diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchonizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchonizer.java index e56094e..9ce665f 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchonizer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeSynchonizer.java @@ -166,19 +166,25 @@ public void run() { long interval = HiveConf.getTimeVar(hiveConf, ConfVars.HIVE_PRIVILEGE_SYNCHRONIZER_INTERVAL, TimeUnit.SECONDS); try { for (HivePolicyProvider policyProvider : policyProviderContainer) { + LOG.info("Start synchronize privilege " + policyProvider.getClass().getName()); String authorizer = policyProvider.getClass().getSimpleName(); if (!privilegeSynchonizerLatch.await(interval, TimeUnit.SECONDS)) { + LOG.info("Not selected as leader, skip"); continue; } - LOG.info("Start synchonize privilege"); + int numDb = 0, numTbl = 0; for (String dbName : hiveClient.getAllDatabases()) { + numDb++; HiveObjectRef dbToRefresh = getObjToRefresh(HiveObjectType.DATABASE, dbName, null); PrivilegeBag grantDatabaseBag = new PrivilegeBag(); addGrantPrivilegesToBag(policyProvider, grantDatabaseBag, HiveObjectType.DATABASE, dbName, null, null, authorizer); hiveClient.refresh_privileges(dbToRefresh, authorizer, grantDatabaseBag); + LOG.debug("processing " + dbName); for (String tblName : hiveClient.getAllTables(dbName)) { + numTbl++; + LOG.debug("processing " + dbName + "." + tblName); HiveObjectRef tableToRefresh = getObjToRefresh(HiveObjectType.TABLE, dbName, tblName); PrivilegeBag grantTableBag = new PrivilegeBag(); addGrantPrivilegesToBag(policyProvider, grantTableBag, HiveObjectType.TABLE, @@ -199,13 +205,14 @@ public void run() { hiveClient.refresh_privileges(tableOfColumnsToRefresh, authorizer, grantColumnBag); } } - // Wait if no exception happens, otherwise, retry immediately + LOG.info("Success synchronize privilege " + policyProvider.getClass().getName() + ":" + numDb + " databases, " + + numTbl + " tables"); } + // Wait if no exception happens, otherwise, retry immediately + LOG.info("Wait for " + interval + " seconds"); Thread.sleep(interval * 1000); - LOG.info("Success synchonize privilege"); - } catch (Exception e) { - LOG.error("Error initializing PrivilegeSynchonizer: " + e.getMessage(), e); + LOG.error("Error initializing PrivilegeSynchronizer: " + e.getMessage(), e); } } } diff --git a/service/src/java/org/apache/hive/service/server/HiveServer2.java b/service/src/java/org/apache/hive/service/server/HiveServer2.java index 2fbb002..0c92c91 100644 --- a/service/src/java/org/apache/hive/service/server/HiveServer2.java +++ b/service/src/java/org/apache/hive/service/server/HiveServer2.java @@ -1032,6 +1032,7 @@ public void startPrivilegeSynchonizer(HiveConf hiveConf) throws Exception { + ZooKeeperHiveHelper.ZOOKEEPER_PATH_SEPARATOR + "privilege_synchonizer"; privilegeSynchonizerLatch = new LeaderLatch(zKClientForPrivSync, path); privilegeSynchonizerLatch.start(); + LOG.info("Find " + policyContainer.size() + " policy to synchronize, start PrivilegeSynchonizer"); Thread privilegeSynchonizerThread = new Thread( new PrivilegeSynchonizer(privilegeSynchonizerLatch, policyContainer, hiveConf), "PrivilegeSynchonizer"); privilegeSynchonizerThread.start();