diff --git common/src/java/org/apache/hadoop/hive/conf/HiveConf.java common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index 22bb22d..a12c553 100644 --- common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -208,6 +208,8 @@ TASKLOG_DEBUG_TIMEOUT("hive.exec.tasklog.debug.timeout", 20000), OUTPUT_FILE_EXTENSION("hive.output.file.extension", null), + HIVE_IN_TEST("hive.in.test", false), // internal usage only, true in test mode + // should hive determine whether to run in local mode automatically ? LOCALMODEAUTO("hive.exec.mode.local.auto", false), // if yes: diff --git data/conf/hive-site.xml data/conf/hive-site.xml index 88f3bda..3cdea2f 100644 --- data/conf/hive-site.xml +++ data/conf/hive-site.xml @@ -19,6 +19,12 @@ + + hive.in.test + true + Internal marker for test. Used for masking env-dependent values + + diff --git metastore/if/hive_metastore.thrift metastore/if/hive_metastore.thrift index e327e2a..c8b58bd 100755 --- metastore/if/hive_metastore.thrift +++ metastore/if/hive_metastore.thrift @@ -107,6 +107,11 @@ struct Role { 1: string roleName, 2: i32 createTime, 3: string ownerName, + 4: optional string principalName, + 5: optional string principalType, + 6: optional bool grantOption, + 7: optional i32 grantTime, + 8: optional string grantor } // namespace for tables diff --git metastore/src/gen/thrift/gen-cpp/hive_metastore_types.cpp metastore/src/gen/thrift/gen-cpp/hive_metastore_types.cpp index eedce50..583c56d 100644 --- metastore/src/gen/thrift/gen-cpp/hive_metastore_types.cpp +++ metastore/src/gen/thrift/gen-cpp/hive_metastore_types.cpp @@ -990,8 +990,8 @@ void swap(PrincipalPrivilegeSet &a, PrincipalPrivilegeSet &b) { swap(a.__isset, b.__isset); } -const char* Role::ascii_fingerprint = "70563A0628F75DF9555F4D24690B1E26"; -const uint8_t Role::binary_fingerprint[16] = {0x70,0x56,0x3A,0x06,0x28,0xF7,0x5D,0xF9,0x55,0x5F,0x4D,0x24,0x69,0x0B,0x1E,0x26}; +const char* Role::ascii_fingerprint = "8DEBC3096AEF414FFF38C357ECEEA8BC"; +const uint8_t Role::binary_fingerprint[16] = {0x8D,0xEB,0xC3,0x09,0x6A,0xEF,0x41,0x4F,0xFF,0x38,0xC3,0x57,0xEC,0xEE,0xA8,0xBC}; uint32_t Role::read(::apache::thrift::protocol::TProtocol* iprot) { @@ -1037,6 +1037,46 @@ uint32_t Role::read(::apache::thrift::protocol::TProtocol* iprot) { xfer += iprot->skip(ftype); } break; + case 4: + if (ftype == ::apache::thrift::protocol::T_STRING) { + xfer += iprot->readString(this->principalName); + this->__isset.principalName = true; + } else { + xfer += iprot->skip(ftype); + } + break; + case 5: + if (ftype == ::apache::thrift::protocol::T_STRING) { + xfer += iprot->readString(this->principalType); + this->__isset.principalType = true; + } else { + xfer += iprot->skip(ftype); + } + break; + case 6: + if (ftype == ::apache::thrift::protocol::T_BOOL) { + xfer += iprot->readBool(this->grantOption); + this->__isset.grantOption = true; + } else { + xfer += iprot->skip(ftype); + } + break; + case 7: + if (ftype == ::apache::thrift::protocol::T_I32) { + xfer += iprot->readI32(this->grantTime); + this->__isset.grantTime = true; + } else { + xfer += iprot->skip(ftype); + } + break; + case 8: + if (ftype == ::apache::thrift::protocol::T_STRING) { + xfer += iprot->readString(this->grantor); + this->__isset.grantor = true; + } else { + xfer += iprot->skip(ftype); + } + break; default: xfer += iprot->skip(ftype); break; @@ -1065,6 +1105,31 @@ uint32_t Role::write(::apache::thrift::protocol::TProtocol* oprot) const { xfer += oprot->writeString(this->ownerName); xfer += oprot->writeFieldEnd(); + if (this->__isset.principalName) { + xfer += oprot->writeFieldBegin("principalName", ::apache::thrift::protocol::T_STRING, 4); + xfer += oprot->writeString(this->principalName); + xfer += oprot->writeFieldEnd(); + } + if (this->__isset.principalType) { + xfer += oprot->writeFieldBegin("principalType", ::apache::thrift::protocol::T_STRING, 5); + xfer += oprot->writeString(this->principalType); + xfer += oprot->writeFieldEnd(); + } + if (this->__isset.grantOption) { + xfer += oprot->writeFieldBegin("grantOption", ::apache::thrift::protocol::T_BOOL, 6); + xfer += oprot->writeBool(this->grantOption); + xfer += oprot->writeFieldEnd(); + } + if (this->__isset.grantTime) { + xfer += oprot->writeFieldBegin("grantTime", ::apache::thrift::protocol::T_I32, 7); + xfer += oprot->writeI32(this->grantTime); + xfer += oprot->writeFieldEnd(); + } + if (this->__isset.grantor) { + xfer += oprot->writeFieldBegin("grantor", ::apache::thrift::protocol::T_STRING, 8); + xfer += oprot->writeString(this->grantor); + xfer += oprot->writeFieldEnd(); + } xfer += oprot->writeFieldStop(); xfer += oprot->writeStructEnd(); return xfer; @@ -1075,6 +1140,11 @@ void swap(Role &a, Role &b) { swap(a.roleName, b.roleName); swap(a.createTime, b.createTime); swap(a.ownerName, b.ownerName); + swap(a.principalName, b.principalName); + swap(a.principalType, b.principalType); + swap(a.grantOption, b.grantOption); + swap(a.grantTime, b.grantTime); + swap(a.grantor, b.grantor); swap(a.__isset, b.__isset); } diff --git metastore/src/gen/thrift/gen-cpp/hive_metastore_types.h metastore/src/gen/thrift/gen-cpp/hive_metastore_types.h index a17bbf7..4c8d608 100644 --- metastore/src/gen/thrift/gen-cpp/hive_metastore_types.h +++ metastore/src/gen/thrift/gen-cpp/hive_metastore_types.h @@ -553,19 +553,24 @@ class PrincipalPrivilegeSet { void swap(PrincipalPrivilegeSet &a, PrincipalPrivilegeSet &b); typedef struct _Role__isset { - _Role__isset() : roleName(false), createTime(false), ownerName(false) {} + _Role__isset() : roleName(false), createTime(false), ownerName(false), principalName(false), principalType(false), grantOption(false), grantTime(false), grantor(false) {} bool roleName; bool createTime; bool ownerName; + bool principalName; + bool principalType; + bool grantOption; + bool grantTime; + bool grantor; } _Role__isset; class Role { public: - static const char* ascii_fingerprint; // = "70563A0628F75DF9555F4D24690B1E26"; - static const uint8_t binary_fingerprint[16]; // = {0x70,0x56,0x3A,0x06,0x28,0xF7,0x5D,0xF9,0x55,0x5F,0x4D,0x24,0x69,0x0B,0x1E,0x26}; + static const char* ascii_fingerprint; // = "8DEBC3096AEF414FFF38C357ECEEA8BC"; + static const uint8_t binary_fingerprint[16]; // = {0x8D,0xEB,0xC3,0x09,0x6A,0xEF,0x41,0x4F,0xFF,0x38,0xC3,0x57,0xEC,0xEE,0xA8,0xBC}; - Role() : roleName(), createTime(0), ownerName() { + Role() : roleName(), createTime(0), ownerName(), principalName(), principalType(), grantOption(0), grantTime(0), grantor() { } virtual ~Role() throw() {} @@ -573,6 +578,11 @@ class Role { std::string roleName; int32_t createTime; std::string ownerName; + std::string principalName; + std::string principalType; + bool grantOption; + int32_t grantTime; + std::string grantor; _Role__isset __isset; @@ -588,6 +598,31 @@ class Role { ownerName = val; } + void __set_principalName(const std::string& val) { + principalName = val; + __isset.principalName = true; + } + + void __set_principalType(const std::string& val) { + principalType = val; + __isset.principalType = true; + } + + void __set_grantOption(const bool val) { + grantOption = val; + __isset.grantOption = true; + } + + void __set_grantTime(const int32_t val) { + grantTime = val; + __isset.grantTime = true; + } + + void __set_grantor(const std::string& val) { + grantor = val; + __isset.grantor = true; + } + bool operator == (const Role & rhs) const { if (!(roleName == rhs.roleName)) @@ -596,6 +631,26 @@ class Role { return false; if (!(ownerName == rhs.ownerName)) return false; + if (__isset.principalName != rhs.__isset.principalName) + return false; + else if (__isset.principalName && !(principalName == rhs.principalName)) + return false; + if (__isset.principalType != rhs.__isset.principalType) + return false; + else if (__isset.principalType && !(principalType == rhs.principalType)) + return false; + if (__isset.grantOption != rhs.__isset.grantOption) + return false; + else if (__isset.grantOption && !(grantOption == rhs.grantOption)) + return false; + if (__isset.grantTime != rhs.__isset.grantTime) + return false; + else if (__isset.grantTime && !(grantTime == rhs.grantTime)) + return false; + if (__isset.grantor != rhs.__isset.grantor) + return false; + else if (__isset.grantor && !(grantor == rhs.grantor)) + return false; return true; } bool operator != (const Role &rhs) const { diff --git metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Role.java metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Role.java index 35fcf58..4e828a8 100644 --- metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Role.java +++ metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Role.java @@ -37,6 +37,11 @@ private static final org.apache.thrift.protocol.TField ROLE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("roleName", org.apache.thrift.protocol.TType.STRING, (short)1); private static final org.apache.thrift.protocol.TField CREATE_TIME_FIELD_DESC = new org.apache.thrift.protocol.TField("createTime", org.apache.thrift.protocol.TType.I32, (short)2); private static final org.apache.thrift.protocol.TField OWNER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("ownerName", org.apache.thrift.protocol.TType.STRING, (short)3); + private static final org.apache.thrift.protocol.TField PRINCIPAL_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("principalName", org.apache.thrift.protocol.TType.STRING, (short)4); + private static final org.apache.thrift.protocol.TField PRINCIPAL_TYPE_FIELD_DESC = new org.apache.thrift.protocol.TField("principalType", org.apache.thrift.protocol.TType.STRING, (short)5); + private static final org.apache.thrift.protocol.TField GRANT_OPTION_FIELD_DESC = new org.apache.thrift.protocol.TField("grantOption", org.apache.thrift.protocol.TType.BOOL, (short)6); + private static final org.apache.thrift.protocol.TField GRANT_TIME_FIELD_DESC = new org.apache.thrift.protocol.TField("grantTime", org.apache.thrift.protocol.TType.I32, (short)7); + private static final org.apache.thrift.protocol.TField GRANTOR_FIELD_DESC = new org.apache.thrift.protocol.TField("grantor", org.apache.thrift.protocol.TType.STRING, (short)8); private static final Map, SchemeFactory> schemes = new HashMap, SchemeFactory>(); static { @@ -47,12 +52,22 @@ private String roleName; // required private int createTime; // required private String ownerName; // required + private String principalName; // optional + private String principalType; // optional + private boolean grantOption; // optional + private int grantTime; // optional + private String grantor; // optional /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ public enum _Fields implements org.apache.thrift.TFieldIdEnum { ROLE_NAME((short)1, "roleName"), CREATE_TIME((short)2, "createTime"), - OWNER_NAME((short)3, "ownerName"); + OWNER_NAME((short)3, "ownerName"), + PRINCIPAL_NAME((short)4, "principalName"), + PRINCIPAL_TYPE((short)5, "principalType"), + GRANT_OPTION((short)6, "grantOption"), + GRANT_TIME((short)7, "grantTime"), + GRANTOR((short)8, "grantor"); private static final Map byName = new HashMap(); @@ -73,6 +88,16 @@ public static _Fields findByThriftId(int fieldId) { return CREATE_TIME; case 3: // OWNER_NAME return OWNER_NAME; + case 4: // PRINCIPAL_NAME + return PRINCIPAL_NAME; + case 5: // PRINCIPAL_TYPE + return PRINCIPAL_TYPE; + case 6: // GRANT_OPTION + return GRANT_OPTION; + case 7: // GRANT_TIME + return GRANT_TIME; + case 8: // GRANTOR + return GRANTOR; default: return null; } @@ -114,7 +139,10 @@ public String getFieldName() { // isset id assignments private static final int __CREATETIME_ISSET_ID = 0; + private static final int __GRANTOPTION_ISSET_ID = 1; + private static final int __GRANTTIME_ISSET_ID = 2; private byte __isset_bitfield = 0; + private _Fields optionals[] = {_Fields.PRINCIPAL_NAME,_Fields.PRINCIPAL_TYPE,_Fields.GRANT_OPTION,_Fields.GRANT_TIME,_Fields.GRANTOR}; public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap; static { Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class); @@ -124,6 +152,16 @@ public String getFieldName() { new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32))); tmpMap.put(_Fields.OWNER_NAME, new org.apache.thrift.meta_data.FieldMetaData("ownerName", org.apache.thrift.TFieldRequirementType.DEFAULT, new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); + tmpMap.put(_Fields.PRINCIPAL_NAME, new org.apache.thrift.meta_data.FieldMetaData("principalName", org.apache.thrift.TFieldRequirementType.OPTIONAL, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); + tmpMap.put(_Fields.PRINCIPAL_TYPE, new org.apache.thrift.meta_data.FieldMetaData("principalType", org.apache.thrift.TFieldRequirementType.OPTIONAL, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); + tmpMap.put(_Fields.GRANT_OPTION, new org.apache.thrift.meta_data.FieldMetaData("grantOption", org.apache.thrift.TFieldRequirementType.OPTIONAL, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.BOOL))); + tmpMap.put(_Fields.GRANT_TIME, new org.apache.thrift.meta_data.FieldMetaData("grantTime", org.apache.thrift.TFieldRequirementType.OPTIONAL, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32))); + tmpMap.put(_Fields.GRANTOR, new org.apache.thrift.meta_data.FieldMetaData("grantor", org.apache.thrift.TFieldRequirementType.OPTIONAL, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); metaDataMap = Collections.unmodifiableMap(tmpMap); org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(Role.class, metaDataMap); } @@ -155,6 +193,17 @@ public Role(Role other) { if (other.isSetOwnerName()) { this.ownerName = other.ownerName; } + if (other.isSetPrincipalName()) { + this.principalName = other.principalName; + } + if (other.isSetPrincipalType()) { + this.principalType = other.principalType; + } + this.grantOption = other.grantOption; + this.grantTime = other.grantTime; + if (other.isSetGrantor()) { + this.grantor = other.grantor; + } } public Role deepCopy() { @@ -167,6 +216,13 @@ public void clear() { setCreateTimeIsSet(false); this.createTime = 0; this.ownerName = null; + this.principalName = null; + this.principalType = null; + setGrantOptionIsSet(false); + this.grantOption = false; + setGrantTimeIsSet(false); + this.grantTime = 0; + this.grantor = null; } public String getRoleName() { @@ -237,6 +293,119 @@ public void setOwnerNameIsSet(boolean value) { } } + public String getPrincipalName() { + return this.principalName; + } + + public void setPrincipalName(String principalName) { + this.principalName = principalName; + } + + public void unsetPrincipalName() { + this.principalName = null; + } + + /** Returns true if field principalName is set (has been assigned a value) and false otherwise */ + public boolean isSetPrincipalName() { + return this.principalName != null; + } + + public void setPrincipalNameIsSet(boolean value) { + if (!value) { + this.principalName = null; + } + } + + public String getPrincipalType() { + return this.principalType; + } + + public void setPrincipalType(String principalType) { + this.principalType = principalType; + } + + public void unsetPrincipalType() { + this.principalType = null; + } + + /** Returns true if field principalType is set (has been assigned a value) and false otherwise */ + public boolean isSetPrincipalType() { + return this.principalType != null; + } + + public void setPrincipalTypeIsSet(boolean value) { + if (!value) { + this.principalType = null; + } + } + + public boolean isGrantOption() { + return this.grantOption; + } + + public void setGrantOption(boolean grantOption) { + this.grantOption = grantOption; + setGrantOptionIsSet(true); + } + + public void unsetGrantOption() { + __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __GRANTOPTION_ISSET_ID); + } + + /** Returns true if field grantOption is set (has been assigned a value) and false otherwise */ + public boolean isSetGrantOption() { + return EncodingUtils.testBit(__isset_bitfield, __GRANTOPTION_ISSET_ID); + } + + public void setGrantOptionIsSet(boolean value) { + __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __GRANTOPTION_ISSET_ID, value); + } + + public int getGrantTime() { + return this.grantTime; + } + + public void setGrantTime(int grantTime) { + this.grantTime = grantTime; + setGrantTimeIsSet(true); + } + + public void unsetGrantTime() { + __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __GRANTTIME_ISSET_ID); + } + + /** Returns true if field grantTime is set (has been assigned a value) and false otherwise */ + public boolean isSetGrantTime() { + return EncodingUtils.testBit(__isset_bitfield, __GRANTTIME_ISSET_ID); + } + + public void setGrantTimeIsSet(boolean value) { + __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __GRANTTIME_ISSET_ID, value); + } + + public String getGrantor() { + return this.grantor; + } + + public void setGrantor(String grantor) { + this.grantor = grantor; + } + + public void unsetGrantor() { + this.grantor = null; + } + + /** Returns true if field grantor is set (has been assigned a value) and false otherwise */ + public boolean isSetGrantor() { + return this.grantor != null; + } + + public void setGrantorIsSet(boolean value) { + if (!value) { + this.grantor = null; + } + } + public void setFieldValue(_Fields field, Object value) { switch (field) { case ROLE_NAME: @@ -263,6 +432,46 @@ public void setFieldValue(_Fields field, Object value) { } break; + case PRINCIPAL_NAME: + if (value == null) { + unsetPrincipalName(); + } else { + setPrincipalName((String)value); + } + break; + + case PRINCIPAL_TYPE: + if (value == null) { + unsetPrincipalType(); + } else { + setPrincipalType((String)value); + } + break; + + case GRANT_OPTION: + if (value == null) { + unsetGrantOption(); + } else { + setGrantOption((Boolean)value); + } + break; + + case GRANT_TIME: + if (value == null) { + unsetGrantTime(); + } else { + setGrantTime((Integer)value); + } + break; + + case GRANTOR: + if (value == null) { + unsetGrantor(); + } else { + setGrantor((String)value); + } + break; + } } @@ -277,6 +486,21 @@ public Object getFieldValue(_Fields field) { case OWNER_NAME: return getOwnerName(); + case PRINCIPAL_NAME: + return getPrincipalName(); + + case PRINCIPAL_TYPE: + return getPrincipalType(); + + case GRANT_OPTION: + return Boolean.valueOf(isGrantOption()); + + case GRANT_TIME: + return Integer.valueOf(getGrantTime()); + + case GRANTOR: + return getGrantor(); + } throw new IllegalStateException(); } @@ -294,6 +518,16 @@ public boolean isSet(_Fields field) { return isSetCreateTime(); case OWNER_NAME: return isSetOwnerName(); + case PRINCIPAL_NAME: + return isSetPrincipalName(); + case PRINCIPAL_TYPE: + return isSetPrincipalType(); + case GRANT_OPTION: + return isSetGrantOption(); + case GRANT_TIME: + return isSetGrantTime(); + case GRANTOR: + return isSetGrantor(); } throw new IllegalStateException(); } @@ -338,6 +572,51 @@ public boolean equals(Role that) { return false; } + boolean this_present_principalName = true && this.isSetPrincipalName(); + boolean that_present_principalName = true && that.isSetPrincipalName(); + if (this_present_principalName || that_present_principalName) { + if (!(this_present_principalName && that_present_principalName)) + return false; + if (!this.principalName.equals(that.principalName)) + return false; + } + + boolean this_present_principalType = true && this.isSetPrincipalType(); + boolean that_present_principalType = true && that.isSetPrincipalType(); + if (this_present_principalType || that_present_principalType) { + if (!(this_present_principalType && that_present_principalType)) + return false; + if (!this.principalType.equals(that.principalType)) + return false; + } + + boolean this_present_grantOption = true && this.isSetGrantOption(); + boolean that_present_grantOption = true && that.isSetGrantOption(); + if (this_present_grantOption || that_present_grantOption) { + if (!(this_present_grantOption && that_present_grantOption)) + return false; + if (this.grantOption != that.grantOption) + return false; + } + + boolean this_present_grantTime = true && this.isSetGrantTime(); + boolean that_present_grantTime = true && that.isSetGrantTime(); + if (this_present_grantTime || that_present_grantTime) { + if (!(this_present_grantTime && that_present_grantTime)) + return false; + if (this.grantTime != that.grantTime) + return false; + } + + boolean this_present_grantor = true && this.isSetGrantor(); + boolean that_present_grantor = true && that.isSetGrantor(); + if (this_present_grantor || that_present_grantor) { + if (!(this_present_grantor && that_present_grantor)) + return false; + if (!this.grantor.equals(that.grantor)) + return false; + } + return true; } @@ -360,6 +639,31 @@ public int hashCode() { if (present_ownerName) builder.append(ownerName); + boolean present_principalName = true && (isSetPrincipalName()); + builder.append(present_principalName); + if (present_principalName) + builder.append(principalName); + + boolean present_principalType = true && (isSetPrincipalType()); + builder.append(present_principalType); + if (present_principalType) + builder.append(principalType); + + boolean present_grantOption = true && (isSetGrantOption()); + builder.append(present_grantOption); + if (present_grantOption) + builder.append(grantOption); + + boolean present_grantTime = true && (isSetGrantTime()); + builder.append(present_grantTime); + if (present_grantTime) + builder.append(grantTime); + + boolean present_grantor = true && (isSetGrantor()); + builder.append(present_grantor); + if (present_grantor) + builder.append(grantor); + return builder.toHashCode(); } @@ -401,6 +705,56 @@ public int compareTo(Role other) { return lastComparison; } } + lastComparison = Boolean.valueOf(isSetPrincipalName()).compareTo(typedOther.isSetPrincipalName()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetPrincipalName()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.principalName, typedOther.principalName); + if (lastComparison != 0) { + return lastComparison; + } + } + lastComparison = Boolean.valueOf(isSetPrincipalType()).compareTo(typedOther.isSetPrincipalType()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetPrincipalType()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.principalType, typedOther.principalType); + if (lastComparison != 0) { + return lastComparison; + } + } + lastComparison = Boolean.valueOf(isSetGrantOption()).compareTo(typedOther.isSetGrantOption()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetGrantOption()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.grantOption, typedOther.grantOption); + if (lastComparison != 0) { + return lastComparison; + } + } + lastComparison = Boolean.valueOf(isSetGrantTime()).compareTo(typedOther.isSetGrantTime()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetGrantTime()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.grantTime, typedOther.grantTime); + if (lastComparison != 0) { + return lastComparison; + } + } + lastComparison = Boolean.valueOf(isSetGrantor()).compareTo(typedOther.isSetGrantor()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetGrantor()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.grantor, typedOther.grantor); + if (lastComparison != 0) { + return lastComparison; + } + } return 0; } @@ -440,6 +794,48 @@ public String toString() { sb.append(this.ownerName); } first = false; + if (isSetPrincipalName()) { + if (!first) sb.append(", "); + sb.append("principalName:"); + if (this.principalName == null) { + sb.append("null"); + } else { + sb.append(this.principalName); + } + first = false; + } + if (isSetPrincipalType()) { + if (!first) sb.append(", "); + sb.append("principalType:"); + if (this.principalType == null) { + sb.append("null"); + } else { + sb.append(this.principalType); + } + first = false; + } + if (isSetGrantOption()) { + if (!first) sb.append(", "); + sb.append("grantOption:"); + sb.append(this.grantOption); + first = false; + } + if (isSetGrantTime()) { + if (!first) sb.append(", "); + sb.append("grantTime:"); + sb.append(this.grantTime); + first = false; + } + if (isSetGrantor()) { + if (!first) sb.append(", "); + sb.append("grantor:"); + if (this.grantor == null) { + sb.append("null"); + } else { + sb.append(this.grantor); + } + first = false; + } sb.append(")"); return sb.toString(); } @@ -509,6 +905,46 @@ public void read(org.apache.thrift.protocol.TProtocol iprot, Role struct) throws org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } break; + case 4: // PRINCIPAL_NAME + if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { + struct.principalName = iprot.readString(); + struct.setPrincipalNameIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 5: // PRINCIPAL_TYPE + if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { + struct.principalType = iprot.readString(); + struct.setPrincipalTypeIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 6: // GRANT_OPTION + if (schemeField.type == org.apache.thrift.protocol.TType.BOOL) { + struct.grantOption = iprot.readBool(); + struct.setGrantOptionIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 7: // GRANT_TIME + if (schemeField.type == org.apache.thrift.protocol.TType.I32) { + struct.grantTime = iprot.readI32(); + struct.setGrantTimeIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 8: // GRANTOR + if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { + struct.grantor = iprot.readString(); + struct.setGrantorIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; default: org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); } @@ -535,6 +971,37 @@ public void write(org.apache.thrift.protocol.TProtocol oprot, Role struct) throw oprot.writeString(struct.ownerName); oprot.writeFieldEnd(); } + if (struct.principalName != null) { + if (struct.isSetPrincipalName()) { + oprot.writeFieldBegin(PRINCIPAL_NAME_FIELD_DESC); + oprot.writeString(struct.principalName); + oprot.writeFieldEnd(); + } + } + if (struct.principalType != null) { + if (struct.isSetPrincipalType()) { + oprot.writeFieldBegin(PRINCIPAL_TYPE_FIELD_DESC); + oprot.writeString(struct.principalType); + oprot.writeFieldEnd(); + } + } + if (struct.isSetGrantOption()) { + oprot.writeFieldBegin(GRANT_OPTION_FIELD_DESC); + oprot.writeBool(struct.grantOption); + oprot.writeFieldEnd(); + } + if (struct.isSetGrantTime()) { + oprot.writeFieldBegin(GRANT_TIME_FIELD_DESC); + oprot.writeI32(struct.grantTime); + oprot.writeFieldEnd(); + } + if (struct.grantor != null) { + if (struct.isSetGrantor()) { + oprot.writeFieldBegin(GRANTOR_FIELD_DESC); + oprot.writeString(struct.grantor); + oprot.writeFieldEnd(); + } + } oprot.writeFieldStop(); oprot.writeStructEnd(); } @@ -562,7 +1029,22 @@ public void write(org.apache.thrift.protocol.TProtocol prot, Role struct) throws if (struct.isSetOwnerName()) { optionals.set(2); } - oprot.writeBitSet(optionals, 3); + if (struct.isSetPrincipalName()) { + optionals.set(3); + } + if (struct.isSetPrincipalType()) { + optionals.set(4); + } + if (struct.isSetGrantOption()) { + optionals.set(5); + } + if (struct.isSetGrantTime()) { + optionals.set(6); + } + if (struct.isSetGrantor()) { + optionals.set(7); + } + oprot.writeBitSet(optionals, 8); if (struct.isSetRoleName()) { oprot.writeString(struct.roleName); } @@ -572,12 +1054,27 @@ public void write(org.apache.thrift.protocol.TProtocol prot, Role struct) throws if (struct.isSetOwnerName()) { oprot.writeString(struct.ownerName); } + if (struct.isSetPrincipalName()) { + oprot.writeString(struct.principalName); + } + if (struct.isSetPrincipalType()) { + oprot.writeString(struct.principalType); + } + if (struct.isSetGrantOption()) { + oprot.writeBool(struct.grantOption); + } + if (struct.isSetGrantTime()) { + oprot.writeI32(struct.grantTime); + } + if (struct.isSetGrantor()) { + oprot.writeString(struct.grantor); + } } @Override public void read(org.apache.thrift.protocol.TProtocol prot, Role struct) throws org.apache.thrift.TException { TTupleProtocol iprot = (TTupleProtocol) prot; - BitSet incoming = iprot.readBitSet(3); + BitSet incoming = iprot.readBitSet(8); if (incoming.get(0)) { struct.roleName = iprot.readString(); struct.setRoleNameIsSet(true); @@ -590,6 +1087,26 @@ public void read(org.apache.thrift.protocol.TProtocol prot, Role struct) throws struct.ownerName = iprot.readString(); struct.setOwnerNameIsSet(true); } + if (incoming.get(3)) { + struct.principalName = iprot.readString(); + struct.setPrincipalNameIsSet(true); + } + if (incoming.get(4)) { + struct.principalType = iprot.readString(); + struct.setPrincipalTypeIsSet(true); + } + if (incoming.get(5)) { + struct.grantOption = iprot.readBool(); + struct.setGrantOptionIsSet(true); + } + if (incoming.get(6)) { + struct.grantTime = iprot.readI32(); + struct.setGrantTimeIsSet(true); + } + if (incoming.get(7)) { + struct.grantor = iprot.readString(); + struct.setGrantorIsSet(true); + } } } diff --git metastore/src/gen/thrift/gen-php/metastore/Types.php metastore/src/gen/thrift/gen-php/metastore/Types.php index dc914a5..c31e185 100644 --- metastore/src/gen/thrift/gen-php/metastore/Types.php +++ metastore/src/gen/thrift/gen-php/metastore/Types.php @@ -1280,6 +1280,11 @@ class Role { public $roleName = null; public $createTime = null; public $ownerName = null; + public $principalName = null; + public $principalType = null; + public $grantOption = null; + public $grantTime = null; + public $grantor = null; public function __construct($vals=null) { if (!isset(self::$_TSPEC)) { @@ -1296,6 +1301,26 @@ class Role { 'var' => 'ownerName', 'type' => TType::STRING, ), + 4 => array( + 'var' => 'principalName', + 'type' => TType::STRING, + ), + 5 => array( + 'var' => 'principalType', + 'type' => TType::STRING, + ), + 6 => array( + 'var' => 'grantOption', + 'type' => TType::BOOL, + ), + 7 => array( + 'var' => 'grantTime', + 'type' => TType::I32, + ), + 8 => array( + 'var' => 'grantor', + 'type' => TType::STRING, + ), ); } if (is_array($vals)) { @@ -1308,6 +1333,21 @@ class Role { if (isset($vals['ownerName'])) { $this->ownerName = $vals['ownerName']; } + if (isset($vals['principalName'])) { + $this->principalName = $vals['principalName']; + } + if (isset($vals['principalType'])) { + $this->principalType = $vals['principalType']; + } + if (isset($vals['grantOption'])) { + $this->grantOption = $vals['grantOption']; + } + if (isset($vals['grantTime'])) { + $this->grantTime = $vals['grantTime']; + } + if (isset($vals['grantor'])) { + $this->grantor = $vals['grantor']; + } } } @@ -1351,6 +1391,41 @@ class Role { $xfer += $input->skip($ftype); } break; + case 4: + if ($ftype == TType::STRING) { + $xfer += $input->readString($this->principalName); + } else { + $xfer += $input->skip($ftype); + } + break; + case 5: + if ($ftype == TType::STRING) { + $xfer += $input->readString($this->principalType); + } else { + $xfer += $input->skip($ftype); + } + break; + case 6: + if ($ftype == TType::BOOL) { + $xfer += $input->readBool($this->grantOption); + } else { + $xfer += $input->skip($ftype); + } + break; + case 7: + if ($ftype == TType::I32) { + $xfer += $input->readI32($this->grantTime); + } else { + $xfer += $input->skip($ftype); + } + break; + case 8: + if ($ftype == TType::STRING) { + $xfer += $input->readString($this->grantor); + } else { + $xfer += $input->skip($ftype); + } + break; default: $xfer += $input->skip($ftype); break; @@ -1379,6 +1454,31 @@ class Role { $xfer += $output->writeString($this->ownerName); $xfer += $output->writeFieldEnd(); } + if ($this->principalName !== null) { + $xfer += $output->writeFieldBegin('principalName', TType::STRING, 4); + $xfer += $output->writeString($this->principalName); + $xfer += $output->writeFieldEnd(); + } + if ($this->principalType !== null) { + $xfer += $output->writeFieldBegin('principalType', TType::STRING, 5); + $xfer += $output->writeString($this->principalType); + $xfer += $output->writeFieldEnd(); + } + if ($this->grantOption !== null) { + $xfer += $output->writeFieldBegin('grantOption', TType::BOOL, 6); + $xfer += $output->writeBool($this->grantOption); + $xfer += $output->writeFieldEnd(); + } + if ($this->grantTime !== null) { + $xfer += $output->writeFieldBegin('grantTime', TType::I32, 7); + $xfer += $output->writeI32($this->grantTime); + $xfer += $output->writeFieldEnd(); + } + if ($this->grantor !== null) { + $xfer += $output->writeFieldBegin('grantor', TType::STRING, 8); + $xfer += $output->writeString($this->grantor); + $xfer += $output->writeFieldEnd(); + } $xfer += $output->writeFieldStop(); $xfer += $output->writeStructEnd(); return $xfer; diff --git metastore/src/gen/thrift/gen-py/hive_metastore/ttypes.py metastore/src/gen/thrift/gen-py/hive_metastore/ttypes.py index 6abfad4..27ff0de 100644 --- metastore/src/gen/thrift/gen-py/hive_metastore/ttypes.py +++ metastore/src/gen/thrift/gen-py/hive_metastore/ttypes.py @@ -869,6 +869,11 @@ class Role: - roleName - createTime - ownerName + - principalName + - principalType + - grantOption + - grantTime + - grantor """ thrift_spec = ( @@ -876,12 +881,22 @@ class Role: (1, TType.STRING, 'roleName', None, None, ), # 1 (2, TType.I32, 'createTime', None, None, ), # 2 (3, TType.STRING, 'ownerName', None, None, ), # 3 + (4, TType.STRING, 'principalName', None, None, ), # 4 + (5, TType.STRING, 'principalType', None, None, ), # 5 + (6, TType.BOOL, 'grantOption', None, None, ), # 6 + (7, TType.I32, 'grantTime', None, None, ), # 7 + (8, TType.STRING, 'grantor', None, None, ), # 8 ) - def __init__(self, roleName=None, createTime=None, ownerName=None,): + def __init__(self, roleName=None, createTime=None, ownerName=None, principalName=None, principalType=None, grantOption=None, grantTime=None, grantor=None,): self.roleName = roleName self.createTime = createTime self.ownerName = ownerName + self.principalName = principalName + self.principalType = principalType + self.grantOption = grantOption + self.grantTime = grantTime + self.grantor = grantor def read(self, iprot): if iprot.__class__ == TBinaryProtocol.TBinaryProtocolAccelerated and isinstance(iprot.trans, TTransport.CReadableTransport) and self.thrift_spec is not None and fastbinary is not None: @@ -907,6 +922,31 @@ def read(self, iprot): self.ownerName = iprot.readString(); else: iprot.skip(ftype) + elif fid == 4: + if ftype == TType.STRING: + self.principalName = iprot.readString(); + else: + iprot.skip(ftype) + elif fid == 5: + if ftype == TType.STRING: + self.principalType = iprot.readString(); + else: + iprot.skip(ftype) + elif fid == 6: + if ftype == TType.BOOL: + self.grantOption = iprot.readBool(); + else: + iprot.skip(ftype) + elif fid == 7: + if ftype == TType.I32: + self.grantTime = iprot.readI32(); + else: + iprot.skip(ftype) + elif fid == 8: + if ftype == TType.STRING: + self.grantor = iprot.readString(); + else: + iprot.skip(ftype) else: iprot.skip(ftype) iprot.readFieldEnd() @@ -929,6 +969,26 @@ def write(self, oprot): oprot.writeFieldBegin('ownerName', TType.STRING, 3) oprot.writeString(self.ownerName) oprot.writeFieldEnd() + if self.principalName is not None: + oprot.writeFieldBegin('principalName', TType.STRING, 4) + oprot.writeString(self.principalName) + oprot.writeFieldEnd() + if self.principalType is not None: + oprot.writeFieldBegin('principalType', TType.STRING, 5) + oprot.writeString(self.principalType) + oprot.writeFieldEnd() + if self.grantOption is not None: + oprot.writeFieldBegin('grantOption', TType.BOOL, 6) + oprot.writeBool(self.grantOption) + oprot.writeFieldEnd() + if self.grantTime is not None: + oprot.writeFieldBegin('grantTime', TType.I32, 7) + oprot.writeI32(self.grantTime) + oprot.writeFieldEnd() + if self.grantor is not None: + oprot.writeFieldBegin('grantor', TType.STRING, 8) + oprot.writeString(self.grantor) + oprot.writeFieldEnd() oprot.writeFieldStop() oprot.writeStructEnd() diff --git metastore/src/gen/thrift/gen-rb/hive_metastore_types.rb metastore/src/gen/thrift/gen-rb/hive_metastore_types.rb index 5e12ef7..2eb080f 100644 --- metastore/src/gen/thrift/gen-rb/hive_metastore_types.rb +++ metastore/src/gen/thrift/gen-rb/hive_metastore_types.rb @@ -212,11 +212,21 @@ class Role ROLENAME = 1 CREATETIME = 2 OWNERNAME = 3 + PRINCIPALNAME = 4 + PRINCIPALTYPE = 5 + GRANTOPTION = 6 + GRANTTIME = 7 + GRANTOR = 8 FIELDS = { ROLENAME => {:type => ::Thrift::Types::STRING, :name => 'roleName'}, CREATETIME => {:type => ::Thrift::Types::I32, :name => 'createTime'}, - OWNERNAME => {:type => ::Thrift::Types::STRING, :name => 'ownerName'} + OWNERNAME => {:type => ::Thrift::Types::STRING, :name => 'ownerName'}, + PRINCIPALNAME => {:type => ::Thrift::Types::STRING, :name => 'principalName', :optional => true}, + PRINCIPALTYPE => {:type => ::Thrift::Types::STRING, :name => 'principalType', :optional => true}, + GRANTOPTION => {:type => ::Thrift::Types::BOOL, :name => 'grantOption', :optional => true}, + GRANTTIME => {:type => ::Thrift::Types::I32, :name => 'grantTime', :optional => true}, + GRANTOR => {:type => ::Thrift::Types::STRING, :name => 'grantor', :optional => true} } def struct_fields; FIELDS; end diff --git metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java index 2d8e483..fd3d9df 100644 --- metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java +++ metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java @@ -3727,12 +3727,17 @@ private boolean isNewRoleAParent(String newRole, String curRole) throws MetaExce try { List result = new ArrayList(); - List roleMap = getMS().listRoles(principalName, principalType); - if (roleMap != null) { - for (MRoleMap role : roleMap) { - MRole r = role.getRole(); - result.add(new Role(r.getRoleName(), r - .getCreateTime(), r.getOwnerName())); + List roleMaps = getMS().listRoles(principalName, principalType); + if (roleMaps != null) { + for (MRoleMap roleMap : roleMaps) { + MRole mrole = roleMap.getRole(); + Role role = new Role(mrole.getRoleName(), mrole.getCreateTime(), mrole.getOwnerName()); + role.setPrincipalName(roleMap.getPrincipalName()); + role.setPrincipalType(roleMap.getPrincipalType()); + role.setGrantOption(roleMap.getGrantOption()); + role.setGrantTime(roleMap.getAddTime()); + role.setGrantor(roleMap.getGrantor()); + result.add(role); } } ret = result; diff --git ql/src/java/org/apache/hadoop/hive/ql/Context.java ql/src/java/org/apache/hadoop/hive/ql/Context.java index 9f7fd5d..e699c6b 100644 --- ql/src/java/org/apache/hadoop/hive/ql/Context.java +++ ql/src/java/org/apache/hadoop/hive/ql/Context.java @@ -49,7 +49,6 @@ import org.apache.hadoop.hive.ql.plan.LoadTableDesc; import org.apache.hadoop.hive.shims.ShimLoader; import org.apache.hadoop.util.StringUtils; -import org.apache.velocity.runtime.parser.node.GetExecutor; /** * Context for Semantic Analyzers. Usage: not reusable - construct a new one for diff --git ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java index a926f1e..4dcee8b 100644 --- ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java +++ ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java @@ -34,7 +34,6 @@ import java.util.Arrays; import java.util.Collections; import java.util.Comparator; -import java.util.Date; import java.util.HashMap; import java.util.Iterator; import java.util.List; @@ -164,6 +163,7 @@ import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRole; import org.apache.hadoop.hive.ql.session.SessionState; import org.apache.hadoop.hive.serde.serdeConstants; import org.apache.hadoop.hive.serde2.Deserializer; @@ -622,7 +622,8 @@ private int showGrants(ShowGrantDesc showGrantDesc) throws HiveException { } } } - writeToFile(writeGrantInfo(privs), showGrantDesc.getResFile()); + boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST); + writeToFile(writeGrantInfo(privs, testMode), showGrantDesc.getResFile()); } catch (FileNotFoundException e) { LOG.info("show table status: " + stringifyException(e)); return 1; @@ -660,7 +661,8 @@ private int showGrantsV2(ShowGrantDesc showGrantDesc) throws HiveException { AuthorizationUtils.getThriftPrincipalType(principal.getType()), grantInfo); privList.add(thriftObjectPriv); } - writeToFile(writeGrantInfo(privList), showGrantDesc.getResFile()); + boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST); + writeToFile(writeGrantInfo(privList, testMode), showGrantDesc.getResFile()); } catch (IOException e) { throw new HiveException("Error in show grant statement", e); } @@ -914,19 +916,9 @@ private int roleDDL(RoleDDLDesc roleDDLDesc) throws HiveException, IOException { } else if (operation.equals(RoleDDLDesc.RoleOperation.DROP_ROLE)) { db.dropRole(roleDDLDesc.getName()); } else if (operation.equals(RoleDDLDesc.RoleOperation.SHOW_ROLE_GRANT)) { - List roles = db.showRoleGrant(roleDDLDesc.getName(), roleDDLDesc - .getPrincipalType()); - if (roles != null && roles.size() > 0) { - Path resFile = new Path(roleDDLDesc.getResFile()); - FileSystem fs = resFile.getFileSystem(conf); - outStream = fs.create(resFile); - for (Role role : roles) { - outStream.writeBytes(role.getRoleName()); - outStream.write(terminator); - } - outStream.close(); - outStream = null; - } + boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST); + List roles = db.showRoleGrant(roleDDLDesc.getName(), roleDDLDesc.getPrincipalType()); + writeToFile(writeRoleInfo(roles, testMode), roleDDLDesc.getResFile()); } else if (operation.equals(RoleDDLDesc.RoleOperation.SHOW_ROLES)) { List roleNames = db.getAllRoleNames(); Path resFile = new Path(roleDDLDesc.getResFile()); @@ -969,9 +961,10 @@ private int roleDDLV2(RoleDDLDesc roleDDLDesc) throws HiveException, IOException authorizer.dropRole(roleDDLDesc.getName()); break; case SHOW_ROLE_GRANT: - List roles = authorizer.getRoles(new HivePrincipal(roleDDLDesc.getName(), + boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST); + List roles = authorizer.getRoles(new HivePrincipal(roleDDLDesc.getName(), getHivePrincipalType(roleDDLDesc.getPrincipalType()))); - writeListToFile(roles, roleDDLDesc.getResFile()); + writeToFile(writeHiveRoleInfo(roles, testMode), roleDDLDesc.getResFile()); break; case SHOW_ROLES: List allRoles = authorizer.getAllRoles(); @@ -3060,54 +3053,86 @@ private static void fixDecimalColumnTypeName(List cols) { } } - static String writeGrantInfo(List privileges) { + static String writeGrantInfo(List privileges, boolean testMode) { if (privileges == null || privileges.isEmpty()) { return ""; } - StringBuilder builder = new StringBuilder(); for (HiveObjectPrivilege privilege : privileges) { + if (builder.length() > 0) { + builder.append((char)terminator); + } PrivilegeGrantInfo grantInfo = privilege.getGrantInfo(); HiveObjectRef resource = privilege.getHiveObject(); - String privName = grantInfo.getPrivilege(); - long unixTimestamp = grantInfo.getCreateTime() * 1000L; - Date createTime = new Date(unixTimestamp); - String grantor = grantInfo.getGrantor(); - - switch (resource.getObjectType()) { - case DATABASE: - writeKeyValuePair(builder, "database", resource.getDbName()); - break; - case TABLE: - writeKeyValuePair(builder, "database", resource.getDbName()); - writeKeyValuePair(builder, "table", resource.getObjectName()); - break; - case PARTITION: - writeKeyValuePair(builder, "database", resource.getDbName()); - writeKeyValuePair(builder, "table", resource.getObjectName()); - writeKeyValuePair(builder, "partition", String.valueOf(resource.getPartValues())); - break; - case COLUMN: - writeKeyValuePair(builder, "database", resource.getDbName()); - writeKeyValuePair(builder, "table", resource.getObjectName()); - if (resource.getPartValues() != null && !resource.getPartValues().isEmpty()) { - writeKeyValuePair(builder, "partition", String.valueOf(resource.getPartValues())); - } - writeKeyValuePair(builder, "columnName", resource.getColumnName()); - break; + + if (resource.getDbName() != null) { + builder.append(resource.getDbName()); + } + builder.append((char) separator); + if (resource.getObjectName() != null) { + builder.append(resource.getObjectName()); } + builder.append((char)separator); + if (resource.getPartValues() != null) { + builder.append(resource.getPartValues()); + } + builder.append((char)separator); + if (resource.getColumnName() != null) { + builder.append(resource.getColumnName()); + } + + builder.append((char)separator).append(privilege.getPrincipalName()); + builder.append((char)separator).append(privilege.getPrincipalType()); + builder.append((char)separator).append(grantInfo.getPrivilege()); + + builder.append((char)separator).append(grantInfo.isGrantOption()); - writeKeyValuePair(builder, "principalName", privilege.getPrincipalName()); - writeKeyValuePair(builder, "principalType", "" + privilege.getPrincipalType()); - writeKeyValuePair(builder, "privilege", privName); - writeKeyValuePair(builder, "grantTime", "" + createTime); - if (grantor != null) { - writeKeyValuePair(builder, "grantor", grantor); + builder.append((char)separator).append(testMode ? -1 : grantInfo.getCreateTime() * 1000L); + if (grantInfo.getGrantor() != null) { + builder.append((char)separator).append(grantInfo.getGrantor()); } } return builder.toString(); } + static String writeRoleInfo(List roles, boolean testMode) { + if (roles == null || roles.isEmpty()) { + return ""; + } + StringBuilder builder = new StringBuilder(); + for (Role role : roles) { + if (builder.length() > 0) { + builder.append((char)terminator); + } + builder.append(role.getRoleName()); + builder.append((char)separator).append(role.getPrincipalName()); + builder.append((char)separator).append(role.getPrincipalType()); + builder.append((char)separator).append(role.isGrantOption()); + builder.append((char)separator).append(testMode ? -1 : role.getGrantTime() * 1000L); + builder.append((char)separator).append(role.getGrantor()); + } + return builder.toString(); + } + + static String writeHiveRoleInfo(List roles, boolean testMode) { + if (roles == null || roles.isEmpty()) { + return ""; + } + StringBuilder builder = new StringBuilder(); + for (HiveRole role : roles) { + if (builder.length() > 0) { + builder.append((char)terminator); + } + builder.append(role.getRoleName()); + builder.append((char)separator).append(role.getPrincipalName()); + builder.append((char)separator).append(role.getPrincipalType()); + builder.append((char)separator).append(role.isGrantOption()); + builder.append((char)separator).append(testMode ? -1 : role.getGrantTime() * 1000L); + builder.append((char)separator).append(role.getGrantor()); + } + return builder.toString(); + } + private static void writeKeyValuePair(StringBuilder builder, String key, String value) { if (builder.length() > 0) { builder.append((char)terminator); diff --git ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java index f4d9a83..1a9dbff 100644 --- ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java +++ ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java @@ -515,7 +515,7 @@ private void analyzeShowRoleGrant(ASTNode ast) throws SemanticException { createShowRoleGrantTask(ast, ctx.getResFile(), getInputs(), getOutputs()); if(task != null) { rootTasks.add(task); - setFetchTask(createFetchTask(RoleDDLDesc.getSchema())); + setFetchTask(createFetchTask(RoleDDLDesc.getRoleDescSchema())); } } @@ -525,7 +525,7 @@ private void analyzeShowRoles(ASTNode ast) { showRolesDesc.setResFile(ctx.getResFile().toString()); rootTasks.add(TaskFactory.get(new DDLWork(getInputs(), getOutputs(), showRolesDesc), conf)); - setFetchTask(createFetchTask(RoleDDLDesc.getSchema())); + setFetchTask(createFetchTask(RoleDDLDesc.getRoleNameSchema())); } private void analyzeAlterDatabase(ASTNode ast) throws SemanticException { diff --git ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java index de323a9..f725436 100644 --- ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java @@ -40,12 +40,23 @@ private String roleOwnerName; /** + * thrift ddl for the result of show roles. + */ + private static final String roleNameSchema = "role#string"; + + /** * thrift ddl for the result of show role. */ - private static String schema = "role#string"; + private static final String roleDescSchema = + "role,principal_name,principal_type,grant_option,grant_time,grantor#" + + "string:string:string:boolean:bigint:string"; + + public static String getRoleNameSchema() { + return roleNameSchema; + } - public static String getSchema() { - return schema; + public static String getRoleDescSchema() { + return roleDescSchema; } public static enum RoleOperation { diff --git ql/src/java/org/apache/hadoop/hive/ql/plan/ShowGrantDesc.java ql/src/java/org/apache/hadoop/hive/ql/plan/ShowGrantDesc.java index de59ec3..aa88153 100644 --- ql/src/java/org/apache/hadoop/hive/ql/plan/ShowGrantDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/plan/ShowGrantDesc.java @@ -33,7 +33,10 @@ /** * thrift ddl for the result of show grant. */ - private static final String schema = "property,value#string:string"; + private static final String tabularSchema = + "database,table,partition,column,principal_name,principal_type,privilege," + + "grant_option,grant_time,grantor#" + + "string:string:string:string:string:string:string:boolean:bigint:string"; public ShowGrantDesc(){ } @@ -47,7 +50,7 @@ public ShowGrantDesc(String resFile, PrincipalDesc principalDesc, } public static String getSchema() { - return schema; + return tabularSchema; } @Explain(displayName="principal desc") @@ -83,5 +86,4 @@ public void setResFile(String resFile) { public void setColumns(List columns) { this.columns = columns; } - } diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java index 9fe2a06..008efb1 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java @@ -40,7 +40,7 @@ void createRole(String roleName, HivePrincipal adminGrantor) void dropRole(String roleName) throws HiveAuthorizationPluginException; - List getRoles(HivePrincipal hivePrincipal) + List getRoles(HivePrincipal hivePrincipal) throws HiveAuthorizationPluginException; void grantRole(List hivePrincipals, List roles, boolean grantOption, diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java index 5a16a4a..632901e 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java @@ -94,7 +94,7 @@ void dropRole(String roleName) * @return list of roles * @throws HiveAuthorizationPluginException */ - List getRoles(HivePrincipal hivePrincipal) + List getRoles(HivePrincipal hivePrincipal) throws HiveAuthorizationPluginException; /** diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java index 44dd161..172746e 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java @@ -66,7 +66,7 @@ public void dropRole(String roleName) throws HiveAuthorizationPluginException { } @Override - public List getRoles(HivePrincipal hivePrincipal) throws HiveAuthorizationPluginException { + public List getRoles(HivePrincipal hivePrincipal) throws HiveAuthorizationPluginException { return accessController.getRoles(hivePrincipal); } diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRole.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRole.java new file mode 100644 index 0000000..8ea9822 --- /dev/null +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRole.java @@ -0,0 +1,110 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.hive.ql.security.authorization.plugin; + +import org.apache.hadoop.hive.metastore.api.Role; + +// same with thrift.Role +public class HiveRole { + + private String roleName; + private int createTime; + private String ownerName; + private String principalName; + private String principalType; + private boolean grantOption; + private int grantTime; + private String grantor; + + public HiveRole() {} + + public HiveRole(Role role) { + roleName = role.getRoleName(); + createTime = role.getCreateTime(); + ownerName = role.getOwnerName(); + principalName = role.getPrincipalName(); + principalType = role.getPrincipalType(); + grantOption = role.isGrantOption(); + grantTime = role.getGrantTime(); + grantor = role.getGrantor(); + } + + public String getRoleName() { + return roleName; + } + + public void setRoleName(String roleName) { + this.roleName = roleName; + } + + public int getCreateTime() { + return createTime; + } + + public void setCreateTime(int createTime) { + this.createTime = createTime; + } + + public String getOwnerName() { + return ownerName; + } + + public void setOwnerName(String ownerName) { + this.ownerName = ownerName; + } + + public String getPrincipalName() { + return principalName; + } + + public void setPrincipalName(String principalName) { + this.principalName = principalName; + } + + public String getPrincipalType() { + return principalType; + } + + public void setPrincipalType(String principalType) { + this.principalType = principalType; + } + + public boolean isGrantOption() { + return grantOption; + } + + public void setGrantOption(boolean grantOption) { + this.grantOption = grantOption; + } + + public int getGrantTime() { + return grantTime; + } + + public void setGrantTime(int grantTime) { + this.grantTime = grantTime; + } + + public String getGrantor() { + return grantor; + } + + public void setGrantor(String grantor) { + this.grantor = grantor; + } +} diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java index adbd1a8..5c5d0e5 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java @@ -44,6 +44,7 @@ import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRole; /** @@ -174,13 +175,14 @@ public void dropRole(String roleName) throws HiveAuthorizationPluginException { } @Override - public List getRoles(HivePrincipal hivePrincipal) throws HiveAuthorizationPluginException { + public List getRoles(HivePrincipal hivePrincipal) throws HiveAuthorizationPluginException { try { List roles = metastoreClientFactory.getHiveMetastoreClient().list_roles( hivePrincipal.getName(), AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType())); - List roleNames = new ArrayList(roles.size()); - for(Role role : roles){ - roleNames.add(role.getRoleName()); + List roleNames = new ArrayList(roles.size()); + for (Role role : roles){ + ; + roleNames.add(new HiveRole(role)); } return roleNames; } catch (Exception e) { diff --git ql/src/test/results/clientnegative/authorization_fail_3.q.out ql/src/test/results/clientnegative/authorization_fail_3.q.out index 10df438..bfba08a 100644 --- ql/src/test/results/clientnegative/authorization_fail_3.q.out +++ ql/src/test/results/clientnegative/authorization_fail_3.q.out @@ -24,13 +24,7 @@ PREHOOK: query: show grant user hive_test_user on table authorization_fail_3 PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table authorization_fail_3 POSTHOOK: type: SHOW_GRANT -database default -table authorization_fail_3 -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user +default authorization_fail_3 hive_test_user USER Create false -1 hive_test_user PREHOOK: query: show grant user hive_test_user on table authorization_fail_3 partition (ds='2010') PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table authorization_fail_3 partition (ds='2010') diff --git ql/src/test/results/clientnegative/authorization_fail_4.q.out ql/src/test/results/clientnegative/authorization_fail_4.q.out index 91ecbe9..34ad4ef 100644 --- ql/src/test/results/clientnegative/authorization_fail_4.q.out +++ ql/src/test/results/clientnegative/authorization_fail_4.q.out @@ -38,38 +38,12 @@ PREHOOK: query: show grant user hive_test_user on table authorization_fail_4 PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table authorization_fail_4 POSTHOOK: type: SHOW_GRANT -database default -table authorization_fail_4 -principalName hive_test_user -principalType USER -privilege Alter -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_fail_4 -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user +default authorization_fail_4 hive_test_user USER Alter false -1 hive_test_user +default authorization_fail_4 hive_test_user USER Create false -1 hive_test_user PREHOOK: query: show grant user hive_test_user on table authorization_fail_4 partition (ds='2010') PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table authorization_fail_4 partition (ds='2010') POSTHOOK: type: SHOW_GRANT -database default -table authorization_fail_4 -partition [2010] -principalName hive_test_user -principalType USER -privilege Alter -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_fail_4 -partition [2010] -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user +default authorization_fail_4 [2010] hive_test_user USER Alter false -1 hive_test_user +default authorization_fail_4 [2010] hive_test_user USER Create false -1 hive_test_user Authorization failed:No privilege 'Select' found for inputs { database:default, table:authorization_fail_4, partitionName:ds=2010, columnName:key}. Use SHOW GRANT to get more details. diff --git ql/src/test/results/clientnegative/authorization_fail_5.q.out ql/src/test/results/clientnegative/authorization_fail_5.q.out index 7c70c66..a0289fb 100644 --- ql/src/test/results/clientnegative/authorization_fail_5.q.out +++ ql/src/test/results/clientnegative/authorization_fail_5.q.out @@ -44,55 +44,16 @@ PREHOOK: query: show grant user hive_test_user on table authorization_fail PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table authorization_fail POSTHOOK: type: SHOW_GRANT -database default -table authorization_fail -principalName hive_test_user -principalType USER -privilege Alter -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_fail -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_fail -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_fail hive_test_user USER Alter false -1 hive_test_user +default authorization_fail hive_test_user USER Create false -1 hive_test_user +default authorization_fail hive_test_user USER Select false -1 hive_test_user PREHOOK: query: show grant user hive_test_user on table authorization_fail partition (ds='2010') PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table authorization_fail partition (ds='2010') POSTHOOK: type: SHOW_GRANT -database default -table authorization_fail -partition [2010] -principalName hive_test_user -principalType USER -privilege Alter -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_fail -partition [2010] -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_fail -partition [2010] -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_fail [2010] hive_test_user USER Alter false -1 hive_test_user +default authorization_fail [2010] hive_test_user USER Create false -1 hive_test_user +default authorization_fail [2010] hive_test_user USER Select false -1 hive_test_user PREHOOK: query: revoke Select on table authorization_fail partition (ds='2010') from user hive_test_user PREHOOK: type: REVOKE_PRIVILEGE PREHOOK: Output: default@authorization_fail@ds=2010 @@ -103,20 +64,6 @@ PREHOOK: query: show grant user hive_test_user on table authorization_fail parti PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table authorization_fail partition (ds='2010') POSTHOOK: type: SHOW_GRANT -database default -table authorization_fail -partition [2010] -principalName hive_test_user -principalType USER -privilege Alter -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_fail -partition [2010] -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user +default authorization_fail [2010] hive_test_user USER Alter false -1 hive_test_user +default authorization_fail [2010] hive_test_user USER Create false -1 hive_test_user Authorization failed:No privilege 'Select' found for inputs { database:default, table:authorization_fail, partitionName:ds=2010, columnName:key}. Use SHOW GRANT to get more details. diff --git ql/src/test/results/clientnegative/authorization_fail_7.q.out ql/src/test/results/clientnegative/authorization_fail_7.q.out index 7bfb6e6..682cb67 100644 --- ql/src/test/results/clientnegative/authorization_fail_7.q.out +++ ql/src/test/results/clientnegative/authorization_fail_7.q.out @@ -25,18 +25,12 @@ PREHOOK: query: show role grant user hive_test_user PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT -hive_test_role_fail +hive_test_role_fail hive_test_user USER true -1 hive_test_user PREHOOK: query: show grant role hive_test_role_fail on table authorization_fail PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role hive_test_role_fail on table authorization_fail POSTHOOK: type: SHOW_GRANT -database default -table authorization_fail -principalName hive_test_role_fail -principalType ROLE -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_fail hive_test_role_fail ROLE Select false -1 hive_test_user PREHOOK: query: drop role hive_test_role_fail PREHOOK: type: DROPROLE POSTHOOK: query: drop role hive_test_role_fail diff --git ql/src/test/results/clientnegative/authorization_part.q.out ql/src/test/results/clientnegative/authorization_part.q.out index 08866b4..31dfda9 100644 --- ql/src/test/results/clientnegative/authorization_part.q.out +++ ql/src/test/results/clientnegative/authorization_part.q.out @@ -66,13 +66,7 @@ PREHOOK: query: show grant group hive_test_group1 on table authorization_part_fa PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant group hive_test_group1 on table authorization_part_fail POSTHOOK: type: SHOW_GRANT -database default -table authorization_part_fail -principalName hive_test_group1 -principalType GROUP -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part_fail hive_test_group1 GROUP Select false -1 hive_test_user PREHOOK: query: insert overwrite table authorization_part_fail partition (ds='2010') select key, value from src_auth PREHOOK: type: QUERY PREHOOK: Input: default@src_auth @@ -89,29 +83,14 @@ POSTHOOK: query: show grant group hive_test_group1 on table authorization_part_f POSTHOOK: type: SHOW_GRANT POSTHOOK: Lineage: authorization_part_fail PARTITION(ds=2010).key EXPRESSION [(src_auth)src_auth.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part_fail PARTITION(ds=2010).value SIMPLE [(src_auth)src_auth.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part_fail -partition [2010] -columnName key -principalName hive_test_group1 -principalType GROUP -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part_fail [2010] key hive_test_group1 GROUP Select false -1 hive_test_user PREHOOK: query: show grant group hive_test_group1 on table authorization_part_fail partition (ds='2010') PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant group hive_test_group1 on table authorization_part_fail partition (ds='2010') POSTHOOK: type: SHOW_GRANT POSTHOOK: Lineage: authorization_part_fail PARTITION(ds=2010).key EXPRESSION [(src_auth)src_auth.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part_fail PARTITION(ds=2010).value SIMPLE [(src_auth)src_auth.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part_fail -partition [2010] -principalName hive_test_group1 -principalType GROUP -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part_fail [2010] hive_test_group1 GROUP Select false -1 hive_test_user PREHOOK: query: select key, value from authorization_part_fail where ds='2010' order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@authorization_part_fail @@ -164,15 +143,7 @@ POSTHOOK: Lineage: authorization_part_fail PARTITION(ds=2010).key EXPRESSION [(s POSTHOOK: Lineage: authorization_part_fail PARTITION(ds=2010).value SIMPLE [(src_auth)src_auth.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part_fail PARTITION(ds=2011).key EXPRESSION [(src_auth)src_auth.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part_fail PARTITION(ds=2011).value SIMPLE [(src_auth)src_auth.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part_fail -partition [2011] -columnName key -principalName hive_test_group1 -principalType GROUP -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part_fail [2011] key hive_test_group1 GROUP Select false -1 hive_test_user PREHOOK: query: show grant group hive_test_group1 on table authorization_part_fail partition (ds='2011') PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant group hive_test_group1 on table authorization_part_fail partition (ds='2011') @@ -181,14 +152,7 @@ POSTHOOK: Lineage: authorization_part_fail PARTITION(ds=2010).key EXPRESSION [(s POSTHOOK: Lineage: authorization_part_fail PARTITION(ds=2010).value SIMPLE [(src_auth)src_auth.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part_fail PARTITION(ds=2011).key EXPRESSION [(src_auth)src_auth.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part_fail PARTITION(ds=2011).value SIMPLE [(src_auth)src_auth.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part_fail -partition [2011] -principalName hive_test_group1 -principalType GROUP -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part_fail [2011] hive_test_group1 GROUP Select false -1 hive_test_user PREHOOK: query: select key, value from authorization_part_fail where ds='2011' order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@authorization_part_fail diff --git ql/src/test/results/clientpositive/authorization_1.q.out ql/src/test/results/clientpositive/authorization_1.q.out index 3391bcd..1894875 100644 --- ql/src/test/results/clientpositive/authorization_1.q.out +++ ql/src/test/results/clientpositive/authorization_1.q.out @@ -23,13 +23,7 @@ PREHOOK: query: show grant user hive_test_user on table src_autho_test PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table src_autho_test POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test hive_test_user USER Select false -1 hive_test_user PREHOOK: query: show grant user hive_test_user on table src_autho_test(key) PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table src_autho_test(key) @@ -94,14 +88,7 @@ PREHOOK: query: show grant user hive_test_user on table src_autho_test(key) PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table src_autho_test(key) POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -columnName key -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test key hive_test_user USER Select false -1 hive_test_user PREHOOK: query: select key from src_autho_test order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@src_autho_test @@ -158,13 +145,7 @@ PREHOOK: query: show grant group hive_test_group1 on table src_autho_test PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant group hive_test_group1 on table src_autho_test POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -principalName hive_test_group1 -principalType GROUP -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test hive_test_group1 GROUP Select false -1 hive_test_user PREHOOK: query: show grant group hive_test_group1 on table src_autho_test(key) PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant group hive_test_group1 on table src_autho_test(key) @@ -229,14 +210,7 @@ PREHOOK: query: show grant group hive_test_group1 on table src_autho_test(key) PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant group hive_test_group1 on table src_autho_test(key) POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -columnName key -principalName hive_test_group1 -principalType GROUP -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test key hive_test_group1 GROUP Select false -1 hive_test_user PREHOOK: query: select key from src_autho_test order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@src_autho_test @@ -293,7 +267,7 @@ PREHOOK: query: show role grant user hive_test_user PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT -src_role +src_role hive_test_user USER true -1 hive_test_user PREHOOK: query: --column grant to role grant select(key) on table src_autho_test to role src_role @@ -312,14 +286,7 @@ PREHOOK: query: show grant role src_role on table src_autho_test(key) PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role src_role on table src_autho_test(key) POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -columnName key -principalName src_role -principalType ROLE -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test key src_role ROLE Select false -1 hive_test_user PREHOOK: query: select key from src_autho_test order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@src_autho_test @@ -396,13 +363,7 @@ PREHOOK: query: show grant role src_role on table src_autho_test PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role src_role on table src_autho_test POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -principalName src_role -principalType ROLE -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test src_role ROLE Select false -1 hive_test_user PREHOOK: query: show grant role src_role on table src_autho_test(key) PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role src_role on table src_autho_test(key) diff --git ql/src/test/results/clientpositive/authorization_1_sql_std.q.out ql/src/test/results/clientpositive/authorization_1_sql_std.q.out index a0b1ce0..d1f0323 100644 --- ql/src/test/results/clientpositive/authorization_1_sql_std.q.out +++ ql/src/test/results/clientpositive/authorization_1_sql_std.q.out @@ -17,13 +17,7 @@ PREHOOK: query: show grant user hive_test_user on table src_autho_test PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table src_autho_test POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test hive_test_user USER Select false -1 hive_test_user PREHOOK: query: revoke select on table src_autho_test from user hive_test_user PREHOOK: type: REVOKE_PRIVILEGE PREHOOK: Output: default@src_autho_test @@ -48,8 +42,7 @@ PREHOOK: query: show role grant user hive_test_user PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT -src_role - +src_role hive_test_user USER false -1 hive_test_user PREHOOK: query: --table grant to role grant select on table src_autho_test to role src_role @@ -64,13 +57,7 @@ PREHOOK: query: show grant role src_role on table src_autho_test PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role src_role on table src_autho_test POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -principalName src_role -principalType ROLE -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test src_role ROLE Select false -1 hive_test_user PREHOOK: query: revoke select on table src_autho_test from role src_role PREHOOK: type: REVOKE_PRIVILEGE PREHOOK: Output: default@src_autho_test diff --git ql/src/test/results/clientpositive/authorization_2.q.out ql/src/test/results/clientpositive/authorization_2.q.out index 5b29855..e21d5f5 100644 --- ql/src/test/results/clientpositive/authorization_2.q.out +++ ql/src/test/results/clientpositive/authorization_2.q.out @@ -52,27 +52,9 @@ PREHOOK: query: show grant user hive_test_user on table authorization_part PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table authorization_part POSTHOOK: type: SHOW_GRANT -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Drop -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Update -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part hive_test_user USER Create false -1 hive_test_user +default authorization_part hive_test_user USER Update false -1 hive_test_user +default authorization_part hive_test_user USER Drop false -1 hive_test_user PREHOOK: query: alter table authorization_part add partition (ds='2010') PREHOOK: type: ALTERTABLE_ADDPARTS PREHOOK: Input: default@authorization_part @@ -84,30 +66,9 @@ PREHOOK: query: show grant user hive_test_user on table authorization_part parti PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table authorization_part partition (ds='2010') POSTHOOK: type: SHOW_GRANT -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Drop -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Update -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part [2010] hive_test_user USER Create false -1 hive_test_user +default authorization_part [2010] hive_test_user USER Drop false -1 hive_test_user +default authorization_part [2010] hive_test_user USER Update false -1 hive_test_user PREHOOK: query: grant select(key) on table authorization_part to user hive_test_user PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@authorization_part @@ -138,29 +99,14 @@ POSTHOOK: query: show grant user hive_test_user on table authorization_part(key) POSTHOOK: type: SHOW_GRANT POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -partition [2010] -columnName key -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part [2010] key hive_test_user USER Select false -1 hive_test_user PREHOOK: query: show grant user hive_test_user on table authorization_part(key) PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table authorization_part(key) POSTHOOK: type: SHOW_GRANT POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -columnName key -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part key hive_test_user USER Select false -1 hive_test_user PREHOOK: query: select key from authorization_part where ds='2010' order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@authorization_part @@ -213,15 +159,7 @@ POSTHOOK: query: show grant user hive_test_user on table authorization_part(key) POSTHOOK: type: SHOW_GRANT POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -partition [2010] -columnName key -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part [2010] key hive_test_user USER Select false -1 hive_test_user PREHOOK: query: select key from authorization_part where ds='2010' order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@authorization_part @@ -286,27 +224,9 @@ show grant user hive_test_user on table authorization_part POSTHOOK: type: SHOW_GRANT POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Drop -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Update -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part hive_test_user USER Create false -1 hive_test_user +default authorization_part hive_test_user USER Update false -1 hive_test_user +default authorization_part hive_test_user USER Drop false -1 hive_test_user PREHOOK: query: alter table authorization_part add partition (ds='2010') PREHOOK: type: ALTERTABLE_ADDPARTS PREHOOK: Input: default@authorization_part @@ -322,30 +242,9 @@ POSTHOOK: query: show grant user hive_test_user on table authorization_part part POSTHOOK: type: SHOW_GRANT POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Drop -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Update -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part [2010] hive_test_user USER Create false -1 hive_test_user +default authorization_part [2010] hive_test_user USER Drop false -1 hive_test_user +default authorization_part [2010] hive_test_user USER Update false -1 hive_test_user PREHOOK: query: grant select on table authorization_part to user hive_test_user PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@authorization_part @@ -384,38 +283,10 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Drop -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Update -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part [2010] hive_test_user USER Create false -1 hive_test_user +default authorization_part [2010] hive_test_user USER Drop false -1 hive_test_user +default authorization_part [2010] hive_test_user USER Select false -1 hive_test_user +default authorization_part [2010] hive_test_user USER Update false -1 hive_test_user PREHOOK: query: show grant user hive_test_user on table authorization_part PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table authorization_part @@ -424,34 +295,10 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Drop -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Update -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part hive_test_user USER Create false -1 hive_test_user +default authorization_part hive_test_user USER Update false -1 hive_test_user +default authorization_part hive_test_user USER Drop false -1 hive_test_user +default authorization_part hive_test_user USER Select false -1 hive_test_user PREHOOK: query: select key from authorization_part where ds='2010' order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@authorization_part @@ -504,27 +351,9 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Drop -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Update -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part hive_test_user USER Create false -1 hive_test_user +default authorization_part hive_test_user USER Update false -1 hive_test_user +default authorization_part hive_test_user USER Drop false -1 hive_test_user PREHOOK: query: show grant user hive_test_user on table authorization_part partition (ds='2010') PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table authorization_part partition (ds='2010') @@ -533,38 +362,10 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Drop -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Update -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part [2010] hive_test_user USER Create false -1 hive_test_user +default authorization_part [2010] hive_test_user USER Drop false -1 hive_test_user +default authorization_part [2010] hive_test_user USER Select false -1 hive_test_user +default authorization_part [2010] hive_test_user USER Update false -1 hive_test_user PREHOOK: query: select key from authorization_part where ds='2010' order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@authorization_part @@ -617,30 +418,9 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Drop -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -partition [2010] -principalName hive_test_user -principalType USER -privilege Update -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part [2010] hive_test_user USER Create false -1 hive_test_user +default authorization_part [2010] hive_test_user USER Drop false -1 hive_test_user +default authorization_part [2010] hive_test_user USER Update false -1 hive_test_user PREHOOK: query: alter table authorization_part drop partition (ds='2010') PREHOOK: type: ALTERTABLE_DROPPARTS PREHOOK: Input: default@authorization_part @@ -730,15 +510,7 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -partition [2010] -columnName key -principalName hive_test_group1 -principalType GROUP -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part [2010] key hive_test_group1 GROUP Select false -1 hive_test_user PREHOOK: query: show grant group hive_test_group1 on table authorization_part(key) PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant group hive_test_group1 on table authorization_part(key) @@ -749,14 +521,7 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -columnName key -principalName hive_test_group1 -principalType GROUP -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part key hive_test_group1 GROUP Select false -1 hive_test_user PREHOOK: query: select key from authorization_part where ds='2010' order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@authorization_part @@ -825,15 +590,7 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -partition [2010] -columnName key -principalName hive_test_group1 -principalType GROUP -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part [2010] key hive_test_group1 GROUP Select false -1 hive_test_user PREHOOK: query: select key from authorization_part where ds='2010' order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@authorization_part @@ -995,14 +752,7 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -partition [2010] -principalName hive_test_group1 -principalType GROUP -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part [2010] hive_test_group1 GROUP Select false -1 hive_test_user PREHOOK: query: show grant group hive_test_group1 on table authorization_part PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant group hive_test_group1 on table authorization_part @@ -1015,13 +765,7 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -principalName hive_test_group1 -principalType GROUP -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part hive_test_group1 GROUP Select false -1 hive_test_user PREHOOK: query: select key from authorization_part where ds='2010' order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@authorization_part @@ -1098,14 +842,7 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -partition [2010] -principalName hive_test_group1 -principalType GROUP -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part [2010] hive_test_group1 GROUP Select false -1 hive_test_user PREHOOK: query: select key from authorization_part where ds='2010' order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@authorization_part diff --git ql/src/test/results/clientpositive/authorization_3.q.out ql/src/test/results/clientpositive/authorization_3.q.out index ff42dfb..834909c 100644 --- ql/src/test/results/clientpositive/authorization_3.q.out +++ ql/src/test/results/clientpositive/authorization_3.q.out @@ -25,20 +25,8 @@ PREHOOK: query: show grant user hive_test_user on table src_autho_test PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table src_autho_test POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -principalName hive_test_user -principalType USER -privilege Drop -#### A masked pattern was here #### -grantor hive_test_user -database default -table src_autho_test -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test hive_test_user USER Drop false -1 hive_test_user +default src_autho_test hive_test_user USER Select false -1 hive_test_user PREHOOK: query: revoke select on table src_autho_test from user hive_test_user PREHOOK: type: REVOKE_PRIVILEGE PREHOOK: Output: default@src_autho_test @@ -61,20 +49,8 @@ PREHOOK: query: show grant user hive_test_user on table src_autho_test PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table src_autho_test POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -principalName hive_test_user -principalType USER -privilege Drop -#### A masked pattern was here #### -grantor hive_test_user -database default -table src_autho_test -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test hive_test_user USER Drop false -1 hive_test_user +default src_autho_test hive_test_user USER Select false -1 hive_test_user PREHOOK: query: revoke drop,select on table src_autho_test from user hive_test_user PREHOOK: type: REVOKE_PRIVILEGE PREHOOK: Output: default@src_autho_test @@ -91,13 +67,7 @@ PREHOOK: query: show grant user hive_test_user on table src_autho_test PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table src_autho_test POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -principalName hive_test_user -principalType USER -privilege Drop -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test hive_test_user USER Drop false -1 hive_test_user PREHOOK: query: revoke drop,select(key), select(value) on table src_autho_test from user hive_test_user PREHOOK: type: REVOKE_PRIVILEGE PREHOOK: Output: default@src_autho_test diff --git ql/src/test/results/clientpositive/authorization_4.q.out ql/src/test/results/clientpositive/authorization_4.q.out index e656213..1b745d8 100644 --- ql/src/test/results/clientpositive/authorization_4.q.out +++ ql/src/test/results/clientpositive/authorization_4.q.out @@ -19,13 +19,7 @@ PREHOOK: query: show grant user hive_test_user on table src_autho_test PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table src_autho_test POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -principalName hive_test_user -principalType USER -privilege All -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test hive_test_user USER All false -1 hive_test_user PREHOOK: query: select key from src_autho_test order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@src_autho_test diff --git ql/src/test/results/clientpositive/authorization_5.q.out ql/src/test/results/clientpositive/authorization_5.q.out index 3aeaeca..731554a 100644 --- ql/src/test/results/clientpositive/authorization_5.q.out +++ ql/src/test/results/clientpositive/authorization_5.q.out @@ -24,18 +24,8 @@ PREHOOK: query: SHOW GRANT USER hive_test_user ON DATABASE test_db PREHOOK: type: SHOW_GRANT POSTHOOK: query: SHOW GRANT USER hive_test_user ON DATABASE test_db POSTHOOK: type: SHOW_GRANT -database test_db -principalName hive_test_user -principalType USER -privilege Drop -#### A masked pattern was here #### -grantor hive_test_user -database test_db -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +test_db hive_test_user USER Drop false -1 hive_test_user +test_db hive_test_user USER Select false -1 hive_test_user PREHOOK: query: CREATE ROLE db_test_role PREHOOK: type: CREATEROLE POSTHOOK: query: CREATE ROLE db_test_role @@ -48,7 +38,7 @@ PREHOOK: query: SHOW ROLE GRANT USER hive_test_user PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: SHOW ROLE GRANT USER hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT -db_test_role +db_test_role hive_test_user USER true -1 hive_test_user PREHOOK: query: GRANT drop ON DATABASE test_db TO ROLE db_test_role PREHOOK: type: GRANT_PRIVILEGE POSTHOOK: query: GRANT drop ON DATABASE test_db TO ROLE db_test_role @@ -61,18 +51,8 @@ PREHOOK: query: SHOW GRANT ROLE db_test_role ON DATABASE test_db PREHOOK: type: SHOW_GRANT POSTHOOK: query: SHOW GRANT ROLE db_test_role ON DATABASE test_db POSTHOOK: type: SHOW_GRANT -database test_db -principalName db_test_role -principalType ROLE -privilege Drop -#### A masked pattern was here #### -grantor hive_test_user -database test_db -principalName db_test_role -principalType ROLE -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +test_db db_test_role ROLE Drop false -1 hive_test_user +test_db db_test_role ROLE Select false -1 hive_test_user PREHOOK: query: DROP DATABASE IF EXISTS test_db PREHOOK: type: DROPDATABASE PREHOOK: Input: database:test_db diff --git ql/src/test/results/clientpositive/authorization_6.q.out ql/src/test/results/clientpositive/authorization_6.q.out index 0d555e4..bb5ed95 100644 --- ql/src/test/results/clientpositive/authorization_6.q.out +++ ql/src/test/results/clientpositive/authorization_6.q.out @@ -52,27 +52,9 @@ PREHOOK: query: show grant user hive_test_user on table authorization_part PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table authorization_part POSTHOOK: type: SHOW_GRANT -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Drop -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Update -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part hive_test_user USER Create false -1 hive_test_user +default authorization_part hive_test_user USER Drop false -1 hive_test_user +default authorization_part hive_test_user USER Update false -1 hive_test_user PREHOOK: query: grant select(key) on table authorization_part to user hive_test_user PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@authorization_part @@ -109,15 +91,7 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2011).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2011).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -partition [2010] -columnName key -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part [2010] key hive_test_user USER Select false -1 hive_test_user PREHOOK: query: show grant user hive_test_user on table authorization_part(key) partition (ds='2011') PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table authorization_part(key) partition (ds='2011') @@ -126,15 +100,7 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2011).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2011).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -partition [2011] -columnName key -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part [2011] key hive_test_user USER Select false -1 hive_test_user PREHOOK: query: show grant user hive_test_user on table authorization_part(key) PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table authorization_part(key) @@ -143,14 +109,7 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2011).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2011).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -columnName key -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part key hive_test_user USER Select false -1 hive_test_user PREHOOK: query: select key from authorization_part where ds>='2010' order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@authorization_part @@ -248,20 +207,8 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2010).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2011).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2011).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Create -#### A masked pattern was here #### -grantor hive_test_user -database default -table authorization_part -principalName hive_test_user -principalType USER -privilege Update -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part hive_test_user USER Create false -1 hive_test_user +default authorization_part hive_test_user USER Update false -1 hive_test_user PREHOOK: query: grant select(key) on table authorization_part to user hive_test_user PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@authorization_part @@ -338,14 +285,7 @@ POSTHOOK: Lineage: authorization_part PARTITION(ds=2011).key EXPRESSION [(src_au POSTHOOK: Lineage: authorization_part PARTITION(ds=2011).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2011).key EXPRESSION [(src_auth_tmp)src_auth_tmp.FieldSchema(name:key, type:string, comment:null), ] POSTHOOK: Lineage: authorization_part PARTITION(ds=2011).value SIMPLE [(src_auth_tmp)src_auth_tmp.FieldSchema(name:value, type:string, comment:null), ] -database default -table authorization_part -columnName key -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default authorization_part key hive_test_user USER Select false -1 hive_test_user PREHOOK: query: select key from authorization_part where ds>='2010' order by key limit 20 PREHOOK: type: QUERY PREHOOK: Input: default@authorization_part diff --git ql/src/test/results/clientpositive/authorization_9.q.out ql/src/test/results/clientpositive/authorization_9.q.out index bad418c..ed6cb08 100644 --- ql/src/test/results/clientpositive/authorization_9.q.out +++ ql/src/test/results/clientpositive/authorization_9.q.out @@ -27,53 +27,17 @@ PREHOOK: query: show grant user hive_test_user on database default PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on database default POSTHOOK: type: SHOW_GRANT -database default -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default hive_test_user USER Select false -1 hive_test_user PREHOOK: query: show grant user hive_test_user on table dummy PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on table dummy POSTHOOK: type: SHOW_GRANT -database default -table dummy -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default dummy hive_test_user USER Select false -1 hive_test_user PREHOOK: query: show grant user hive_test_user on all PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on all POSTHOOK: type: SHOW_GRANT -database default -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user -database default -table dummy -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user -database default -table dummy -columnName key -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user -database default -table dummy -columnName value -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default hive_test_user USER Select false -1 hive_test_user +default dummy hive_test_user USER Select false -1 hive_test_user +default dummy key hive_test_user USER Select false -1 hive_test_user +default dummy value hive_test_user USER Select false -1 hive_test_user diff --git ql/src/test/results/clientpositive/authorization_role_grant1.q.out ql/src/test/results/clientpositive/authorization_role_grant1.q.out index 981060f..4d7e61b 100644 --- ql/src/test/results/clientpositive/authorization_role_grant1.q.out +++ ql/src/test/results/clientpositive/authorization_role_grant1.q.out @@ -16,8 +16,7 @@ PREHOOK: query: show role grant user user2 PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -src_role2 - +src_role2 user2 USER false -1 hive_test_user PREHOOK: query: show roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show roles @@ -60,8 +59,7 @@ PREHOOK: query: show role grant user user2 PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -src_role_wadmin - +src_role_wadmin user2 USER false -1 hive_test_user PREHOOK: query: -- revoke role without role keyword revoke src_role_wadmin from user user2 with admin option PREHOOK: type: REVOKE_ROLE diff --git ql/src/test/results/clientpositive/authorization_view.q.out ql/src/test/results/clientpositive/authorization_view.q.out index e74be93..93500f8 100644 --- ql/src/test/results/clientpositive/authorization_view.q.out +++ ql/src/test/results/clientpositive/authorization_view.q.out @@ -21,13 +21,7 @@ PREHOOK: query: show grant user hive_test_user on view src_autho_test PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on view src_autho_test POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test hive_test_user USER Select false -1 hive_test_user PREHOOK: query: show grant user hive_test_user on view src_autho_test(key) PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on view src_autho_test(key) @@ -64,14 +58,7 @@ PREHOOK: query: show grant user hive_test_user on view src_autho_test(key) PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on view src_autho_test(key) POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -columnName key -principalName hive_test_user -principalType USER -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test key hive_test_user USER Select false -1 hive_test_user PREHOOK: query: revoke select(key) on view src_autho_test from user hive_test_user PREHOOK: type: REVOKE_PRIVILEGE PREHOOK: Output: default@src_autho_test @@ -100,13 +87,7 @@ PREHOOK: query: show grant group hive_test_group1 on view src_autho_test PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -principalName hive_test_group1 -principalType GROUP -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test hive_test_group1 GROUP Select false -1 hive_test_user PREHOOK: query: show grant group hive_test_group1 on view src_autho_test(key) PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test(key) @@ -143,14 +124,7 @@ PREHOOK: query: show grant group hive_test_group1 on view src_autho_test(key) PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test(key) POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -columnName key -principalName hive_test_group1 -principalType GROUP -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test key hive_test_group1 GROUP Select false -1 hive_test_user PREHOOK: query: revoke select(key) on view src_autho_test from group hive_test_group1 PREHOOK: type: REVOKE_PRIVILEGE PREHOOK: Output: default@src_autho_test @@ -179,7 +153,7 @@ PREHOOK: query: show role grant user hive_test_user PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT -src_role +src_role hive_test_user USER true -1 hive_test_user PREHOOK: query: --column grant to role grant select(key) on view src_autho_test to role src_role @@ -198,14 +172,7 @@ PREHOOK: query: show grant role src_role on view src_autho_test(key) PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role src_role on view src_autho_test(key) POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -columnName key -principalName src_role -principalType ROLE -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test key src_role ROLE Select false -1 hive_test_user PREHOOK: query: revoke select(key) on view src_autho_test from role src_role PREHOOK: type: REVOKE_PRIVILEGE PREHOOK: Output: default@src_autho_test @@ -226,13 +193,7 @@ PREHOOK: query: show grant role src_role on view src_autho_test PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role src_role on view src_autho_test POSTHOOK: type: SHOW_GRANT -database default -table src_autho_test -principalName src_role -principalType ROLE -privilege Select -#### A masked pattern was here #### -grantor hive_test_user +default src_autho_test src_role ROLE Select false -1 hive_test_user PREHOOK: query: show grant role src_role on view src_autho_test(key) PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role src_role on view src_autho_test(key)