org.apache.hadoop.hive.ql.session.CreateTableAutomaticGrant Maven / Gradle / Ivy
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.hive.ql.session;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.api.PrincipalType;
import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.security.authorization.Privilege;
import org.apache.hadoop.hive.ql.security.authorization.PrivilegeRegistry;
public class CreateTableAutomaticGrant {
private Map> userGrants;
private Map> groupGrants;
private Map> roleGrants;
// the owner can change, also owner might appear in user grants as well
// so keep owner privileges separate from userGrants
private List ownerGrant;
public static CreateTableAutomaticGrant create(HiveConf conf)
throws HiveException {
CreateTableAutomaticGrant grants = new CreateTableAutomaticGrant();
grants.userGrants = getGrantMap(HiveConf.getVar(conf,
HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLE_USER_GRANTS));
grants.groupGrants = getGrantMap(HiveConf.getVar(conf,
HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLE_GROUP_GRANTS));
grants.roleGrants = getGrantMap(HiveConf.getVar(conf,
HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLE_ROLE_GRANTS));
grants.ownerGrant = getGrantorInfoList(HiveConf.getVar(conf,
HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLE_OWNER_GRANTS));
return grants;
}
private static Map> getGrantMap(String grantMapStr)
throws HiveException {
if (grantMapStr != null && !grantMapStr.trim().equals("")) {
String[] grantArrayStr = grantMapStr.split(";");
Map> grantsMap = new HashMap>();
for (String grantStr : grantArrayStr) {
String[] principalListAndPrivList = grantStr.split(":");
if (principalListAndPrivList.length != 2
|| principalListAndPrivList[0] == null
|| principalListAndPrivList[0].trim().equals("")) {
throw new HiveException(
"Can not understand the config privilege definition " + grantStr);
}
String userList = principalListAndPrivList[0];
String privList = principalListAndPrivList[1];
List grantInfoList = getGrantorInfoList(privList);
if(grantInfoList != null) {
String[] users = userList.split(",");
for (String user : users) {
grantsMap.put(user, grantInfoList);
}
}
}
return grantsMap;
}
return null;
}
private static List getGrantorInfoList(String privList)
throws HiveException {
if (privList == null || privList.trim().equals("")) {
return null;
}
validatePrivilege(privList);
String[] grantArray = privList.split(",");
List grantInfoList = new ArrayList();
String grantor = SessionState.getUserFromAuthenticator();
for (String grant : grantArray) {
grantInfoList.add(new PrivilegeGrantInfo(grant, -1, grantor,
PrincipalType.USER, true));
}
return grantInfoList;
}
private static void validatePrivilege(String ownerGrantsInConfig)
throws HiveException {
String[] ownerGrantArray = ownerGrantsInConfig.split(",");
// verify the config
for (String ownerGrant : ownerGrantArray) {
Privilege prive = PrivilegeRegistry.getPrivilege(ownerGrant);
if (prive == null) {
throw new HiveException("Privilege " + ownerGrant + " is not found.");
}
}
}
public Map> getUserGrants() {
Map> curUserGrants = new HashMap>();
String owner = SessionState.getUserFromAuthenticator();
if (owner != null && ownerGrant != null) {
curUserGrants.put(owner, ownerGrant);
}
if (userGrants != null) {
curUserGrants.putAll(userGrants);
}
return curUserGrants;
}
public Map> getGroupGrants() {
return groupGrants;
}
public Map> getRoleGrants() {
return roleGrants;
}
}