diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessControlException.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessControlException.java index f6f7e4a..d877686 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessControlException.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessControlException.java @@ -27,7 +27,7 @@ * an error while performing authorization, and not a authorization being * denied. */ -@LimitedPrivate(value = { "" }) +@LimitedPrivate(value = { "Apache Argus (incubating)" }) @Evolving public class HiveAccessControlException extends HiveException{ diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java index ede408b..a18eedc 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java @@ -19,8 +19,7 @@ import java.util.List; -import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate; -import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving; +import org.apache.hadoop.classification.InterfaceAudience.Private; import org.apache.hadoop.hive.conf.HiveConf; /** @@ -28,8 +27,7 @@ * create/drop roles, and commands to read the state of authorization rules. * Methods here have corresponding methods in HiveAuthorizer, check method documentation there. */ -@LimitedPrivate(value = { "" }) -@Evolving +@Private public interface HiveAccessController { void grantPrivileges(List hivePrincipals, List hivePrivileges, diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationValidator.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationValidator.java index c2282df..5a5b3d5 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationValidator.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationValidator.java @@ -19,15 +19,13 @@ import java.util.List; -import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate; -import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving; +import org.apache.hadoop.classification.InterfaceAudience.Private; /** * Interface used to check if user has privileges to perform certain action. * Methods here have corresponding methods in HiveAuthorizer, check method documentation there. */ -@LimitedPrivate(value = { "" }) -@Evolving +@Private public interface HiveAuthorizationValidator { /** diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java index 911a943..9c3a95c 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java @@ -34,7 +34,7 @@ * statements and does not make assumptions about the privileges needed for a hive operation. * This is referred to as V2 authorizer in other parts of the code. */ -@LimitedPrivate(value = { "" }) +@LimitedPrivate(value = { "Apache Argus (incubating)" }) @Evolving public interface HiveAuthorizer { diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerFactory.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerFactory.java index 27fc128..e9628c0 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerFactory.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerFactory.java @@ -27,7 +27,7 @@ * create {@link HiveAuthorizer} instance used for hive authorization. * */ -@LimitedPrivate(value = { "" }) +@LimitedPrivate(value = { "Apache Argus (incubating)" }) @Evolving public interface HiveAuthorizerFactory { /** diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzContext.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzContext.java index 248b626..195e341 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzContext.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzContext.java @@ -25,7 +25,7 @@ * auditing and/or authorization. * It is an immutable class. Builder inner class is used instantiate it. */ -@LimitedPrivate(value = { "" }) +@LimitedPrivate(value = { "Apache Argus (incubating)" }) @Evolving public final class HiveAuthzContext { diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzPluginException.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzPluginException.java index 7e99930..80b7edc 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzPluginException.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzPluginException.java @@ -27,7 +27,7 @@ * an error while performing authorization, and not a authorization being * denied. */ -@LimitedPrivate(value = { "" }) +@LimitedPrivate(value = { "Apache Argus (incubating)" }) @Evolving public class HiveAuthzPluginException extends HiveException{ diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzSessionContext.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzSessionContext.java index b0aadd5..3d18dfd 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzSessionContext.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzSessionContext.java @@ -24,7 +24,7 @@ * Provides session context information. * It is an immutable class. Builder inner class is used instantiate it. */ -@LimitedPrivate(value = { "" }) +@LimitedPrivate(value = { "Apache Argus (incubating)" }) @Evolving public final class HiveAuthzSessionContext { diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveMetastoreClientFactory.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveMetastoreClientFactory.java index 8ccd72b..6078a18 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveMetastoreClientFactory.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveMetastoreClientFactory.java @@ -28,7 +28,7 @@ * But Hive class is not a public interface, so this factory helps in hiding Hive * class from the authorization interface users. */ -@LimitedPrivate(value = { "" }) +@LimitedPrivate(value = { "Apache Argus (incubating)" }) @Evolving public interface HiveMetastoreClientFactory { IMetaStoreClient getHiveMetastoreClient() throws HiveAuthzPluginException; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveOperationType.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveOperationType.java index c4469a5..b79c080 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveOperationType.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveOperationType.java @@ -23,7 +23,7 @@ /** * List of hive operations types. */ -@LimitedPrivate(value = { "" }) +@LimitedPrivate(value = { "Apache Argus (incubating)" }) @Evolving public enum HiveOperationType { EXPLAIN, diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java index d8f530b..c5f4c40 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java @@ -23,7 +23,7 @@ /** * Represents the user or role in grant/revoke statements */ -@LimitedPrivate(value = { "" }) +@LimitedPrivate(value = { "Apache Argus (incubating)" }) @Evolving public class HivePrincipal implements Comparable { diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilege.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilege.java index 5e64b8d..3f69fc7 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilege.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilege.java @@ -27,7 +27,7 @@ /** * Represents the hive privilege being granted/revoked */ -@LimitedPrivate(value = { "" }) +@LimitedPrivate(value = { "Apache Argus (incubating)" }) @Evolving public class HivePrivilege implements Comparable { @Override @@ -97,6 +97,7 @@ public boolean supportsScope(PrivilegeScope scope) { return supportedScope != null && supportedScope.contains(scope.name()); } + @Override public int compareTo(HivePrivilege privilege) { int compare = columns != null ? (privilege.columns != null ? compare(columns, privilege.columns) : 1) : diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeInfo.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeInfo.java index 0f91ccb..37cda95 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeInfo.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeInfo.java @@ -23,7 +23,7 @@ /** * Represents a privilege granted for an object to a principal */ -@LimitedPrivate(value = { "" }) +@LimitedPrivate(value = { "Apache Argus (incubating)" }) @Evolving public class HivePrivilegeInfo{ private final HivePrincipal principal; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java index 01d9cb6..0364627 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java @@ -22,14 +22,19 @@ import java.util.Iterator; import java.util.List; +import org.apache.hadoop.classification.InterfaceStability.Evolving; import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate; -import org.apache.hadoop.hive.common.classification.InterfaceStability.Unstable; /** - * Represents the object on which privilege is being granted/revoked + * Represents the object on which privilege is being granted/revoked, and objects + * being used in queries. + * + * Check the get* function documentation for information on what value it returns based on + * the {@link HivePrivilegeObjectType}. + * */ -@LimitedPrivate(value = { "" }) -@Unstable +@LimitedPrivate(value = { "Apache Argus (incubating)" }) +@Evolving public class HivePrivilegeObject implements Comparable { @Override @@ -77,9 +82,20 @@ private int compare(Collection o1, Collection o2) { return o1.size() > o2.size() ? 1 : (o1.size() < o2.size() ? -1 : 0); } + /** + * Note that GLOBAL, PARTITION, COLUMN fields are populated only for Hive's old default + * authorization mode. + * When the authorization manager is an instance of HiveAuthorizerFactory, these types are not + * used. + */ public enum HivePrivilegeObjectType { GLOBAL, DATABASE, TABLE_OR_VIEW, PARTITION, COLUMN, LOCAL_URI, DFS_URI, COMMAND_PARAMS, FUNCTION - } ; + }; + + /** + * When {@link HiveOperationType} is QUERY, this action type is set so that it is possible + * to determine if the action type on this object is an INSERT or INSERT_OVERWRITE + */ public enum HivePrivObjectActionType { OTHER, INSERT, INSERT_OVERWRITE, UPDATE, DELETE }; @@ -139,6 +155,9 @@ public HivePrivilegeObjectType getType() { return type; } + /** + * @return the db name if type is DATABASE, TABLE, or FUNCTION + */ public String getDbname() { return dbname; } @@ -150,6 +169,10 @@ public String getObjectName() { return objectName; } + /** + * See javadoc of {@link HivePrivObjectActionType} + * @return action type + */ public HivePrivObjectActionType getActionType() { return actionType; } @@ -158,12 +181,15 @@ public HivePrivObjectActionType getActionType() { return commandParams; } + /** + * @return partiton key information. Used only for old default authorization mode. + */ public List getPartKeys() { return partKeys; } /** - * Applicable columns in this object + * Applicable columns in this object, when the type is {@link HivePrivilegeObjectType.TABLE} * In case of DML read operations, this is the set of columns being used. * Column information is not set for DDL operations and for tables being written into * @return list of applicable columns diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRoleGrant.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRoleGrant.java index eb3bd8e..7c5546b 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRoleGrant.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRoleGrant.java @@ -26,7 +26,7 @@ /** * Represents a grant of a role to a principal */ -@LimitedPrivate(value = { "" }) +@LimitedPrivate(value = { "Apache Argus (incubating)" }) @Evolving public class HiveRoleGrant implements Comparable {