diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java index 8bcf860..049857b 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java @@ -640,7 +640,7 @@ private int grantOrRevokeRole(GrantRevokeRoleDDL grantOrRevokeRoleDDL) AuthorizationUtils.getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType())); } List principals = - AuthorizationUtils.getHivePrincipals(grantOrRevokeRoleDDL.getPrincipalDesc()); + authorizer.getHivePrincipals(grantOrRevokeRoleDDL.getPrincipalDesc()); List roles = grantOrRevokeRoleDDL.getRoles(); boolean grantOption = grantOrRevokeRoleDDL.isGrantOption(); @@ -658,7 +658,7 @@ private int showGrants(ShowGrantDesc showGrantDesc) throws HiveException { try { List privInfos = authorizer.showPrivileges( AuthorizationUtils.getHivePrincipal(showGrantDesc.getPrincipalDesc()), - AuthorizationUtils.getHivePrivilegeObject(showGrantDesc.getHiveObj())); + authorizer.getHivePrivilegeObject(showGrantDesc.getHiveObj())); boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST); writeToFile(writeGrantInfo(privInfos, testMode), showGrantDesc.getResFile()); } catch (IOException e) { @@ -675,9 +675,9 @@ private int grantOrRevokePrivileges(List principals, HiveAuthorizer authorizer = getSessionAuthorizer(); //Convert to object types used by the authorization plugin interface - List hivePrincipals = AuthorizationUtils.getHivePrincipals(principals); - List hivePrivileges = AuthorizationUtils.getHivePrivileges(privileges); - HivePrivilegeObject hivePrivObject = AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc); + List hivePrincipals = authorizer.getHivePrincipals(principals); + List hivePrivileges = authorizer.getHivePrivileges(privileges); + HivePrivilegeObject hivePrivObject = authorizer.getHivePrivilegeObject(privSubjectDesc); HivePrincipal grantorPrincipal = new HivePrincipal( grantor, AuthorizationUtils.getHivePrincipalType(grantorType)); diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java index 97d9aa9..512772b 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java @@ -22,6 +22,10 @@ import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate; import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving; import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.ql.metadata.HiveException; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider; /** @@ -210,5 +214,12 @@ void checkPrivileges(HiveOperationType hiveOpType, List inp */ public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException; + public List getHivePrincipals(List principals) + throws HiveException; + + public List getHivePrivileges(List privileges); + + public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) + throws HiveException; } diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java index c555fbf..76a80e0 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java @@ -22,6 +22,11 @@ import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate; import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving; import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.ql.metadata.HiveException; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; +import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils; /** * Convenience implementation of HiveAuthorizer. @@ -134,4 +139,21 @@ public void setCurrentRole(String roleName) throws HiveAccessControlException, H public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException { accessController.applyAuthorizationConfigPolicy(hiveConf); } + + @Override + public List getHivePrincipals( + List principals) throws HiveException { + return AuthorizationUtils.getHivePrincipals(principals); + } + + @Override + public List getHivePrivileges(List privileges) { + return AuthorizationUtils.getHivePrivileges(privileges); + } + + @Override + public HivePrivilegeObject getHivePrivilegeObject( + PrivilegeObjectDesc privSubjectDesc) throws HiveException { + return AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc); + } } diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java index 86de47c..c387800 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java @@ -37,6 +37,9 @@ import org.apache.hadoop.hive.ql.metadata.Hive; import org.apache.hadoop.hive.ql.metadata.HiveException; import org.apache.hadoop.hive.ql.metadata.Table; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils; import org.apache.hadoop.hive.ql.security.authorization.PrivilegeScope; import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessController; @@ -378,4 +381,21 @@ public void applyAuthorizationConfigPolicy(HiveConf hiveConf) { // do no filtering in old authorizer return listObjs; } + + @Override + public List getHivePrincipals( + List principals) throws HiveException { + return AuthorizationUtils.getHivePrincipals(principals); + } + + @Override + public List getHivePrivileges(List privileges) { + return AuthorizationUtils.getHivePrivileges(privileges); + } + + @Override + public HivePrivilegeObject getHivePrivilegeObject( + PrivilegeObjectDesc privSubjectDesc) throws HiveException { + return AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc); + } }