
tab.getPrincipalType(), mpart, tab.getPrivilege(), now,
- tab.getGrantor(), tab.getGrantorType(), tab.getGrantOption()));
+ tab.getGrantor(), tab.getGrantorType(), tab.getGrantOption(),
+ tab.getAuthorizer()));
}
}
@@ -2322,7 +2325,8 @@ public class ObjectStore implements RawStore, Configurable {
for (MTableColumnPrivilege col : tabColumnGrants) {
pm.makePersistent(new MPartitionColumnPrivilege(col.getPrincipalName(),
col.getPrincipalType(), mpart, col.getColumnName(), col.getPrivilege(),
- now, col.getGrantor(), col.getGrantorType(), col.getGrantOption()));
+ now, col.getGrantor(), col.getGrantorType(), col.getGrantOption(),
+ col.getAuthorizer()));
}
}
}
@@ -2363,7 +2367,7 @@ public class ObjectStore implements RawStore, Configurable {
MPartitionPrivilege partGrant = new MPartitionPrivilege(tab
.getPrincipalName(), tab.getPrincipalType(),
mpart, tab.getPrivilege(), now, tab.getGrantor(), tab
- .getGrantorType(), tab.getGrantOption());
+ .getGrantorType(), tab.getGrantOption(), tab.getAuthorizer());
toPersist.add(partGrant);
}
}
@@ -2373,7 +2377,7 @@ public class ObjectStore implements RawStore, Configurable {
MPartitionColumnPrivilege partColumn = new MPartitionColumnPrivilege(col
.getPrincipalName(), col.getPrincipalType(), mpart, col
.getColumnName(), col.getPrivilege(), now, col.getGrantor(), col
- .getGrantorType(), col.getGrantOption());
+ .getGrantorType(), col.getGrantOption(), col.getAuthorizer());
toPersist.add(partColumn);
}
@@ -5651,6 +5655,7 @@ public class ObjectStore implements RawStore, Configurable {
String privilegeStr = privDef.getGrantInfo().getPrivilege();
String[] privs = privilegeStr.split(",");
String userName = privDef.getPrincipalName();
+ String authorizer = privDef.getAuthorizer();
PrincipalType principalType = privDef.getPrincipalType();
String grantor = privDef.getGrantInfo().getGrantor();
String grantorType = privDef.getGrantInfo().getGrantorType().toString();
@@ -5665,7 +5670,7 @@ public class ObjectStore implements RawStore, Configurable {
getDefaultCatalog(conf);
if (hiveObject.getObjectType() == HiveObjectType.GLOBAL) {
List<MGlobalPrivilege> globalPrivs = this
- .listPrincipalMGlobalGrants(userName, principalType);
+ .listPrincipalMGlobalGrants(userName, principalType, authorizer);
if (globalPrivs != null) {
for (MGlobalPrivilege priv : globalPrivs) {
if (priv.getGrantor().equalsIgnoreCase(grantor)) {
@@ -5679,14 +5684,15 @@ public class ObjectStore implements RawStore, Configurable {
+ " is already granted by " + grantor);
}
MGlobalPrivilege mGlobalPrivs = new MGlobalPrivilege(userName,
- principalType.toString(), privilege, now, grantor, grantorType, grantOption);
+ principalType.toString(), privilege, now, grantor, grantorType, grantOption,
+ authorizer);
persistentObjs.add(mGlobalPrivs);
}
} else if (hiveObject.getObjectType() == HiveObjectType.DATABASE) {
MDatabase dbObj = getMDatabase(catName, hiveObject.getDbName());
if (dbObj != null) {
List<MDBPrivilege> dbPrivs = this.listPrincipalMDBGrants(
- userName, principalType, catName, hiveObject.getDbName());
+ userName, principalType, catName, hiveObject.getDbName(), authorizer);
if (dbPrivs != null) {
for (MDBPrivilege priv : dbPrivs) {
if (priv.getGrantor().equalsIgnoreCase(grantor)) {
@@ -5701,7 +5707,7 @@ public class ObjectStore implements RawStore, Configurable {
+ hiveObject.getDbName() + " by " + grantor);
}
MDBPrivilege mDb = new MDBPrivilege(userName, principalType
- .toString(), dbObj, privilege, now, grantor, grantorType, grantOption);
+ .toString(), dbObj, privilege, now, grantor, grantorType, grantOption, authorizer);
persistentObjs.add(mDb);
}
}
@@ -5711,7 +5717,7 @@ public class ObjectStore implements RawStore, Configurable {
if (tblObj != null) {
List<MTablePrivilege> tablePrivs = this
.listAllMTableGrants(userName, principalType,
- catName, hiveObject.getDbName(), hiveObject.getObjectName());
+ catName, hiveObject.getDbName(), hiveObject.getObjectName(), authorizer);
if (tablePrivs != null) {
for (MTablePrivilege priv : tablePrivs) {
if (priv.getGrantor() != null
@@ -5729,7 +5735,7 @@ public class ObjectStore implements RawStore, Configurable {
}
MTablePrivilege mTab = new MTablePrivilege(
userName, principalType.toString(), tblObj,
- privilege, now, grantor, grantorType, grantOption);
+ privilege, now, grantor, grantorType, grantOption, authorizer);
persistentObjs.add(mTab);
}
}
@@ -5742,7 +5748,7 @@ public class ObjectStore implements RawStore, Configurable {
List<MPartitionPrivilege> partPrivs = this
.listPrincipalMPartitionGrants(userName,
principalType, catName, hiveObject.getDbName(), hiveObject
- .getObjectName(), partObj.getPartitionName());
+ .getObjectName(), partObj.getPartitionName(), authorizer);
if (partPrivs != null) {
for (MPartitionPrivilege priv : partPrivs) {
if (priv.getGrantor().equalsIgnoreCase(grantor)) {
@@ -5760,7 +5766,7 @@ public class ObjectStore implements RawStore, Configurable {
}
MPartitionPrivilege mTab = new MPartitionPrivilege(userName,
principalType.toString(), partObj, privilege, now, grantor,
- grantorType, grantOption);
+ grantorType, grantOption, authorizer);
persistentObjs.add(mTab);
}
}
@@ -5779,7 +5785,7 @@ public class ObjectStore implements RawStore, Configurable {
colPrivs = this.listPrincipalMPartitionColumnGrants(
userName, principalType, catName, hiveObject.getDbName(), hiveObject
.getObjectName(), partObj.getPartitionName(),
- hiveObject.getColumnName());
+ hiveObject.getColumnName(), authorizer);
if (colPrivs != null) {
for (MPartitionColumnPrivilege priv : colPrivs) {
@@ -5800,7 +5806,7 @@ public class ObjectStore implements RawStore, Configurable {
MPartitionColumnPrivilege mCol = new MPartitionColumnPrivilege(userName,
principalType.toString(), partObj, hiveObject
.getColumnName(), privilege, now, grantor, grantorType,
- grantOption);
+ grantOption, authorizer);
persistentObjs.add(mCol);
}
@@ -5808,7 +5814,7 @@ public class ObjectStore implements RawStore, Configurable {
List<MTableColumnPrivilege> colPrivs = null;
colPrivs = this.listPrincipalMTableColumnGrants(
userName, principalType, catName, hiveObject.getDbName(), hiveObject
- .getObjectName(), hiveObject.getColumnName());
+ .getObjectName(), hiveObject.getColumnName(), authorizer);
if (colPrivs != null) {
for (MTableColumnPrivilege priv : colPrivs) {
@@ -5828,7 +5834,7 @@ public class ObjectStore implements RawStore, Configurable {
MTableColumnPrivilege mCol = new MTableColumnPrivilege(userName,
principalType.toString(), tblObj, hiveObject
.getColumnName(), privilege, now, grantor, grantorType,
- grantOption);
+ grantOption, authorizer);
persistentObjs.add(mCol);
}
}
@@ -6109,7 +6115,7 @@ public class ObjectStore implements RawStore, Configurable {
}
@Override
- public boolean refreshPrivileges(HiveObjectRef objToRefresh, PrivilegeBag grantPrivileges)
+ public boolean refreshPrivileges(HiveObjectRef objToRefresh, String authorizer, PrivilegeBag grantPrivileges)
throws InvalidObjectException, MetaException, NoSuchObjectException {
boolean committed = false;
try {
@@ -6124,15 +6130,15 @@ public class ObjectStore implements RawStore, Configurable {
getDefaultCatalog(conf);
switch (objToRefresh.getObjectType()) {
case DATABASE:
- grants = this.listDBGrantsAll(catName, objToRefresh.getDbName());
+ grants = this.listDBGrantsAll(catName, objToRefresh.getDbName(), authorizer);
break;
case TABLE:
- grants = listTableGrantsAll(catName, objToRefresh.getDbName(), objToRefresh.getObjectName());
+ grants = listTableGrantsAll(catName, objToRefresh.getDbName(), objToRefresh.getObjectName(), authorizer);
break;
case COLUMN:
Preconditions.checkArgument(objToRefresh.getColumnName()==null, "columnName must be null");
grants = convertTableCols(listTableAllColumnGrants(catName,
- objToRefresh.getDbName(), objToRefresh.getObjectName()));
+ objToRefresh.getDbName(), objToRefresh.getObjectName(), authorizer));
break;
default:
throw new MetaException("Unexpected object type " + objToRefresh.getObjectType());
@@ -6226,9 +6232,14 @@ public class ObjectStore implements RawStore, Configurable {
return rolePrinGrantList;
}
+ private List<MGlobalPrivilege> listPrincipalMGlobalGrants(String principalName,
+ PrincipalType principalType) {
+ return listPrincipalMGlobalGrants(principalName, principalType, null);
+ }
+
@SuppressWarnings("unchecked")
private List<MGlobalPrivilege> listPrincipalMGlobalGrants(String principalName,
- PrincipalType principalType) {
+ PrincipalType principalType, String authorizer) {
boolean commited = false;
Query query = null;
List<MGlobalPrivilege> userNameDbPriv = new ArrayList<>();
@@ -6236,10 +6247,18 @@ public class ObjectStore implements RawStore, Configurable {
List<MGlobalPrivilege> mPrivs = null;
openTransaction();
if (principalName != null) {
- query = pm.newQuery(MGlobalPrivilege.class, "principalName == t1 && principalType == t2 ");
- query.declareParameters("java.lang.String t1, java.lang.String t2");
- mPrivs = (List<MGlobalPrivilege>) query
- .executeWithArray(principalName, principalType.toString());
+ if (authorizer != null) {
+ query = pm.newQuery(MGlobalPrivilege.class, "principalName == t1 && principalType == t2 "
+ + "&& authorizer == t3");
+ query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3");
+ mPrivs = (List<MGlobalPrivilege>) query
+ .executeWithArray(principalName, principalType.toString(), authorizer);
+ } else {
+ query = pm.newQuery(MGlobalPrivilege.class, "principalName == t1 && principalType == t2 ");
+ query.declareParameters("java.lang.String t1, java.lang.String t2");
+ mPrivs = (List<MGlobalPrivilege>) query
+ .executeWithArray(principalName, principalType.toString());
+ }
pm.retrieveAll(mPrivs);
}
commited = commitTransaction();
@@ -6269,7 +6288,8 @@ public class ObjectStore implements RawStore, Configurable {
objectRef, sUsr.getPrincipalName(), principalType,
new PrivilegeGrantInfo(sUsr.getPrivilege(), sUsr
.getCreateTime(), sUsr.getGrantor(), PrincipalType
- .valueOf(sUsr.getGrantorType()), sUsr.getGrantOption()));
+ .valueOf(sUsr.getGrantorType()), sUsr.getGrantOption()),
+ sUsr.getAuthorizer());
result.add(secUser);
}
return result;
@@ -6295,20 +6315,26 @@ public class ObjectStore implements RawStore, Configurable {
List<HiveObjectPrivilege> result = new ArrayList<>();
for (MGlobalPrivilege priv : privs) {
String pname = priv.getPrincipalName();
+ String authorizer = priv.getAuthorizer();
PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType());
HiveObjectRef objectRef = new HiveObjectRef(HiveObjectType.GLOBAL, null, null, null, null);
PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(),
priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption());
- result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor));
+ result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor, authorizer));
}
return result;
}
- @SuppressWarnings("unchecked")
private List<MDBPrivilege> listPrincipalMDBGrants(String principalName,
PrincipalType principalType, String catName, String dbName) {
+ return listPrincipalMDBGrants(principalName, principalType, catName, dbName, null);
+ }
+
+ @SuppressWarnings("unchecked")
+ private List<MDBPrivilege> listPrincipalMDBGrants(String principalName,
+ PrincipalType principalType, String catName, String dbName, String authorizer) {
boolean success = false;
Query query = null;
List<MDBPrivilege> mSecurityDBList = new ArrayList<>();
@@ -6317,14 +6343,24 @@ public class ObjectStore implements RawStore, Configurable {
LOG.debug("Executing listPrincipalDBGrants");
openTransaction();
- query =
- pm.newQuery(MDBPrivilege.class,
- "principalName == t1 && principalType == t2 && database.name == t3 && database.catalogName == t4");
- query.declareParameters(
- "java.lang.String t1, java.lang.String t2, java.lang.String t3, java.lang.String t4");
- List<MDBPrivilege> mPrivs =
- (List<MDBPrivilege>) query.executeWithArray(principalName, principalType.toString(),
- dbName, catName);
+ List<MDBPrivilege> mPrivs;
+ if (authorizer != null) {
+ query = pm.newQuery(MDBPrivilege.class,
+ "principalName == t1 && principalType == t2 && database.name == t3 && " +
+ "database.catalogName == t4 && authorizer == t5");
+ query.declareParameters(
+ "java.lang.String t1, java.lang.String t2, java.lang.String t3, java.lang.String t4, "
+ + "java.lang.String t5");
+ mPrivs = (List<MDBPrivilege>) query.executeWithArray(principalName, principalType.toString(),
+ dbName, catName, authorizer);
+ } else {
+ query = pm.newQuery(MDBPrivilege.class,
+ "principalName == t1 && principalType == t2 && database.name == t3 && database.catalogName == t4");
+ query.declareParameters(
+ "java.lang.String t1, java.lang.String t2, java.lang.String t3, java.lang.String t4");
+ mPrivs = (List<MDBPrivilege>) query.executeWithArray(principalName, principalType.toString(),
+ dbName, catName);
+ }
pm.retrieveAll(mPrivs);
success = commitTransaction();
@@ -6354,7 +6390,7 @@ public class ObjectStore implements RawStore, Configurable {
sDB.getPrincipalName(), principalType,
new PrivilegeGrantInfo(sDB.getPrivilege(), sDB
.getCreateTime(), sDB.getGrantor(), PrincipalType
- .valueOf(sDB.getGrantorType()), sDB.getGrantOption()));
+ .valueOf(sDB.getGrantorType()), sDB.getGrantOption()), sDB.getAuthorizer());
result.add(secObj);
}
return result;
@@ -6373,9 +6409,13 @@ public class ObjectStore implements RawStore, Configurable {
@Override
public List<HiveObjectPrivilege> listDBGrantsAll(String catName, String dbName) {
+ return listDBGrantsAll(catName, dbName, null);
+ }
+
+ private List<HiveObjectPrivilege> listDBGrantsAll(String catName, String dbName, String authorizer) {
QueryWrapper queryWrapper = new QueryWrapper();
try {
- return convertDB(listDatabaseGrants(catName, dbName, queryWrapper));
+ return convertDB(listDatabaseGrants(catName, dbName, authorizer, queryWrapper));
} finally {
queryWrapper.close();
}
@@ -6385,6 +6425,7 @@ public class ObjectStore implements RawStore, Configurable {
List<HiveObjectPrivilege> result = new ArrayList<>();
for (MDBPrivilege priv : privs) {
String pname = priv.getPrincipalName();
+ String authorizer = priv.getAuthorizer();
PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType());
String database = priv.getDatabase().getName();
@@ -6394,7 +6435,7 @@ public class ObjectStore implements RawStore, Configurable {
PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(),
priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption());
- result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor));
+ result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor, authorizer));
}
return result;
}
@@ -6492,9 +6533,14 @@ public class ObjectStore implements RawStore, Configurable {
return mSecurityTabPartList;
}
- @SuppressWarnings("unchecked")
private List<MTableColumnPrivilege> listTableAllColumnGrants(
String catName, String dbName, String tableName) {
+ return listTableAllColumnGrants(catName, dbName, tableName, null);
+ }
+
+ @SuppressWarnings("unchecked")
+ private List<MTableColumnPrivilege> listTableAllColumnGrants(
+ String catName, String dbName, String tableName, String authorizer) {
boolean success = false;
Query query = null;
List<MTableColumnPrivilege> mTblColPrivilegeList = new ArrayList<>();
@@ -6505,12 +6551,21 @@ public class ObjectStore implements RawStore, Configurable {
LOG.debug("Executing listTableAllColumnGrants");
openTransaction();
- String queryStr = "table.tableName == t1 && table.database.name == t2 &&" +
- "table.database.catalogName == t3";
- query = pm.newQuery(MTableColumnPrivilege.class, queryStr);
- query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3");
- List<MTableColumnPrivilege> mPrivs =
- (List<MTableColumnPrivilege>) query.executeWithArray(tableName, dbName, catName);
+ List<MTableColumnPrivilege> mPrivs = null;
+ if (authorizer != null) {
+ String queryStr = "table.tableName == t1 && table.database.name == t2 &&" +
+ "table.database.catalogName == t3 && authorizer == t4";
+ query = pm.newQuery(MTableColumnPrivilege.class, queryStr);
+ query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, " +
+ "java.lang.String t4");
+ mPrivs = (List<MTableColumnPrivilege>) query.executeWithArray(tableName, dbName, catName, authorizer);
+ } else {
+ String queryStr = "table.tableName == t1 && table.database.name == t2 &&" +
+ "table.database.catalogName == t3";
+ query = pm.newQuery(MTableColumnPrivilege.class, queryStr);
+ query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3");
+ mPrivs = (List<MTableColumnPrivilege>) query.executeWithArray(tableName, dbName, catName);
+ }
pm.retrieveAll(mPrivs);
success = commitTransaction();
@@ -6592,7 +6647,8 @@ public class ObjectStore implements RawStore, Configurable {
}
@SuppressWarnings("unchecked")
- private List<MDBPrivilege> listDatabaseGrants(String catName, String dbName, QueryWrapper queryWrapper) {
+ private List<MDBPrivilege> listDatabaseGrants(String catName, String dbName,
+ String authorizer, QueryWrapper queryWrapper) {
dbName = normalizeIdentifier(dbName);
catName = normalizeIdentifier(catName);
boolean success = false;
@@ -6600,11 +6656,18 @@ public class ObjectStore implements RawStore, Configurable {
LOG.debug("Executing listDatabaseGrants");
openTransaction();
- Query query = queryWrapper.query = pm.newQuery(MDBPrivilege.class,
- "database.name == t1 && database.catalogName == t2");
- query.declareParameters("java.lang.String t1, java.lang.String t2");
- List<MDBPrivilege> mSecurityDBList =
- (List<MDBPrivilege>) query.executeWithArray(dbName, catName);
+ List<MDBPrivilege> mSecurityDBList = null;
+ if (authorizer != null) {
+ Query query = queryWrapper.query = pm.newQuery(MDBPrivilege.class,
+ "database.name == t1 && database.catalogName == t2 && authorizer == t3");
+ query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3");
+ mSecurityDBList = (List<MDBPrivilege>) query.executeWithArray(dbName, catName, authorizer);
+ } else {
+ Query query = queryWrapper.query = pm.newQuery(MDBPrivilege.class,
+ "database.name == t1 && database.catalogName == t2");
+ query.declareParameters("java.lang.String t1, java.lang.String t2");
+ mSecurityDBList = (List<MDBPrivilege>) query.executeWithArray(dbName, catName);
+ }
pm.retrieveAll(mSecurityDBList);
success = commitTransaction();
LOG.debug("Done retrieving all objects for listDatabaseGrants");
@@ -6683,10 +6746,16 @@ public class ObjectStore implements RawStore, Configurable {
return new ObjectPair<>(query, params);
}
- @SuppressWarnings("unchecked")
private List<MTablePrivilege> listAllMTableGrants(
String principalName, PrincipalType principalType, String catName, String dbName,
String tableName) {
+ return listAllMTableGrants(principalName, principalType, catName, dbName, tableName, null);
+ }
+
+ @SuppressWarnings("unchecked")
+ private List<MTablePrivilege> listAllMTableGrants(
+ String principalName, PrincipalType principalType, String catName, String dbName,
+ String tableName, String authorizer) {
tableName = normalizeIdentifier(tableName);
dbName = normalizeIdentifier(dbName);
catName = normalizeIdentifier(catName);
@@ -6696,16 +6765,24 @@ public class ObjectStore implements RawStore, Configurable {
try {
openTransaction();
LOG.debug("Executing listAllTableGrants");
- query =
- pm.newQuery(MTablePrivilege.class,
- "principalName == t1 && principalType == t2 && table.tableName == t3 &&" +
- "table.database.name == t4 && table.database.catalogName == t5");
- query
- .declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3," +
- "java.lang.String t4, java.lang.String t5");
- List<MTablePrivilege> mPrivs =
- (List<MTablePrivilege>) query.executeWithArray(principalName, principalType.toString(),
- tableName, dbName, catName);
+ List<MTablePrivilege> mPrivs;
+ if (authorizer != null) {
+ query = pm.newQuery(MTablePrivilege.class,
+ "principalName == t1 && principalType == t2 && table.tableName == t3 &&" +
+ "table.database.name == t4 && table.database.catalogName == t5 && authorizer == t6");
+ query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3," +
+ "java.lang.String t4, java.lang.String t5, java.lang.String t6");
+ mPrivs = (List<MTablePrivilege>) query.executeWithArray(principalName, principalType.toString(),
+ tableName, dbName, catName, authorizer);
+ } else {
+ query = pm.newQuery(MTablePrivilege.class,
+ "principalName == t1 && principalType == t2 && table.tableName == t3 &&" +
+ "table.database.name == t4 && table.database.catalogName == t5");
+ query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3," +
+ "java.lang.String t4, java.lang.String t5");
+ mPrivs = (List<MTablePrivilege>) query.executeWithArray(principalName, principalType.toString(),
+ tableName, dbName, catName);
+ }
pm.retrieveAll(mPrivs);
success = commitTransaction();
@@ -6739,16 +6816,22 @@ public class ObjectStore implements RawStore, Configurable {
sTbl.getPrincipalName(), principalType,
new PrivilegeGrantInfo(sTbl.getPrivilege(), sTbl.getCreateTime(), sTbl
.getGrantor(), PrincipalType.valueOf(sTbl
- .getGrantorType()), sTbl.getGrantOption()));
+ .getGrantorType()), sTbl.getGrantOption()), sTbl.getAuthorizer());
result.add(secObj);
}
return result;
}
- @SuppressWarnings("unchecked")
private List<MPartitionPrivilege> listPrincipalMPartitionGrants(
String principalName, PrincipalType principalType, String catName, String dbName,
String tableName, String partName) {
+ return listPrincipalMPartitionGrants(principalName, principalType, catName, dbName, tableName, partName, null);
+ }
+
+ @SuppressWarnings("unchecked")
+ private List<MPartitionPrivilege> listPrincipalMPartitionGrants(
+ String principalName, PrincipalType principalType, String catName, String dbName,
+ String tableName, String partName, String authorizer) {
boolean success = false;
Query query = null;
tableName = normalizeIdentifier(tableName);
@@ -6759,17 +6842,26 @@ public class ObjectStore implements RawStore, Configurable {
LOG.debug("Executing listPrincipalPartitionGrants");
openTransaction();
- query =
- pm.newQuery(MPartitionPrivilege.class,
- "principalName == t1 && principalType == t2 && partition.table.tableName == t3 "
- + "&& partition.table.database.name == t4 && partition.table.database.catalogName == t5"
- + "&& partition.partitionName == t6");
- query
- .declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, java.lang.String t4, "
- + "java.lang.String t5, java.lang.String t6");
- List<MPartitionPrivilege> mPrivs =
- (List<MPartitionPrivilege>) query.executeWithArray(principalName,
- principalType.toString(), tableName, dbName, catName, partName);
+ List<MPartitionPrivilege> mPrivs;
+ if (authorizer != null) {
+ query = pm.newQuery(MPartitionPrivilege.class,
+ "principalName == t1 && principalType == t2 && partition.table.tableName == t3 "
+ + "&& partition.table.database.name == t4 && partition.table.database.catalogName == t5"
+ + "&& partition.partitionName == t6 && authorizer == t7");
+ query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, java.lang.String t4, "
+ + "java.lang.String t5, java.lang.String t6, java.lang.String t7");
+ mPrivs = (List<MPartitionPrivilege>) query.executeWithArray(principalName,
+ principalType.toString(), tableName, dbName, catName, partName, authorizer);
+ } else {
+ query = pm.newQuery(MPartitionPrivilege.class,
+ "principalName == t1 && principalType == t2 && partition.table.tableName == t3 "
+ + "&& partition.table.database.name == t4 && partition.table.database.catalogName == t5"
+ + "&& partition.partitionName == t6");
+ query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, java.lang.String t4, "
+ + "java.lang.String t5, java.lang.String t6");
+ mPrivs = (List<MPartitionPrivilege>) query.executeWithArray(principalName,
+ principalType.toString(), tableName, dbName, catName, partName);
+ }
pm.retrieveAll(mPrivs);
success = commitTransaction();
@@ -6806,17 +6898,24 @@ public class ObjectStore implements RawStore, Configurable {
new PrivilegeGrantInfo(sPart.getPrivilege(), sPart
.getCreateTime(), sPart.getGrantor(), PrincipalType
.valueOf(sPart.getGrantorType()), sPart
- .getGrantOption()));
+ .getGrantOption()), sPart.getAuthorizer());
result.add(secObj);
}
return result;
}
- @SuppressWarnings("unchecked")
private List<MTableColumnPrivilege> listPrincipalMTableColumnGrants(
String principalName, PrincipalType principalType, String catName, String dbName,
String tableName, String columnName) {
+ return listPrincipalMTableColumnGrants(principalName, principalType, catName, dbName, tableName,
+ columnName, null);
+ }
+
+ @SuppressWarnings("unchecked")
+ private List<MTableColumnPrivilege> listPrincipalMTableColumnGrants(
+ String principalName, PrincipalType principalType, String catName, String dbName,
+ String tableName, String columnName, String authorizer) {
boolean success = false;
Query query = null;
tableName = normalizeIdentifier(tableName);
@@ -6827,16 +6926,28 @@ public class ObjectStore implements RawStore, Configurable {
LOG.debug("Executing listPrincipalTableColumnGrants");
openTransaction();
- String queryStr =
- "principalName == t1 && principalType == t2 && "
- + "table.tableName == t3 && table.database.name == t4 && " +
- "table.database.catalogName == t5 && columnName == t6 ";
- query = pm.newQuery(MTableColumnPrivilege.class, queryStr);
- query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, "
- + "java.lang.String t4, java.lang.String t5, java.lang.String t6");
- List<MTableColumnPrivilege> mPrivs =
- (List<MTableColumnPrivilege>) query.executeWithArray(principalName,
- principalType.toString(), tableName, dbName, catName, columnName);
+ List<MTableColumnPrivilege> mPrivs;
+ if (authorizer != null) {
+ String queryStr =
+ "principalName == t1 && principalType == t2 && "
+ + "table.tableName == t3 && table.database.name == t4 && " +
+ "table.database.catalogName == t5 && columnName == t6 && authorizer == t7";
+ query = pm.newQuery(MTableColumnPrivilege.class, queryStr);
+ query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, "
+ + "java.lang.String t4, java.lang.String t5, java.lang.String t6, java.lang.String t7");
+ mPrivs = (List<MTableColumnPrivilege>) query.executeWithArray(principalName,
+ principalType.toString(), tableName, dbName, catName, columnName, authorizer);
+ } else {
+ String queryStr =
+ "principalName == t1 && principalType == t2 && "
+ + "table.tableName == t3 && table.database.name == t4 && " +
+ "table.database.catalogName == t5 && columnName == t6 ";
+ query = pm.newQuery(MTableColumnPrivilege.class, queryStr);
+ query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, "
+ + "java.lang.String t4, java.lang.String t5, java.lang.String t6");
+ mPrivs = (List<MTableColumnPrivilege>) query.executeWithArray(principalName,
+ principalType.toString(), tableName, dbName, catName, columnName);
+ }
pm.retrieveAll(mPrivs);
success = commitTransaction();
@@ -6872,16 +6983,23 @@ public class ObjectStore implements RawStore, Configurable {
new PrivilegeGrantInfo(sCol.getPrivilege(), sCol
.getCreateTime(), sCol.getGrantor(), PrincipalType
.valueOf(sCol.getGrantorType()), sCol
- .getGrantOption()));
+ .getGrantOption()), sCol.getAuthorizer());
result.add(secObj);
}
return result;
}
- @SuppressWarnings("unchecked")
private List<MPartitionColumnPrivilege> listPrincipalMPartitionColumnGrants(
String principalName, PrincipalType principalType, String catName, String dbName,
String tableName, String partitionName, String columnName) {
+ return listPrincipalMPartitionColumnGrants(principalName, principalType, catName, dbName,
+ tableName, partitionName, columnName, null);
+ }
+
+ @SuppressWarnings("unchecked")
+ private List<MPartitionColumnPrivilege> listPrincipalMPartitionColumnGrants(
+ String principalName, PrincipalType principalType, String catName, String dbName,
+ String tableName, String partitionName, String columnName, String authorizer) {
boolean success = false;
Query query = null;
tableName = normalizeIdentifier(tableName);
@@ -6893,16 +7011,29 @@ public class ObjectStore implements RawStore, Configurable {
LOG.debug("Executing listPrincipalPartitionColumnGrants");
openTransaction();
- query = pm.newQuery(
- MPartitionColumnPrivilege.class,
- "principalName == t1 && principalType == t2 && partition.table.tableName == t3 "
- + "&& partition.table.database.name == t4 && partition.table.database.catalogName == t5" +
- " && partition.partitionName == t6 && columnName == t7");
- query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, "
- + "java.lang.String t4, java.lang.String t5, java.lang.String t6, java.lang.String t7");
- List<MPartitionColumnPrivilege> mPrivs =
- (List<MPartitionColumnPrivilege>) query.executeWithArray(principalName,
- principalType.toString(), tableName, dbName, catName, partitionName, columnName);
+ List<MPartitionColumnPrivilege> mPrivs;
+ if (authorizer != null) {
+ query = pm.newQuery(
+ MPartitionColumnPrivilege.class,
+ "principalName == t1 && principalType == t2 && partition.table.tableName == t3 "
+ + "&& partition.table.database.name == t4 && partition.table.database.catalogName == t5" +
+ " && partition.partitionName == t6 && columnName == t7 && authorizer == t8");
+ query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, "
+ + "java.lang.String t4, java.lang.String t5, java.lang.String t6, java.lang.String t7, "
+ + "java.lang.String t8");
+ mPrivs = (List<MPartitionColumnPrivilege>) query.executeWithArray(principalName,
+ principalType.toString(), tableName, dbName, catName, partitionName, columnName, authorizer);
+ } else {
+ query = pm.newQuery(
+ MPartitionColumnPrivilege.class,
+ "principalName == t1 && principalType == t2 && partition.table.tableName == t3 "
+ + "&& partition.table.database.name == t4 && partition.table.database.catalogName == t5" +
+ " && partition.partitionName == t6 && columnName == t7");
+ query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, "
+ + "java.lang.String t4, java.lang.String t5, java.lang.String t6, java.lang.String t7");
+ mPrivs = (List<MPartitionColumnPrivilege>) query.executeWithArray(principalName,
+ principalType.toString(), tableName, dbName, catName, partitionName, columnName);
+ }
pm.retrieveAll(mPrivs);
success = commitTransaction();
@@ -6940,7 +7071,7 @@ public class ObjectStore implements RawStore, Configurable {
sCol.getPrincipalName(), principalType,
new PrivilegeGrantInfo(sCol.getPrivilege(), sCol
.getCreateTime(), sCol.getGrantor(), PrincipalType
- .valueOf(sCol.getGrantorType()), sCol.getGrantOption()));
+ .valueOf(sCol.getGrantorType()), sCol.getGrantOption()), sCol.getAuthorizer());
result.add(secObj);
}
return result;
@@ -7011,6 +7142,7 @@ public class ObjectStore implements RawStore, Configurable {
List<HiveObjectPrivilege> result = new ArrayList<>();
for (MPartitionColumnPrivilege priv : privs) {
String pname = priv.getPrincipalName();
+ String authorizer = priv.getAuthorizer();
PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType());
MPartition mpartition = priv.getPartition();
@@ -7023,7 +7155,7 @@ public class ObjectStore implements RawStore, Configurable {
PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(),
priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption());
- result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor));
+ result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor, authorizer));
}
return result;
}
@@ -7085,6 +7217,11 @@ public class ObjectStore implements RawStore, Configurable {
@Override
public List<HiveObjectPrivilege> listTableGrantsAll(String catName, String dbName, String tableName) {
+ return listTableGrantsAll(catName, dbName, tableName, null);
+ }
+
+ private List<HiveObjectPrivilege> listTableGrantsAll(String catName, String dbName, String tableName,
+ String authorizer) {
boolean success = false;
Query query = null;
dbName = normalizeIdentifier(dbName);
@@ -7092,12 +7229,20 @@ public class ObjectStore implements RawStore, Configurable {
try {
openTransaction();
LOG.debug("Executing listTableGrantsAll");
- query =
- pm.newQuery(MTablePrivilege.class,
- "table.tableName == t1 && table.database.name == t2 && table.database.catalogName == t3");
- query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3");
- List<MTablePrivilege> mSecurityTabPartList =
- (List<MTablePrivilege>) query.executeWithArray(tableName, dbName, catName);
+ List<MTablePrivilege> mSecurityTabPartList = null;
+ if (authorizer != null) {
+ query = pm.newQuery(MTablePrivilege.class,
+ "table.tableName == t1 && table.database.name == t2 && table.database.catalogName == t3" +
+ " && authorizer == t4");
+ query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, " +
+ "java.lang.String t4");
+ mSecurityTabPartList = (List<MTablePrivilege>) query.executeWithArray(tableName, dbName, catName, authorizer);
+ } else {
+ query = pm.newQuery(MTablePrivilege.class,
+ "table.tableName == t1 && table.database.name == t2 && table.database.catalogName == t3");
+ query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3");
+ mSecurityTabPartList = (List<MTablePrivilege>) query.executeWithArray(tableName, dbName, catName);
+ }
LOG.debug("Done executing query for listTableGrantsAll");
pm.retrieveAll(mSecurityTabPartList);
List<HiveObjectPrivilege> result = convertTable(mSecurityTabPartList);
@@ -7113,6 +7258,7 @@ public class ObjectStore implements RawStore, Configurable {
List<HiveObjectPrivilege> result = new ArrayList<>();
for (MTablePrivilege priv : privs) {
String pname = priv.getPrincipalName();
+ String authorizer = priv.getAuthorizer();
PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType());
String table = priv.getTable().getTableName();
@@ -7124,7 +7270,7 @@ public class ObjectStore implements RawStore, Configurable {
PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(),
priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption());
- result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor));
+ result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor, authorizer));
}
return result;
}
@@ -7213,6 +7359,7 @@ public class ObjectStore implements RawStore, Configurable {
List<HiveObjectPrivilege> result = new ArrayList<>();
for (MPartitionPrivilege priv : privs) {
String pname = priv.getPrincipalName();
+ String authorizer = priv.getAuthorizer();
PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType());
MPartition mpartition = priv.getPartition();
@@ -7225,7 +7372,7 @@ public class ObjectStore implements RawStore, Configurable {
PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(),
priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption());
- result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor));
+ result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor, authorizer));
}
return result;
}
@@ -7322,6 +7469,7 @@ public class ObjectStore implements RawStore, Configurable {
List<HiveObjectPrivilege> result = new ArrayList<>();
for (MTableColumnPrivilege priv : privs) {
String pname = priv.getPrincipalName();
+ String authorizer = priv.getAuthorizer();
PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType());
MTable mtable = priv.getTable();
@@ -7333,7 +7481,7 @@ public class ObjectStore implements RawStore, Configurable {
PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(),
priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption());
- result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor));
+ result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor, authorizer));
}
return result;
}
http://git-wip-us.apache.org/repos/asf/hive/blob/83afdb4d/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/RawStore.java
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/RawStore.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/RawStore.java
index ce7d286..283798c 100644
--- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/RawStore.java
+++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/RawStore.java
@@ -754,7 +754,7 @@ public interface RawStore extends Configurable {
boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption)
throws InvalidObjectException, MetaException, NoSuchObjectException;
- boolean refreshPrivileges(HiveObjectRef objToRefresh, PrivilegeBag grantPrivileges)
+ boolean refreshPrivileges(HiveObjectRef objToRefresh, String authorizer, PrivilegeBag grantPrivileges)
throws InvalidObjectException, MetaException, NoSuchObjectException;
org.apache.hadoop.hive.metastore.api.Role getRole(
http://git-wip-us.apache.org/repos/asf/hive/blob/83afdb4d/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/cache/CachedStore.java
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/cache/CachedStore.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/cache/CachedStore.java
index b223920..9da8d72 100644
--- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/cache/CachedStore.java
+++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/cache/CachedStore.java
@@ -1452,9 +1452,9 @@ public class CachedStore implements RawStore, Configurable {
}
@Override
- public boolean refreshPrivileges(HiveObjectRef objToRefresh, PrivilegeBag grantPrivileges)
+ public boolean refreshPrivileges(HiveObjectRef objToRefresh, String authorizer, PrivilegeBag grantPrivileges)
throws InvalidObjectException, MetaException, NoSuchObjectException {
- return rawStore.refreshPrivileges(objToRefresh, grantPrivileges);
+ return rawStore.refreshPrivileges(objToRefresh, authorizer, grantPrivileges);
}
@Override
http://git-wip-us.apache.org/repos/asf/hive/blob/83afdb4d/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/client/builder/HiveObjectPrivilegeBuilder.java
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/client/builder/HiveObjectPrivilegeBuilder.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/client/builder/HiveObjectPrivilegeBuilder.java
index d802e1a..ed32f1c 100644
--- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/client/builder/HiveObjectPrivilegeBuilder.java
+++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/client/builder/HiveObjectPrivilegeBuilder.java
@@ -31,6 +31,7 @@ public class HiveObjectPrivilegeBuilder {
private String principleName;
private PrincipalType principalType;
private PrivilegeGrantInfo grantInfo;
+ private String authorizer;
public HiveObjectPrivilegeBuilder setHiveObjectRef(HiveObjectRef hiveObjectRef) {
this.hiveObjectRef = hiveObjectRef;
@@ -52,12 +53,17 @@ public class HiveObjectPrivilegeBuilder {
return this;
}
+ public HiveObjectPrivilegeBuilder setAuthorizer(String authorizer) {
+ this.authorizer = authorizer;
+ return this;
+ }
+
public HiveObjectPrivilege build() throws MetaException {
if (hiveObjectRef == null || principleName == null || principalType == null ||
grantInfo == null) {
throw new MetaException("hive object reference, principle name and type, and grant info " +
"must all be provided");
}
- return new HiveObjectPrivilege(hiveObjectRef, principleName, principalType, grantInfo);
+ return new HiveObjectPrivilege(hiveObjectRef, principleName, principalType, grantInfo, authorizer);
}
}
http://git-wip-us.apache.org/repos/asf/hive/blob/83afdb4d/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MDBPrivilege.java
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MDBPrivilege.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MDBPrivilege.java
index 3d8fa21..5f51692 100644
--- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MDBPrivilege.java
+++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MDBPrivilege.java
@@ -36,12 +36,14 @@ public class MDBPrivilege {
private boolean grantOption;
+ private String authorizer;
+
public MDBPrivilege() {
}
public MDBPrivilege(String principalName, String principalType,
MDatabase database, String dbPrivileges, int createTime, String grantor,
- String grantorType, boolean grantOption) {
+ String grantorType, boolean grantOption, String authorizer) {
super();
this.principalName = principalName;
this.principalType = principalType;
@@ -51,6 +53,7 @@ public class MDBPrivilege {
this.grantorType = grantorType;
this.grantOption = grantOption;
this.grantor = grantor;
+ this.authorizer = authorizer;
}
/**
@@ -129,4 +132,11 @@ public class MDBPrivilege {
this.principalType = principalType;
}
+ public String getAuthorizer() {
+ return authorizer;
+ }
+
+ public void setAuthorizer(String authorizer) {
+ this.authorizer = authorizer;
+ }
}
http://git-wip-us.apache.org/repos/asf/hive/blob/83afdb4d/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MGlobalPrivilege.java
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MGlobalPrivilege.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MGlobalPrivilege.java
index 5b496e0..a6ce541 100644
--- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MGlobalPrivilege.java
+++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MGlobalPrivilege.java
@@ -38,13 +38,15 @@ public class MGlobalPrivilege {
private boolean grantOption;
+ private String authorizer;
+
public MGlobalPrivilege() {
super();
}
public MGlobalPrivilege(String userName, String principalType,
String dbPrivilege, int createTime, String grantor, String grantorType,
- boolean grantOption) {
+ boolean grantOption, String authorizer) {
super();
this.principalName = userName;
this.principalType = principalType;
@@ -53,6 +55,7 @@ public class MGlobalPrivilege {
this.grantor = grantor;
this.grantorType = grantorType;
this.grantOption = grantOption;
+ this.authorizer = authorizer;
}
/**
@@ -117,4 +120,11 @@ public class MGlobalPrivilege {
this.grantorType = grantorType;
}
+ public String getAuthorizer() {
+ return authorizer;
+ }
+
+ public void setAuthorizer(String authorizer) {
+ this.authorizer = authorizer;
+ }
}
http://git-wip-us.apache.org/repos/asf/hive/blob/83afdb4d/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionColumnPrivilege.java
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionColumnPrivilege.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionColumnPrivilege.java
index ab50a92..cc87f75 100644
--- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionColumnPrivilege.java
+++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionColumnPrivilege.java
@@ -39,6 +39,8 @@ public class MPartitionColumnPrivilege {
private boolean grantOption;
+ private String authorizer;
+
public MPartitionColumnPrivilege() {
}
@@ -52,10 +54,11 @@ public class MPartitionColumnPrivilege {
* @param grantor
* @param grantorType
* @param grantOption
+ * @param authorizer
*/
public MPartitionColumnPrivilege(String principalName, String principalType,
MPartition partition, String columnName, String privileges, int createTime,
- String grantor, String grantorType, boolean grantOption) {
+ String grantor, String grantorType, boolean grantOption, String authorizer) {
super();
this.principalName = principalName;
this.principalType = principalType;
@@ -66,6 +69,7 @@ public class MPartitionColumnPrivilege {
this.grantor = grantor;
this.grantorType = grantorType;
this.grantOption = grantOption;
+ this.authorizer = authorizer;
}
/**
@@ -157,5 +161,11 @@ public class MPartitionColumnPrivilege {
public void setPrincipalType(String principalType) {
this.principalType = principalType;
}
+ public String getAuthorizer() {
+ return authorizer;
+ }
+ public void setAuthorizer(String authorizer) {
+ this.authorizer = authorizer;
+ }
}
http://git-wip-us.apache.org/repos/asf/hive/blob/83afdb4d/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionPrivilege.java
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionPrivilege.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionPrivilege.java
index 3193bc1..b2ec5e1 100644
--- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionPrivilege.java
+++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionPrivilege.java
@@ -36,12 +36,14 @@ public class MPartitionPrivilege {
private boolean grantOption;
+ private String authorizer;
+
public MPartitionPrivilege() {
}
public MPartitionPrivilege(String principalName, String principalType,
MPartition partition, String privilege, int createTime,
- String grantor, String grantorType, boolean grantOption) {
+ String grantor, String grantorType, boolean grantOption, String authorizer) {
super();
this.principalName = principalName;
this.principalType = principalType;
@@ -51,6 +53,7 @@ public class MPartitionPrivilege {
this.grantor = grantor;
this.grantorType = grantorType;
this.grantOption = grantOption;
+ this.authorizer = authorizer;
}
public String getPrincipalName() {
@@ -136,4 +139,11 @@ public class MPartitionPrivilege {
this.grantorType = grantorType;
}
+ public String getAuthorizer() {
+ return authorizer;
+ }
+
+ public void setAuthorizer(String authorizer) {
+ this.authorizer = authorizer;
+ }
}
http://git-wip-us.apache.org/repos/asf/hive/blob/83afdb4d/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTableColumnPrivilege.java
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTableColumnPrivilege.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTableColumnPrivilege.java
index ad7322f..e2cc0f1 100644
--- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTableColumnPrivilege.java
+++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTableColumnPrivilege.java
@@ -38,6 +38,8 @@ public class MTableColumnPrivilege {
private boolean grantOption;
+ private String authorizer;
+
public MTableColumnPrivilege() {
}
@@ -54,7 +56,7 @@ public class MTableColumnPrivilege {
*/
public MTableColumnPrivilege(String principalName, String principalType,
MTable table, String columnName, String privileges, int createTime,
- String grantor, String grantorType, boolean grantOption) {
+ String grantor, String grantorType, boolean grantOption, String authorizer) {
super();
this.principalName = principalName;
this.principalType = principalType;
@@ -65,6 +67,7 @@ public class MTableColumnPrivilege {
this.grantor = grantor;
this.grantorType = grantorType;
this.grantOption = grantOption;
+ this.authorizer = authorizer;
}
/**
@@ -157,4 +160,11 @@ public class MTableColumnPrivilege {
this.principalType = principalType;
}
+ public String getAuthorizer() {
+ return authorizer;
+ }
+
+ public void setAuthorizer(String authorizer) {
+ this.authorizer = authorizer;
+ }
}
http://git-wip-us.apache.org/repos/asf/hive/blob/83afdb4d/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTablePrivilege.java
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTablePrivilege.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTablePrivilege.java
index 6460400..f45576c 100644
--- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTablePrivilege.java
+++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTablePrivilege.java
@@ -36,12 +36,14 @@ public class MTablePrivilege {
private boolean grantOption;
+ private String authorizer;
+
public MTablePrivilege() {
}
public MTablePrivilege(String principalName, String principalType,
MTable table, String privilege, int createTime,
- String grantor, String grantorType, boolean grantOption) {
+ String grantor, String grantorType, boolean grantOption, String authorizer) {
super();
this.principalName = principalName;
this.principalType = principalType;
@@ -51,6 +53,7 @@ public class MTablePrivilege {
this.grantor = grantor;
this.grantorType = grantorType;
this.grantOption = grantOption;
+ this.authorizer = authorizer;
}
public String getPrincipalName() {
@@ -136,4 +139,11 @@ public class MTablePrivilege {
this.grantorType = grantorType;
}
+ public String getAuthorizer() {
+ return authorizer;
+ }
+
+ public void setAuthorizer(String authorizer) {
+ this.authorizer = authorizer;
+ }
}
http://git-wip-us.apache.org/repos/asf/hive/blob/83afdb4d/standalone-metastore/src/main/resources/package.jdo
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/resources/package.jdo b/standalone-metastore/src/main/resources/package.jdo
index 2d2cb19..1be3e98 100644
--- a/standalone-metastore/src/main/resources/package.jdo
+++ b/standalone-metastore/src/main/resources/package.jdo
@@ -598,6 +598,7 @@
<class name="MGlobalPrivilege" table="GLOBAL_PRIVS" identity-type="datastore" detachable="true">
<index name="GlobalPrivilegeIndex" unique="true">
+ <column name="AUTHORIZER"/>
<column name="PRINCIPAL_NAME"/>
<column name="PRINCIPAL_TYPE"/>
<column name="USER_PRIV"/>
@@ -630,11 +631,15 @@
<field name="grantOption">
<column name="GRANT_OPTION" jdbc-type="SMALLINT"/>
</field>
+ <field name="authorizer">
+ <column name="AUTHORIZER" length="128" jdbc-type="VARCHAR"/>
+ </field>
</class>
<class name="MDBPrivilege" table="DB_PRIVS" identity-type="datastore" detachable="true">
<index name="DBPrivilegeIndex" unique="true">
+ <column name="AUTHORIZER"/>
<column name="DB_ID"/>
<column name="PRINCIPAL_NAME"/>
<column name="PRINCIPAL_TYPE"/>
@@ -671,11 +676,15 @@
<field name="grantOption">
<column name="GRANT_OPTION" jdbc-type="SMALLINT"/>
</field>
+ <field name="authorizer">
+ <column name="AUTHORIZER" length="128" jdbc-type="VARCHAR"/>
+ </field>
</class>
<class name="MTablePrivilege" table="TBL_PRIVS" identity-type="datastore" detachable="true">
<index name="TablePrivilegeIndex" unique="false">
+ <column name="AUTHORIZER"/>
<column name="TBL_ID"/>
<column name="PRINCIPAL_NAME"/>
<column name="PRINCIPAL_TYPE"/>
@@ -712,11 +721,15 @@
<field name="grantOption">
<column name="GRANT_OPTION" jdbc-type="SMALLINT"/>
</field>
+ <field name="authorizer">
+ <column name="AUTHORIZER" length="128" jdbc-type="VARCHAR"/>
+ </field>
</class>
<class name="MPartitionPrivilege" table="PART_PRIVS" identity-type="datastore" detachable="true">
<index name="PartPrivilegeIndex" unique="false">
+ <column name="AUTHORIZER"/>
<column name="PART_ID"/>
<column name="PRINCIPAL_NAME"/>
<column name="PRINCIPAL_TYPE"/>
@@ -753,11 +766,15 @@
<field name="grantOption">
<column name="GRANT_OPTION" jdbc-type="SMALLINT"/>
</field>
+ <field name="authorizer">
+ <column name="AUTHORIZER" length="128" jdbc-type="VARCHAR"/>
+ </field>
</class>
<class name="MTableColumnPrivilege" table="TBL_COL_PRIVS" identity-type="datastore" detachable="true">
<index name="TableColumnPrivilegeIndex" unique="false">
+ <column name="AUTHORIZER"/>
<column name="TBL_ID"/>
<column name="COLUMN_NAME"/>
<column name="PRINCIPAL_NAME"/>
@@ -798,11 +815,15 @@
<field name="grantOption">
<column name="GRANT_OPTION" jdbc-type="SMALLINT"/>
</field>
+ <field name="authorizer">
+ <column name="AUTHORIZER" length="128" jdbc-type="VARCHAR"/>
+ </field>
</class>
<class name="MPartitionColumnPrivilege" table="PART_COL_PRIVS" identity-type="datastore" detachable="true">
<index name="PartitionColumnPrivilegeIndex" unique="false">
+ <column name="AUTHORIZER"/>
<column name="PART_ID"/>
<column name="COLUMN_NAME"/>
<column name="PRINCIPAL_NAME"/>
@@ -843,6 +864,9 @@
<field name="grantOption">
<column name="GRANT_OPTION" jdbc-type="SMALLINT"/>
</field>
+ <field name="authorizer">
+ <column name="AUTHORIZER" length="128" jdbc-type="VARCHAR"/>
+ </field>
</class>
<class name="MPartitionEvent" table="PARTITION_EVENTS" identity-type="datastore" detachable="true">