diff --git itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/TestAdminUser.java itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/TestAdminUser.java index c5e70f9..e9dabee 100644 --- itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/TestAdminUser.java +++ itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/TestAdminUser.java @@ -38,8 +38,8 @@ public void testCreateAdminNAddUser() throws IOException, Throwable { Role adminRole = rawStore.getRole(HiveMetaStore.ADMIN); assertTrue(adminRole.getOwnerName().equals(HiveMetaStore.ADMIN)); assertEquals(rawStore.listPrincipalGlobalGrants(HiveMetaStore.ADMIN, PrincipalType.ROLE) - .get(0).getPrivilege(),"All"); - assertEquals(rawStore.listRoles("adminuser", PrincipalType.USER).get(0).getRole(). + .get(0).getGrantInfo().getPrivilege(),"All"); + assertEquals(rawStore.listRoles("adminuser", PrincipalType.USER).get(0). getRoleName(),HiveMetaStore.ADMIN); } } \ No newline at end of file diff --git itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/hbase/TestHBaseStoreIntegration.java itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/hbase/TestHBaseStoreIntegration.java index b2c98b3..0e508db 100644 --- itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/hbase/TestHBaseStoreIntegration.java +++ itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/hbase/TestHBaseStoreIntegration.java @@ -49,6 +49,7 @@ import org.apache.hadoop.hive.metastore.api.PrivilegeBag; import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo; import org.apache.hadoop.hive.metastore.api.Role; +import org.apache.hadoop.hive.metastore.api.RolePrincipalGrant; import org.apache.hadoop.hive.metastore.api.SerDeInfo; import org.apache.hadoop.hive.metastore.api.StorageDescriptor; import org.apache.hadoop.hive.metastore.api.StringColumnStatsData; @@ -669,67 +670,45 @@ public void grantRevokeRoles() throws Exception { store.grantRole(role2, roleName1, PrincipalType.ROLE, "admin", PrincipalType.ROLE, true); store.grantRole(role2, "fred", PrincipalType.USER, "admin", PrincipalType.ROLE, false); - List maps = store.listRoles("fred", PrincipalType.USER); - Assert.assertEquals(3, maps.size()); + List roles = store.listRoles("fred", PrincipalType.USER); + Assert.assertEquals(3, roles.size()); boolean sawRole1 = false, sawRole2 = false, sawPublic = false; - for (MRoleMap map : maps) { - if (map.getRole().getRoleName().equals(roleName1)) { + for (Role role : roles) { + if (role.getRoleName().equals(roleName1)) { sawRole1 = true; - Assert.assertEquals("fred", map.getPrincipalName()); - Assert.assertEquals(PrincipalType.USER.toString(), map.getPrincipalType()); - Assert.assertTrue(map.getAddTime() >= now); - Assert.assertEquals("bob", map.getGrantor()); - Assert.assertEquals(PrincipalType.USER.toString(), map.getGrantorType()); - Assert.assertFalse(map.getGrantOption()); - } else if (map.getRole().getRoleName().equals(roleName2)) { + } else if (role.getRoleName().equals(roleName2)) { sawRole2 = true; - Assert.assertEquals("fred", map.getPrincipalName()); - Assert.assertEquals(PrincipalType.USER.toString(), map.getPrincipalType()); - LOG.debug("now " + now + " add time " + map.getAddTime()); - Assert.assertTrue(map.getAddTime() >= now); - Assert.assertEquals("admin", map.getGrantor()); - Assert.assertEquals(PrincipalType.ROLE.toString(), map.getGrantorType()); - Assert.assertFalse(map.getGrantOption()); - } else if (map.getRole().getRoleName().equals(HiveMetaStore.PUBLIC)) { + } else if (role.getRoleName().equals(HiveMetaStore.PUBLIC)) { sawPublic = true; - Assert.assertEquals("fred", map.getPrincipalName()); - Assert.assertEquals(PrincipalType.USER.toString(), map.getPrincipalType()); - Assert.assertFalse(map.getGrantOption()); } else { - Assert.fail("Unknown role name " + map.getRole().getRoleName()); + Assert.fail("Unknown role name " + role.getRoleName()); } } Assert.assertTrue(sawRole1 && sawRole2 && sawPublic); - maps = store.listRoles("fred", PrincipalType.ROLE); - Assert.assertEquals(0, maps.size()); + roles = store.listRoles("fred", PrincipalType.ROLE); + Assert.assertEquals(0, roles.size()); - maps = store.listRoles(roleName1, PrincipalType.ROLE); - Assert.assertEquals(1, maps.size()); - MRoleMap map = maps.get(0); - Assert.assertEquals(roleName1, map.getPrincipalName()); - Assert.assertEquals(PrincipalType.ROLE.toString(), map.getPrincipalType()); - Assert.assertEquals(roleName2, map.getRole().getRoleName()); - Assert.assertTrue(map.getAddTime() <= now); - Assert.assertEquals("admin", map.getGrantor()); - Assert.assertEquals(PrincipalType.ROLE.toString(), map.getGrantorType()); - Assert.assertTrue(map.getGrantOption()); + roles = store.listRoles(roleName1, PrincipalType.ROLE); + Assert.assertEquals(1, roles.size()); + Role role = roles.get(0); + Assert.assertEquals(roleName2, role.getRoleName()); // Test listing all members in a role - maps = store.listRoleMembers(roleName1); - Assert.assertEquals(1, maps.size()); - Assert.assertEquals("fred", maps.get(0).getPrincipalName()); - Assert.assertEquals(PrincipalType.USER.toString(), maps.get(0).getPrincipalType()); - Assert.assertTrue(maps.get(0).getAddTime() >= now); - Assert.assertEquals("bob", maps.get(0).getGrantor()); - Assert.assertEquals(PrincipalType.USER.toString(), maps.get(0).getGrantorType()); - Assert.assertFalse(maps.get(0).getGrantOption()); - - maps = store.listRoleMembers(roleName2); - Assert.assertEquals(2, maps.size()); + List grants = store.listRoleMembers(roleName1); + Assert.assertEquals(1, grants.size()); + Assert.assertEquals("fred", grants.get(0).getPrincipalName()); + Assert.assertEquals(PrincipalType.USER, grants.get(0).getPrincipalType()); + Assert.assertTrue(grants.get(0).getGrantTime() >= now); + Assert.assertEquals("bob", grants.get(0).getGrantorName()); + Assert.assertEquals(PrincipalType.USER, grants.get(0).getGrantorPrincipalType()); + Assert.assertFalse(grants.get(0).isGrantOption()); + + grants = store.listRoleMembers(roleName2); + Assert.assertEquals(2, grants.size()); boolean sawFred = false; sawRole1 = false; - for (MRoleMap m : maps) { + for (RolePrincipalGrant m : grants) { if ("fred".equals(m.getPrincipalName())) sawFred = true; else if (roleName1.equals(m.getPrincipalName())) sawRole1 = true; else Assert.fail("Unexpected principal " + m.getPrincipalName()); @@ -738,30 +717,32 @@ public void grantRevokeRoles() throws Exception { // Revoke a role with grant option, make sure it just goes to no grant option store.revokeRole(role2, roleName1, PrincipalType.ROLE, true); - maps = store.listRoles(roleName1, PrincipalType.ROLE); - Assert.assertEquals(1, maps.size()); - Assert.assertEquals(roleName2, maps.get(0).getRole().getRoleName()); - Assert.assertFalse(maps.get(0).getGrantOption()); + roles = store.listRoles(roleName1, PrincipalType.ROLE); + Assert.assertEquals(1, roles.size()); + Assert.assertEquals(roleName2, roles.get(0).getRoleName()); + + grants = store.listRoleMembers(roleName1); + Assert.assertFalse(grants.get(0).isGrantOption()); // Drop a role, make sure it is properly removed from the map store.removeRole(roleName1); - maps = store.listRoles("fred", PrincipalType.USER); - Assert.assertEquals(2, maps.size()); + roles = store.listRoles("fred", PrincipalType.USER); + Assert.assertEquals(2, roles.size()); sawRole2 = sawPublic = false; - for (MRoleMap m : maps) { - if (m.getRole().getRoleName().equals(roleName2)) sawRole2 = true; - else if (m.getRole().getRoleName().equals(HiveMetaStore.PUBLIC)) sawPublic = true; - else Assert.fail("Unknown role " + m.getRole().getRoleName()); + for (Role m : roles) { + if (m.getRoleName().equals(roleName2)) sawRole2 = true; + else if (m.getRoleName().equals(HiveMetaStore.PUBLIC)) sawPublic = true; + else Assert.fail("Unknown role " + m.getRoleName()); } Assert.assertTrue(sawRole2 && sawPublic); - maps = store.listRoles(roleName1, PrincipalType.ROLE); - Assert.assertEquals(0, maps.size()); + roles = store.listRoles(roleName1, PrincipalType.ROLE); + Assert.assertEquals(0, roles.size()); // Revoke a role without grant option, make sure it goes away store.revokeRole(role2, "fred", PrincipalType.USER, false); - maps = store.listRoles("fred", PrincipalType.USER); - Assert.assertEquals(1, maps.size()); - Assert.assertEquals(HiveMetaStore.PUBLIC, maps.get(0).getRole().getRoleName()); + roles = store.listRoles("fred", PrincipalType.USER); + Assert.assertEquals(1, roles.size()); + Assert.assertEquals(HiveMetaStore.PUBLIC, roles.get(0).getRoleName()); } @Test @@ -1080,9 +1061,290 @@ private void checkRoleRemovedFromAllPrivileges(HiveObjectType objectType, String Assert.assertNull("Expected null for role " + roleName + " for type " + objectType.toString() + " with db " + dbName + " and table " + tableName, pgi); + } + + @Test + public void listDbGrants() throws Exception { + String dbNames[] = new String[] {"ldbg_db1", "ldbg_db2"}; + try { + Database db = new Database(dbNames[0], "no description", "file:///tmp", emptyParameters); + store.createDatabase(db); + db = new Database(dbNames[1], "no description", "file:///tmp", emptyParameters); + store.createDatabase(db); + String[] roleNames = new String[]{"ldbg_role1", "ldbg_role2"}; + String[] userNames = new String[]{"frodo", "sam"}; + + store.addRole(roleNames[0], "me"); + store.addRole(roleNames[1], "me"); + int now = (int)(System.currentTimeMillis() / 1000); + + Role role1 = store.getRole(roleNames[0]); + Role role2 = store.getRole(roleNames[1]); + store.grantRole(role1, userNames[0], PrincipalType.USER, "bob", PrincipalType.USER, false); + store.grantRole(role1, roleNames[1], PrincipalType.ROLE, "admin", PrincipalType.ROLE, true); + store.grantRole(role2, userNames[1], PrincipalType.USER, "bob", PrincipalType.USER, false); + + List privileges = new ArrayList(); + HiveObjectRef hiveObjRef = + new HiveObjectRef(HiveObjectType.DATABASE, dbNames[0], null, null, null); + PrivilegeGrantInfo grantInfo = + new PrivilegeGrantInfo("read", now, "me", PrincipalType.USER, false); + HiveObjectPrivilege hop = new HiveObjectPrivilege(hiveObjRef, userNames[0], PrincipalType.USER, + grantInfo); + privileges.add(hop); + + grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true); + hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo); + privileges.add(hop); + + PrivilegeBag pBag = new PrivilegeBag(privileges); + store.grantPrivileges(pBag); + + List hops = + store.listPrincipalDBGrants(roleNames[0], PrincipalType.ROLE, dbNames[0]); + Assert.assertEquals(1, hops.size()); + Assert.assertEquals(PrincipalType.ROLE, hops.get(0).getPrincipalType()); + Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType()); + Assert.assertEquals("write", hops.get(0).getGrantInfo().getPrivilege()); + + hops = store.listPrincipalDBGrants(userNames[0], PrincipalType.USER, dbNames[0]); + Assert.assertEquals(1, hops.size()); + Assert.assertEquals(PrincipalType.USER, hops.get(0).getPrincipalType()); + Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType()); + Assert.assertEquals("read", hops.get(0).getGrantInfo().getPrivilege()); + + hops = store.listPrincipalDBGrants(roleNames[1], PrincipalType.ROLE, dbNames[0]); + Assert.assertEquals(0, hops.size()); + hops = store.listPrincipalDBGrants(userNames[1], PrincipalType.USER, dbNames[0]); + Assert.assertEquals(0, hops.size()); + + hops = store.listPrincipalDBGrants(roleNames[0], PrincipalType.ROLE, dbNames[1]); + Assert.assertEquals(0, hops.size()); + hops = store.listPrincipalDBGrants(userNames[0], PrincipalType.USER, dbNames[1]); + Assert.assertEquals(0, hops.size()); + + hops = store.listDBGrantsAll(dbNames[0]); + Assert.assertEquals(2, hops.size()); + boolean sawUser = false, sawRole = false; + for (HiveObjectPrivilege h : hops) { + if (h.getPrincipalName().equals(userNames[0])) { + Assert.assertEquals(PrincipalType.USER, h.getPrincipalType()); + Assert.assertEquals(HiveObjectType.DATABASE, h.getHiveObject().getObjectType()); + Assert.assertEquals("read", h.getGrantInfo().getPrivilege()); + sawUser = true; + } else if (h.getPrincipalName().equals(roleNames[0])) { + Assert.assertEquals(PrincipalType.ROLE, h.getPrincipalType()); + Assert.assertEquals(HiveObjectType.DATABASE, h.getHiveObject().getObjectType()); + Assert.assertEquals("write", h.getGrantInfo().getPrivilege()); + sawRole = true; + } + } + Assert.assertTrue(sawUser && sawRole); + + hops = store.listPrincipalDBGrantsAll(roleNames[0], PrincipalType.ROLE); + Assert.assertEquals(1, hops.size()); + Assert.assertEquals(PrincipalType.ROLE, hops.get(0).getPrincipalType()); + Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType()); + Assert.assertEquals("write", hops.get(0).getGrantInfo().getPrivilege()); + + hops = store.listPrincipalDBGrantsAll(userNames[0], PrincipalType.USER); + Assert.assertEquals(1, hops.size()); + Assert.assertEquals(PrincipalType.USER, hops.get(0).getPrincipalType()); + Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType()); + Assert.assertEquals("read", hops.get(0).getGrantInfo().getPrivilege()); + + hops = store.listPrincipalDBGrantsAll(roleNames[1], PrincipalType.ROLE); + Assert.assertEquals(0, hops.size()); + hops = store.listPrincipalDBGrantsAll(userNames[1], PrincipalType.USER); + Assert.assertEquals(0, hops.size()); + + + } finally { + store.dropDatabase(dbNames[0]); + store.dropDatabase(dbNames[1]); + } + } + @Test + public void listGlobalGrants() throws Exception { + String[] roleNames = new String[]{"lgg_role1", "lgg_role2"}; + String[] userNames = new String[]{"merry", "pippen"}; + store.addRole(roleNames[0], "me"); + store.addRole(roleNames[1], "me"); + int now = (int)(System.currentTimeMillis() / 1000); + + Role role1 = store.getRole(roleNames[0]); + Role role2 = store.getRole(roleNames[1]); + store.grantRole(role1, userNames[0], PrincipalType.USER, "bob", PrincipalType.USER, false); + store.grantRole(role1, roleNames[1], PrincipalType.ROLE, "admin", PrincipalType.ROLE, true); + store.grantRole(role2, userNames[1], PrincipalType.USER, "bob", PrincipalType.USER, false); + List privileges = new ArrayList(); + HiveObjectRef hiveObjRef = + new HiveObjectRef(HiveObjectType.GLOBAL, null, null, null, null); + PrivilegeGrantInfo grantInfo = + new PrivilegeGrantInfo("read", now, "me", PrincipalType.USER, false); + HiveObjectPrivilege hop = new HiveObjectPrivilege(hiveObjRef, userNames[0], PrincipalType.USER, + grantInfo); + privileges.add(hop); + + grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true); + hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo); + privileges.add(hop); + + PrivilegeBag pBag = new PrivilegeBag(privileges); + store.grantPrivileges(pBag); + + List hops = + store.listPrincipalGlobalGrants(roleNames[0], PrincipalType.ROLE); + Assert.assertEquals(1, hops.size()); + Assert.assertEquals(PrincipalType.ROLE, hops.get(0).getPrincipalType()); + Assert.assertEquals(HiveObjectType.GLOBAL, hops.get(0).getHiveObject().getObjectType()); + Assert.assertEquals("write", hops.get(0).getGrantInfo().getPrivilege()); + + hops = store.listPrincipalGlobalGrants(userNames[0], PrincipalType.USER); + Assert.assertEquals(1, hops.size()); + Assert.assertEquals(PrincipalType.USER, hops.get(0).getPrincipalType()); + Assert.assertEquals(HiveObjectType.GLOBAL, hops.get(0).getHiveObject().getObjectType()); + Assert.assertEquals("read", hops.get(0).getGrantInfo().getPrivilege()); + + hops = store.listPrincipalGlobalGrants(roleNames[1], PrincipalType.ROLE); + Assert.assertEquals(0, hops.size()); + hops = store.listPrincipalGlobalGrants(userNames[1], PrincipalType.USER); + Assert.assertEquals(0, hops.size()); + + hops = store.listGlobalGrantsAll(); + Assert.assertEquals(2, hops.size()); + boolean sawUser = false, sawRole = false; + for (HiveObjectPrivilege h : hops) { + if (h.getPrincipalName().equals(userNames[0])) { + Assert.assertEquals(PrincipalType.USER, h.getPrincipalType()); + Assert.assertEquals(HiveObjectType.GLOBAL, h.getHiveObject().getObjectType()); + Assert.assertEquals("read", h.getGrantInfo().getPrivilege()); + sawUser = true; + } else if (h.getPrincipalName().equals(roleNames[0])) { + Assert.assertEquals(PrincipalType.ROLE, h.getPrincipalType()); + Assert.assertEquals(HiveObjectType.GLOBAL, h.getHiveObject().getObjectType()); + Assert.assertEquals("write", h.getGrantInfo().getPrivilege()); + sawRole = true; + } + } + Assert.assertTrue(sawUser && sawRole); + } + + @Test + public void listTableGrants() throws Exception { + String dbName = "ltg_db"; + String[] tableNames = new String[] {"ltg_t1", "ltg_t2"}; + try { + Database db = new Database(dbName, "no description", "file:///tmp", emptyParameters); + store.createDatabase(db); + int startTime = (int)(System.currentTimeMillis() / 1000); + List cols = new ArrayList(); + cols.add(new FieldSchema("col1", "int", "nocomment")); + SerDeInfo serde = new SerDeInfo("serde", "seriallib", null); + StorageDescriptor sd = new StorageDescriptor(cols, "file:/tmp", "input", "output", false, 0, + serde, null, null, emptyParameters); + Table table = new Table(tableNames[0], dbName, "me", startTime, startTime, 0, sd, null, + emptyParameters, null, null, null); + store.createTable(table); + table = new Table(tableNames[1], dbName, "me", startTime, startTime, 0, sd, null, + emptyParameters, null, null, null); + store.createTable(table); + String[] roleNames = new String[]{"ltg_role1", "ltg_role2"}; + String[] userNames = new String[]{"gandalf", "radagast"}; + + store.addRole(roleNames[0], "me"); + store.addRole(roleNames[1], "me"); + int now = (int)(System.currentTimeMillis() / 1000); + + Role role1 = store.getRole(roleNames[0]); + Role role2 = store.getRole(roleNames[1]); + store.grantRole(role1, userNames[0], PrincipalType.USER, "bob", PrincipalType.USER, false); + store.grantRole(role1, roleNames[1], PrincipalType.ROLE, "admin", PrincipalType.ROLE, true); + store.grantRole(role2, userNames[1], PrincipalType.USER, "bob", PrincipalType.USER, false); + + List privileges = new ArrayList(); + HiveObjectRef hiveObjRef = + new HiveObjectRef(HiveObjectType.TABLE, dbName, tableNames[0], null, null); + PrivilegeGrantInfo grantInfo = + new PrivilegeGrantInfo("read", now, "me", PrincipalType.USER, false); + HiveObjectPrivilege hop = new HiveObjectPrivilege(hiveObjRef, userNames[0], PrincipalType.USER, + grantInfo); + privileges.add(hop); + + grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true); + hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo); + privileges.add(hop); + + PrivilegeBag pBag = new PrivilegeBag(privileges); + store.grantPrivileges(pBag); + + List hops = + store.listAllTableGrants(roleNames[0], PrincipalType.ROLE, dbName, tableNames[0]); + Assert.assertEquals(1, hops.size()); + Assert.assertEquals(PrincipalType.ROLE, hops.get(0).getPrincipalType()); + Assert.assertEquals(HiveObjectType.TABLE, hops.get(0).getHiveObject().getObjectType()); + Assert.assertEquals("write", hops.get(0).getGrantInfo().getPrivilege()); + + hops = store.listAllTableGrants(userNames[0], PrincipalType.USER, dbName, tableNames[0]); + Assert.assertEquals(1, hops.size()); + Assert.assertEquals(PrincipalType.USER, hops.get(0).getPrincipalType()); + Assert.assertEquals(HiveObjectType.TABLE, hops.get(0).getHiveObject().getObjectType()); + Assert.assertEquals("read", hops.get(0).getGrantInfo().getPrivilege()); + + hops = store.listAllTableGrants(roleNames[1], PrincipalType.ROLE, dbName, tableNames[0]); + Assert.assertEquals(0, hops.size()); + hops = store.listAllTableGrants(userNames[1], PrincipalType.USER, dbName, tableNames[0]); + Assert.assertEquals(0, hops.size()); + + hops = store.listAllTableGrants(roleNames[0], PrincipalType.ROLE, dbName, tableNames[1]); + Assert.assertEquals(0, hops.size()); + hops = store.listAllTableGrants(userNames[0], PrincipalType.USER, dbName, tableNames[1]); + Assert.assertEquals(0, hops.size()); + + hops = store.listTableGrantsAll(dbName, tableNames[0]); + Assert.assertEquals(2, hops.size()); + boolean sawUser = false, sawRole = false; + for (HiveObjectPrivilege h : hops) { + if (h.getPrincipalName().equals(userNames[0])) { + Assert.assertEquals(PrincipalType.USER, h.getPrincipalType()); + Assert.assertEquals(HiveObjectType.TABLE, h.getHiveObject().getObjectType()); + Assert.assertEquals("read", h.getGrantInfo().getPrivilege()); + sawUser = true; + } else if (h.getPrincipalName().equals(roleNames[0])) { + Assert.assertEquals(PrincipalType.ROLE, h.getPrincipalType()); + Assert.assertEquals(HiveObjectType.TABLE, h.getHiveObject().getObjectType()); + Assert.assertEquals("write", h.getGrantInfo().getPrivilege()); + sawRole = true; + } + } + Assert.assertTrue(sawUser && sawRole); + + hops = store.listPrincipalTableGrantsAll(roleNames[0], PrincipalType.ROLE); + Assert.assertEquals(1, hops.size()); + Assert.assertEquals(PrincipalType.ROLE, hops.get(0).getPrincipalType()); + Assert.assertEquals(HiveObjectType.TABLE, hops.get(0).getHiveObject().getObjectType()); + Assert.assertEquals("write", hops.get(0).getGrantInfo().getPrivilege()); + + hops = store.listPrincipalTableGrantsAll(userNames[0], PrincipalType.USER); + Assert.assertEquals(1, hops.size()); + Assert.assertEquals(PrincipalType.USER, hops.get(0).getPrincipalType()); + Assert.assertEquals(HiveObjectType.TABLE, hops.get(0).getHiveObject().getObjectType()); + Assert.assertEquals("read", hops.get(0).getGrantInfo().getPrivilege()); + + hops = store.listPrincipalDBGrantsAll(roleNames[1], PrincipalType.ROLE); + Assert.assertEquals(0, hops.size()); + hops = store.listPrincipalDBGrantsAll(userNames[1], PrincipalType.USER); + Assert.assertEquals(0, hops.size()); + + + } finally { + store.dropTable(dbName, tableNames[0]); + store.dropTable(dbName, tableNames[1]); + store.dropDatabase(dbName); + } } @Test diff --git metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java index 90545a9..348cc30 100644 --- metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java +++ metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java @@ -2817,8 +2817,8 @@ public Partition get_partition(final String db_name, final String tbl_name, * Fire a pre-event for read table operation, if there are any * pre-event listeners registered * - * @param db_name - * @param tbl_name + * @param dbName + * @param tblName * @throws MetaException * @throws NoSuchObjectException */ @@ -4555,9 +4555,9 @@ private boolean isNewRoleAParent(String newRole, String curRole) throws MetaExce return true; } //do this check recursively on all the parent roles of curRole - List parentRoleMaps = getMS().listRoles(curRole, PrincipalType.ROLE); - for(MRoleMap parentRole : parentRoleMaps){ - if(isNewRoleAParent(newRole, parentRole.getRole().getRoleName())){ + List parentRoleMaps = getMS().listRoles(curRole, PrincipalType.ROLE); + for(Role parentRole : parentRoleMaps){ + if(isNewRoleAParent(newRole, parentRole.getRoleName())){ return true; } } @@ -4569,26 +4569,9 @@ private boolean isNewRoleAParent(String newRole, String curRole) throws MetaExce final PrincipalType principalType) throws MetaException, TException { incrementCounter("list_roles"); firePreEvent(new PreAuthorizationCallEvent(this)); - List result = new ArrayList(); - try { - List roleMaps = getMS().listRoles(principalName, principalType); - if (roleMaps != null) { - for (MRoleMap roleMap : roleMaps) { - MRole mrole = roleMap.getRole(); - Role role = new Role(mrole.getRoleName(), mrole.getCreateTime(), mrole.getOwnerName()); - result.add(role); - } - } - return result; - } catch (MetaException e) { - throw e; - } catch (Exception e) { - throw new RuntimeException(e); - } + return getMS().listRoles(principalName, principalType); } - - @Override public boolean create_role(final Role role) throws MetaException, TException { @@ -4836,25 +4819,9 @@ private PrincipalPrivilegeSet get_user_privilege_set(final String userName, if (principalName == null) { return getMS().listTableColumnGrantsAll(dbName, tableName, columnName); } - List mTableCols = getMS() + List result = getMS() .listPrincipalTableColumnGrants(principalName, principalType, dbName, tableName, columnName); - if (mTableCols.isEmpty()) { - return Collections.emptyList(); - } - List result = new ArrayList(); - for (int i = 0; i < mTableCols.size(); i++) { - MTableColumnPrivilege sCol = mTableCols.get(i); - HiveObjectRef objectRef = new HiveObjectRef( - HiveObjectType.COLUMN, dbName, tableName, null, sCol.getColumnName()); - HiveObjectPrivilege secObj = new HiveObjectPrivilege( - objectRef, sCol.getPrincipalName(), principalType, - new PrivilegeGrantInfo(sCol.getPrivilege(), sCol - .getCreateTime(), sCol.getGrantor(), PrincipalType - .valueOf(sCol.getGrantorType()), sCol - .getGrantOption())); - result.add(secObj); - } return result; } catch (MetaException e) { throw e; @@ -4878,24 +4845,11 @@ private PrincipalPrivilegeSet get_user_privilege_set(final String userName, if (principalName == null) { return getMS().listPartitionColumnGrantsAll(dbName, tableName, partName, columnName); } - List mPartitionCols = getMS().listPrincipalPartitionColumnGrants( - principalName, - principalType, dbName, tableName, partName, columnName); - if (mPartitionCols.isEmpty()) { - return Collections.emptyList(); - } - List result = new ArrayList(); - for (int i = 0; i < mPartitionCols.size(); i++) { - MPartitionColumnPrivilege sCol = mPartitionCols.get(i); - HiveObjectRef objectRef = new HiveObjectRef( - HiveObjectType.COLUMN, dbName, tableName, partValues, sCol.getColumnName()); - HiveObjectPrivilege secObj = new HiveObjectPrivilege(objectRef, - sCol.getPrincipalName(), principalType, - new PrivilegeGrantInfo(sCol.getPrivilege(), sCol - .getCreateTime(), sCol.getGrantor(), PrincipalType - .valueOf(sCol.getGrantorType()), sCol.getGrantOption())); - result.add(secObj); - } + + List result = + getMS().listPrincipalPartitionColumnGrants(principalName, principalType, dbName, + tableName, partValues, partName, columnName); + return result; } catch (MetaException e) { throw e; @@ -4915,25 +4869,9 @@ private PrincipalPrivilegeSet get_user_privilege_set(final String userName, } if (principalName == null) { return getMS().listDBGrantsAll(dbName); + } else { + return getMS().listPrincipalDBGrants(principalName, principalType, dbName); } - List mDbs = getMS().listPrincipalDBGrants( - principalName, principalType, dbName); - if (mDbs.isEmpty()) { - return Collections.emptyList(); - } - List result = new ArrayList(); - for (int i = 0; i < mDbs.size(); i++) { - MDBPrivilege sDB = mDbs.get(i); - HiveObjectRef objectRef = new HiveObjectRef( - HiveObjectType.DATABASE, dbName, null, null, null); - HiveObjectPrivilege secObj = new HiveObjectPrivilege(objectRef, - sDB.getPrincipalName(), principalType, - new PrivilegeGrantInfo(sDB.getPrivilege(), sDB - .getCreateTime(), sDB.getGrantor(), PrincipalType - .valueOf(sDB.getGrantorType()), sDB.getGrantOption())); - result.add(secObj); - } - return result; } catch (MetaException e) { throw e; } catch (Exception e) { @@ -4956,25 +4894,9 @@ private PrincipalPrivilegeSet get_user_privilege_set(final String userName, if (principalName == null) { return getMS().listPartitionGrantsAll(dbName, tableName, partName); } - List mParts = getMS().listPrincipalPartitionGrants( - principalName, principalType, dbName, tableName, partName); - if (mParts.isEmpty()) { - return Collections. emptyList(); - } - List result = new ArrayList(); - for (int i = 0; i < mParts.size(); i++) { - MPartitionPrivilege sPart = mParts.get(i); - HiveObjectRef objectRef = new HiveObjectRef( - HiveObjectType.PARTITION, dbName, tableName, partValues, null); - HiveObjectPrivilege secObj = new HiveObjectPrivilege(objectRef, - sPart.getPrincipalName(), principalType, - new PrivilegeGrantInfo(sPart.getPrivilege(), sPart - .getCreateTime(), sPart.getGrantor(), PrincipalType - .valueOf(sPart.getGrantorType()), sPart - .getGrantOption())); - - result.add(secObj); - } + List result = getMS().listPrincipalPartitionGrants( + principalName, principalType, dbName, tableName, partValues, partName); + return result; } catch (MetaException e) { throw e; @@ -4996,23 +4918,9 @@ private PrincipalPrivilegeSet get_user_privilege_set(final String userName, if (principalName == null) { return getMS().listTableGrantsAll(dbName, tableName); } - List mTbls = getMS() + List result = getMS() .listAllTableGrants(principalName, principalType, dbName, tableName); - if (mTbls.isEmpty()) { - return Collections. emptyList(); - } - List result = new ArrayList(); - for (int i = 0; i < mTbls.size(); i++) { - MTablePrivilege sTbl = mTbls.get(i); - HiveObjectRef objectRef = new HiveObjectRef( - HiveObjectType.TABLE, dbName, tableName, null, null); - HiveObjectPrivilege secObj = new HiveObjectPrivilege(objectRef, - sTbl.getPrincipalName(), principalType, - new PrivilegeGrantInfo(sTbl.getPrivilege(), sTbl.getCreateTime(), sTbl - .getGrantor(), PrincipalType.valueOf(sTbl - .getGrantorType()), sTbl.getGrantOption())); - result.add(secObj); - } + return result; } catch (MetaException e) { throw e; @@ -5030,23 +4938,9 @@ private PrincipalPrivilegeSet get_user_privilege_set(final String userName, if (principalName == null) { return getMS().listGlobalGrantsAll(); } - List mUsers = getMS().listPrincipalGlobalGrants( + List result = getMS().listPrincipalGlobalGrants( principalName, principalType); - if (mUsers.isEmpty()) { - return Collections. emptyList(); - } - List result = new ArrayList(); - for (int i = 0; i < mUsers.size(); i++) { - MGlobalPrivilege sUsr = mUsers.get(i); - HiveObjectRef objectRef = new HiveObjectRef( - HiveObjectType.GLOBAL, null, null, null, null); - HiveObjectPrivilege secUser = new HiveObjectPrivilege( - objectRef, sUsr.getPrincipalName(), principalType, - new PrivilegeGrantInfo(sUsr.getPrivilege(), sUsr - .getCreateTime(), sUsr.getGrantor(), PrincipalType - .valueOf(sUsr.getGrantorType()), sUsr.getGrantOption())); - result.add(secUser); - } + return result; } catch (MetaException e) { throw e; @@ -5472,9 +5366,9 @@ public GetPrincipalsInRoleResponse get_principals_in_role(GetPrincipalsInRoleReq incrementCounter("get_principals_in_role"); firePreEvent(new PreAuthorizationCallEvent(this)); Exception ex = null; - List roleMaps = null; + GetPrincipalsInRoleResponse response = null; try { - roleMaps = getMS().listRoleMembers(request.getRoleName()); + response = new GetPrincipalsInRoleResponse(getMS().listRoleMembers(request.getRoleName())); } catch (MetaException e) { throw e; } catch (Exception e) { @@ -5483,7 +5377,7 @@ public GetPrincipalsInRoleResponse get_principals_in_role(GetPrincipalsInRoleReq } finally { endFunction("get_principals_in_role", ex == null, ex); } - return new GetPrincipalsInRoleResponse(getRolePrincipalGrants(roleMaps)); + return response; } @Override @@ -5493,9 +5387,9 @@ public GetRoleGrantsForPrincipalResponse get_role_grants_for_principal( incrementCounter("get_role_grants_for_principal"); firePreEvent(new PreAuthorizationCallEvent(this)); Exception ex = null; - List roleMaps = null; + List roleMaps = null; try { - roleMaps = getMS().listRoles(request.getPrincipal_name(), request.getPrincipal_type()); + roleMaps = getMS().listRolesWithGrants(request.getPrincipal_name(), request.getPrincipal_type()); } catch (MetaException e) { throw e; } catch (Exception e) { @@ -5505,31 +5399,20 @@ public GetRoleGrantsForPrincipalResponse get_role_grants_for_principal( endFunction("get_role_grants_for_principal", ex == null, ex); } - List roleGrantsList = getRolePrincipalGrants(roleMaps); - return new GetRoleGrantsForPrincipalResponse(roleGrantsList); + //List roleGrantsList = getRolePrincipalGrants(roleMaps); + return new GetRoleGrantsForPrincipalResponse(roleMaps); } /** * Convert each MRoleMap object into a thrift RolePrincipalGrant object - * @param roleMaps + * @param roles * @return */ - private List getRolePrincipalGrants(List roleMaps) { + private List getRolePrincipalGrants(List roles) throws MetaException { List rolePrinGrantList = new ArrayList(); - if (roleMaps != null) { - for (MRoleMap roleMap : roleMaps) { - RolePrincipalGrant rolePrinGrant = new RolePrincipalGrant( - roleMap.getRole().getRoleName(), - roleMap.getPrincipalName(), - PrincipalType.valueOf(roleMap.getPrincipalType()), - roleMap.getGrantOption(), - roleMap.getAddTime(), - roleMap.getGrantor(), - // no grantor type for public role, hence the null check - roleMap.getGrantorType() == null ? null - : PrincipalType.valueOf(roleMap.getGrantorType()) - ); - rolePrinGrantList.add(rolePrinGrant); + if (roles != null) { + for (Role role : roles) { + rolePrinGrantList.addAll(getMS().listRoleMembers(role.getRoleName())); } } return rolePrinGrantList; diff --git metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java index 0d6f149..780613e 100644 --- metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java +++ metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java @@ -94,6 +94,7 @@ import org.apache.hadoop.hive.metastore.api.ResourceType; import org.apache.hadoop.hive.metastore.api.ResourceUri; import org.apache.hadoop.hive.metastore.api.Role; +import org.apache.hadoop.hive.metastore.api.RolePrincipalGrant; import org.apache.hadoop.hive.metastore.api.SerDeInfo; import org.apache.hadoop.hive.metastore.api.SkewedInfo; import org.apache.hadoop.hive.metastore.api.StorageDescriptor; @@ -3329,7 +3330,7 @@ public boolean removeRole(String roleName) throws MetaException, if (mRol != null) { // first remove all the membership, the membership that this role has // been granted - List roleMap = listRoleMembers(mRol.getRoleName()); + List roleMap = listMRoleMembers(mRol.getRoleName()); if (roleMap.size() > 0) { pm.deletePersistentAll(roleMap); } @@ -3339,7 +3340,7 @@ public boolean removeRole(String roleName) throws MetaException, pm.deletePersistentAll(roleMember); } // then remove all the grants - List userGrants = listPrincipalGlobalGrants( + List userGrants = listPrincipalMGlobalGrants( mRol.getRoleName(), PrincipalType.ROLE); if (userGrants.size() > 0) { pm.deletePersistentAll(userGrants); @@ -3391,11 +3392,11 @@ public boolean removeRole(String roleName) throws MetaException, List groupNames) { List ret = new ArrayList(); if(userName != null) { - ret.addAll(listRoles(userName, PrincipalType.USER)); + ret.addAll(listMRoles(userName, PrincipalType.USER)); } if (groupNames != null) { for (String groupName: groupNames) { - ret.addAll(listRoles(groupName, PrincipalType.GROUP)); + ret.addAll(listMRoles(groupName, PrincipalType.GROUP)); } } // get names of these roles and its ancestors @@ -3416,7 +3417,7 @@ private void getAllRoleAncestors(Set processedRoleNames, List if (!processedRoleNames.contains(parentRoleName)) { // unprocessed role: get its parents, add it to processed, and call this // function recursively - List nextParentRoles = listRoles(parentRoleName, PrincipalType.ROLE); + List nextParentRoles = listMRoles(parentRoleName, PrincipalType.ROLE); processedRoleNames.add(parentRoleName); getAllRoleAncestors(processedRoleNames, nextParentRoles); } @@ -3424,8 +3425,7 @@ private void getAllRoleAncestors(Set processedRoleNames, List } @SuppressWarnings("unchecked") - @Override - public List listRoles(String principalName, + public List listMRoles(String principalName, PrincipalType principalType) { boolean success = false; List mRoleMember = null; @@ -3466,6 +3466,44 @@ private void getAllRoleAncestors(Set processedRoleNames, List } + @Override + public List listRoles(String principalName, PrincipalType principalType) { + List result = new ArrayList(); + List roleMaps = listMRoles(principalName, principalType); + if (roleMaps != null) { + for (MRoleMap roleMap : roleMaps) { + MRole mrole = roleMap.getRole(); + Role role = new Role(mrole.getRoleName(), mrole.getCreateTime(), mrole.getOwnerName()); + result.add(role); + } + } + return result; + } + + @Override + public List listRolesWithGrants(String principalName, + PrincipalType principalType) { + List result = new ArrayList(); + List roleMaps = listMRoles(principalName, principalType); + if (roleMaps != null) { + for (MRoleMap roleMap : roleMaps) { + RolePrincipalGrant rolePrinGrant = new RolePrincipalGrant( + roleMap.getRole().getRoleName(), + roleMap.getPrincipalName(), + PrincipalType.valueOf(roleMap.getPrincipalType()), + roleMap.getGrantOption(), + roleMap.getAddTime(), + roleMap.getGrantor(), + // no grantor type for public role, hence the null check + roleMap.getGrantorType() == null ? null + : PrincipalType.valueOf(roleMap.getGrantorType()) + ); + result.add(rolePrinGrant); + } + } + return result; + } + @SuppressWarnings("unchecked") private List listMSecurityPrincipalMembershipRole(final String roleName, final PrincipalType principalType) { @@ -3553,7 +3591,7 @@ public PrincipalPrivilegeSet getUserPrivilegeSet(String userName, try { openTransaction(); if (userName != null) { - List user = this.listPrincipalGlobalGrants(userName, PrincipalType.USER); + List user = this.listPrincipalMGlobalGrants(userName, PrincipalType.USER); if(user.size()>0) { Map> userPriv = new HashMap>(); List grantInfos = new ArrayList(user.size()); @@ -3570,7 +3608,8 @@ public PrincipalPrivilegeSet getUserPrivilegeSet(String userName, if (groupNames != null && groupNames.size() > 0) { Map> groupPriv = new HashMap>(); for(String groupName: groupNames) { - List group = this.listPrincipalGlobalGrants(groupName, PrincipalType.GROUP); + List group = + this.listPrincipalMGlobalGrants(groupName, PrincipalType.GROUP); if(group.size()>0) { List grantInfos = new ArrayList(group.size()); for (int i = 0; i < group.size(); i++) { @@ -3599,7 +3638,7 @@ public PrincipalPrivilegeSet getUserPrivilegeSet(String userName, dbName = HiveStringUtils.normalizeIdentifier(dbName); if (principalName != null) { - List userNameDbPriv = this.listPrincipalDBGrants( + List userNameDbPriv = this.listPrincipalMDBGrants( principalName, principalType, dbName); if (userNameDbPriv != null && userNameDbPriv.size() > 0) { List grantInfos = new ArrayList( @@ -3799,7 +3838,7 @@ public PrincipalPrivilegeSet getColumnPrivilegeSet(String dbName, if (principalName != null) { List userNameTabPartPriv = this - .listPrincipalPartitionGrants(principalName, principalType, + .listPrincipalMPartitionGrants(principalName, principalType, dbName, tableName, partName); if (userNameTabPartPriv != null && userNameTabPartPriv.size() > 0) { List grantInfos = new ArrayList( @@ -3828,7 +3867,7 @@ private PrincipalType getPrincipalTypeFromStr(String str) { if (principalName != null) { List userNameTabPartPriv = this - .listAllTableGrants(principalName, principalType, + .listAllMTableGrants(principalName, principalType, dbName, tableName); if (userNameTabPartPriv != null && userNameTabPartPriv.size() > 0) { List grantInfos = new ArrayList( @@ -3855,7 +3894,7 @@ private PrincipalType getPrincipalTypeFromStr(String str) { if (partitionName == null) { List userNameColumnPriv = this - .listPrincipalTableColumnGrants(principalName, principalType, + .listPrincipalMTableColumnGrants(principalName, principalType, dbName, tableName, columnName); if (userNameColumnPriv != null && userNameColumnPriv.size() > 0) { List grantInfos = new ArrayList( @@ -3870,7 +3909,7 @@ private PrincipalType getPrincipalTypeFromStr(String str) { } } else { List userNameColumnPriv = this - .listPrincipalPartitionColumnGrants(principalName, + .listPrincipalMPartitionColumnGrants(principalName, principalType, dbName, tableName, partitionName, columnName); if (userNameColumnPriv != null && userNameColumnPriv.size() > 0) { List grantInfos = new ArrayList( @@ -3919,7 +3958,7 @@ public boolean grantPrivileges(PrivilegeBag privileges) throws InvalidObjectExce if (hiveObject.getObjectType() == HiveObjectType.GLOBAL) { List globalPrivs = this - .listPrincipalGlobalGrants(userName, principalType); + .listPrincipalMGlobalGrants(userName, principalType); if (globalPrivs != null) { for (MGlobalPrivilege priv : globalPrivs) { if (priv.getGrantor().equalsIgnoreCase(grantor)) { @@ -3939,7 +3978,7 @@ public boolean grantPrivileges(PrivilegeBag privileges) throws InvalidObjectExce } else if (hiveObject.getObjectType() == HiveObjectType.DATABASE) { MDatabase dbObj = getMDatabase(hiveObject.getDbName()); if (dbObj != null) { - List dbPrivs = this.listPrincipalDBGrants( + List dbPrivs = this.listPrincipalMDBGrants( userName, principalType, hiveObject.getDbName()); if (dbPrivs != null) { for (MDBPrivilege priv : dbPrivs) { @@ -3964,7 +4003,7 @@ public boolean grantPrivileges(PrivilegeBag privileges) throws InvalidObjectExce .getObjectName()); if (tblObj != null) { List tablePrivs = this - .listAllTableGrants(userName, principalType, + .listAllMTableGrants(userName, principalType, hiveObject.getDbName(), hiveObject.getObjectName()); if (tablePrivs != null) { for (MTablePrivilege priv : tablePrivs) { @@ -3994,7 +4033,7 @@ public boolean grantPrivileges(PrivilegeBag privileges) throws InvalidObjectExce if (partObj != null) { partName = partObj.getPartitionName(); List partPrivs = this - .listPrincipalPartitionGrants(userName, + .listPrincipalMPartitionGrants(userName, principalType, hiveObject.getDbName(), hiveObject .getObjectName(), partObj.getPartitionName()); if (partPrivs != null) { @@ -4030,7 +4069,7 @@ public boolean grantPrivileges(PrivilegeBag privileges) throws InvalidObjectExce if (partObj == null) { continue; } - colPrivs = this.listPrincipalPartitionColumnGrants( + colPrivs = this.listPrincipalMPartitionColumnGrants( userName, principalType, hiveObject.getDbName(), hiveObject .getObjectName(), partObj.getPartitionName(), hiveObject.getColumnName()); @@ -4060,7 +4099,7 @@ public boolean grantPrivileges(PrivilegeBag privileges) throws InvalidObjectExce } else { List colPrivs = null; - colPrivs = this.listPrincipalTableColumnGrants( + colPrivs = this.listPrincipalMTableColumnGrants( userName, principalType, hiveObject.getDbName(), hiveObject .getObjectName(), hiveObject.getColumnName()); @@ -4128,7 +4167,7 @@ public boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) PrincipalType principalType = privDef.getPrincipalType(); if (hiveObject.getObjectType() == HiveObjectType.GLOBAL) { - List mSecUser = this.listPrincipalGlobalGrants( + List mSecUser = this.listPrincipalMGlobalGrants( userName, principalType); boolean found = false; if (mSecUser != null) { @@ -4161,7 +4200,7 @@ public boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) if (dbObj != null) { String db = hiveObject.getDbName(); boolean found = false; - List dbGrants = this.listPrincipalDBGrants( + List dbGrants = this.listPrincipalMDBGrants( userName, principalType, db); for (String privilege : privs) { for (MDBPrivilege dbGrant : dbGrants) { @@ -4190,7 +4229,7 @@ public boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) } else if (hiveObject.getObjectType() == HiveObjectType.TABLE) { boolean found = false; List tableGrants = this - .listAllTableGrants(userName, principalType, + .listAllMTableGrants(userName, principalType, hiveObject.getDbName(), hiveObject.getObjectName()); for (String privilege : privs) { for (MTablePrivilege tabGrant : tableGrants) { @@ -4224,7 +4263,7 @@ public boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) partName = Warehouse.makePartName(tabObj.getPartitionKeys(), hiveObject.getPartValues()); } List partitionGrants = this - .listPrincipalPartitionGrants(userName, principalType, + .listPrincipalMPartitionGrants(userName, principalType, hiveObject.getDbName(), hiveObject.getObjectName(), partName); for (String privilege : privs) { for (MPartitionPrivilege partGrant : partitionGrants) { @@ -4260,7 +4299,7 @@ public boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) } if (partName != null) { - List mSecCol = listPrincipalPartitionColumnGrants( + List mSecCol = listPrincipalMPartitionColumnGrants( userName, principalType, hiveObject.getDbName(), hiveObject .getObjectName(), partName, hiveObject.getColumnName()); boolean found = false; @@ -4292,7 +4331,7 @@ public boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) } } } else { - List mSecCol = listPrincipalTableColumnGrants( + List mSecCol = listPrincipalMTableColumnGrants( userName, principalType, hiveObject.getDbName(), hiveObject .getObjectName(), hiveObject.getColumnName()); boolean found = false; @@ -4347,8 +4386,7 @@ public boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) } @SuppressWarnings("unchecked") - @Override - public List listRoleMembers(String roleName) { + public List listMRoleMembers(String roleName) { boolean success = false; List mRoleMemeberList = null; try { @@ -4372,9 +4410,34 @@ public boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) return mRoleMemeberList; } - @SuppressWarnings("unchecked") @Override - public List listPrincipalGlobalGrants(String principalName, PrincipalType principalType) { + public List listRoleMembers(String roleName) { + List roleMaps = listMRoleMembers(roleName); + List rolePrinGrantList = new ArrayList(); + + if (roleMaps != null) { + for (MRoleMap roleMap : roleMaps) { + RolePrincipalGrant rolePrinGrant = new RolePrincipalGrant( + roleMap.getRole().getRoleName(), + roleMap.getPrincipalName(), + PrincipalType.valueOf(roleMap.getPrincipalType()), + roleMap.getGrantOption(), + roleMap.getAddTime(), + roleMap.getGrantor(), + // no grantor type for public role, hence the null check + roleMap.getGrantorType() == null ? null + : PrincipalType.valueOf(roleMap.getGrantorType()) + ); + rolePrinGrantList.add(rolePrinGrant); + + } + } + return rolePrinGrantList; + } + + @SuppressWarnings("unchecked") + public List listPrincipalMGlobalGrants(String principalName, + PrincipalType principalType) { boolean commited = false; List userNameDbPriv = null; try { @@ -4398,6 +4461,29 @@ public boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) } @Override + public List listPrincipalGlobalGrants(String principalName, + PrincipalType principalType) { + List mUsers = + listPrincipalMGlobalGrants(principalName, principalType); + if (mUsers.isEmpty()) { + return Collections. emptyList(); + } + List result = new ArrayList(); + for (int i = 0; i < mUsers.size(); i++) { + MGlobalPrivilege sUsr = mUsers.get(i); + HiveObjectRef objectRef = new HiveObjectRef( + HiveObjectType.GLOBAL, null, null, null, null); + HiveObjectPrivilege secUser = new HiveObjectPrivilege( + objectRef, sUsr.getPrincipalName(), principalType, + new PrivilegeGrantInfo(sUsr.getPrivilege(), sUsr + .getCreateTime(), sUsr.getGrantor(), PrincipalType + .valueOf(sUsr.getGrantorType()), sUsr.getGrantOption())); + result.add(secUser); + } + return result; + } + + @Override public List listGlobalGrantsAll() { boolean commited = false; try { @@ -4430,8 +4516,7 @@ public boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) } @SuppressWarnings("unchecked") - @Override - public List listPrincipalDBGrants(String principalName, + public List listPrincipalMDBGrants(String principalName, PrincipalType principalType, String dbName) { boolean success = false; List mSecurityDBList = null; @@ -4458,6 +4543,29 @@ public boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) } @Override + public List listPrincipalDBGrants(String principalName, + PrincipalType principalType, + String dbName) { + List mDbs = listPrincipalMDBGrants(principalName, principalType, dbName); + if (mDbs.isEmpty()) { + return Collections.emptyList(); + } + List result = new ArrayList(); + for (int i = 0; i < mDbs.size(); i++) { + MDBPrivilege sDB = mDbs.get(i); + HiveObjectRef objectRef = new HiveObjectRef( + HiveObjectType.DATABASE, dbName, null, null, null); + HiveObjectPrivilege secObj = new HiveObjectPrivilege(objectRef, + sDB.getPrincipalName(), principalType, + new PrivilegeGrantInfo(sDB.getPrivilege(), sDB + .getCreateTime(), sDB.getGrantor(), PrincipalType + .valueOf(sDB.getGrantorType()), sDB.getGrantOption())); + result.add(secObj); + } + return result; + } + + @Override public List listPrincipalDBGrantsAll( String principalName, PrincipalType principalType) { return convertDB(listPrincipalAllDBGrant(principalName, principalType)); @@ -4754,9 +4862,8 @@ private void dropPartitionGrantsNoTxn(String dbName, String tableName, List(query, params); } - @Override @SuppressWarnings("unchecked") - public List listAllTableGrants( + public List listAllMTableGrants( String principalName, PrincipalType principalType, String dbName, String tableName) { tableName = HiveStringUtils.normalizeIdentifier(tableName); @@ -4787,9 +4894,33 @@ private void dropPartitionGrantsNoTxn(String dbName, String tableName, List listPrincipalPartitionGrants( + public List listAllTableGrants(String principalName, + PrincipalType principalType, + String dbName, + String tableName) { + List mTbls = + listAllMTableGrants(principalName, principalType, dbName, tableName); + if (mTbls.isEmpty()) { + return Collections. emptyList(); + } + List result = new ArrayList(); + for (int i = 0; i < mTbls.size(); i++) { + MTablePrivilege sTbl = mTbls.get(i); + HiveObjectRef objectRef = new HiveObjectRef( + HiveObjectType.TABLE, dbName, tableName, null, null); + HiveObjectPrivilege secObj = new HiveObjectPrivilege(objectRef, + sTbl.getPrincipalName(), principalType, + new PrivilegeGrantInfo(sTbl.getPrivilege(), sTbl.getCreateTime(), sTbl + .getGrantor(), PrincipalType.valueOf(sTbl + .getGrantorType()), sTbl.getGrantOption())); + result.add(secObj); + } + return result; + } + + @SuppressWarnings("unchecked") + public List listPrincipalMPartitionGrants( String principalName, PrincipalType principalType, String dbName, String tableName, String partName) { boolean success = false; @@ -4822,9 +4953,37 @@ private void dropPartitionGrantsNoTxn(String dbName, String tableName, List listPrincipalTableColumnGrants( + public List listPrincipalPartitionGrants(String principalName, + PrincipalType principalType, + String dbName, + String tableName, + List partValues, + String partName) { + List mParts = listPrincipalMPartitionGrants(principalName, + principalType, dbName, tableName, partName); + if (mParts.isEmpty()) { + return Collections. emptyList(); + } + List result = new ArrayList(); + for (int i = 0; i < mParts.size(); i++) { + MPartitionPrivilege sPart = mParts.get(i); + HiveObjectRef objectRef = new HiveObjectRef( + HiveObjectType.PARTITION, dbName, tableName, partValues, null); + HiveObjectPrivilege secObj = new HiveObjectPrivilege(objectRef, + sPart.getPrincipalName(), principalType, + new PrivilegeGrantInfo(sPart.getPrivilege(), sPart + .getCreateTime(), sPart.getGrantor(), PrincipalType + .valueOf(sPart.getGrantorType()), sPart + .getGrantOption())); + + result.add(secObj); + } + return result; + } + + @SuppressWarnings("unchecked") + public List listPrincipalMTableColumnGrants( String principalName, PrincipalType principalType, String dbName, String tableName, String columnName) { boolean success = false; @@ -4857,8 +5016,34 @@ private void dropPartitionGrantsNoTxn(String dbName, String tableName, List listPrincipalTableColumnGrants(String principalName, + PrincipalType principalType, + String dbName, + String tableName, + String columnName) { + List mTableCols = + listPrincipalMTableColumnGrants(principalName, principalType, dbName, tableName, columnName); + if (mTableCols.isEmpty()) { + return Collections.emptyList(); + } + List result = new ArrayList(); + for (int i = 0; i < mTableCols.size(); i++) { + MTableColumnPrivilege sCol = mTableCols.get(i); + HiveObjectRef objectRef = new HiveObjectRef( + HiveObjectType.COLUMN, dbName, tableName, null, sCol.getColumnName()); + HiveObjectPrivilege secObj = new HiveObjectPrivilege( + objectRef, sCol.getPrincipalName(), principalType, + new PrivilegeGrantInfo(sCol.getPrivilege(), sCol + .getCreateTime(), sCol.getGrantor(), PrincipalType + .valueOf(sCol.getGrantorType()), sCol + .getGrantOption())); + result.add(secObj); + } + return result; + } + @SuppressWarnings("unchecked") - public List listPrincipalPartitionColumnGrants( + public List listPrincipalMPartitionColumnGrants( String principalName, PrincipalType principalType, String dbName, String tableName, String partitionName, String columnName) { boolean success = false; @@ -4897,6 +5082,35 @@ private void dropPartitionGrantsNoTxn(String dbName, String tableName, List listPrincipalPartitionColumnGrants(String principalName, + PrincipalType principalType, + String dbName, + String tableName, + List partValues, + String partitionName, + String columnName) { + List mPartitionCols = + listPrincipalMPartitionColumnGrants(principalName, principalType, dbName, tableName, + partitionName, columnName); + if (mPartitionCols.isEmpty()) { + return Collections.emptyList(); + } + List result = new ArrayList(); + for (int i = 0; i < mPartitionCols.size(); i++) { + MPartitionColumnPrivilege sCol = mPartitionCols.get(i); + HiveObjectRef objectRef = new HiveObjectRef( + HiveObjectType.COLUMN, dbName, tableName, partValues, sCol.getColumnName()); + HiveObjectPrivilege secObj = new HiveObjectPrivilege(objectRef, + sCol.getPrincipalName(), principalType, + new PrivilegeGrantInfo(sCol.getPrivilege(), sCol + .getCreateTime(), sCol.getGrantor(), PrincipalType + .valueOf(sCol.getGrantorType()), sCol.getGrantOption())); + result.add(secObj); + } + return result; + } + + @Override public List listPrincipalPartitionColumnGrantsAll( String principalName, PrincipalType principalType) { boolean success = false; diff --git metastore/src/java/org/apache/hadoop/hive/metastore/RawStore.java metastore/src/java/org/apache/hadoop/hive/metastore/RawStore.java index acdda3e..75410ca 100644 --- metastore/src/java/org/apache/hadoop/hive/metastore/RawStore.java +++ metastore/src/java/org/apache/hadoop/hive/metastore/RawStore.java @@ -24,12 +24,10 @@ import java.lang.annotation.Target; import java.util.List; import java.util.Map; -import java.util.SortedSet; import org.apache.hadoop.conf.Configurable; import org.apache.hadoop.hive.metastore.api.AggrStats; import org.apache.hadoop.hive.metastore.api.ColumnStatistics; -import org.apache.hadoop.hive.metastore.api.ColumnStatisticsObj; import org.apache.hadoop.hive.metastore.api.CurrentNotificationEventId; import org.apache.hadoop.hive.metastore.api.Database; import org.apache.hadoop.hive.metastore.api.Function; @@ -49,19 +47,12 @@ import org.apache.hadoop.hive.metastore.api.PrincipalType; import org.apache.hadoop.hive.metastore.api.PrivilegeBag; import org.apache.hadoop.hive.metastore.api.Role; -import org.apache.hadoop.hive.metastore.api.SetPartitionsStatsRequest; +import org.apache.hadoop.hive.metastore.api.RolePrincipalGrant; import org.apache.hadoop.hive.metastore.api.Table; import org.apache.hadoop.hive.metastore.api.Type; import org.apache.hadoop.hive.metastore.api.UnknownDBException; import org.apache.hadoop.hive.metastore.api.UnknownPartitionException; import org.apache.hadoop.hive.metastore.api.UnknownTableException; -import org.apache.hadoop.hive.metastore.model.MDBPrivilege; -import org.apache.hadoop.hive.metastore.model.MGlobalPrivilege; -import org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege; -import org.apache.hadoop.hive.metastore.model.MPartitionPrivilege; -import org.apache.hadoop.hive.metastore.model.MRoleMap; -import org.apache.hadoop.hive.metastore.model.MTableColumnPrivilege; -import org.apache.hadoop.hive.metastore.model.MTablePrivilege; import org.apache.hadoop.hive.metastore.partition.spec.PartitionSpecProxy; import org.apache.thrift.TException; @@ -260,27 +251,27 @@ public abstract PrincipalPrivilegeSet getPartitionPrivilegeSet (String dbName, S public abstract PrincipalPrivilegeSet getColumnPrivilegeSet (String dbName, String tableName, String partitionName, String columnName, String userName, List groupNames) throws InvalidObjectException, MetaException; - public abstract List listPrincipalGlobalGrants(String principalName, + public abstract List listPrincipalGlobalGrants(String principalName, PrincipalType principalType); - public abstract List listPrincipalDBGrants(String principalName, + public abstract List listPrincipalDBGrants(String principalName, PrincipalType principalType, String dbName); - public abstract List listAllTableGrants( + public abstract List listAllTableGrants( String principalName, PrincipalType principalType, String dbName, String tableName); - public abstract List listPrincipalPartitionGrants( + public abstract List listPrincipalPartitionGrants( String principalName, PrincipalType principalType, String dbName, - String tableName, String partName); + String tableName, List partValues, String partName); - public abstract List listPrincipalTableColumnGrants( + public abstract List listPrincipalTableColumnGrants( String principalName, PrincipalType principalType, String dbName, String tableName, String columnName); - public abstract List listPrincipalPartitionColumnGrants( + public abstract List listPrincipalPartitionColumnGrants( String principalName, PrincipalType principalType, String dbName, - String tableName, String partName, String columnName); + String tableName, List partValues, String partName, String columnName); public abstract boolean grantPrivileges (PrivilegeBag privileges) throws InvalidObjectException, MetaException, NoSuchObjectException; @@ -293,16 +284,19 @@ public abstract boolean revokePrivileges (PrivilegeBag privileges, boolean gran public List listRoleNames(); - public List listRoles(String principalName, + public List listRoles(String principalName, PrincipalType principalType); + public List listRolesWithGrants(String principalName, + PrincipalType principalType); + /** * Get the role to principal grant mapping for given role * @param roleName * @return */ - public List listRoleMembers(String roleName); + public List listRoleMembers(String roleName); public abstract Partition getPartitionWithAuth(String dbName, String tblName, @@ -358,10 +352,7 @@ public abstract Partition getPartitionWithAuth(String dbName, String tblName, throws MetaException, InvalidObjectException, NoSuchObjectException; /** Persists the given column statistics object to the metastore - * @param partVals - * - * @param ColumnStats object to persist - * @param List of partVals + * @param colStats object to persist * @return Boolean indicating the outcome of the operation * @throws NoSuchObjectException * @throws MetaException @@ -374,8 +365,7 @@ public abstract boolean updateTableColumnStatistics(ColumnStatistics colStats) /** Persists the given column statistics object to the metastore * @param partVals * - * @param ColumnStats object to persist - * @param List of partVals + * @param statsObj object to persist * @return Boolean indicating the outcome of the operation * @throws NoSuchObjectException * @throws MetaException @@ -390,9 +380,9 @@ public abstract boolean updatePartitionColumnStatistics(ColumnStatistics statsOb * Returns the relevant column statistics for a given column in a given table in a given database * if such statistics exist. * - * @param The name of the database, defaults to current database - * @param The name of the table - * @param The name of the column for which statistics is requested + * @param dbName name of the database, defaults to current database + * @param tableName name of the table + * @param colName names of the columns for which statistics is requested * @return Relevant column statistics for the column for the given table * @throws NoSuchObjectException * @throws MetaException @@ -520,7 +510,7 @@ public void createFunction(Function func) /** * Alter function based on new function specs. * @param dbName - * @param name + * @param funcName * @param newFunction * @throws InvalidObjectException * @throws MetaException @@ -531,7 +521,7 @@ public void alterFunction(String dbName, String funcName, Function newFunction) /** * Drop a function definition. * @param dbName - * @param functionName + * @param funcName * @return * @throws MetaException * @throws NoSuchObjectException @@ -544,7 +534,7 @@ public void dropFunction(String dbName, String funcName) /** * Retrieve function by name. * @param dbName - * @param functionName + * @param funcName * @return * @throws MetaException */ diff --git metastore/src/java/org/apache/hadoop/hive/metastore/hbase/HBaseReadWrite.java metastore/src/java/org/apache/hadoop/hive/metastore/hbase/HBaseReadWrite.java index acd090b..7b0cf95 100644 --- metastore/src/java/org/apache/hadoop/hive/metastore/hbase/HBaseReadWrite.java +++ metastore/src/java/org/apache/hadoop/hive/metastore/hbase/HBaseReadWrite.java @@ -612,19 +612,39 @@ private Partition getPartition(String dbName, String tableName, List par * @param type user or role * @return map of role name to grant info for all roles directly participated in. */ - Map getPrincipalDirectRoles(String name, PrincipalType type) + List getPrincipalDirectRoles(String name, PrincipalType type) throws IOException { buildRoleCache(); - Map directRoles = new HashMap(); + Set rolesFound = new HashSet(); for (Map.Entry e : roleCache.entrySet()) { for (GrantInfoWritable giw : e.getValue().grantInfos) { if (giw.principalType == type && giw.principalName.equals(name)) { - directRoles.put(e.getKey(), giw); + rolesFound.add(e.getKey()); break; } } } + List directRoles = new ArrayList(rolesFound.size()); + List gets = new ArrayList(); + HTableInterface htab = getHTable(ROLE_TABLE); + for (String roleFound : rolesFound) { + byte[] key = HBaseUtils.buildKey(roleFound); + Get g = new Get(key); + g.addColumn(CATALOG_CF, CATALOG_COL); + gets.add(g); + } + + Result[] results = htab.get(gets); + for (int i = 0; i < results.length; i++) { + byte[] serialized = results[i].getValue(CATALOG_CF, CATALOG_COL); + if (serialized != null) { + RoleWritable role = new RoleWritable(); + HBaseUtils.deserialize(role, serialized); + directRoles.add(role.role); + } + } + return directRoles; } @@ -1031,11 +1051,14 @@ Table getTable(String dbName, String tableName) throws IOException { // There's no way to know whether all the tables we are looking for are // in the cache, so we would need to scan one way or another. Thus there's no value in hitting // the cache for this function. + byte[] keyPrefix = null; + if (dbName != null) { + keyPrefix = HBaseUtils.buildKeyWithTrailingSeparator(dbName); + } Filter filter = null; if (regex != null) { filter = new RowFilter(CompareFilter.CompareOp.EQUAL, new RegexStringComparator(regex)); } - byte[] keyPrefix = HBaseUtils.buildKeyWithTrailingSeparator(dbName); Iterator iter = scanWithFilter(TABLE_TABLE, keyPrefix, CATALOG_CF, CATALOG_COL, filter); List tables = new ArrayList
(); diff --git metastore/src/java/org/apache/hadoop/hive/metastore/hbase/HBaseStore.java metastore/src/java/org/apache/hadoop/hive/metastore/hbase/HBaseStore.java index a2a3ddc..1a9128b 100644 --- metastore/src/java/org/apache/hadoop/hive/metastore/hbase/HBaseStore.java +++ metastore/src/java/org/apache/hadoop/hive/metastore/hbase/HBaseStore.java @@ -33,6 +33,8 @@ import org.apache.hadoop.hive.metastore.api.FieldSchema; import org.apache.hadoop.hive.metastore.api.Function; import org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege; +import org.apache.hadoop.hive.metastore.api.HiveObjectRef; +import org.apache.hadoop.hive.metastore.api.HiveObjectType; import org.apache.hadoop.hive.metastore.api.Index; import org.apache.hadoop.hive.metastore.api.InvalidInputException; import org.apache.hadoop.hive.metastore.api.InvalidObjectException; @@ -49,6 +51,7 @@ import org.apache.hadoop.hive.metastore.api.PrivilegeBag; import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo; import org.apache.hadoop.hive.metastore.api.Role; +import org.apache.hadoop.hive.metastore.api.RolePrincipalGrant; import org.apache.hadoop.hive.metastore.api.Table; import org.apache.hadoop.hive.metastore.api.Type; import org.apache.hadoop.hive.metastore.api.UnknownDBException; @@ -708,33 +711,35 @@ public PrincipalPrivilegeSet getColumnPrivilegeSet(String dbName, String tableNa return null; } - // TODO - we need to rework these listAll methods so they don't leak the M classes. Those are - // an artifact of the ObjectStore and don't belong in the RawStore interface. @Override - public List listPrincipalGlobalGrants(String principalName, - PrincipalType principalType) { + public List listPrincipalGlobalGrants(String principalName, + PrincipalType principalType) { List grants; + List privileges = new ArrayList(); try { + PrincipalPrivilegeSet pps = getHBase().getGlobalPrivs(); + if (pps == null) return privileges; + Map> map; switch (principalType) { case USER: - grants = getHBase().getGlobalPrivs().getUserPrivileges().get(principalName); + map = pps.getUserPrivileges(); break; case ROLE: - grants = getHBase().getGlobalPrivs().getRolePrivileges().get(principalName); + map = pps.getRolePrivileges(); break; default: throw new RuntimeException("Unknown or unsupported principal type " + principalType.toString()); } + if (map == null) return privileges; + grants = map.get(principalName); - if (grants == null || grants.size() == 0) return null; - List privileges = new ArrayList(grants.size()); + if (grants == null || grants.size() == 0) return privileges; for (PrivilegeGrantInfo pgi : grants) { - privileges.add(new MGlobalPrivilege(principalName, principalType.toString(), - pgi.getPrivilege(), pgi.getCreateTime(), pgi.getGrantor(), - pgi.getGrantorType().toString(), pgi.isGrantOption())); + privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.GLOBAL, null, + null, null, null), principalName, principalType, pgi)); } return privileges; } catch (IOException e) { @@ -743,33 +748,37 @@ public PrincipalPrivilegeSet getColumnPrivilegeSet(String dbName, String tableNa } @Override - public List listPrincipalDBGrants(String principalName, PrincipalType principalType, - String dbName) { + public List listPrincipalDBGrants(String principalName, + PrincipalType principalType, + String dbName) { List grants; + List privileges = new ArrayList(); try { Database db = getHBase().getDb(dbName); + if (db == null) return privileges; + PrincipalPrivilegeSet pps = db.getPrivileges(); + if (pps == null) return privileges; + Map> map; switch (principalType) { case USER: - grants = db.getPrivileges().getUserPrivileges().get(principalName); + map = pps.getUserPrivileges(); break; case ROLE: - grants = db.getPrivileges().getRolePrivileges().get(principalName); + map = pps.getRolePrivileges(); break; default: throw new RuntimeException("Unknown or unsupported principal type " + principalType.toString()); } + if (map == null) return privileges; + grants = map.get(principalName); - if (grants == null || grants.size() == 0) return null; - MDatabase mdb = new MDatabase(db.getName(), db.getLocationUri(), db.getDescription(), - db.getParameters()); - List privileges = new ArrayList(grants.size()); + if (grants == null || grants.size() == 0) return privileges; for (PrivilegeGrantInfo pgi : grants) { - privileges.add(new MDBPrivilege(principalName, principalType.toString(), mdb, - pgi.getPrivilege(), pgi.getCreateTime(), pgi.getGrantor(), - pgi.getGrantorType().toString(), pgi.isGrantOption())); + privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.DATABASE, dbName, + null, null, null), principalName, principalType, pgi)); } return privileges; } catch (IOException e) { @@ -778,32 +787,38 @@ public PrincipalPrivilegeSet getColumnPrivilegeSet(String dbName, String tableNa } @Override - public List listAllTableGrants(String principalName, PrincipalType principalType, - String dbName, String tableName) { + public List listAllTableGrants(String principalName, + PrincipalType principalType, + String dbName, + String tableName) { List grants; + List privileges = new ArrayList(); try { Table table = getHBase().getTable(dbName, tableName); + if (table == null) return privileges; + PrincipalPrivilegeSet pps = table.getPrivileges(); + if (pps == null) return privileges; + Map> map; switch (principalType) { case USER: - grants = table.getPrivileges().getUserPrivileges().get(principalName); + map = pps.getUserPrivileges(); break; case ROLE: - grants = table.getPrivileges().getRolePrivileges().get(principalName); + map = pps.getRolePrivileges(); break; default: throw new RuntimeException("Unknown or unsupported principal type " + principalType.toString()); } + if (map == null) return privileges; + grants = map.get(principalName); - if (grants == null || grants.size() == 0) return null; - MTable mtable = null; - List privileges = new ArrayList(grants.size()); + if (grants == null || grants.size() == 0) return privileges; for (PrivilegeGrantInfo pgi : grants) { - privileges.add(new MTablePrivilege(principalName, principalType.toString(), mtable, - pgi.getPrivilege(), pgi.getCreateTime(), pgi.getGrantor(), - pgi.getGrantorType().toString(), pgi.isGrantOption())); + privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, dbName, + tableName, null, null), principalName, principalType, pgi)); } return privileges; } catch (IOException e) { @@ -812,32 +827,35 @@ public PrincipalPrivilegeSet getColumnPrivilegeSet(String dbName, String tableNa } @Override - public List listPrincipalPartitionGrants(String principalName, + public List listPrincipalPartitionGrants(String principalName, PrincipalType principalType, - String dbName, String tableName, + String dbName, + String tableName, + List partValues, String partName) { // We don't support partition grants - return null; + return new ArrayList(); } @Override - public List listPrincipalTableColumnGrants(String principalName, - PrincipalType principalType, - String dbName, String tableName, - String columnName) { + public List listPrincipalTableColumnGrants(String principalName, + PrincipalType principalType, + String dbName, String tableName, + String columnName) { // We don't support column grants - return null; + return new ArrayList(); } @Override - public List listPrincipalPartitionColumnGrants(String principalName, - PrincipalType principalType, - String dbName, - String tableName, - String partName, - String columnName) { + public List listPrincipalPartitionColumnGrants(String principalName, + PrincipalType principalType, + String dbName, + String tableName, + List partVals, + String partName, + String columnName) { // We don't support column grants - return null; + return new ArrayList(); } @Override @@ -1024,39 +1042,50 @@ public Role getRole(String roleName) throws NoSuchObjectException { } @Override - public List listRoles(String principalName, PrincipalType principalType) { - List maps = new ArrayList(); + public List listRoles(String principalName, PrincipalType principalType) { + List roles = new ArrayList(); try { - Map roles = - getHBase().getPrincipalDirectRoles(principalName, principalType); - for (Map.Entry e : roles.entrySet()) { - // TODO - change GrantInfoWritable to contain create time and owner of granted role - maps.add(new MRoleMap(principalName, principalType.toString(), - new MRole(e.getKey(), 0, null), e.getValue().addTime, e.getValue().grantor, - e.getValue().grantorType.toString(), e.getValue().grantOption)); - } + roles.addAll(getHBase().getPrincipalDirectRoles(principalName, principalType)); } catch (IOException e) { throw new RuntimeException(e); } // Add the public role if this is a user if (principalType == PrincipalType.USER) { - maps.add(new MRoleMap(principalName, principalType.toString(), - new MRole(HiveMetaStore.PUBLIC, 0, null), 0, null, null, false)); + roles.add(new Role(HiveMetaStore.PUBLIC, 0, null)); } - return maps; + return roles; + } + @Override + public List listRolesWithGrants(String principalName, + PrincipalType principalType) { + try { + List roles = listRoles(principalName, principalType); + List rpgs = new ArrayList(roles.size()); + for (Role role : roles) { + GrantInfoList grants = getHBase().getRolePrincipals(role.getRoleName()); + for (GrantInfoWritable grant : grants.grantInfos) { + if (grant.principalType.equals(principalType) && + grant.principalName.equals(principalName)) { + rpgs.add(new RolePrincipalGrant(role.getRoleName(), principalName, principalType, + grant.grantOption, grant.addTime, grant.grantor, grant.grantorType)); + } + } + } + return rpgs; + } catch (Exception e) { + throw new RuntimeException(e); + } } @Override - public List listRoleMembers(String roleName) { + public List listRoleMembers(String roleName) { try { GrantInfoList gil = getHBase().getRolePrincipals(roleName); - List roleMaps = new ArrayList(gil.grantInfos.size()); + List roleMaps = new ArrayList(gil.grantInfos.size()); for (GrantInfoWritable giw : gil.grantInfos) { - // TODO - change GrantInfoWritable to contain create time and owner of granted role - roleMaps.add(new MRoleMap(giw.principalName, giw.principalType.toString(), - new MRole(roleName, 0, null), giw.addTime, giw.grantor, giw.grantorType.toString(), - giw.grantOption)); + roleMaps.add(new RolePrincipalGrant(roleName, giw.principalName, giw.principalType, + giw.grantOption, giw.addTime, giw.grantor, giw.grantorType)); } return roleMaps; } catch (Exception e) { @@ -1260,65 +1289,196 @@ public void dropPartitions(String dbName, String tblName, List partNames @Override public List listPrincipalDBGrantsAll(String principalName, PrincipalType principalType) { - throw new UnsupportedOperationException(); + List privileges = new ArrayList(); + try { + List dbs = getHBase().scanDatabases(null); + for (Database db : dbs) { + List grants; + + PrincipalPrivilegeSet pps = db.getPrivileges(); + if (pps == null) continue; + Map> map; + switch (principalType) { + case USER: + map = pps.getUserPrivileges(); + break; + + case ROLE: + map = pps.getRolePrivileges(); + break; + + default: + throw new RuntimeException("Unknown or unsupported principal type " + + principalType.toString()); + } + + if (map == null) continue; + grants = map.get(principalName); + if (grants == null || grants.size() == 0) continue; + for (PrivilegeGrantInfo pgi : grants) { + privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.DATABASE, + db.getName(), null, null, null), principalName, principalType, pgi)); + } + } + return privileges; + } catch (IOException e) { + throw new RuntimeException(e); + } } @Override public List listPrincipalTableGrantsAll(String principalName, PrincipalType principalType) { - throw new UnsupportedOperationException(); + List privileges = new ArrayList(); + try { + List
tables = getHBase().scanTables(null, null); + for (Table table : tables) { + List grants; + + PrincipalPrivilegeSet pps = table.getPrivileges(); + if (pps == null) continue; + Map> map; + switch (principalType) { + case USER: + map = pps.getUserPrivileges(); + break; + + case ROLE: + map = pps.getRolePrivileges(); + break; + + default: + throw new RuntimeException("Unknown or unsupported principal type " + + principalType.toString()); + } + + if (map == null) continue; + grants = map.get(principalName); + if (grants == null || grants.size() == 0) continue; + for (PrivilegeGrantInfo pgi : grants) { + privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, + table.getDbName(), table.getTableName(), null, null), principalName, principalType, + pgi)); + } + } + return privileges; + } catch (IOException e) { + throw new RuntimeException(e); + } } @Override public List listPrincipalPartitionGrantsAll(String principalName, PrincipalType principalType) { - throw new UnsupportedOperationException(); + return new ArrayList(); } @Override public List listPrincipalTableColumnGrantsAll(String principalName, PrincipalType principalType) { - throw new UnsupportedOperationException(); + return new ArrayList(); } @Override public List listPrincipalPartitionColumnGrantsAll(String principalName, PrincipalType principalType) { - throw new UnsupportedOperationException(); + return new ArrayList(); } @Override public List listGlobalGrantsAll() { - throw new UnsupportedOperationException(); + List privileges = new ArrayList(); + try { + PrincipalPrivilegeSet pps = getHBase().getGlobalPrivs(); + if (pps != null) { + for (Map.Entry> e : pps.getUserPrivileges().entrySet()) { + for (PrivilegeGrantInfo pgi : e.getValue()) { + privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.GLOBAL, null, + null, null, null), e.getKey(), PrincipalType.USER, pgi)); + } + } + for (Map.Entry> e : pps.getRolePrivileges().entrySet()) { + for (PrivilegeGrantInfo pgi : e.getValue()) { + privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.GLOBAL, null, + null, null, null), e.getKey(), PrincipalType.ROLE, pgi)); + } + } + } + return privileges; + } catch (IOException e) { + throw new RuntimeException(e); + } } @Override public List listDBGrantsAll(String dbName) { - throw new UnsupportedOperationException(); + List privileges = new ArrayList(); + try { + Database db = getHBase().getDb(dbName); + PrincipalPrivilegeSet pps = db.getPrivileges(); + if (pps != null) { + for (Map.Entry> e : pps.getUserPrivileges().entrySet()) { + for (PrivilegeGrantInfo pgi : e.getValue()) { + privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.DATABASE, dbName, + null, null, null), e.getKey(), PrincipalType.USER, pgi)); + } + } + for (Map.Entry> e : pps.getRolePrivileges().entrySet()) { + for (PrivilegeGrantInfo pgi : e.getValue()) { + privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.DATABASE, dbName, + null, null, null), e.getKey(), PrincipalType.ROLE, pgi)); + } + } + } + return privileges; + } catch (IOException e) { + throw new RuntimeException(e); + } } @Override public List listPartitionColumnGrantsAll(String dbName, String tableName, String partitionName, String columnName) { - throw new UnsupportedOperationException(); + return new ArrayList(); } @Override public List listTableGrantsAll(String dbName, String tableName) { - throw new UnsupportedOperationException(); + List privileges = new ArrayList(); + try { + Table table = getHBase().getTable(dbName, tableName); + PrincipalPrivilegeSet pps = table.getPrivileges(); + if (pps != null) { + for (Map.Entry> e : pps.getUserPrivileges().entrySet()) { + for (PrivilegeGrantInfo pgi : e.getValue()) { + privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, dbName, + tableName, null, null), e.getKey(), PrincipalType.USER, pgi)); + } + } + for (Map.Entry> e : pps.getRolePrivileges().entrySet()) { + for (PrivilegeGrantInfo pgi : e.getValue()) { + privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, dbName, + tableName, null, null), e.getKey(), PrincipalType.ROLE, pgi)); + } + } + } + return privileges; + } catch (IOException e) { + throw new RuntimeException(e); + } } @Override public List listPartitionGrantsAll(String dbName, String tableName, String partitionName) { - throw new UnsupportedOperationException(); + return new ArrayList(); } @Override public List listTableColumnGrantsAll(String dbName, String tableName, String columnName) { - throw new UnsupportedOperationException(); + return new ArrayList(); } @Override diff --git metastore/src/test/org/apache/hadoop/hive/metastore/DummyRawStoreControlledCommit.java metastore/src/test/org/apache/hadoop/hive/metastore/DummyRawStoreControlledCommit.java index 0b26e5f..9831eb9 100644 --- metastore/src/test/org/apache/hadoop/hive/metastore/DummyRawStoreControlledCommit.java +++ metastore/src/test/org/apache/hadoop/hive/metastore/DummyRawStoreControlledCommit.java @@ -21,13 +21,11 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; -import java.util.SortedSet; import org.apache.hadoop.conf.Configurable; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hive.metastore.api.AggrStats; import org.apache.hadoop.hive.metastore.api.ColumnStatistics; -import org.apache.hadoop.hive.metastore.api.ColumnStatisticsObj; import org.apache.hadoop.hive.metastore.api.CurrentNotificationEventId; import org.apache.hadoop.hive.metastore.api.Database; import org.apache.hadoop.hive.metastore.api.Function; @@ -43,24 +41,16 @@ import org.apache.hadoop.hive.metastore.api.NotificationEventResponse; import org.apache.hadoop.hive.metastore.api.Partition; import org.apache.hadoop.hive.metastore.api.PartitionEventType; -import org.apache.hadoop.hive.metastore.api.PartitionsStatsRequest; import org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet; import org.apache.hadoop.hive.metastore.api.PrincipalType; import org.apache.hadoop.hive.metastore.api.PrivilegeBag; import org.apache.hadoop.hive.metastore.api.Role; -import org.apache.hadoop.hive.metastore.api.SetPartitionsStatsRequest; +import org.apache.hadoop.hive.metastore.api.RolePrincipalGrant; import org.apache.hadoop.hive.metastore.api.Table; import org.apache.hadoop.hive.metastore.api.Type; import org.apache.hadoop.hive.metastore.api.UnknownDBException; import org.apache.hadoop.hive.metastore.api.UnknownPartitionException; import org.apache.hadoop.hive.metastore.api.UnknownTableException; -import org.apache.hadoop.hive.metastore.model.MDBPrivilege; -import org.apache.hadoop.hive.metastore.model.MGlobalPrivilege; -import org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege; -import org.apache.hadoop.hive.metastore.model.MPartitionPrivilege; -import org.apache.hadoop.hive.metastore.model.MRoleMap; -import org.apache.hadoop.hive.metastore.model.MTableColumnPrivilege; -import org.apache.hadoop.hive.metastore.model.MTablePrivilege; import org.apache.hadoop.hive.metastore.partition.spec.PartitionSpecProxy; import org.apache.thrift.TException; @@ -400,44 +390,45 @@ public PrincipalPrivilegeSet getColumnPrivilegeSet(String dbName, String tableNa } @Override - public List listPrincipalGlobalGrants(String principalName, + public List listPrincipalGlobalGrants(String principalName, PrincipalType principalType) { return objectStore.listPrincipalGlobalGrants(principalName, principalType); } @Override - public List listPrincipalDBGrants(String principalName, + public List listPrincipalDBGrants(String principalName, PrincipalType principalType, String dbName) { return objectStore.listPrincipalDBGrants(principalName, principalType, dbName); } @Override - public List listAllTableGrants(String principalName, + public List listAllTableGrants(String principalName, PrincipalType principalType, String dbName, String tableName) { return objectStore.listAllTableGrants(principalName, principalType, dbName, tableName); } @Override - public List listPrincipalPartitionGrants(String principalName, - PrincipalType principalType, String dbName, String tableName, String partName) { + public List listPrincipalPartitionGrants(String principalName, + PrincipalType principalType, String dbName, String tableName, List partValues, + String partName) { return objectStore.listPrincipalPartitionGrants(principalName, principalType, - dbName, tableName, partName); + dbName, tableName, partValues, partName); } @Override - public List listPrincipalTableColumnGrants(String principalName, + public List listPrincipalTableColumnGrants(String principalName, PrincipalType principalType, String dbName, String tableName, String columnName) { return objectStore.listPrincipalTableColumnGrants(principalName, principalType, dbName, tableName, columnName); } @Override - public List listPrincipalPartitionColumnGrants( + public List listPrincipalPartitionColumnGrants( String principalName, PrincipalType principalType, String dbName, String tableName, - String partName, String columnName) { + List partVals, String partName, String columnName) { return objectStore.listPrincipalPartitionColumnGrants(principalName, principalType, - dbName, tableName, partName, columnName); + dbName, tableName, partVals, partName, columnName); } @Override @@ -463,12 +454,18 @@ public Role getRole(String roleName) throws NoSuchObjectException { } @Override - public List listRoles(String principalName, PrincipalType principalType) { + public List listRoles(String principalName, PrincipalType principalType) { return objectStore.listRoles(principalName, principalType); } @Override - public List listRoleMembers(String roleName) { + public List listRolesWithGrants(String principalName, + PrincipalType principalType) { + return objectStore.listRolesWithGrants(principalName, principalType); + } + + @Override + public List listRoleMembers(String roleName) { return objectStore.listRoleMembers(roleName); } diff --git metastore/src/test/org/apache/hadoop/hive/metastore/DummyRawStoreForJdoConnection.java metastore/src/test/org/apache/hadoop/hive/metastore/DummyRawStoreForJdoConnection.java index 44e69f6..3f8be40 100644 --- metastore/src/test/org/apache/hadoop/hive/metastore/DummyRawStoreForJdoConnection.java +++ metastore/src/test/org/apache/hadoop/hive/metastore/DummyRawStoreForJdoConnection.java @@ -28,7 +28,6 @@ import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.metastore.api.AggrStats; import org.apache.hadoop.hive.metastore.api.ColumnStatistics; -import org.apache.hadoop.hive.metastore.api.ColumnStatisticsObj; import org.apache.hadoop.hive.metastore.api.CurrentNotificationEventId; import org.apache.hadoop.hive.metastore.api.Database; import org.apache.hadoop.hive.metastore.api.Function; @@ -44,24 +43,16 @@ import org.apache.hadoop.hive.metastore.api.NotificationEventResponse; import org.apache.hadoop.hive.metastore.api.Partition; import org.apache.hadoop.hive.metastore.api.PartitionEventType; -import org.apache.hadoop.hive.metastore.api.PartitionsStatsRequest; import org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet; import org.apache.hadoop.hive.metastore.api.PrincipalType; import org.apache.hadoop.hive.metastore.api.PrivilegeBag; import org.apache.hadoop.hive.metastore.api.Role; -import org.apache.hadoop.hive.metastore.api.SetPartitionsStatsRequest; +import org.apache.hadoop.hive.metastore.api.RolePrincipalGrant; import org.apache.hadoop.hive.metastore.api.Table; import org.apache.hadoop.hive.metastore.api.Type; import org.apache.hadoop.hive.metastore.api.UnknownDBException; import org.apache.hadoop.hive.metastore.api.UnknownPartitionException; import org.apache.hadoop.hive.metastore.api.UnknownTableException; -import org.apache.hadoop.hive.metastore.model.MDBPrivilege; -import org.apache.hadoop.hive.metastore.model.MGlobalPrivilege; -import org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege; -import org.apache.hadoop.hive.metastore.model.MPartitionPrivilege; -import org.apache.hadoop.hive.metastore.model.MRoleMap; -import org.apache.hadoop.hive.metastore.model.MTableColumnPrivilege; -import org.apache.hadoop.hive.metastore.model.MTablePrivilege; import org.apache.hadoop.hive.metastore.partition.spec.PartitionSpecProxy; import org.apache.thrift.TException; @@ -422,44 +413,45 @@ public PrincipalPrivilegeSet getColumnPrivilegeSet(String dbName, String tableNa } @Override - public List listPrincipalGlobalGrants(String principalName, + public List listPrincipalGlobalGrants(String principalName, PrincipalType principalType) { return null; } @Override - public List listPrincipalDBGrants(String principalName, + public List listPrincipalDBGrants(String principalName, PrincipalType principalType, String dbName) { return null; } @Override - public List listAllTableGrants(String principalName, + public List listAllTableGrants(String principalName, PrincipalType principalType, String dbName, String tableName) { return null; } @Override - public List listPrincipalPartitionGrants(String principalName, - PrincipalType principalType, String dbName, String tableName, String partName) { + public List listPrincipalPartitionGrants(String principalName, + PrincipalType principalType, String dbName, String tableName, List partValues, + String partName) { return null; } @Override - public List listPrincipalTableColumnGrants(String principalName, + public List listPrincipalTableColumnGrants(String principalName, PrincipalType principalType, String dbName, String tableName, String columnName) { return null; } @Override - public List listPrincipalPartitionColumnGrants(String principalName, - PrincipalType principalType, String dbName, String tableName, String partName, - String columnName) { + public List listPrincipalPartitionColumnGrants(String principalName, + PrincipalType principalType, String dbName, String tableName, List partVals, + String partName, String columnName) { return null; } @@ -491,13 +483,19 @@ public Role getRole(String roleName) throws NoSuchObjectException { } @Override - public List listRoles(String principalName, PrincipalType principalType) { + public List listRoles(String principalName, PrincipalType principalType) { return null; } @Override - public List listRoleMembers(String roleName) { + public List listRolesWithGrants(String principalName, + PrincipalType principalType) { + return null; + } + + @Override + public List listRoleMembers(String roleName) { return null; }