diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/AbstractHiveAuthorizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/AbstractHiveAuthorizer.java new file mode 100644 index 0000000..522ff3f --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/AbstractHiveAuthorizer.java @@ -0,0 +1,41 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.hive.ql.security.authorization.plugin; + + +/** + * Abstract class that extends HiveAuthorizer. This will help to shield + * Hive authorization implementations from some of the changes to HiveAuthorizer + * interface by providing default implementation of new methods in HiveAuthorizer + * when possible. + */ +public abstract class AbstractHiveAuthorizer implements HiveAuthorizer { + + /* (non-Javadoc) + * @see org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer#getHiveAuthorizationTranslator() + */ + @Override + public HiveAuthorizationTranslator getHiveAuthorizationTranslator() throws HiveAuthzPluginException { + // No customization of this API is done for most Authorization implementations. It is meant + // to be used for special cases in Apache Sentry (incubating) + // null is to be returned when no customization is needed for the translator + // see javadoc in interface for details. + return null; + } + +} diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java index 09112fe..c93e334 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java @@ -26,7 +26,14 @@ import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider; /** - * Interface for hive authorization plugins. + * Interface for hive authorization plugins. Plugins will be better shielded from changes + * to this interface by extending AbstractHiveAuthorizer instead of extending this + * interface directly. + * + * Note that this interface is for limited use by specific apache projects, including + * Apache Ranger (formerly known as Argus), and Apache Sentry, and is subject to + * change across releases. + * * Used by the DDLTasks for access control statement, * and for checking authorization from Driver.doAuthorization() * diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java index 37ea1c4..00fa8cf 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java @@ -22,7 +22,6 @@ import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate; import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving; import org.apache.hadoop.hive.conf.HiveConf; -import org.apache.hadoop.hive.ql.metadata.HiveException; /** * Convenience implementation of HiveAuthorizer. @@ -32,7 +31,7 @@ */ @LimitedPrivate(value = { "" }) @Evolving -public class HiveAuthorizerImpl implements HiveAuthorizer { +public class HiveAuthorizerImpl extends AbstractHiveAuthorizer { HiveAccessController accessController; HiveAuthorizationValidator authValidator; @@ -136,16 +135,4 @@ public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPl accessController.applyAuthorizationConfigPolicy(hiveConf); } - /* (non-Javadoc) - * @see org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer#getHiveAuthorizationTranslator() - * - * No customization of this API is done for most Authorization implementations. It is meant - * to be used for special cases in Apache Sentry (incubating) - * - */ - @Override - public HiveAuthorizationTranslator getHiveAuthorizationTranslator() throws HiveAuthzPluginException{ - return null; - } - } diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java index c7f9e13..8e60757 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java @@ -42,7 +42,7 @@ import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessController; import org.apache.hadoop.hive.ql.session.SessionState; -public class HiveV1Authorizer implements HiveAuthorizer { +public class HiveV1Authorizer extends AbstractHiveAuthorizer { private final HiveConf conf; private final Hive hive; @@ -379,11 +379,4 @@ public void applyAuthorizationConfigPolicy(HiveConf hiveConf) { return listObjs; } - @Override - public HiveAuthorizationTranslator getHiveAuthorizationTranslator() throws HiveAuthzPluginException { - // custom translator is not needed, so return null - return null; - } - - }