diff --git a/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidatorForTest.java b/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidatorForTest.java index ecd3d80..75e277a 100644 --- a/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidatorForTest.java +++ b/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidatorForTest.java @@ -18,6 +18,10 @@ package org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd; import java.util.List; +import java.util.HashSet; +import java.util.Set; + +import javax.annotation.Nullable; import org.apache.hadoop.classification.InterfaceAudience.Private; import org.apache.hadoop.hive.conf.HiveConf; @@ -30,18 +34,55 @@ import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject; +import com.google.common.base.Predicate; +import com.google.common.collect.Iterables; +import com.google.common.collect.Lists; + /** * Extends SQLStdHiveAuthorizationValidator to relax the restriction of not * being able to run dfs,set commands. To be used for testing purposes only! + * + * In addition, it parses a setting test.hive.authz.sstd.validator.bypassObjTypes + * as a comma-separated list of object types, which, if present, it will bypass + * validations of all input and output objects of those types. */ + @Private public class SQLStdHiveAuthorizationValidatorForTest extends SQLStdHiveAuthorizationValidator { + final String BYPASS_OBJTYPES_KEY = "test.hive.authz.sstd.validator.bypassObjTypes"; + Set bypassObjectTypes; + public SQLStdHiveAuthorizationValidatorForTest(HiveMetastoreClientFactory metastoreClientFactory, HiveConf conf, HiveAuthenticationProvider authenticator, SQLStdHiveAccessControllerWrapper privController, HiveAuthzSessionContext ctx) throws HiveAuthzPluginException { super(metastoreClientFactory, conf, authenticator, privController, ctx); + setupBypass(conf.get(BYPASS_OBJTYPES_KEY,"")); + } + + private void setupBypass(String bypassObjectTypesConf){ + bypassObjectTypes = new HashSet(); + if (!bypassObjectTypesConf.isEmpty()){ + for (String bypassType : bypassObjectTypesConf.split(",")){ + if ((bypassType != null) && !bypassType.isEmpty()){ + bypassObjectTypes.add(HivePrivilegeObject.HivePrivilegeObjectType.valueOf(bypassType)); + } + } + } + } + + List filterForBypass(List privilegeObjects){ + return Lists.newArrayList(Iterables.filter(privilegeObjects,new Predicate() { + @Override + public boolean apply(@Nullable HivePrivilegeObject hivePrivilegeObject) { + // Return true to retain an item, and false to filter it out. + if (hivePrivilegeObject == null){ + return true; + } + return !bypassObjectTypes.contains(hivePrivilegeObject.getType()); + } + })); } @Override @@ -54,7 +95,7 @@ public void checkPrivileges(HiveOperationType hiveOpType, List