diff --git a/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java b/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java index d7edda1..64a8a60 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java @@ -156,6 +156,9 @@ LineageState ls; private PerfLogger perfLogger; + + private final String userName; + /** * Get the lineage state stored in this session. * @@ -205,7 +208,12 @@ public void setIsVerbose(boolean isVerbose) { } public SessionState(HiveConf conf) { + this(conf, null); + } + + public SessionState(HiveConf conf, String userName) { this.conf = conf; + this.userName = userName; isSilent = conf.getBoolVar(HiveConf.ConfVars.HIVESESSIONSILENT); ls = new LineageState(); overriddenConfigurations = new HashMap(); @@ -338,7 +346,7 @@ private void setupAuth() { } try { - authenticator = HiveUtils.getAuthenticator( + authenticator = HiveUtils.getAuthenticator( getConf(),HiveConf.ConfVars.HIVE_AUTHENTICATOR_MANAGER); authorizer = HiveUtils.getAuthorizeProviderManager( getConf(), HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER, @@ -348,8 +356,9 @@ private void setupAuth() { //if it was null, the new authorization plugin must be specified in config HiveAuthorizerFactory authorizerFactory = HiveUtils.getAuthorizerFactory(getConf(), HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER); + String authUser = userName == null ? authenticator.getUserName() : userName; authorizerV2 = authorizerFactory.createHiveAuthorizer(new HiveMetastoreClientFactoryImpl(), - getConf(), authenticator.getUserName()); + getConf(), authUser); } else{ createTableGrants = CreateTableAutomaticGrant.create(getConf()); diff --git a/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java b/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java new file mode 100644 index 0000000..86d5f46 --- /dev/null +++ b/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java @@ -0,0 +1,115 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.hive.ql.parse.authorization; + +import junit.framework.Assert; + +import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.metastore.api.MetaException; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerImpl; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory; +import org.apache.hadoop.hive.ql.session.SessionState; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mockito; + + +public class TestSessionUserName { + + @Before + public void setup() throws Exception { + //clear the username + HiveAuthorizerStoringUserNameFactory.username = null; + } + + /** + * Test if the authorization factory gets the username provided by + * the authenticator, if SesstionState is created without username + * @throws Exception + */ + @Test + public void testSessionDefaultUser() throws Exception { + SessionState ss = new SessionState(getAuthV2HiveConf()); + setupDataNucleusFreeHive(ss.getConf()); + SessionState.start(ss); + + Assert.assertEquals("check username", ss.getAuthenticator().getUserName(), + HiveAuthorizerStoringUserNameFactory.username); + } + + /** + * Test if the authorization factory gets the username set in the SessionState constructor + * @throws Exception + */ + @Test + public void testSessionConstructorUser() throws Exception { + final String USER_NAME = "authtestuser"; + SessionState ss = new SessionState(getAuthV2HiveConf(), USER_NAME); + setupDataNucleusFreeHive(ss.getConf()); + SessionState.start(ss); + ss.getAuthenticator(); + + Assert.assertEquals("check username", USER_NAME, + HiveAuthorizerStoringUserNameFactory.username); + } + + /** + * Get a mocked Hive object that does not create a real meta store client object + * This gets rid of the datanucleus initializtion which makes it easier + * to run test from IDEs + * @param hiveConf + * @throws MetaException + * + */ + private void setupDataNucleusFreeHive(HiveConf hiveConf) throws MetaException { + Hive db = Mockito.mock(Hive.class); + Mockito.when(db.getMSC()).thenReturn(null); + Mockito.when(db.getConf()).thenReturn(hiveConf); + Hive.set(db); + } + + + /** + * @return HiveConf with authorization V2 enabled with a dummy authorization factory + * that captures the given user name + */ + private HiveConf getAuthV2HiveConf() { + HiveConf conf = new HiveConf(); + conf.setVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER, + HiveAuthorizerStoringUserNameFactory.class.getName()); + return conf; + } + + /** + * dummy hive authorizer that stores the user name + */ + static class HiveAuthorizerStoringUserNameFactory implements HiveAuthorizerFactory{ + static String username; + + @Override + public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory, + HiveConf conf, String hiveCurrentUser) { + username = hiveCurrentUser; + return new HiveAuthorizerImpl(null, null); + } + } + +}