diff --git itests/qtest-druid/pom.xml itests/qtest-druid/pom.xml index 260e73d2b1..3b9c5c3ef7 100644 --- itests/qtest-druid/pom.xml +++ itests/qtest-druid/pom.xml @@ -43,7 +43,7 @@ 10.11.1.1 16.0.1 4.1.0 - 2.0.0 + 2.0.0 @@ -206,18 +206,17 @@ guice ${druid.guice.version} - - junit - junit - ${junit.version} - test + org.apache.kafka + kafka_2.11 + ${kafka.test.version} org.apache.kafka - kafka_2.11 - ${kafka.version} + kafka-clients + ${kafka.test.version} + org.slf4j slf4j-api @@ -239,8 +238,6 @@ shade - - false false @@ -261,6 +258,12 @@ *:jsp-api* + + + org.apache.kafka + org.apache.kafkatests + + *:* diff --git itests/qtest/pom.xml itests/qtest/pom.xml index 801a43d02f..e19a1b296f 100644 --- itests/qtest/pom.xml +++ itests/qtest/pom.xml @@ -143,6 +143,16 @@ kafka-handler ${project.version} test + + + org.apache.kafka + kafka-clients + + + org.apache.hadoop + hadoop-client + + diff --git jdbc/src/java/org/apache/hive/jdbc/Utils.java jdbc/src/java/org/apache/hive/jdbc/Utils.java index 3c18f09641..e0200b76b5 100644 --- jdbc/src/java/org/apache/hive/jdbc/Utils.java +++ jdbc/src/java/org/apache/hive/jdbc/Utils.java @@ -454,17 +454,6 @@ public static JdbcConnectionParams extractURLComponents(String uri, Properties i } } - if (!connParams.getSessionVars().containsKey(JdbcConnectionParams.AUTH_PASSWD)) { - if (info.containsKey(JdbcConnectionParams.AUTH_USER)) { - connParams.getSessionVars().put(JdbcConnectionParams.AUTH_USER, - info.getProperty(JdbcConnectionParams.AUTH_USER)); - } - if (info.containsKey(JdbcConnectionParams.AUTH_PASSWD)) { - connParams.getSessionVars().put(JdbcConnectionParams.AUTH_PASSWD, - info.getProperty(JdbcConnectionParams.AUTH_PASSWD)); - } - } - if (info.containsKey(JdbcConnectionParams.AUTH_TYPE)) { connParams.getSessionVars().put(JdbcConnectionParams.AUTH_TYPE, info.getProperty(JdbcConnectionParams.AUTH_TYPE)); diff --git kafka-handler/pom.xml kafka-handler/pom.xml index f907e9ddf0..647b6a6ed0 100644 --- kafka-handler/pom.xml +++ kafka-handler/pom.xml @@ -30,7 +30,7 @@ .. - 2.0.0 + 2.2.0 kafka-handler @@ -94,7 +94,6 @@ test test - org.apache.kafka kafka_2.11 @@ -108,6 +107,12 @@ ${kafka.version} test + + org.apache.zookeeper + zookeeper + 3.4.7 + test + org.slf4j slf4j-api @@ -142,9 +147,15 @@ false - org.apache.kafka:* + org.apache.kafka:kafka-clients + + + org.apache.kafka + org.apache.kafkaesque + + *:* diff --git kafka-handler/src/java/org/apache/hadoop/hive/kafka/HiveKafkaProducer.java kafka-handler/src/java/org/apache/hadoop/hive/kafka/HiveKafkaProducer.java index 2270e08e2c..ba27233f86 100644 --- kafka-handler/src/java/org/apache/hadoop/hive/kafka/HiveKafkaProducer.java +++ kafka-handler/src/java/org/apache/hadoop/hive/kafka/HiveKafkaProducer.java @@ -39,11 +39,12 @@ import java.lang.reflect.Field; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; +import java.time.Duration; import java.util.List; import java.util.Map; import java.util.Properties; import java.util.concurrent.Future; -import java.util.concurrent.TimeUnit; + /** * Kafka Producer with public methods to extract the producer state then resuming transaction in another process. @@ -107,8 +108,8 @@ kafkaProducer.close(); } - @Override public void close(long timeout, TimeUnit unit) { - kafkaProducer.close(timeout, unit); + @Override public void close(Duration duration) { + kafkaProducer.close(duration); } @Override public void flush() { diff --git kafka-handler/src/test/org/apache/hadoop/hive/kafka/KafkaBrokerResource.java kafka-handler/src/test/org/apache/hadoop/hive/kafka/KafkaBrokerResource.java index fbcbe9a19a..a79bf4fce9 100644 --- kafka-handler/src/test/org/apache/hadoop/hive/kafka/KafkaBrokerResource.java +++ kafka-handler/src/test/org/apache/hadoop/hive/kafka/KafkaBrokerResource.java @@ -56,8 +56,8 @@ @Override protected void before() throws Throwable { // Start the ZK and the Broker LOG.info("init embedded Zookeeper"); - zkServer = new EmbeddedZookeeper(); tmpLogDir = Files.createTempDirectory("kafka-log-dir-").toAbsolutePath(); + zkServer = new EmbeddedZookeeper(); String zkConnect = "127.0.0.1:" + zkServer.port(); LOG.info("init kafka broker"); Properties brokerProps = new Properties(); @@ -91,7 +91,9 @@ kafkaServer.shutdown(); kafkaServer.awaitShutdown(); } - zkServer.shutdown(); + if (zkServer != null) { + zkServer.shutdown(); + } } void deleteTopic(@SuppressWarnings("SameParameterValue") String topic) { diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/database/AlterDatabaseDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/database/AlterDatabaseDesc.java index 46eb092243..547b3515c0 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/database/AlterDatabaseDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/ddl/database/AlterDatabaseDesc.java @@ -23,10 +23,10 @@ import org.apache.hadoop.hive.ql.ddl.DDLDesc; import org.apache.hadoop.hive.ql.ddl.DDLTask2; -import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; import org.apache.hadoop.hive.ql.parse.ReplicationSpec; import org.apache.hadoop.hive.ql.plan.Explain; import org.apache.hadoop.hive.ql.plan.Explain.Level; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; /** * DDL task description for ALTER DATABASE commands. diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/database/ShowCreateDatabaseDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/database/ShowCreateDatabaseDesc.java index 848bfab6ad..29dc266ebf 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/database/ShowCreateDatabaseDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/ddl/database/ShowCreateDatabaseDesc.java @@ -33,8 +33,6 @@ public class ShowCreateDatabaseDesc implements DDLDesc, Serializable { private static final long serialVersionUID = 1L; - public static final String SCHEMA = "createdb_stmt#string"; - static { DDLTask2.registerOperation(ShowCreateDatabaseDesc.class, ShowCreateDatabaseOperation.class); } @@ -42,6 +40,11 @@ private final String resFile; private final String dbName; + /** + * Thrift ddl for the result of showcreatedatabase. + */ + public static final String SCHEMA = "createdb_stmt#string"; + public ShowCreateDatabaseDesc(String dbName, String resFile) { this.dbName = dbName; this.resFile = resFile; diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/database/ShowDatabasesDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/database/ShowDatabasesDesc.java index e8f4e442d4..4814fd3e8c 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/database/ShowDatabasesDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/ddl/database/ShowDatabasesDesc.java @@ -33,6 +33,7 @@ public class ShowDatabasesDesc implements DDLDesc, Serializable { private static final long serialVersionUID = 1L; + /** Thrift ddl for the result of show databases. */ public static final String SHOW_DATABASES_SCHEMA = "database_name#string"; static { diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/function/DescFunctionDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/function/DescFunctionDesc.java index b84c630149..7f1aa0c90e 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/function/DescFunctionDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/ddl/function/DescFunctionDesc.java @@ -33,12 +33,18 @@ public class DescFunctionDesc implements DDLDesc, Serializable { private static final long serialVersionUID = 1L; - public static final String SCHEMA = "tab_name#string"; - static { DDLTask2.registerOperation(DescFunctionDesc.class, DescFunctionOperation.class); } + /** + * Thrift ddl for the result of show tables. + */ + private static final String SCHEMA = "tab_name#string"; + public static String getSchema() { + return SCHEMA; + } + private final String resFile; private final String name; private final boolean isExtended; diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/function/ShowFunctionsDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/function/ShowFunctionsDesc.java index 79074e8550..2affa32786 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/function/ShowFunctionsDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/ddl/function/ShowFunctionsDesc.java @@ -33,12 +33,18 @@ public class ShowFunctionsDesc implements DDLDesc, Serializable { private static final long serialVersionUID = 1L; - public static final String SCHEMA = "tab_name#string"; - static { DDLTask2.registerOperation(ShowFunctionsDesc.class, ShowFunctionsOperation.class); } + /** + * Thrift ddl for the result of show tables. + */ + private static final String SCHEMA = "tab_name#string"; + public static String getSchema() { + return SCHEMA; + } + private final String resFile; private final String pattern; private final boolean isLikePattern; diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/function/ShowFunctionsOperation.java ql/src/java/org/apache/hadoop/hive/ql/ddl/function/ShowFunctionsOperation.java index d23899c41e..d76312d691 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/function/ShowFunctionsOperation.java +++ ql/src/java/org/apache/hadoop/hive/ql/ddl/function/ShowFunctionsOperation.java @@ -54,14 +54,14 @@ public int execute() throws HiveException { private Set fetchFunctions() { Set funcs = null; if (desc.getPattern() != null) { + LOG.debug("pattern: {}", desc.getPattern()); if (desc.getIsLikePattern()) { funcs = FunctionRegistry.getFunctionNamesByLikePattern(desc.getPattern()); } else { context.getConsole().printInfo("SHOW FUNCTIONS is deprecated, please use SHOW FUNCTIONS LIKE instead."); funcs = FunctionRegistry.getFunctionNames(desc.getPattern()); } - LOG.info("Found {} function(s) using pattern {} matching the SHOW FUNCTIONS statement.", funcs.size(), - desc.getPattern()); + LOG.info("Found {} function(s) matching the SHOW FUNCTIONS statement.", funcs.size()); } else { funcs = FunctionRegistry.getFunctionNames(); } diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/CreateRoleDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/CreateRoleDesc.java deleted file mode 100644 index 9641682d95..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/CreateRoleDesc.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import java.io.Serializable; - -import org.apache.hadoop.hive.ql.ddl.DDLDesc; -import org.apache.hadoop.hive.ql.ddl.DDLTask2; -import org.apache.hadoop.hive.ql.plan.Explain; -import org.apache.hadoop.hive.ql.plan.Explain.Level; - -/** - * DDL task description for CREATE ROLE commands. - */ -@Explain(displayName = "Create Role", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) -public class CreateRoleDesc implements DDLDesc, Serializable { - private static final long serialVersionUID = 1L; - - static { - DDLTask2.registerOperation(CreateRoleDesc.class, CreateRoleOperation.class); - } - - private final String name; - - public CreateRoleDesc(String name) { - this.name = name; - } - - @Explain(displayName = "name", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) - public String getName() { - return name; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/CreateRoleOperation.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/CreateRoleOperation.java deleted file mode 100644 index 6782b02d20..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/CreateRoleOperation.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; - -import org.apache.hadoop.hive.ql.ddl.DDLOperation; -import org.apache.hadoop.hive.ql.metadata.HiveException; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; - -/** - * Operation process of creating a role. - */ -public class CreateRoleOperation extends DDLOperation { - private final CreateRoleDesc desc; - - public CreateRoleOperation(DDLOperationContext context, CreateRoleDesc desc) { - super(context); - this.desc = desc; - } - - @Override - public int execute() throws HiveException { - HiveAuthorizer authorizer = RoleUtils.getSessionAuthorizer(context.getConf()); - authorizer.createRole(desc.getName(), null); - return 0; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/DropRoleDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/DropRoleDesc.java deleted file mode 100644 index b8dcaacad7..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/DropRoleDesc.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import java.io.Serializable; - -import org.apache.hadoop.hive.ql.ddl.DDLDesc; -import org.apache.hadoop.hive.ql.ddl.DDLTask2; -import org.apache.hadoop.hive.ql.plan.Explain; -import org.apache.hadoop.hive.ql.plan.Explain.Level; - -/** - * DDL task description for DROP ROLE commands. - */ -@Explain(displayName = "Drop Role", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) -public class DropRoleDesc implements DDLDesc, Serializable { - private static final long serialVersionUID = 1L; - - static { - DDLTask2.registerOperation(DropRoleDesc.class, DropRoleOperation.class); - } - - private final String name; - - public DropRoleDesc(String name) { - this.name = name; - } - - @Explain(displayName = "name", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) - public String getName() { - return name; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/DropRoleOperation.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/DropRoleOperation.java deleted file mode 100644 index e8b55ecf4c..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/DropRoleOperation.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; - -import org.apache.hadoop.hive.ql.ddl.DDLOperation; -import org.apache.hadoop.hive.ql.metadata.HiveException; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; - -/** - * Operation process of dropping a role. - */ -public class DropRoleOperation extends DDLOperation { - private final DropRoleDesc desc; - - public DropRoleOperation(DDLOperationContext context, DropRoleDesc desc) { - super(context); - this.desc = desc; - } - - @Override - public int execute() throws HiveException { - HiveAuthorizer authorizer = RoleUtils.getSessionAuthorizer(context.getConf()); - authorizer.dropRole(desc.getName()); - return 0; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantOperation.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantOperation.java deleted file mode 100644 index 633ac434e0..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantOperation.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; - -import java.util.List; - -import org.apache.hadoop.hive.ql.ddl.DDLOperation; -import org.apache.hadoop.hive.ql.metadata.HiveException; -import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject; - -/** - * Operation process of granting. - */ -public class GrantOperation extends DDLOperation { - private final GrantDesc desc; - - public GrantOperation(DDLOperationContext context, GrantDesc desc) { - super(context); - this.desc = desc; - } - - @Override - public int execute() throws HiveException { - HiveAuthorizer authorizer = RoleUtils.getSessionAuthorizer(context.getConf()); - - //Convert to object types used by the authorization plugin interface - List hivePrincipals = AuthorizationUtils.getHivePrincipals(desc.getPrincipals(), - RoleUtils.getAuthorizationTranslator(authorizer)); - List hivePrivileges = AuthorizationUtils.getHivePrivileges(desc.getPrivileges(), - RoleUtils.getAuthorizationTranslator(authorizer)); - HivePrivilegeObject hivePrivilegeObject = - RoleUtils.getAuthorizationTranslator(authorizer).getHivePrivilegeObject(desc.getPrivilegeSubject()); - HivePrincipal grantorPrincipal = new HivePrincipal(desc.getGrantor(), - AuthorizationUtils.getHivePrincipalType(desc.getGrantorType())); - - authorizer.grantPrivileges(hivePrincipals, hivePrivileges, hivePrivilegeObject, grantorPrincipal, - desc.isGrantOption()); - - return 0; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantRoleDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantRoleDesc.java deleted file mode 100644 index e27931a478..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantRoleDesc.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import java.util.List; - -import org.apache.hadoop.hive.ql.ddl.DDLDesc; -import org.apache.hadoop.hive.ql.ddl.DDLTask2; -import org.apache.hadoop.hive.ql.plan.Explain; -import org.apache.hadoop.hive.ql.plan.Explain.Level; - -/** - * DDL task description for GRANT ROLE commands. - */ -@Explain(displayName="Grant roles", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) -public class GrantRoleDesc implements DDLDesc { - - static { - DDLTask2.registerOperation(GrantRoleDesc.class, GrantRoleOperation.class); - } - - private final List roles; - private final List principals; - private final String grantor; - private final boolean grantOption; - - public GrantRoleDesc(List roles, List principals, String grantor, boolean grantOption) { - this.principals = principals; - this.roles = roles; - this.grantor = grantor; - this.grantOption = grantOption; - } - - @Explain(displayName="principals", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) - public List getPrincipals() { - return principals; - } - - @Explain(displayName="roles", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) - public List getRoles() { - return roles; - } - - public String getGrantor() { - return grantor; - } - - public boolean isGrantOption() { - return grantOption; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantRoleOperation.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantRoleOperation.java deleted file mode 100644 index 19abe2794d..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantRoleOperation.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; - -import java.util.List; - -import org.apache.hadoop.hive.metastore.api.PrincipalType; -import org.apache.hadoop.hive.ql.ddl.DDLOperation; -import org.apache.hadoop.hive.ql.metadata.HiveException; -import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal; - -/** - * Operation process of granting a role. - */ -public class GrantRoleOperation extends DDLOperation { - private final GrantRoleDesc desc; - - public GrantRoleOperation(DDLOperationContext context, GrantRoleDesc desc) { - super(context); - this.desc = desc; - } - - @Override - public int execute() throws HiveException { - HiveAuthorizer authorizer = RoleUtils.getSessionAuthorizer(context.getConf()); - - List principals = - AuthorizationUtils.getHivePrincipals(desc.getPrincipals(), RoleUtils.getAuthorizationTranslator(authorizer)); - HivePrincipal grantorPrincipal = null; - if (desc.getGrantor() != null) { - grantorPrincipal = - new HivePrincipal(desc.getGrantor(), AuthorizationUtils.getHivePrincipalType(PrincipalType.USER)); - } - - authorizer.grantRole(principals, desc.getRoles(), desc.isGrantOption(), grantorPrincipal); - - return 0; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeOperation.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeOperation.java deleted file mode 100644 index bf4e01a191..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeOperation.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; - -import java.util.List; - -import org.apache.hadoop.hive.ql.ddl.DDLOperation; -import org.apache.hadoop.hive.ql.metadata.HiveException; -import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject; - -/** - * Operation process of revoking. - */ -public class RevokeOperation extends DDLOperation { - private final RevokeDesc desc; - - public RevokeOperation(DDLOperationContext context, RevokeDesc desc) { - super(context); - this.desc = desc; - } - - @Override - public int execute() throws HiveException { - HiveAuthorizer authorizer = RoleUtils.getSessionAuthorizer(context.getConf()); - - //Convert to object types used by the authorization plugin interface - List hivePrincipals = AuthorizationUtils.getHivePrincipals(desc.getPrincipals(), - RoleUtils.getAuthorizationTranslator(authorizer)); - List hivePrivileges = AuthorizationUtils.getHivePrivileges(desc.getPrivileges(), - RoleUtils.getAuthorizationTranslator(authorizer)); - HivePrivilegeObject hivePrivilegeObject = - RoleUtils.getAuthorizationTranslator(authorizer).getHivePrivilegeObject(desc.getPrivilegeSubject()); - HivePrincipal grantorPrincipal = new HivePrincipal(null, null); - - authorizer.revokePrivileges(hivePrincipals, hivePrivileges, hivePrivilegeObject, grantorPrincipal, - desc.isGrantOption()); - - return 0; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeRoleDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeRoleDesc.java deleted file mode 100644 index 05507ec905..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeRoleDesc.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import java.util.List; - -import org.apache.hadoop.hive.ql.ddl.DDLDesc; -import org.apache.hadoop.hive.ql.ddl.DDLTask2; -import org.apache.hadoop.hive.ql.plan.Explain; -import org.apache.hadoop.hive.ql.plan.Explain.Level; - -/** - * DDL task description for REVOKE ROLE commands. - */ -@Explain(displayName="Revoke roles", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) -public class RevokeRoleDesc implements DDLDesc { - - static { - DDLTask2.registerOperation(RevokeRoleDesc.class, RevokeRoleOperation.class); - } - - private final List roles; - private final List principals; - private final String grantor; - private final boolean grantOption; - - public RevokeRoleDesc(List roles, List principals, String grantor, boolean grantOption) { - this.principals = principals; - this.roles = roles; - this.grantor = grantor; - this.grantOption = grantOption; - } - - @Explain(displayName="principals", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) - public List getPrincipals() { - return principals; - } - - @Explain(displayName="roles", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) - public List getRoles() { - return roles; - } - - public String getGrantor() { - return grantor; - } - - public boolean isGrantOption() { - return grantOption; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeRoleOperation.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeRoleOperation.java deleted file mode 100644 index 0b3b27695d..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeRoleOperation.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; - -import java.util.List; - -import org.apache.hadoop.hive.metastore.api.PrincipalType; -import org.apache.hadoop.hive.ql.ddl.DDLOperation; -import org.apache.hadoop.hive.ql.metadata.HiveException; -import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal; - -/** - * Operation process of revoking a role. - */ -public class RevokeRoleOperation extends DDLOperation { - private final RevokeRoleDesc desc; - - public RevokeRoleOperation(DDLOperationContext context, RevokeRoleDesc desc) { - super(context); - this.desc = desc; - } - - @Override - public int execute() throws HiveException { - HiveAuthorizer authorizer = RoleUtils.getSessionAuthorizer(context.getConf()); - - List principals = - AuthorizationUtils.getHivePrincipals(desc.getPrincipals(), RoleUtils.getAuthorizationTranslator(authorizer)); - HivePrincipal grantorPrincipal = null; - if (desc.getGrantor() != null) { - grantorPrincipal = - new HivePrincipal(desc.getGrantor(), AuthorizationUtils.getHivePrincipalType(PrincipalType.USER)); - } - - authorizer.revokeRole(principals, desc.getRoles(), desc.isGrantOption(), grantorPrincipal); - - return 0; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RoleUtils.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RoleUtils.java deleted file mode 100644 index cfbc4cf620..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RoleUtils.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import java.io.IOException; -import java.util.Collections; -import java.util.List; - -import org.apache.hadoop.hive.conf.HiveConf; -import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; -import org.apache.hadoop.hive.ql.ddl.DDLUtils; -import org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationTranslator; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationTranslator; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveV1Authorizer; -import org.apache.hadoop.hive.ql.session.SessionState; - -/** - * Common utilities for Role related ddl operations. - */ -final class RoleUtils { - private RoleUtils() { - throw new UnsupportedOperationException("RoleUtils should not be instantiated"); - } - - static HiveAuthorizer getSessionAuthorizer(HiveConf conf) { - HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2(); - if (authorizer == null) { - authorizer = new HiveV1Authorizer(conf); - } - - return authorizer; - } - - static void writeListToFileAfterSort(List entries, String resFile, DDLOperationContext context) - throws IOException { - Collections.sort(entries); - - StringBuilder sb = new StringBuilder(); - for (String entry : entries) { - DDLUtils.appendNonNull(sb, entry, true); - } - - DDLUtils.writeToFile(sb.toString(), resFile, context); - } - - private static final HiveAuthorizationTranslator DEFAULT_AUTHORIZATION_TRANSLATOR = - new DefaultHiveAuthorizationTranslator(); - - static HiveAuthorizationTranslator getAuthorizationTranslator(HiveAuthorizer authorizer) - throws HiveAuthzPluginException { - if (authorizer.getHiveAuthorizationTranslator() == null) { - return DEFAULT_AUTHORIZATION_TRANSLATOR; - } else { - return (HiveAuthorizationTranslator)authorizer.getHiveAuthorizationTranslator(); - } - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/SetRoleDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/SetRoleDesc.java deleted file mode 100644 index e3e1bb1a2a..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/SetRoleDesc.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import java.io.Serializable; - -import org.apache.hadoop.hive.ql.ddl.DDLDesc; -import org.apache.hadoop.hive.ql.ddl.DDLTask2; -import org.apache.hadoop.hive.ql.plan.Explain; -import org.apache.hadoop.hive.ql.plan.Explain.Level; - -/** - * DDL task description for SET ROLE commands. - */ -@Explain(displayName = "Set Role", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) -public class SetRoleDesc implements DDLDesc, Serializable { - private static final long serialVersionUID = 1L; - - static { - DDLTask2.registerOperation(SetRoleDesc.class, SetRoleOperation.class); - } - - private final String name; - - public SetRoleDesc(String name) { - this.name = name; - } - - @Explain(displayName = "name", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) - public String getName() { - return name; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/SetRoleOperation.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/SetRoleOperation.java deleted file mode 100644 index d119fe4a28..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/SetRoleOperation.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; - -import org.apache.hadoop.hive.ql.ddl.DDLOperation; -import org.apache.hadoop.hive.ql.metadata.HiveException; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; - -/** - * Operation process of setting a role. - */ -public class SetRoleOperation extends DDLOperation { - private final SetRoleDesc desc; - - public SetRoleOperation(DDLOperationContext context, SetRoleDesc desc) { - super(context); - this.desc = desc; - } - - @Override - public int execute() throws HiveException { - HiveAuthorizer authorizer = RoleUtils.getSessionAuthorizer(context.getConf()); - authorizer.setCurrentRole(desc.getName()); - return 0; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowCurrentRoleDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowCurrentRoleDesc.java deleted file mode 100644 index 37f049e103..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowCurrentRoleDesc.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import java.io.Serializable; - -import org.apache.hadoop.hive.ql.ddl.DDLDesc; -import org.apache.hadoop.hive.ql.ddl.DDLTask2; -import org.apache.hadoop.hive.ql.plan.Explain; -import org.apache.hadoop.hive.ql.plan.Explain.Level; - -/** - * DDL task description for SHOW CURRENT ROLE commands. - */ -@Explain(displayName = "Show Current Role", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) -public class ShowCurrentRoleDesc implements DDLDesc, Serializable { - private static final long serialVersionUID = 1L; - - static { - DDLTask2.registerOperation(ShowCurrentRoleDesc.class, ShowCurrentRoleOperation.class); - } - - private final String resFile; - - public ShowCurrentRoleDesc(String resFile) { - this.resFile = resFile; - } - - public String getResFile() { - return resFile; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowCurrentRoleOperation.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowCurrentRoleOperation.java deleted file mode 100644 index 9738ddbcc0..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowCurrentRoleOperation.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; - -import java.io.IOException; -import java.util.List; - -import org.apache.hadoop.hive.ql.ddl.DDLOperation; -import org.apache.hadoop.hive.ql.metadata.HiveException; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; - -/** - * Operation process of showing the current role. - */ -public class ShowCurrentRoleOperation extends DDLOperation { - private final ShowCurrentRoleDesc desc; - - public ShowCurrentRoleOperation(DDLOperationContext context, ShowCurrentRoleDesc desc) { - super(context); - this.desc = desc; - } - - @Override - public int execute() throws HiveException, IOException { - HiveAuthorizer authorizer = RoleUtils.getSessionAuthorizer(context.getConf()); - List roleNames = authorizer.getCurrentRoleNames(); - RoleUtils.writeListToFileAfterSort(roleNames, desc.getResFile(), context); - - return 0; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowGrantOperation.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowGrantOperation.java deleted file mode 100644 index 50b41800a1..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowGrantOperation.java +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; -import org.apache.hadoop.hive.ql.ddl.DDLUtils; - -import java.io.IOException; -import java.util.Collections; -import java.util.Comparator; -import java.util.List; - -import org.apache.commons.collections.CollectionUtils; -import org.apache.hadoop.hive.conf.HiveConf; -import org.apache.hadoop.hive.ql.ddl.DDLOperation; -import org.apache.hadoop.hive.ql.metadata.HiveException; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject; - -/** - * Operation process of showing a grant. - */ -public class ShowGrantOperation extends DDLOperation { - private final ShowGrantDesc desc; - - public ShowGrantOperation(DDLOperationContext context, ShowGrantDesc desc) { - super(context); - this.desc = desc; - } - - @Override - public int execute() throws HiveException { - HiveAuthorizer authorizer = RoleUtils.getSessionAuthorizer(context.getConf()); - try { - List privInfos = authorizer.showPrivileges( - RoleUtils.getAuthorizationTranslator(authorizer).getHivePrincipal(desc.getPrincipalDesc()), - RoleUtils.getAuthorizationTranslator(authorizer).getHivePrivilegeObject(desc.getHiveObj())); - boolean testMode = context.getConf().getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST); - DDLUtils.writeToFile(writeGrantInfo(privInfos, testMode), desc.getResFile(), context); - } catch (IOException e) { - throw new HiveException("Error in show grant statement", e); - } - return 0; - } - - private String writeGrantInfo(List privileges, boolean testMode) { - if (CollectionUtils.isEmpty(privileges)) { - return ""; - } - - //sort the list to get sorted (deterministic) output (for ease of testing) - Collections.sort(privileges, new Comparator() { - @Override - public int compare(HivePrivilegeInfo o1, HivePrivilegeInfo o2) { - int compare = o1.getObject().compareTo(o2.getObject()); - if (compare == 0) { - compare = o1.getPrincipal().compareTo(o2.getPrincipal()); - } - if (compare == 0) { - compare = o1.getPrivilege().compareTo(o2.getPrivilege()); - } - return compare; - } - }); - - StringBuilder builder = new StringBuilder(); - for (HivePrivilegeInfo privilege : privileges) { - HivePrincipal principal = privilege.getPrincipal(); - HivePrivilegeObject resource = privilege.getObject(); - HivePrincipal grantor = privilege.getGrantorPrincipal(); - - DDLUtils.appendNonNull(builder, resource.getDbname(), true); - DDLUtils.appendNonNull(builder, resource.getObjectName()); - DDLUtils.appendNonNull(builder, resource.getPartKeys()); - DDLUtils.appendNonNull(builder, resource.getColumns()); - DDLUtils.appendNonNull(builder, principal.getName()); - DDLUtils.appendNonNull(builder, principal.getType()); - DDLUtils.appendNonNull(builder, privilege.getPrivilege().getName()); - DDLUtils.appendNonNull(builder, privilege.isGrantOption()); - DDLUtils.appendNonNull(builder, testMode ? -1 : privilege.getGrantTime() * 1000L); - DDLUtils.appendNonNull(builder, grantor.getName()); - } - return builder.toString(); - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowPrincipalsDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowPrincipalsDesc.java deleted file mode 100644 index e1392c9d8c..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowPrincipalsDesc.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import java.io.Serializable; - -import org.apache.hadoop.hive.ql.ddl.DDLDesc; -import org.apache.hadoop.hive.ql.ddl.DDLTask2; -import org.apache.hadoop.hive.ql.plan.Explain; -import org.apache.hadoop.hive.ql.plan.Explain.Level; - -/** - * DDL task description for SHOW PRINCIPALS commands. - */ -@Explain(displayName = "Show Principals", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) -public class ShowPrincipalsDesc implements DDLDesc, Serializable { - private static final long serialVersionUID = 1L; - - public static final String SCHEMA = - "principal_name,principal_type,grant_option,grantor,grantor_type,grant_time#" + - "string:string:boolean:string:string:bigint"; - - static { - DDLTask2.registerOperation(ShowPrincipalsDesc.class, ShowPrincipalsOperation.class); - } - - private final String name; - private final String resFile; - - public ShowPrincipalsDesc(String name, String resFile) { - this.name = name; - this.resFile = resFile; - } - - @Explain(displayName = "name", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) - public String getName() { - return name; - } - - public String getResFile() { - return resFile; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowPrincipalsOperation.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowPrincipalsOperation.java deleted file mode 100644 index 392142ba14..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowPrincipalsOperation.java +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; -import org.apache.hadoop.hive.ql.ddl.DDLUtils; - -import java.io.IOException; -import java.util.Collections; -import java.util.List; - -import org.apache.hadoop.hive.conf.HiveConf; -import org.apache.hadoop.hive.ql.ddl.DDLOperation; -import org.apache.hadoop.hive.ql.metadata.HiveException; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant; - -/** - * Operation process of showing the principals. - */ -public class ShowPrincipalsOperation extends DDLOperation { - private final ShowPrincipalsDesc desc; - - public ShowPrincipalsOperation(DDLOperationContext context, ShowPrincipalsDesc desc) { - super(context); - this.desc = desc; - } - - @Override - public int execute() throws HiveException, IOException { - HiveAuthorizer authorizer = RoleUtils.getSessionAuthorizer(context.getConf()); - boolean testMode = context.getConf().getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST); - List roleGrants = authorizer.getPrincipalGrantInfoForRole(desc.getName()); - DDLUtils.writeToFile(writeHiveRoleGrantInfo(roleGrants, testMode), desc.getResFile(), context); - - return 0; - } - - private String writeHiveRoleGrantInfo(List roleGrants, boolean testMode) { - if (roleGrants == null || roleGrants.isEmpty()) { - return ""; - } - StringBuilder builder = new StringBuilder(); - // sort the list to get sorted (deterministic) output (for ease of testing) - Collections.sort(roleGrants); - for (HiveRoleGrant roleGrant : roleGrants) { - // schema: principal_name,principal_type,grant_option,grantor,grantor_type,grant_time - DDLUtils.appendNonNull(builder, roleGrant.getPrincipalName(), true); - DDLUtils.appendNonNull(builder, roleGrant.getPrincipalType()); - DDLUtils.appendNonNull(builder, roleGrant.isGrantOption()); - DDLUtils.appendNonNull(builder, roleGrant.getGrantor()); - DDLUtils.appendNonNull(builder, roleGrant.getGrantorType()); - DDLUtils.appendNonNull(builder, testMode ? -1 : roleGrant.getGrantTime() * 1000L); - } - return builder.toString(); - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRoleGrantDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRoleGrantDesc.java deleted file mode 100644 index 3b713a125a..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRoleGrantDesc.java +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import java.io.Serializable; - -import org.apache.hadoop.hive.metastore.api.PrincipalType; -import org.apache.hadoop.hive.ql.ddl.DDLDesc; -import org.apache.hadoop.hive.ql.ddl.DDLTask2; -import org.apache.hadoop.hive.ql.plan.Explain; -import org.apache.hadoop.hive.ql.plan.Explain.Level; - -/** - * DDL task description for SHOW ROLE GRANT commands. - */ -@Explain(displayName = "Show Role Grant", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) -public class ShowRoleGrantDesc implements DDLDesc, Serializable { - private static final long serialVersionUID = 1L; - - public static final String SCHEMA = - "role,grant_option,grant_time,grantor#" + - "string:boolean:bigint:string"; - - static { - DDLTask2.registerOperation(ShowRoleGrantDesc.class, ShowRoleGrantOperation.class); - } - - private final String name; - private final PrincipalType principalType; - private final String resFile; - - public ShowRoleGrantDesc(String name, PrincipalType principalType, String resFile) { - this.name = name; - this.principalType = principalType; - this.resFile = resFile; - } - - @Explain(displayName = "name", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) - public String getName() { - return name; - } - - public PrincipalType getPrincipalType() { - return principalType; - } - - public String getResFile() { - return resFile; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRoleGrantOperation.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRoleGrantOperation.java deleted file mode 100644 index 178ea8e3bc..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRoleGrantOperation.java +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; -import org.apache.hadoop.hive.ql.ddl.DDLUtils; - -import java.io.IOException; -import java.util.Collections; -import java.util.List; - -import org.apache.hadoop.hive.conf.HiveConf; -import org.apache.hadoop.hive.ql.ddl.DDLOperation; -import org.apache.hadoop.hive.ql.metadata.HiveException; -import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant; - -/** - * Operation process of showing the role grants. - */ -public class ShowRoleGrantOperation extends DDLOperation { - private final ShowRoleGrantDesc desc; - - public ShowRoleGrantOperation(DDLOperationContext context, ShowRoleGrantDesc desc) { - super(context); - this.desc = desc; - } - - @Override - public int execute() throws HiveException, IOException { - HiveAuthorizer authorizer = RoleUtils.getSessionAuthorizer(context.getConf()); - boolean testMode = context.getConf().getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST); - List roles = authorizer.getRoleGrantInfoForPrincipal( - AuthorizationUtils.getHivePrincipal(desc.getName(), desc.getPrincipalType())); - DDLUtils.writeToFile(writeRolesGrantedInfo(roles, testMode), desc.getResFile(), context); - - return 0; - } - - private String writeRolesGrantedInfo(List roles, boolean testMode) { - if (roles == null || roles.isEmpty()) { - return ""; - } - StringBuilder builder = new StringBuilder(); - //sort the list to get sorted (deterministic) output (for ease of testing) - Collections.sort(roles); - for (HiveRoleGrant role : roles) { - DDLUtils.appendNonNull(builder, role.getRoleName(), true); - DDLUtils.appendNonNull(builder, role.isGrantOption()); - DDLUtils.appendNonNull(builder, testMode ? -1 : role.getGrantTime() * 1000L); - DDLUtils.appendNonNull(builder, role.getGrantor()); - } - return builder.toString(); - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRolesDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRolesDesc.java deleted file mode 100644 index 36a0b1aa14..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRolesDesc.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import java.io.Serializable; - -import org.apache.hadoop.hive.ql.ddl.DDLDesc; -import org.apache.hadoop.hive.ql.ddl.DDLTask2; -import org.apache.hadoop.hive.ql.plan.Explain; -import org.apache.hadoop.hive.ql.plan.Explain.Level; - -/** - * DDL task description for SHOW ROLES commands. - */ -@Explain(displayName = "Show Roles", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) -public class ShowRolesDesc implements DDLDesc, Serializable { - private static final long serialVersionUID = 1L; - - public static final String SCHEMA = "role#string"; - - static { - DDLTask2.registerOperation(ShowRolesDesc.class, ShowRolesOperation.class); - } - - private final String resFile; - - public ShowRolesDesc(String resFile) { - this.resFile = resFile; - } - - public String getResFile() { - return resFile; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRolesOperation.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRolesOperation.java deleted file mode 100644 index 22ca7f350d..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRolesOperation.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.hadoop.hive.ql.ddl.privilege; - -import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; - -import java.io.IOException; -import java.util.List; - -import org.apache.hadoop.hive.ql.ddl.DDLOperation; -import org.apache.hadoop.hive.ql.metadata.HiveException; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; - -/** - * Operation process of showing the roles. - */ -public class ShowRolesOperation extends DDLOperation { - private final ShowRolesDesc desc; - - public ShowRolesOperation(DDLOperationContext context, ShowRolesDesc desc) { - super(context); - this.desc = desc; - } - - @Override - public int execute() throws HiveException, IOException { - HiveAuthorizer authorizer = RoleUtils.getSessionAuthorizer(context.getConf()); - List allRoles = authorizer.getAllRoles(); - RoleUtils.writeListToFileAfterSort(allRoles, desc.getResFile(), context); - return 0; - } -} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/package-info.java ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/package-info.java deleted file mode 100644 index 596a803704..0000000000 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/package-info.java +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** Privilege related DDL operation descriptions and operations. */ -package org.apache.hadoop.hive.ql.ddl.privilege; diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/table/DescTableDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/table/DescTableDesc.java index bb533c2c85..0cfffd2032 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/table/DescTableDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/ddl/table/DescTableDesc.java @@ -35,14 +35,6 @@ public class DescTableDesc implements DDLDesc, Serializable { private static final long serialVersionUID = 1L; - private static final String SCHEMA = "col_name,data_type,comment#string:string:string"; - private static final String COL_STATS_SCHEMA = "col_name,data_type,min,max,num_nulls," + - "distinct_count,avg_col_len,max_col_len,num_trues,num_falses,bitVector,comment" + - "#string:string:string:string:string:string:string:string:string:string:string:string"; - public static String getSchema(boolean colStats) { - return colStats ? COL_STATS_SCHEMA : SCHEMA; - } - static { DDLTask2.registerOperation(DescTableDesc.class, DescTableOperation.class); } @@ -90,4 +82,19 @@ public boolean isExt() { public boolean isFormatted() { return isFormatted; } + + /** + * thrift ddl for the result of describe table. + */ + private static final String SCHEMA = "col_name,data_type,comment#string:string:string"; + private static final String COL_STATS_SCHEMA = "col_name,data_type,min,max,num_nulls," + + "distinct_count,avg_col_len,max_col_len,num_trues,num_falses,bitVector,comment" + + "#string:string:string:string:string:string:string:string:string:string:string:string"; + + public static String getSchema(boolean colStats) { + if (colStats) { + return COL_STATS_SCHEMA; + } + return SCHEMA; + } } diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowCreateTableDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowCreateTableDesc.java index a06f1fae5f..8fa1ef16aa 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowCreateTableDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowCreateTableDesc.java @@ -32,12 +32,15 @@ public class ShowCreateTableDesc implements DDLDesc, Serializable { private static final long serialVersionUID = 1L; - public static final String SCHEMA = "createtab_stmt#string"; - static { DDLTask2.registerOperation(ShowCreateTableDesc.class, ShowCreateTableOperation.class); } + /** + * Thrift ddl for the result of showcreatetable. + */ + public static final String SCHEMA = "createtab_stmt#string"; + private final String resFile; private final String tableName; diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowTablePropertiesDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowTablePropertiesDesc.java index 7ba1c2daef..72caa58607 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowTablePropertiesDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowTablePropertiesDesc.java @@ -32,12 +32,15 @@ public class ShowTablePropertiesDesc implements DDLDesc, Serializable { private static final long serialVersionUID = 1L; - public static final String SCHEMA = "prpt_name,prpt_value#string:string"; - static { DDLTask2.registerOperation(ShowTablePropertiesDesc.class, ShowTablePropertiesOperation.class); } + /** + * Thrift ddl for the result of showtblproperties. + */ + public static final String SCHEMA = "prpt_name,prpt_value#string:string"; + private final String resFile; private final String tableName; private final String propertyName; diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowTableStatusDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowTableStatusDesc.java index 6707350f34..8c312a0c5e 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowTableStatusDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowTableStatusDesc.java @@ -33,12 +33,15 @@ public class ShowTableStatusDesc implements DDLDesc, Serializable { private static final long serialVersionUID = 1L; - public static final String SCHEMA = "tab_name#string"; - static { DDLTask2.registerOperation(ShowTableStatusDesc.class, ShowTableStatusOperation.class); } + /** + * Thrift ddl for the result of show tables. + */ + public static final String SCHEMA = "tab_name#string"; + private final String resFile; private final String dbName; private final String pattern; diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowTablesDesc.java ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowTablesDesc.java index 9ec390483d..584433b0a0 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowTablesDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/ddl/table/ShowTablesDesc.java @@ -34,14 +34,26 @@ public class ShowTablesDesc implements DDLDesc, Serializable { private static final long serialVersionUID = 1L; - private static final String TABLES_VIEWS_SCHEMA = "tab_name#string"; - private static final String EXTENDED_TABLES_SCHEMA = "tab_name,table_type#string,string"; - private static final String MATERIALIZED_VIEWS_SCHEMA = "mv_name,rewrite_enabled,mode#string:string:string"; - static { DDLTask2.registerOperation(ShowTablesDesc.class, ShowTablesOperation.class); } + /** + * thrift ddl for the result of show tables and show views. + */ + private static final String TABLES_VIEWS_SCHEMA = "tab_name#string"; + + /** + * thrift ddl for the result of show extended tables. + */ + private static final String EXTENDED_TABLES_SCHEMA = "tab_name,table_type#string,string"; + + /** + * thrift ddl for the result of show tables. + */ + private static final String MATERIALIZED_VIEWS_SCHEMA = + "mv_name,rewrite_enabled,mode#string:string:string"; + private final String resFile; private final String dbName; private final String pattern; diff --git ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java index 13d7d6fcdb..7f0eb400d7 100644 --- ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java +++ ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java @@ -21,6 +21,7 @@ import java.io.DataOutputStream; import java.io.FileNotFoundException; import java.io.IOException; +import java.io.OutputStreamWriter; import java.io.Serializable; import java.net.URI; import java.net.URISyntaxException; @@ -43,6 +44,7 @@ import com.google.common.collect.Lists; import com.google.common.util.concurrent.ListenableFuture; import org.apache.commons.lang.StringUtils; +import org.apache.hadoop.fs.FSDataOutputStream; import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.FsShell; import org.apache.hadoop.fs.Path; @@ -68,6 +70,7 @@ import org.apache.hadoop.hive.metastore.api.MetaException; import org.apache.hadoop.hive.metastore.api.NoSuchObjectException; import org.apache.hadoop.hive.metastore.api.Order; +import org.apache.hadoop.hive.metastore.api.PrincipalType; import org.apache.hadoop.hive.metastore.api.ShowCompactResponse; import org.apache.hadoop.hive.metastore.api.ShowCompactResponseElement; import org.apache.hadoop.hive.metastore.api.ShowLocksRequest; @@ -146,6 +149,8 @@ import org.apache.hadoop.hive.ql.plan.DropWMPoolDesc; import org.apache.hadoop.hive.ql.plan.DropWMTriggerDesc; import org.apache.hadoop.hive.ql.plan.FileMergeDesc; +import org.apache.hadoop.hive.ql.plan.GrantDesc; +import org.apache.hadoop.hive.ql.plan.GrantRevokeRoleDDL; import org.apache.hadoop.hive.ql.plan.InsertCommitHookDesc; import org.apache.hadoop.hive.ql.plan.KillQueryDesc; import org.apache.hadoop.hive.ql.plan.ListBucketingCtx; @@ -154,12 +159,18 @@ import org.apache.hadoop.hive.ql.plan.MsckDesc; import org.apache.hadoop.hive.ql.plan.OperatorDesc; import org.apache.hadoop.hive.ql.plan.OrcFileMergeDesc; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; import org.apache.hadoop.hive.ql.plan.RCFileMergeDesc; import org.apache.hadoop.hive.ql.plan.RenamePartitionDesc; import org.apache.hadoop.hive.ql.plan.ReplRemoveFirstIncLoadPendFlagDesc; +import org.apache.hadoop.hive.ql.plan.RevokeDesc; +import org.apache.hadoop.hive.ql.plan.RoleDDLDesc; import org.apache.hadoop.hive.ql.plan.ShowColumnsDesc; import org.apache.hadoop.hive.ql.plan.ShowCompactionsDesc; import org.apache.hadoop.hive.ql.plan.ShowConfDesc; +import org.apache.hadoop.hive.ql.plan.ShowGrantDesc; import org.apache.hadoop.hive.ql.plan.ShowLocksDesc; import org.apache.hadoop.hive.ql.plan.ShowPartitionsDesc; import org.apache.hadoop.hive.ql.plan.ShowResourcePlanDesc; @@ -167,6 +178,17 @@ import org.apache.hadoop.hive.ql.plan.TezWork; import org.apache.hadoop.hive.ql.plan.api.StageType; import org.apache.hadoop.hive.ql.exec.repl.util.ReplUtils; +import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils; +import org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationTranslator; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationTranslator; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveV1Authorizer; import org.apache.hadoop.hive.ql.session.SessionState; import org.apache.hadoop.hive.ql.wm.ExecutionTrigger; import org.apache.hadoop.hive.serde2.Deserializer; @@ -209,6 +231,7 @@ private static String INTERMEDIATE_EXTRACTED_DIR_SUFFIX; private MetaDataFormatter formatter; + private final HiveAuthorizationTranslator defaultAuthorizationTranslator = new DefaultHiveAuthorizationTranslator(); @Override public boolean requireLock() { @@ -332,6 +355,35 @@ public int execute(DriverContext driverContext) { return showConf(db, showConf); } + RoleDDLDesc roleDDLDesc = work.getRoleDDLDesc(); + if (roleDDLDesc != null) { + return roleDDL(db, roleDDLDesc); + } + + GrantDesc grantDesc = work.getGrantDesc(); + if (grantDesc != null) { + return grantOrRevokePrivileges(db, grantDesc.getPrincipals(), grantDesc + .getPrivileges(), grantDesc.getPrivilegeSubjectDesc(), grantDesc.getGrantor(), + grantDesc.getGrantorType(), grantDesc.isGrantOption(), true); + } + + RevokeDesc revokeDesc = work.getRevokeDesc(); + if (revokeDesc != null) { + return grantOrRevokePrivileges(db, revokeDesc.getPrincipals(), revokeDesc + .getPrivileges(), revokeDesc.getPrivilegeSubjectDesc(), null, null, + revokeDesc.isGrantOption(), false); + } + + ShowGrantDesc showGrantDesc = work.getShowGrantDesc(); + if (showGrantDesc != null) { + return showGrants(db, showGrantDesc); + } + + GrantRevokeRoleDDL grantOrRevokeRoleDDL = work.getGrantRevokeRoleDDL(); + if (grantOrRevokeRoleDDL != null) { + return grantOrRevokeRole(db, grantOrRevokeRoleDDL); + } + AlterTablePartMergeFilesDesc mergeFilesDesc = work.getMergeFilesDesc(); if (mergeFilesDesc != null) { return mergeFiles(db, mergeFilesDesc, driverContext); @@ -763,6 +815,165 @@ private int mergeFiles(Hive db, AlterTablePartMergeFilesDesc mergeFilesDesc, return ret; } + private HiveAuthorizer getSessionAuthorizer(Hive db) { + HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2(); + if (authorizer == null) { + authorizer = new HiveV1Authorizer(conf, db); + } + return authorizer; + } + + private int grantOrRevokeRole(Hive db, GrantRevokeRoleDDL grantOrRevokeRoleDDL) + throws HiveException { + HiveAuthorizer authorizer = getSessionAuthorizer(db); + //convert to the types needed for plugin api + HivePrincipal grantorPrinc = null; + if(grantOrRevokeRoleDDL.getGrantor() != null){ + grantorPrinc = new HivePrincipal(grantOrRevokeRoleDDL.getGrantor(), + AuthorizationUtils.getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType())); + } + List principals = AuthorizationUtils.getHivePrincipals( + grantOrRevokeRoleDDL.getPrincipalDesc(), getAuthorizationTranslator(authorizer)); + List roles = grantOrRevokeRoleDDL.getRoles(); + + boolean grantOption = grantOrRevokeRoleDDL.isGrantOption(); + if (grantOrRevokeRoleDDL.getGrant()) { + authorizer.grantRole(principals, roles, grantOption, grantorPrinc); + } else { + authorizer.revokeRole(principals, roles, grantOption, grantorPrinc); + } + return 0; + } + + private HiveAuthorizationTranslator getAuthorizationTranslator(HiveAuthorizer authorizer) + throws HiveAuthzPluginException { + if (authorizer.getHiveAuthorizationTranslator() == null) { + return defaultAuthorizationTranslator; + } else { + return (HiveAuthorizationTranslator)authorizer.getHiveAuthorizationTranslator(); + } + } + + private int showGrants(Hive db, ShowGrantDesc showGrantDesc) throws HiveException { + + HiveAuthorizer authorizer = getSessionAuthorizer(db); + try { + List privInfos = authorizer.showPrivileges( + getAuthorizationTranslator(authorizer).getHivePrincipal(showGrantDesc.getPrincipalDesc()), + getAuthorizationTranslator(authorizer).getHivePrivilegeObject(showGrantDesc.getHiveObj())); + boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST); + writeToFile(writeGrantInfo(privInfos, testMode), showGrantDesc.getResFile()); + } catch (IOException e) { + throw new HiveException("Error in show grant statement", e); + } + return 0; + } + + private int grantOrRevokePrivileges(Hive db, List principals, + List privileges, PrivilegeObjectDesc privSubjectDesc, + String grantor, PrincipalType grantorType, boolean grantOption, boolean isGrant) + throws HiveException { + + HiveAuthorizer authorizer = getSessionAuthorizer(db); + + //Convert to object types used by the authorization plugin interface + List hivePrincipals = AuthorizationUtils.getHivePrincipals( + principals, getAuthorizationTranslator(authorizer)); + List hivePrivileges = AuthorizationUtils.getHivePrivileges( + privileges, getAuthorizationTranslator(authorizer)); + HivePrivilegeObject hivePrivObject = getAuthorizationTranslator(authorizer) + .getHivePrivilegeObject(privSubjectDesc); + + HivePrincipal grantorPrincipal = new HivePrincipal( + grantor, AuthorizationUtils.getHivePrincipalType(grantorType)); + + if(isGrant){ + authorizer.grantPrivileges(hivePrincipals, hivePrivileges, hivePrivObject, + grantorPrincipal, grantOption); + }else { + authorizer.revokePrivileges(hivePrincipals, hivePrivileges, + hivePrivObject, grantorPrincipal, grantOption); + } + //no exception thrown, so looks good + return 0; + } + + private int roleDDL(Hive db, RoleDDLDesc roleDDLDesc) throws Exception { + HiveAuthorizer authorizer = getSessionAuthorizer(db); + RoleDDLDesc.RoleOperation operation = roleDDLDesc.getOperation(); + //call the appropriate hive authorizer function + switch(operation){ + case CREATE_ROLE: + authorizer.createRole(roleDDLDesc.getName(), null); + break; + case DROP_ROLE: + authorizer.dropRole(roleDDLDesc.getName()); + break; + case SHOW_ROLE_GRANT: + boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST); + List roles = authorizer.getRoleGrantInfoForPrincipal( + AuthorizationUtils.getHivePrincipal(roleDDLDesc.getName(), roleDDLDesc.getPrincipalType())); + writeToFile(writeRolesGrantedInfo(roles, testMode), roleDDLDesc.getResFile()); + break; + case SHOW_ROLES: + List allRoles = authorizer.getAllRoles(); + writeListToFileAfterSort(allRoles, roleDDLDesc.getResFile()); + break; + case SHOW_CURRENT_ROLE: + List roleNames = authorizer.getCurrentRoleNames(); + writeListToFileAfterSort(roleNames, roleDDLDesc.getResFile()); + break; + case SET_ROLE: + authorizer.setCurrentRole(roleDDLDesc.getName()); + break; + case SHOW_ROLE_PRINCIPALS: + testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST); + List roleGrants = authorizer.getPrincipalGrantInfoForRole(roleDDLDesc.getName()); + writeToFile(writeHiveRoleGrantInfo(roleGrants, testMode), roleDDLDesc.getResFile()); + break; + default: + throw new HiveException("Unkown role operation " + + operation.getOperationName()); + } + + return 0; + } + + private String writeHiveRoleGrantInfo(List roleGrants, boolean testMode) { + if (roleGrants == null || roleGrants.isEmpty()) { + return ""; + } + StringBuilder builder = new StringBuilder(); + // sort the list to get sorted (deterministic) output (for ease of testing) + Collections.sort(roleGrants); + for (HiveRoleGrant roleGrant : roleGrants) { + // schema: + // principal_name,principal_type,grant_option,grantor,grantor_type,grant_time + appendNonNull(builder, roleGrant.getPrincipalName(), true); + appendNonNull(builder, roleGrant.getPrincipalType()); + appendNonNull(builder, roleGrant.isGrantOption()); + appendNonNull(builder, roleGrant.getGrantor()); + appendNonNull(builder, roleGrant.getGrantorType()); + appendNonNull(builder, testMode ? -1 : roleGrant.getGrantTime() * 1000L); + } + return builder.toString(); + } + + /** + * Write list of string entries into given file + * @param entries + * @param resFile + * @throws IOException + */ + private void writeListToFileAfterSort(List entries, String resFile) throws IOException { + Collections.sort(entries); + StringBuilder sb = new StringBuilder(); + for(String entry : entries){ + appendNonNull(sb, entry, true); + } + writeToFile(sb.toString(), resFile); + } + /** * Add a partitions to a table. * @@ -2108,6 +2319,93 @@ private int killQuery(Hive db, KillQueryDesc desc) throws HiveException { return 0; } + private void writeToFile(String data, String file) throws IOException { + Path resFile = new Path(file); + FileSystem fs = resFile.getFileSystem(conf); + FSDataOutputStream out = fs.create(resFile); + try { + if (data != null && !data.isEmpty()) { + OutputStreamWriter writer = new OutputStreamWriter(out, "UTF-8"); + writer.write(data); + writer.write((char) terminator); + writer.flush(); + } + } finally { + IOUtils.closeStream(out); + } + } + + private String writeGrantInfo(List privileges, boolean testMode) { + if (privileges == null || privileges.isEmpty()) { + return ""; + } + StringBuilder builder = new StringBuilder(); + //sort the list to get sorted (deterministic) output (for ease of testing) + Collections.sort(privileges, new Comparator() { + @Override + public int compare(HivePrivilegeInfo o1, HivePrivilegeInfo o2) { + int compare = o1.getObject().compareTo(o2.getObject()); + if (compare == 0) { + compare = o1.getPrincipal().compareTo(o2.getPrincipal()); + } + if (compare == 0) { + compare = o1.getPrivilege().compareTo(o2.getPrivilege()); + } + return compare; + } + }); + + for (HivePrivilegeInfo privilege : privileges) { + HivePrincipal principal = privilege.getPrincipal(); + HivePrivilegeObject resource = privilege.getObject(); + HivePrincipal grantor = privilege.getGrantorPrincipal(); + + appendNonNull(builder, resource.getDbname(), true); + appendNonNull(builder, resource.getObjectName()); + appendNonNull(builder, resource.getPartKeys()); + appendNonNull(builder, resource.getColumns()); + appendNonNull(builder, principal.getName()); + appendNonNull(builder, principal.getType()); + appendNonNull(builder, privilege.getPrivilege().getName()); + appendNonNull(builder, privilege.isGrantOption()); + appendNonNull(builder, testMode ? -1 : privilege.getGrantTime() * 1000L); + appendNonNull(builder, grantor.getName()); + } + return builder.toString(); + } + + private String writeRolesGrantedInfo(List roles, boolean testMode) { + if (roles == null || roles.isEmpty()) { + return ""; + } + StringBuilder builder = new StringBuilder(); + //sort the list to get sorted (deterministic) output (for ease of testing) + Collections.sort(roles); + for (HiveRoleGrant role : roles) { + appendNonNull(builder, role.getRoleName(), true); + appendNonNull(builder, role.isGrantOption()); + appendNonNull(builder, testMode ? -1 : role.getGrantTime() * 1000L); + appendNonNull(builder, role.getGrantor()); + } + return builder.toString(); + } + + private StringBuilder appendNonNull(StringBuilder builder, Object value) { + return appendNonNull(builder, value, false); + } + + private StringBuilder appendNonNull(StringBuilder builder, Object value, boolean firstColumn) { + if (!firstColumn) { + builder.append((char)separator); + } else if (builder.length() > 0) { + builder.append((char)terminator); + } + if (value != null) { + builder.append(value); + } + return builder; + } + /** * Alter a given table. * diff --git ql/src/java/org/apache/hadoop/hive/ql/exec/repl/bootstrap/load/LoadDatabase.java ql/src/java/org/apache/hadoop/hive/ql/exec/repl/bootstrap/load/LoadDatabase.java index 343789584b..c892b40224 100644 --- ql/src/java/org/apache/hadoop/hive/ql/exec/repl/bootstrap/load/LoadDatabase.java +++ ql/src/java/org/apache/hadoop/hive/ql/exec/repl/bootstrap/load/LoadDatabase.java @@ -23,7 +23,6 @@ import org.apache.hadoop.hive.ql.ddl.DDLWork2; import org.apache.hadoop.hive.ql.ddl.database.AlterDatabaseDesc; import org.apache.hadoop.hive.ql.ddl.database.CreateDatabaseDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; import org.apache.hadoop.hive.ql.exec.Task; import org.apache.hadoop.hive.ql.exec.TaskFactory; import org.apache.hadoop.hive.ql.exec.repl.bootstrap.events.DatabaseEvent; @@ -32,6 +31,7 @@ import org.apache.hadoop.hive.ql.metadata.HiveException; import org.apache.hadoop.hive.ql.parse.ReplicationSpec; import org.apache.hadoop.hive.ql.parse.SemanticException; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; import org.apache.hadoop.hive.ql.exec.repl.util.ReplUtils; import org.apache.hadoop.hive.ql.exec.repl.util.ReplUtils.ReplLoadOpType; diff --git ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java index d2c3f7b1a6..d187d197a0 100644 --- ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java +++ ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java @@ -83,11 +83,6 @@ import org.apache.hadoop.hive.ql.ddl.database.UnlockDatabaseDesc; import org.apache.hadoop.hive.ql.ddl.function.DescFunctionDesc; import org.apache.hadoop.hive.ql.ddl.function.ShowFunctionsDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowGrantDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowPrincipalsDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowRoleGrantDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowRolesDesc; import org.apache.hadoop.hive.ql.ddl.table.DescTableDesc; import org.apache.hadoop.hive.ql.ddl.table.DropTableDesc; import org.apache.hadoop.hive.ql.ddl.table.LockTableDesc; @@ -162,10 +157,13 @@ import org.apache.hadoop.hive.ql.plan.MoveWork; import org.apache.hadoop.hive.ql.plan.MsckDesc; import org.apache.hadoop.hive.ql.plan.PlanUtils; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; import org.apache.hadoop.hive.ql.plan.RenamePartitionDesc; +import org.apache.hadoop.hive.ql.plan.RoleDDLDesc; import org.apache.hadoop.hive.ql.plan.ShowColumnsDesc; import org.apache.hadoop.hive.ql.plan.ShowCompactionsDesc; import org.apache.hadoop.hive.ql.plan.ShowConfDesc; +import org.apache.hadoop.hive.ql.plan.ShowGrantDesc; import org.apache.hadoop.hive.ql.plan.ShowLocksDesc; import org.apache.hadoop.hive.ql.plan.ShowPartitionsDesc; import org.apache.hadoop.hive.ql.plan.ShowResourcePlanDesc; @@ -668,18 +666,20 @@ private void analyzeAlterTableUpdateStats(ASTNode ast, String tblName, Map roleDDLTask = (Task) hiveAuthorizationTaskFactory + Task roleDDLTask = (Task) hiveAuthorizationTaskFactory .createShowRolePrincipalsTask(ast, ctx.getResFile(), getInputs(), getOutputs()); if (roleDDLTask != null) { rootTasks.add(roleDDLTask); - setFetchTask(createFetchTask(ShowPrincipalsDesc.SCHEMA)); + setFetchTask(createFetchTask(RoleDDLDesc.getShowRolePrincipalsSchema())); } } @@ -762,7 +762,7 @@ private void analyzeShowRoles(ASTNode ast) throws SemanticException { if (roleDDLTask != null) { rootTasks.add(roleDDLTask); - setFetchTask(createFetchTask(ShowRolesDesc.SCHEMA)); + setFetchTask(createFetchTask(RoleDDLDesc.getRoleNameSchema())); } } @@ -1605,6 +1605,7 @@ private void analyzeTruncateTable(ASTNode ast) throws SemanticException { LoadTableDesc ltd = new LoadTableDesc(queryTmpdir, tblDesc, partSpec == null ? new HashMap<>() : partSpec); ltd.setLbCtx(lbCtx); + @SuppressWarnings("unchecked") Task moveTsk = TaskFactory.get(new MoveWork(null, null, ltd, null, false)); truncateTask.addDependentTask(moveTsk); @@ -2800,7 +2801,7 @@ private void analyzeShowFunctions(ASTNode ast) throws SemanticException { showFuncsDesc = new ShowFunctionsDesc(ctx.getResFile()); } rootTasks.add(TaskFactory.get(new DDLWork2(getInputs(), getOutputs(), showFuncsDesc))); - setFetchTask(createFetchTask(ShowFunctionsDesc.SCHEMA)); + setFetchTask(createFetchTask(ShowFunctionsDesc.getSchema())); } /** @@ -3153,7 +3154,7 @@ private void analyzeDescFunction(ASTNode ast) throws SemanticException { DescFunctionDesc descFuncDesc = new DescFunctionDesc(ctx.getResFile(), funcName, isExtended); rootTasks.add(TaskFactory.get(new DDLWork2(getInputs(), getOutputs(), descFuncDesc))); - setFetchTask(createFetchTask(DescFunctionDesc.SCHEMA)); + setFetchTask(createFetchTask(DescFunctionDesc.getSchema())); } @@ -4110,7 +4111,7 @@ private void analyzeAltertableSkewedby(String[] qualified, ASTNode ast) throws S * Throw an error if the user tries to use the DDL with * hive.internal.ddl.list.bucketing.enable set to false. */ - SessionState.get().getConf(); + HiveConf hiveConf = SessionState.get().getConf(); Table tab = getTable(qualified); @@ -4254,7 +4255,7 @@ private void analyzeAlterTableSkewedLocation(ASTNode ast, String tableName, * Throw an error if the user tries to use the DDL with * hive.internal.ddl.list.bucketing.enable set to false. */ - SessionState.get().getConf(); + HiveConf hiveConf = SessionState.get().getConf(); /** * Retrieve mappings from parser */ diff --git ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationParseUtils.java ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationParseUtils.java index c8f1246e86..de5c90769a 100644 --- ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationParseUtils.java +++ ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationParseUtils.java @@ -21,10 +21,10 @@ import java.util.List; import org.apache.hadoop.hive.metastore.api.PrincipalType; -import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; import org.apache.hadoop.hive.ql.parse.ASTNode; import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer; import org.apache.hadoop.hive.ql.parse.HiveParser; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; /** * Utility functions for creating objects relevant for authorization operations diff --git ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java index 61b60680dc..18ed6fb418 100644 --- ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java +++ ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java @@ -27,22 +27,6 @@ import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.metastore.api.PrincipalType; import org.apache.hadoop.hive.ql.ErrorMsg; -import org.apache.hadoop.hive.ql.ddl.DDLWork2; -import org.apache.hadoop.hive.ql.ddl.privilege.CreateRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.DropRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.GrantDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.GrantRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeObjectDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.RevokeDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.RevokeRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.SetRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowCurrentRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowGrantDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowPrincipalsDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowRoleGrantDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowRolesDesc; import org.apache.hadoop.hive.ql.exec.Task; import org.apache.hadoop.hive.ql.exec.TaskFactory; import org.apache.hadoop.hive.ql.hooks.ReadEntity; @@ -56,6 +40,16 @@ import org.apache.hadoop.hive.ql.parse.DDLSemanticAnalyzer; import org.apache.hadoop.hive.ql.parse.HiveParser; import org.apache.hadoop.hive.ql.parse.SemanticException; +import org.apache.hadoop.hive.ql.plan.DDLWork; +import org.apache.hadoop.hive.ql.plan.GrantDesc; +import org.apache.hadoop.hive.ql.plan.GrantRevokeRoleDDL; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; +import org.apache.hadoop.hive.ql.plan.RevokeDesc; +import org.apache.hadoop.hive.ql.plan.RoleDDLDesc; +import org.apache.hadoop.hive.ql.plan.RoleDDLDesc.RoleOperation; +import org.apache.hadoop.hive.ql.plan.ShowGrantDesc; import org.apache.hadoop.hive.ql.security.authorization.Privilege; import org.apache.hadoop.hive.ql.security.authorization.PrivilegeRegistry; import org.apache.hadoop.hive.ql.security.authorization.PrivilegeType; @@ -76,15 +70,15 @@ public HiveAuthorizationTaskFactoryImpl(HiveConf conf, Hive db) { public Task createCreateRoleTask(ASTNode ast, HashSet inputs, HashSet outputs) { String roleName = BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(0).getText()); - CreateRoleDesc createRoleDesc = new CreateRoleDesc(roleName); - return TaskFactory.get(new DDLWork2(inputs, outputs, createRoleDesc)); + RoleDDLDesc roleDesc = new RoleDDLDesc(roleName, PrincipalType.ROLE, RoleDDLDesc.RoleOperation.CREATE_ROLE, null); + return TaskFactory.get(new DDLWork(inputs, outputs, roleDesc)); } @Override public Task createDropRoleTask(ASTNode ast, HashSet inputs, HashSet outputs) { String roleName = BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(0).getText()); - DropRoleDesc dropRoleDesc = new DropRoleDesc(roleName); - return TaskFactory.get(new DDLWork2(inputs, outputs, dropRoleDesc)); + RoleDDLDesc roleDesc = new RoleDDLDesc(roleName, PrincipalType.ROLE, RoleDDLDesc.RoleOperation.DROP_ROLE, null); + return TaskFactory.get(new DDLWork(inputs, outputs, roleDesc)); } @Override public Task createShowRoleGrantTask(ASTNode ast, Path resultFile, @@ -103,8 +97,10 @@ public HiveAuthorizationTaskFactoryImpl(HiveConf conf, Hive db) { break; } String principalName = BaseSemanticAnalyzer.unescapeIdentifier(child.getChild(0).getText()); - ShowRoleGrantDesc showRoleGrantDesc = new ShowRoleGrantDesc(principalName, principalType, resultFile.toString()); - return TaskFactory.get(new DDLWork2(inputs, outputs, showRoleGrantDesc)); + RoleDDLDesc roleDesc = new RoleDDLDesc(principalName, principalType, + RoleDDLDesc.RoleOperation.SHOW_ROLE_GRANT, null); + roleDesc.setResFile(resultFile.toString()); + return TaskFactory.get(new DDLWork(inputs, outputs, roleDesc)); } @Override public Task createGrantTask(ASTNode ast, HashSet inputs, @@ -131,7 +127,7 @@ public HiveAuthorizationTaskFactoryImpl(HiveConf conf, Hive db) { GrantDesc grantDesc = new GrantDesc(privilegeObj, privilegeDesc, principalDesc, userName, PrincipalType.USER, grantOption); - return TaskFactory.get(new DDLWork2(inputs, outputs, grantDesc)); + return TaskFactory.get(new DDLWork(inputs, outputs, grantDesc)); } @Override @@ -150,7 +146,12 @@ public HiveAuthorizationTaskFactoryImpl(HiveConf conf, Hive db) { } } RevokeDesc revokeDesc = new RevokeDesc(privilegeDesc, principalDesc, hiveObj, grantOption); - return TaskFactory.get(new DDLWork2(inputs, outputs, revokeDesc)); + return TaskFactory.get(new DDLWork(inputs, outputs, revokeDesc)); + } + @Override + public Task createGrantRoleTask(ASTNode ast, HashSet inputs, + HashSet outputs) { + return analyzeGrantRevokeRole(true, ast, inputs, outputs); } @Override public Task createShowGrantTask(ASTNode ast, Path resultFile, HashSet inputs, @@ -170,20 +171,17 @@ public HiveAuthorizationTaskFactoryImpl(HiveConf conf, Hive db) { if (param != null) { if (param.getType() == HiveParser.TOK_RESOURCE_ALL) { - privHiveObj = new PrivilegeObjectDesc(true, null, null, null); + privHiveObj = new PrivilegeObjectDesc(); } else if (param.getType() == HiveParser.TOK_PRIV_OBJECT_COL) { privHiveObj = parsePrivObject(param); } } - ShowGrantDesc showGrant = new ShowGrantDesc(resultFile.toString(), principalDesc, privHiveObj); - return TaskFactory.get(new DDLWork2(inputs, outputs, showGrant)); - } - @Override - public Task createGrantRoleTask(ASTNode ast, HashSet inputs, - HashSet outputs) { - return analyzeGrantRevokeRole(true, ast, inputs, outputs); + ShowGrantDesc showGrant = new ShowGrantDesc(resultFile.toString(), + principalDesc, privHiveObj); + return TaskFactory.get(new DDLWork(inputs, outputs, showGrant)); } + @Override public Task createRevokeRoleTask(ASTNode ast, HashSet inputs, HashSet outputs) { @@ -213,13 +211,10 @@ public HiveAuthorizationTaskFactoryImpl(HiveConf conf, Hive db) { //until change is made to use the admin option. Default to false with V2 authorization - if (isGrant) { - GrantRoleDesc grantRoleDesc = new GrantRoleDesc(roles, principalDesc, roleOwnerName, isAdmin); - return TaskFactory.get(new DDLWork2(inputs, outputs, grantRoleDesc)); - } else { - RevokeRoleDesc revokeRoleDesc = new RevokeRoleDesc(roles, principalDesc, roleOwnerName, isAdmin); - return TaskFactory.get(new DDLWork2(inputs, outputs, revokeRoleDesc)); - } + + GrantRevokeRoleDDL grantRevokeRoleDDL = new GrantRevokeRoleDDL(isGrant, + roles, principalDesc, roleOwnerName, PrincipalType.USER, isAdmin); + return TaskFactory.get(new DDLWork(inputs, outputs, grantRevokeRoleDDL)); } private PrivilegeObjectDesc analyzePrivilegeObject(ASTNode ast, @@ -242,33 +237,29 @@ private PrivilegeObjectDesc analyzePrivilegeObject(ASTNode ast, } protected PrivilegeObjectDesc parsePrivObject(ASTNode ast) throws SemanticException { - boolean isTable; - String object = null; - Map partSpec = null; - List columns = null; - + PrivilegeObjectDesc subject = new PrivilegeObjectDesc(); ASTNode child = (ASTNode) ast.getChild(0); ASTNode gchild = (ASTNode)child.getChild(0); if (child.getType() == HiveParser.TOK_TABLE_TYPE) { - isTable = true; + subject.setTable(true); String[] qualified = BaseSemanticAnalyzer.getQualifiedTableName(gchild); - object = BaseSemanticAnalyzer.getDotName(qualified); + subject.setObject(BaseSemanticAnalyzer.getDotName(qualified)); } else if (child.getType() == HiveParser.TOK_URI_TYPE || child.getType() == HiveParser.TOK_SERVER_TYPE) { throw new SemanticException("Hive authorization does not support the URI or SERVER objects"); } else { - isTable = false; - object = BaseSemanticAnalyzer.unescapeIdentifier(gchild.getText()); + subject.setTable(false); + subject.setObject(BaseSemanticAnalyzer.unescapeIdentifier(gchild.getText())); } //if partition spec node is present, set partition spec for (int i = 1; i < child.getChildCount(); i++) { gchild = (ASTNode) child.getChild(i); if (gchild.getType() == HiveParser.TOK_PARTSPEC) { - partSpec = DDLSemanticAnalyzer.getPartSpec(gchild); + subject.setPartSpec(DDLSemanticAnalyzer.getPartSpec(gchild)); } else if (gchild.getType() == HiveParser.TOK_TABCOLNAME) { - columns = BaseSemanticAnalyzer.getColumnNames(gchild); + subject.setColumns(BaseSemanticAnalyzer.getColumnNames(gchild)); } } - return new PrivilegeObjectDesc(isTable, object, partSpec, columns); + return subject; } private List analyzePrivilegeListDef(ASTNode node) @@ -338,16 +329,17 @@ private String toMessage(ErrorMsg message, Object detail) { public Task createSetRoleTask(String roleName, HashSet inputs, HashSet outputs) throws SemanticException { - SetRoleDesc setRoleDesc = new SetRoleDesc(roleName); - return TaskFactory.get(new DDLWork2(inputs, outputs, setRoleDesc)); + return TaskFactory.get(new DDLWork(inputs, outputs, new RoleDDLDesc(roleName, PrincipalType.ROLE, + RoleDDLDesc.RoleOperation.SET_ROLE, null))); } @Override public Task createShowCurrentRoleTask( HashSet inputs, HashSet outputs, Path resFile) throws SemanticException { - ShowCurrentRoleDesc showCurrentRoleDesc = new ShowCurrentRoleDesc(resFile.toString()); - return TaskFactory.get(new DDLWork2(inputs, outputs, showCurrentRoleDesc)); + RoleDDLDesc ddlDesc = new RoleDDLDesc(null, RoleDDLDesc.RoleOperation.SHOW_CURRENT_ROLE); + ddlDesc.setResFile(resFile.toString()); + return TaskFactory.get(new DDLWork(inputs, outputs, ddlDesc)); } @Override @@ -362,15 +354,19 @@ private String toMessage(ErrorMsg message, Object detail) { throw new AssertionError("Unexpected Tokens in SHOW ROLE PRINCIPALS"); } - ShowPrincipalsDesc showPrincipalsDesc = new ShowPrincipalsDesc(roleName, resFile.toString()); - return TaskFactory.get(new DDLWork2(inputs, outputs, showPrincipalsDesc)); + RoleDDLDesc roleDDLDesc = new RoleDDLDesc(roleName, PrincipalType.ROLE, + RoleOperation.SHOW_ROLE_PRINCIPALS, null); + roleDDLDesc.setResFile(resFile.toString()); + return TaskFactory.get(new DDLWork(inputs, outputs, roleDDLDesc)); } @Override public Task createShowRolesTask(ASTNode ast, Path resFile, HashSet inputs, HashSet outputs) throws SemanticException { - ShowRolesDesc showRolesDesc = new ShowRolesDesc(resFile.toString()); - return TaskFactory.get(new DDLWork2(inputs, outputs, showRolesDesc)); + RoleDDLDesc showRolesDesc = new RoleDDLDesc(null, null, RoleDDLDesc.RoleOperation.SHOW_ROLES, + null); + showRolesDesc.setResFile(resFile.toString()); + return TaskFactory.get(new DDLWork(inputs, outputs, showRolesDesc)); } } diff --git ql/src/java/org/apache/hadoop/hive/ql/parse/repl/load/message/AlterDatabaseHandler.java ql/src/java/org/apache/hadoop/hive/ql/parse/repl/load/message/AlterDatabaseHandler.java index edeaaa26e4..7162375cdf 100644 --- ql/src/java/org/apache/hadoop/hive/ql/parse/repl/load/message/AlterDatabaseHandler.java +++ ql/src/java/org/apache/hadoop/hive/ql/parse/repl/load/message/AlterDatabaseHandler.java @@ -22,13 +22,13 @@ import org.apache.hadoop.hive.metastore.messaging.AlterDatabaseMessage; import org.apache.hadoop.hive.ql.ddl.DDLWork2; import org.apache.hadoop.hive.ql.ddl.database.AlterDatabaseDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; import org.apache.hadoop.hive.ql.exec.Task; import org.apache.hadoop.hive.ql.exec.TaskFactory; import org.apache.hadoop.hive.ql.exec.repl.util.ReplUtils; import org.apache.hadoop.hive.ql.parse.ReplicationSpec; import org.apache.hadoop.hive.ql.parse.SemanticException; import org.apache.hadoop.hive.ql.parse.repl.dump.Utils; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; import java.io.Serializable; import java.util.Collections; diff --git ql/src/java/org/apache/hadoop/hive/ql/parse/repl/load/message/CreateDatabaseHandler.java ql/src/java/org/apache/hadoop/hive/ql/parse/repl/load/message/CreateDatabaseHandler.java index b81aa2db4d..41b6db6e9d 100644 --- ql/src/java/org/apache/hadoop/hive/ql/parse/repl/load/message/CreateDatabaseHandler.java +++ ql/src/java/org/apache/hadoop/hive/ql/parse/repl/load/message/CreateDatabaseHandler.java @@ -26,12 +26,12 @@ import org.apache.hadoop.hive.ql.ddl.DDLWork2; import org.apache.hadoop.hive.ql.ddl.database.AlterDatabaseDesc; import org.apache.hadoop.hive.ql.ddl.database.CreateDatabaseDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; import org.apache.hadoop.hive.ql.exec.Task; import org.apache.hadoop.hive.ql.exec.TaskFactory; import org.apache.hadoop.hive.ql.parse.EximUtil; import org.apache.hadoop.hive.ql.parse.SemanticException; import org.apache.hadoop.hive.ql.parse.repl.load.MetaData; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; import java.io.IOException; import java.io.Serializable; diff --git ql/src/java/org/apache/hadoop/hive/ql/plan/AlterTableDesc.java ql/src/java/org/apache/hadoop/hive/ql/plan/AlterTableDesc.java index 8603521041..d70353e358 100644 --- ql/src/java/org/apache/hadoop/hive/ql/plan/AlterTableDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/plan/AlterTableDesc.java @@ -29,7 +29,6 @@ import org.apache.hadoop.hive.metastore.api.SQLNotNullConstraint; import org.apache.hadoop.hive.metastore.api.SQLPrimaryKey; import org.apache.hadoop.hive.metastore.api.SQLUniqueConstraint; -import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; import org.apache.hadoop.hive.ql.exec.Utilities; import org.apache.hadoop.hive.ql.metadata.Table; import org.apache.hadoop.hive.ql.parse.ParseUtils; diff --git ql/src/java/org/apache/hadoop/hive/ql/plan/DDLWork.java ql/src/java/org/apache/hadoop/hive/ql/plan/DDLWork.java index e6f3a6f917..c3863e19a7 100644 --- ql/src/java/org/apache/hadoop/hive/ql/plan/DDLWork.java +++ ql/src/java/org/apache/hadoop/hive/ql/plan/DDLWork.java @@ -50,6 +50,12 @@ private AlterTableExchangePartition alterTableExchangePartition; private KillQueryDesc killQueryDesc; + private RoleDDLDesc roleDDLDesc; + private GrantDesc grantDesc; + private ShowGrantDesc showGrantDesc; + private RevokeDesc revokeDesc; + private GrantRevokeRoleDDL grantRevokeRoleDDL; + private ShowConfDesc showConfDesc; private CreateResourcePlanDesc createResourcePlanDesc; @@ -204,6 +210,36 @@ public DDLWork(HashSet inputs, HashSet outputs, msckDesc = checkDesc; } + public DDLWork(HashSet inputs, HashSet outputs, + RoleDDLDesc roleDDLDesc) { + this(inputs, outputs); + this.roleDDLDesc = roleDDLDesc; + } + + public DDLWork(HashSet inputs, HashSet outputs, + GrantDesc grantDesc) { + this(inputs, outputs); + this.grantDesc = grantDesc; + } + + public DDLWork(HashSet inputs, HashSet outputs, + ShowGrantDesc showGrant) { + this(inputs, outputs); + this.showGrantDesc = showGrant; + } + + public DDLWork(HashSet inputs, HashSet outputs, + RevokeDesc revokeDesc) { + this(inputs, outputs); + this.revokeDesc = revokeDesc; + } + + public DDLWork(HashSet inputs, HashSet outputs, + GrantRevokeRoleDDL grantRevokeRoleDDL) { + this(inputs, outputs); + this.grantRevokeRoleDDL = grantRevokeRoleDDL; + } + public DDLWork(HashSet inputs, HashSet outputs, AlterTablePartMergeFilesDesc mergeDesc) { this(inputs, outputs); @@ -416,6 +452,35 @@ public MsckDesc getMsckDesc() { return outputs; } + /** + * @return role ddl desc + */ + public RoleDDLDesc getRoleDDLDesc() { + return roleDDLDesc; + } + + /** + * @return grant desc + */ + public GrantDesc getGrantDesc() { + return grantDesc; + } + + /** + * @return show grant desc + */ + public ShowGrantDesc getShowGrantDesc() { + return showGrantDesc; + } + + public RevokeDesc getRevokeDesc() { + return revokeDesc; + } + + public GrantRevokeRoleDDL getGrantRevokeRoleDDL() { + return grantRevokeRoleDDL; + } + /** * @return descriptor for merging files */ diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantDesc.java ql/src/java/org/apache/hadoop/hive/ql/plan/GrantDesc.java similarity index 54% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/plan/GrantDesc.java index 0cd7f1e8a2..b5f9a69093 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/plan/GrantDesc.java @@ -16,70 +16,118 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.plan; import java.io.Serializable; import java.util.List; import org.apache.hadoop.hive.metastore.api.PrincipalType; -import org.apache.hadoop.hive.ql.ddl.DDLDesc; -import org.apache.hadoop.hive.ql.ddl.DDLTask2; -import org.apache.hadoop.hive.ql.plan.Explain; import org.apache.hadoop.hive.ql.plan.Explain.Level; -/** - * DDL task description for GRANT commands. - */ + @Explain(displayName = "Grant", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) -public class GrantDesc implements DDLDesc, Serializable, Cloneable { +public class GrantDesc extends DDLDesc implements Serializable, Cloneable { + private static final long serialVersionUID = 1L; - static { - DDLTask2.registerOperation(GrantDesc.class, GrantOperation.class); - } + private List privileges; + + private List principals; - private final PrivilegeObjectDesc privilegeSubject; - private final List privileges; - private final List principals; - private final String grantor; - private final PrincipalType grantorType; - private final boolean grantOption; + private boolean grantOption; + + private String grantor; + + private PrincipalType grantorType; - public GrantDesc(PrivilegeObjectDesc privilegeSubject, List privileges, List principals, + private PrivilegeObjectDesc privilegeSubjectDesc; + + public GrantDesc(PrivilegeObjectDesc privilegeSubject, + List privilegeDesc, List principalDesc, String grantor, PrincipalType grantorType, boolean grantOption) { - this.privilegeSubject = privilegeSubject; - this.privileges = privileges; - this.principals = principals; + super(); + this.privilegeSubjectDesc = privilegeSubject; + this.privileges = privilegeDesc; + this.principals = principalDesc; this.grantor = grantor; this.grantorType = grantorType; this.grantOption = grantOption; } - @Explain(skipHeader = true, explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) - public PrivilegeObjectDesc getPrivilegeSubject() { - return privilegeSubject; - } - + /** + * @return privileges + */ @Explain(displayName = "Privileges", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) public List getPrivileges() { return privileges; } + /** + * @param privileges + */ + public void setPrivileges(List privileges) { + this.privileges = privileges; + } + + /** + * @return principals + */ @Explain(displayName = "Principals", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) public List getPrincipals() { return principals; } + /** + * @param principals + */ + public void setPrincipals(List principals) { + this.principals = principals; + } + + /** + * @return grant option + */ + @Explain(displayName = "grant option", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) + public boolean isGrantOption() { + return grantOption; + } + + /** + * @param grantOption + */ + public void setGrantOption(boolean grantOption) { + this.grantOption = grantOption; + } + + /** + * @return privilege subject + */ + @Explain(displayName="privilege subject", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) + public PrivilegeObjectDesc getPrivilegeSubjectDesc() { + return privilegeSubjectDesc; + } + + /** + * @param privilegeSubjectDesc + */ + public void setPrivilegeSubjectDesc(PrivilegeObjectDesc privilegeSubjectDesc) { + this.privilegeSubjectDesc = privilegeSubjectDesc; + } + public String getGrantor() { return grantor; } + public void setGrantor(String grantor) { + this.grantor = grantor; + } + public PrincipalType getGrantorType() { return grantorType; } - @Explain(displayName = "grant option", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) - public boolean isGrantOption() { - return grantOption; + public void setGrantorType(PrincipalType grantorType) { + this.grantorType = grantorType; } + } diff --git ql/src/java/org/apache/hadoop/hive/ql/plan/GrantRevokeRoleDDL.java ql/src/java/org/apache/hadoop/hive/ql/plan/GrantRevokeRoleDDL.java new file mode 100644 index 0000000000..07529d9627 --- /dev/null +++ ql/src/java/org/apache/hadoop/hive/ql/plan/GrantRevokeRoleDDL.java @@ -0,0 +1,117 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.plan; + +import java.util.List; + +import org.apache.hadoop.hive.metastore.api.PrincipalType; +import org.apache.hadoop.hive.ql.plan.Explain.Level; + + +@Explain(displayName="grant or revoke roles", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) +public class GrantRevokeRoleDDL { + + private boolean grant; + + private List principalDesc; + + private List roles; + + private String grantor; + + private PrincipalType grantorType; + + private boolean grantOption; + + public GrantRevokeRoleDDL() { + } + + public GrantRevokeRoleDDL(boolean grant, List roles, + List principalDesc, String grantor, + PrincipalType grantorType, boolean grantOption) { + super(); + this.grant = grant; + this.principalDesc = principalDesc; + this.roles = roles; + this.grantor = grantor; + this.grantorType = grantorType; + this.grantOption = grantOption; + } + + /** + * @return grant or revoke privileges + */ + @Explain(displayName="grant (or revoke)", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) + public boolean getGrant() { + return grant; + } + + public void setGrant(boolean grant) { + this.grant = grant; + } + + /** + * @return a list of principals + */ + @Explain(displayName="principals", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) + public List getPrincipalDesc() { + return principalDesc; + } + + public void setPrincipalDesc(List principalDesc) { + this.principalDesc = principalDesc; + } + + /** + * @return a list of roles + */ + @Explain(displayName="roles", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) + public List getRoles() { + return roles; + } + + public void setRoles(List roles) { + this.roles = roles; + } + + public String getGrantor() { + return grantor; + } + + public void setGrantor(String grantor) { + this.grantor = grantor; + } + + public PrincipalType getGrantorType() { + return grantorType; + } + + public void setGrantorType(PrincipalType grantorType) { + this.grantorType = grantorType; + } + + public boolean isGrantOption() { + return grantOption; + } + + public void setGrantOption(boolean grantOption) { + this.grantOption = grantOption; + } + +} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/PrincipalDesc.java ql/src/java/org/apache/hadoop/hive/ql/plan/PrincipalDesc.java similarity index 84% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/PrincipalDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/plan/PrincipalDesc.java index 9c7b095edb..1d82b1902c 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/PrincipalDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/plan/PrincipalDesc.java @@ -16,36 +16,49 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.plan; import java.io.Serializable; import org.apache.hadoop.hive.metastore.api.PrincipalType; -import org.apache.hadoop.hive.ql.plan.Explain; import org.apache.hadoop.hive.ql.plan.Explain.Level; -/** - * Represents a database principal. - */ + @Explain(displayName = "Principal", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) public class PrincipalDesc implements Serializable, Cloneable { + private static final long serialVersionUID = 1L; - private final String name; - private final PrincipalType type; + private String name; + + private PrincipalType type; public PrincipalDesc(String name, PrincipalType type) { + super(); this.name = name; this.type = type; } + public PrincipalDesc() { + super(); + } + @Explain(displayName="name", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) public String getName() { return name; } + public void setName(String name) { + this.name = name; + } + @Explain(displayName="type", explainLevels = { Level.EXTENDED }) public PrincipalType getType() { return type; } + + public void setType(PrincipalType type) { + this.type = type; + } + } diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/PrivilegeDesc.java ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeDesc.java similarity index 76% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/PrivilegeDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeDesc.java index 0b308ccb61..1cb328a845 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/PrivilegeDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeDesc.java @@ -16,24 +16,22 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.plan; import java.io.Serializable; import java.util.List; import org.apache.hadoop.hive.ql.security.authorization.Privilege; -import org.apache.hadoop.hive.ql.plan.Explain; import org.apache.hadoop.hive.ql.plan.Explain.Level; -/** - * Represents a database privilege. - */ + @Explain(displayName = "Privilege", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) public class PrivilegeDesc implements Serializable, Cloneable { private static final long serialVersionUID = 1L; - - private final Privilege privilege; - private final List columns; + + private Privilege privilege; + + private List columns; public PrivilegeDesc(Privilege privilege, List columns) { super(); @@ -41,13 +39,38 @@ public PrivilegeDesc(Privilege privilege, List columns) { this.columns = columns; } + public PrivilegeDesc() { + super(); + } + + /** + * @return privilege definition + */ @Explain(displayName = "privilege", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) public Privilege getPrivilege() { return privilege; } + /** + * @param privilege + */ + public void setPrivilege(Privilege privilege) { + this.privilege = privilege; + } + + /** + * @return columns on which the given privilege take affect. + */ @Explain(displayName = "columns", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) public List getColumns() { return columns; } + + /** + * @param columns + */ + public void setColumns(List columns) { + this.columns = columns; + } + } diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/PrivilegeObjectDesc.java ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeObjectDesc.java similarity index 66% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/PrivilegeObjectDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeObjectDesc.java index 785cddd304..f18a51b998 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/PrivilegeObjectDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeObjectDesc.java @@ -16,32 +16,34 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.plan; -import java.io.Serializable; +import java.util.HashMap; import java.util.List; -import java.util.Map; - -import org.apache.hadoop.hive.ql.plan.Explain; import org.apache.hadoop.hive.ql.plan.Explain.Level; -/** - * Represents a privilege object. - */ + @Explain(displayName="privilege subject", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) -public class PrivilegeObjectDesc implements Serializable { - private static final long serialVersionUID = 1L; +public class PrivilegeObjectDesc { + + //default type is table + private boolean table = true; + + private String object; + + private HashMap partSpec; - private final boolean table; - private final String object; - private final Map partSpec; - private final List columns; + private List columns; - public PrivilegeObjectDesc(boolean isTable, String object, Map partSpec, List columns) { + public PrivilegeObjectDesc(boolean isTable, String object, + HashMap partSpec) { + super(); this.table = isTable; this.object = object; this.partSpec = partSpec; - this.columns = columns; + } + + public PrivilegeObjectDesc() { } @Explain(displayName="is table") @@ -49,17 +51,33 @@ public boolean getTable() { return table; } + public void setTable(boolean isTable) { + this.table = isTable; + } + @Explain(displayName="object", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) public String getObject() { return object; } + public void setObject(String object) { + this.object = object; + } + @Explain(displayName="partition spec", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) - public Map getPartSpec() { + public HashMap getPartSpec() { return partSpec; } + public void setPartSpec(HashMap partSpec) { + this.partSpec = partSpec; + } + public List getColumns() { return columns; } + + public void setColumns(List columns) { + this.columns = columns; + } } diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeDesc.java ql/src/java/org/apache/hadoop/hive/ql/plan/RevokeDesc.java similarity index 52% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/plan/RevokeDesc.java index dd873c799a..0e0db1f22c 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/plan/RevokeDesc.java @@ -16,56 +16,73 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.plan; import java.io.Serializable; import java.util.List; - -import org.apache.hadoop.hive.ql.ddl.DDLDesc; -import org.apache.hadoop.hive.ql.ddl.DDLTask2; -import org.apache.hadoop.hive.ql.plan.Explain; import org.apache.hadoop.hive.ql.plan.Explain.Level; -/** - * DDL task description for REVOKE commands. - */ + @Explain(displayName="Revoke", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) -public class RevokeDesc implements DDLDesc, Serializable, Cloneable { +public class RevokeDesc extends DDLDesc implements Serializable, Cloneable { + private static final long serialVersionUID = 1L; - static { - DDLTask2.registerOperation(RevokeDesc.class, RevokeOperation.class); + private List privileges; + + private List principals; + + private PrivilegeObjectDesc privilegeSubjectDesc; + + private boolean grantOption; + + public RevokeDesc(){ } - private final List privileges; - private final List principals; - private final PrivilegeObjectDesc privilegeSubject; - private final boolean grantOption; + public RevokeDesc(List privileges, + List principals, PrivilegeObjectDesc privilegeSubjectDesc) { + this(privileges, principals, privilegeSubjectDesc, false); + } - public RevokeDesc(List privileges, List principals, - PrivilegeObjectDesc privilegeSubject, boolean grantOption) { + public RevokeDesc(List privileges, + List principals, PrivilegeObjectDesc privilegeSubjectDesc, boolean grantOption) { + super(); this.privileges = privileges; this.principals = principals; - this.privilegeSubject = privilegeSubject; + this.privilegeSubjectDesc = privilegeSubjectDesc; this.grantOption = grantOption; } - @Explain(displayName = "Privileges", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) public List getPrivileges() { return privileges; } - @Explain(displayName = "Principals", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) + public void setPrivileges(List privileges) { + this.privileges = privileges; + } + public List getPrincipals() { return principals; } - @Explain(skipHeader = true, explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) - public PrivilegeObjectDesc getPrivilegeSubject() { - return privilegeSubject; + public void setPrincipals(List principals) { + this.principals = principals; + } + + public PrivilegeObjectDesc getPrivilegeSubjectDesc() { + return privilegeSubjectDesc; + } + + public void setPrivilegeSubjectDesc(PrivilegeObjectDesc privilegeSubjectDesc) { + this.privilegeSubjectDesc = privilegeSubjectDesc; } public boolean isGrantOption() { return grantOption; } + + public void setGrantOption(boolean grantOption) { + this.grantOption = grantOption; + } + } diff --git ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java new file mode 100644 index 0000000000..afe7faf7fc --- /dev/null +++ ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java @@ -0,0 +1,159 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.plan; + +import java.io.Serializable; + +import org.apache.hadoop.hive.metastore.api.PrincipalType; +import org.apache.hadoop.hive.ql.plan.Explain.Level; + + +@Explain(displayName = "Create Role", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) +public class RoleDDLDesc extends DDLDesc implements Serializable { + + private static final long serialVersionUID = 1L; + + private String name; + + private PrincipalType principalType; + + private boolean group; + + private RoleOperation operation; + + private String resFile; + + private String roleOwnerName; + + /** + * thrift ddl for the result of show roles. + */ + private static final String roleNameSchema = "role#string"; + + /** + * thrift ddl for the result of show role grant principalName + */ + private static final String roleShowGrantSchema = + "role,grant_option,grant_time,grantor#" + + "string:boolean:bigint:string"; + + /** + * thrift ddl for the result of describe role roleName + */ + private static final String roleShowRolePrincipals = + "principal_name,principal_type,grant_option,grantor,grantor_type,grant_time#" + + "string:string:boolean:string:string:bigint"; + + public static String getRoleNameSchema() { + return roleNameSchema; + } + + public static String getRoleShowGrantSchema() { + return roleShowGrantSchema; + } + + public static String getShowRolePrincipalsSchema() { + return roleShowRolePrincipals; + } + + public static enum RoleOperation { + DROP_ROLE("drop_role"), CREATE_ROLE("create_role"), SHOW_ROLE_GRANT("show_role_grant"), + SHOW_ROLES("show_roles"), SET_ROLE("set_role"), SHOW_CURRENT_ROLE("show_current_role"), + SHOW_ROLE_PRINCIPALS("show_role_principals"); + private String operationName; + + private RoleOperation() { + } + + private RoleOperation(String operationName) { + this.operationName = operationName; + } + + public String getOperationName() { + return operationName; + } + + @Override + public String toString () { + return this.operationName; + } + } + + public RoleDDLDesc(){ + } + + public RoleDDLDesc(String roleName, RoleOperation operation) { + this(roleName, PrincipalType.USER, operation, null); + } + + public RoleDDLDesc(String principalName, PrincipalType principalType, + RoleOperation operation, String roleOwnerName) { + this.name = principalName; + this.principalType = principalType; + this.operation = operation; + this.roleOwnerName = roleOwnerName; + } + + @Explain(displayName = "name", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) + public String getName() { + return name; + } + + @Explain(displayName = "role operation", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) + public RoleOperation getOperation() { + return operation; + } + + public void setOperation(RoleOperation operation) { + this.operation = operation; + } + + public PrincipalType getPrincipalType() { + return principalType; + } + + public void setPrincipalType(PrincipalType principalType) { + this.principalType = principalType; + } + + public boolean getGroup() { + return group; + } + + public void setGroup(boolean group) { + this.group = group; + } + + public String getResFile() { + return resFile; + } + + public void setResFile(String resFile) { + this.resFile = resFile; + } + + public String getRoleOwnerName() { + return roleOwnerName; + } + + public void setRoleOwnerName(String roleOwnerName) { + this.roleOwnerName = roleOwnerName; + } + +} diff --git ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowGrantDesc.java ql/src/java/org/apache/hadoop/hive/ql/plan/ShowGrantDesc.java similarity index 58% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowGrantDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/plan/ShowGrantDesc.java index c5c8fe4a2c..23d786f9f4 100644 --- ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowGrantDesc.java +++ ql/src/java/org/apache/hadoop/hive/ql/plan/ShowGrantDesc.java @@ -15,47 +15,64 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; -import org.apache.hadoop.hive.ql.ddl.DDLDesc; -import org.apache.hadoop.hive.ql.ddl.DDLTask2; -import org.apache.hadoop.hive.ql.plan.Explain; +package org.apache.hadoop.hive.ql.plan; import org.apache.hadoop.hive.ql.plan.Explain.Level; -/** - * DDL task description for SHOW GRANT commands. - */ -@Explain(displayName="Show grant desc", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) -public class ShowGrantDesc implements DDLDesc { - public static final String SCHEMA = + +@Explain(displayName="show grant desc", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) +public class ShowGrantDesc { + + private PrincipalDesc principalDesc; + + private PrivilegeObjectDesc hiveObj; + + private String resFile; + + /** + * thrift ddl for the result of show grant. + */ + private static final String tabularSchema = "database,table,partition,column,principal_name,principal_type,privilege," + "grant_option,grant_time,grantor#" + "string:string:string:string:string:string:string:boolean:bigint:string"; - static { - DDLTask2.registerOperation(ShowGrantDesc.class, ShowGrantOperation.class); + public ShowGrantDesc(){ } - - private final String resFile; - private final PrincipalDesc principal; - private final PrivilegeObjectDesc hiveObj; - - public ShowGrantDesc(String resFile, PrincipalDesc principal, PrivilegeObjectDesc hiveObj) { + + public ShowGrantDesc(String resFile, PrincipalDesc principalDesc, + PrivilegeObjectDesc subjectObj) { this.resFile = resFile; - this.principal = principal; - this.hiveObj = hiveObj; + this.principalDesc = principalDesc; + this.hiveObj = subjectObj; + } + + public static String getSchema() { + return tabularSchema; } @Explain(displayName="principal desc", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) public PrincipalDesc getPrincipalDesc() { - return principal; + return principalDesc; + } + + public void setPrincipalDesc(PrincipalDesc principalDesc) { + this.principalDesc = principalDesc; } - @Explain(skipHeader = true, explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) + @Explain(displayName="object", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) public PrivilegeObjectDesc getHiveObj() { return hiveObj; } + public void setHiveObj(PrivilegeObjectDesc subjectObj) { + this.hiveObj = subjectObj; + } + public String getResFile() { return resFile; } + + public void setResFile(String resFile) { + this.resFile = resFile; + } } diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java index fbf8189498..f690422bfe 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java @@ -27,15 +27,15 @@ import org.apache.hadoop.hive.metastore.api.PrincipalType; import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo; import org.apache.hadoop.hive.ql.ErrorMsg; -import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeObjectDesc; import org.apache.hadoop.hive.ql.exec.Utilities; import org.apache.hadoop.hive.ql.hooks.Entity; import org.apache.hadoop.hive.ql.hooks.Entity.Type; import org.apache.hadoop.hive.ql.hooks.WriteEntity; import org.apache.hadoop.hive.ql.hooks.WriteEntity.WriteType; import org.apache.hadoop.hive.ql.metadata.HiveException; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationTranslator; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal.HivePrincipalType; diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java index 537b9de5db..853dcf8a81 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java @@ -20,11 +20,11 @@ import java.util.ArrayList; import java.util.List; -import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeObjectDesc; import org.apache.hadoop.hive.ql.exec.Utilities; import org.apache.hadoop.hive.ql.metadata.HiveException; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationTranslator; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege; diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java index a8afcd64d6..1e9c639460 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java @@ -22,9 +22,6 @@ import java.util.EnumSet; import java.util.List; -import org.apache.hadoop.hive.ql.plan.Explain; -import org.apache.hadoop.hive.ql.plan.Explain.Level; - /** * Privilege defines a privilege in Hive. Each privilege has a name and scope associated with it. * This class contains all of the predefined privileges in Hive. @@ -47,7 +44,6 @@ public Privilege(PrivilegeType priv) { } - @Explain(skipHeader = true, explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) public PrivilegeType getPriv() { return priv; } diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeType.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeType.java index 4dd67f4f10..7037f2c0ed 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeType.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeType.java @@ -22,8 +22,6 @@ import java.util.Map; import org.apache.hadoop.hive.ql.parse.HiveParser; -import org.apache.hadoop.hive.ql.plan.Explain; -import org.apache.hadoop.hive.ql.plan.Explain.Level; /** * Privilege type @@ -51,7 +49,6 @@ } @Override - @Explain(displayName = "type", explainLevels = { Level.USER, Level.DEFAULT, Level.EXTENDED }) public String toString(){ return name == null ? "unkown" : name; } diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java index a0e5d66bfc..29ce9ed299 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java @@ -19,10 +19,10 @@ import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate; import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving; -import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeObjectDesc; import org.apache.hadoop.hive.ql.metadata.HiveException; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; /** * This interface has functions that provide the ability to customize the translation diff --git ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java index 68f73800b4..fed0d0116e 100644 --- ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java +++ ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java @@ -21,13 +21,14 @@ import org.apache.hadoop.hive.ql.Context; import org.apache.hadoop.hive.ql.QueryState; -import org.apache.hadoop.hive.ql.ddl.DDLWork2; import org.apache.hadoop.hive.ql.exec.Task; import org.apache.hadoop.hive.ql.metadata.Hive; import org.apache.hadoop.hive.ql.parse.ASTNode; import org.apache.hadoop.hive.ql.parse.DDLSemanticAnalyzer; import org.apache.hadoop.hive.ql.parse.ParseUtils; +import org.apache.hadoop.hive.ql.plan.DDLWork; import org.apache.hadoop.hive.ql.session.SessionState; + import org.junit.Assert; /** @@ -35,15 +36,31 @@ */ public class AuthorizationTestUtil { - public static DDLWork2 analyze(ASTNode ast, QueryState queryState, Hive db) throws Exception { + /** + * Create DDLWork from given ast + * @param ast + * @param conf + * @param db + * @return + * @throws Exception + */ + public static DDLWork analyze(ASTNode ast, QueryState queryState, Hive db) throws Exception { DDLSemanticAnalyzer analyzer = new DDLSemanticAnalyzer(queryState, db); SessionState.start(queryState.getConf()); analyzer.analyze(ast, new Context(queryState.getConf())); List> rootTasks = analyzer.getRootTasks(); - return (DDLWork2) inList(rootTasks).ofSize(1).get(0).getWork(); + return (DDLWork) inList(rootTasks).ofSize(1).get(0).getWork(); } - public static DDLWork2 analyze(String command, QueryState queryState, Hive db) throws Exception { + /** + * Create DDLWork from given command string + * @param command + * @param conf + * @param db + * @return + * @throws Exception + */ + public static DDLWork analyze(String command, QueryState queryState, Hive db) throws Exception { return analyze(parse(command), queryState, db); } diff --git ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java index b194cc3b67..a15fd5d0c0 100644 --- ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java +++ ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java @@ -17,15 +17,17 @@ */ package org.apache.hadoop.hive.ql.parse.authorization; +import org.junit.Assert; + +import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.metastore.api.PrincipalType; import org.apache.hadoop.hive.ql.QueryState; -import org.apache.hadoop.hive.ql.ddl.DDLWork2; -import org.apache.hadoop.hive.ql.ddl.privilege.GrantDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeDesc; import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.plan.DDLWork; +import org.apache.hadoop.hive.ql.plan.GrantDesc; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; import org.apache.hadoop.hive.ql.security.authorization.PrivilegeType; -import org.junit.Assert; public class PrivilegesTestBase { protected static final String DB = "default"; @@ -35,9 +37,8 @@ public static void grantUserTable(String privStr, PrivilegeType privType, QueryState queryState, Hive db) throws Exception { - DDLWork2 work = AuthorizationTestUtil.analyze( - "GRANT " + privStr + " ON TABLE " + TABLE + " TO USER " + USER, queryState, db); - GrantDesc grantDesc = (GrantDesc)work.getDDLDesc(); + DDLWork work = AuthorizationTestUtil.analyze("GRANT " + privStr + " ON TABLE " + TABLE + " TO USER " + USER, queryState, db); + GrantDesc grantDesc = work.getGrantDesc(); Assert.assertNotNull("Grant should not be null", grantDesc); //check privileges @@ -50,8 +51,8 @@ public static void grantUserTable(String privStr, PrivilegeType privType, QueryS Assert.assertEquals(PrincipalType.USER, principal.getType()); Assert.assertEquals(USER, principal.getName()); } - Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubject().getTable()); - Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubject().getObject()); + Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable()); + Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject()); } } diff --git ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java index e7a1bd6156..9a8c032623 100644 --- ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java +++ ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java @@ -24,25 +24,26 @@ import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.conf.HiveConf.ConfVars; import org.apache.hadoop.hive.metastore.api.PrincipalType; +import org.apache.hadoop.hive.ql.Context; import org.apache.hadoop.hive.ql.QueryState; -import org.apache.hadoop.hive.ql.ddl.DDLWork2; -import org.apache.hadoop.hive.ql.ddl.privilege.CreateRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.DropRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.GrantDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.GrantRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeObjectDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.RevokeDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.RevokeRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowGrantDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowRoleGrantDesc; import org.apache.hadoop.hive.ql.metadata.Hive; import org.apache.hadoop.hive.ql.metadata.Partition; import org.apache.hadoop.hive.ql.metadata.Table; import org.apache.hadoop.hive.ql.parse.ASTNode; +import org.apache.hadoop.hive.ql.parse.DDLSemanticAnalyzer; import org.apache.hadoop.hive.ql.parse.HiveParser; +import org.apache.hadoop.hive.ql.parse.ParseDriver; import org.apache.hadoop.hive.ql.parse.SemanticException; +import org.apache.hadoop.hive.ql.plan.DDLWork; +import org.apache.hadoop.hive.ql.plan.GrantDesc; +import org.apache.hadoop.hive.ql.plan.GrantRevokeRoleDDL; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; +import org.apache.hadoop.hive.ql.plan.RevokeDesc; +import org.apache.hadoop.hive.ql.plan.RoleDDLDesc; +import org.apache.hadoop.hive.ql.plan.RoleDDLDesc.RoleOperation; +import org.apache.hadoop.hive.ql.plan.ShowGrantDesc; import org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator; import org.apache.hadoop.hive.ql.security.authorization.Privilege; import org.apache.hadoop.hive.ql.session.SessionState; @@ -87,7 +88,10 @@ public static void reset() { private static final String ROLE = "role1"; private static final String USER = "user1"; + private ParseDriver parseDriver; + private DDLSemanticAnalyzer analyzer; private QueryState queryState; + private Context context; private String currentUser; private Hive db; private Table table; @@ -106,6 +110,9 @@ public void setup() throws Exception { table = new Table(DB, TABLE); partition = new Partition(table); SessionState.start(conf); + context = new Context(conf); + parseDriver = new ParseDriver(); + analyzer = new DDLSemanticAnalyzer(queryState, db); Mockito.when(db.getTable(DB, TABLE, false)).thenReturn(table); Mockito.when(db.getTable(TABLE_QNAME, false)).thenReturn(table); Mockito.when(db.getPartition(table, new HashMap(), false)) @@ -121,9 +128,11 @@ public void setup() throws Exception { */ @Test public void testCreateRole() throws Exception { - DDLWork2 work = analyze("CREATE ROLE " + ROLE); - CreateRoleDesc roleDesc = (CreateRoleDesc)work.getDDLDesc(); + DDLWork work = analyze("CREATE ROLE " + ROLE); + RoleDDLDesc roleDesc = work.getRoleDDLDesc(); Assert.assertNotNull("Role should not be null", roleDesc); + Assert.assertEquals(RoleOperation.CREATE_ROLE, roleDesc.getOperation()); + Assert.assertFalse("Did not expect a group", roleDesc.getGroup()); Assert.assertEquals(ROLE, roleDesc.getName()); } /** @@ -131,9 +140,11 @@ public void testCreateRole() throws Exception { */ @Test public void testDropRole() throws Exception { - DDLWork2 work = analyze("DROp ROLE " + ROLE); - DropRoleDesc roleDesc = (DropRoleDesc)work.getDDLDesc(); + DDLWork work = analyze("DROp ROLE " + ROLE); + RoleDDLDesc roleDesc = work.getRoleDDLDesc(); Assert.assertNotNull("Role should not be null", roleDesc); + Assert.assertEquals(RoleOperation.DROP_ROLE, roleDesc.getOperation()); + Assert.assertFalse("Did not expect a group", roleDesc.getGroup()); Assert.assertEquals(ROLE, roleDesc.getName()); } /** @@ -141,8 +152,8 @@ public void testDropRole() throws Exception { */ @Test public void testGrantUserTable() throws Exception { - DDLWork2 work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO USER " + USER); - GrantDesc grantDesc = (GrantDesc)work.getDDLDesc(); + DDLWork work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO USER " + USER); + GrantDesc grantDesc = work.getGrantDesc(); Assert.assertNotNull("Grant should not be null", grantDesc); for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { Assert.assertEquals(PrincipalType.USER, principal.getType()); @@ -151,16 +162,16 @@ public void testGrantUserTable() throws Exception { for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) { Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege()); } - Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubject().getTable()); - Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubject().getObject()); + Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable()); + Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject()); } /** * GRANT ... ON TABLE ... TO ROLE ... */ @Test public void testGrantRoleTable() throws Exception { - DDLWork2 work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO ROLE " + ROLE); - GrantDesc grantDesc = (GrantDesc)work.getDDLDesc(); + DDLWork work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO ROLE " + ROLE); + GrantDesc grantDesc = work.getGrantDesc(); Assert.assertNotNull("Grant should not be null", grantDesc); for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { Assert.assertEquals(PrincipalType.ROLE, principal.getType()); @@ -169,16 +180,16 @@ public void testGrantRoleTable() throws Exception { for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) { Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege()); } - Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubject().getTable()); - Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubject().getObject()); + Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable()); + Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject()); } /** * GRANT ... ON TABLE ... TO GROUP ... */ @Test public void testGrantGroupTable() throws Exception { - DDLWork2 work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO GROUP " + GROUP); - GrantDesc grantDesc = (GrantDesc)work.getDDLDesc(); + DDLWork work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO GROUP " + GROUP); + GrantDesc grantDesc = work.getGrantDesc(); Assert.assertNotNull("Grant should not be null", grantDesc); for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { Assert.assertEquals(PrincipalType.GROUP, principal.getType()); @@ -187,16 +198,16 @@ public void testGrantGroupTable() throws Exception { for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) { Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege()); } - Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubject().getTable()); - Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubject().getObject()); + Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable()); + Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject()); } /** * REVOKE ... ON TABLE ... FROM USER ... */ @Test public void testRevokeUserTable() throws Exception { - DDLWork2 work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM USER " + USER); - RevokeDesc grantDesc = (RevokeDesc)work.getDDLDesc(); + DDLWork work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM USER " + USER); + RevokeDesc grantDesc = work.getRevokeDesc(); Assert.assertNotNull("Revoke should not be null", grantDesc); for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { Assert.assertEquals(PrincipalType.USER, principal.getType()); @@ -205,16 +216,16 @@ public void testRevokeUserTable() throws Exception { for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) { Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege()); } - Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubject().getTable()); - Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubject().getObject()); + Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable()); + Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject()); } /** * REVOKE ... ON TABLE ... FROM ROLE ... */ @Test public void testRevokeRoleTable() throws Exception { - DDLWork2 work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM ROLE " + ROLE); - RevokeDesc grantDesc = (RevokeDesc)work.getDDLDesc(); + DDLWork work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM ROLE " + ROLE); + RevokeDesc grantDesc = work.getRevokeDesc(); Assert.assertNotNull("Revoke should not be null", grantDesc); for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { Assert.assertEquals(PrincipalType.ROLE, principal.getType()); @@ -223,16 +234,16 @@ public void testRevokeRoleTable() throws Exception { for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) { Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege()); } - Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubject().getTable()); - Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubject().getObject()); + Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable()); + Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject()); } /** * REVOKE ... ON TABLE ... FROM GROUP ... */ @Test public void testRevokeGroupTable() throws Exception { - DDLWork2 work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM GROUP " + GROUP); - RevokeDesc grantDesc = (RevokeDesc)work.getDDLDesc(); + DDLWork work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM GROUP " + GROUP); + RevokeDesc grantDesc = work.getRevokeDesc(); Assert.assertNotNull("Revoke should not be null", grantDesc); for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { Assert.assertEquals(PrincipalType.GROUP, principal.getType()); @@ -241,23 +252,25 @@ public void testRevokeGroupTable() throws Exception { for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) { Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege()); } - Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubject().getTable()); - Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubject().getObject()); + Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable()); + Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject()); } /** * GRANT ROLE ... TO USER ... */ @Test public void testGrantRoleUser() throws Exception { - DDLWork2 work = analyze("GRANT ROLE " + ROLE + " TO USER " + USER); - GrantRoleDesc grantDesc = (GrantRoleDesc)work.getDDLDesc(); + DDLWork work = analyze("GRANT ROLE " + ROLE + " TO USER " + USER); + GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL(); Assert.assertNotNull("Grant should not be null", grantDesc); + Assert.assertTrue("Expected grant ", grantDesc.getGrant()); Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption()); Assert.assertEquals(currentUser, grantDesc.getGrantor()); + Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType()); for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) { Assert.assertEquals(ROLE, role); } - for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { + for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) { Assert.assertEquals(PrincipalType.USER, principal.getType()); Assert.assertEquals(USER, principal.getName()); } @@ -267,15 +280,17 @@ public void testGrantRoleUser() throws Exception { */ @Test public void testGrantRoleRole() throws Exception { - DDLWork2 work = analyze("GRANT ROLE " + ROLE + " TO ROLE " + ROLE); - GrantRoleDesc grantDesc = (GrantRoleDesc)work.getDDLDesc(); + DDLWork work = analyze("GRANT ROLE " + ROLE + " TO ROLE " + ROLE); + GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL(); Assert.assertNotNull("Grant should not be null", grantDesc); + Assert.assertTrue("Expected grant ", grantDesc.getGrant()); Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption()); Assert.assertEquals(currentUser, grantDesc.getGrantor()); + Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType()); for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) { Assert.assertEquals(ROLE, role); } - for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { + for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) { Assert.assertEquals(PrincipalType.ROLE, principal.getType()); Assert.assertEquals(ROLE, principal.getName()); } @@ -285,15 +300,17 @@ public void testGrantRoleRole() throws Exception { */ @Test public void testGrantRoleGroup() throws Exception { - DDLWork2 work = analyze("GRANT ROLE " + ROLE + " TO GROUP " + GROUP); - GrantRoleDesc grantDesc = (GrantRoleDesc)work.getDDLDesc(); + DDLWork work = analyze("GRANT ROLE " + ROLE + " TO GROUP " + GROUP); + GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL(); Assert.assertNotNull("Grant should not be null", grantDesc); + Assert.assertTrue("Expected grant ", grantDesc.getGrant()); Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption()); Assert.assertEquals(currentUser, grantDesc.getGrantor()); + Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType()); for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) { Assert.assertEquals(ROLE, role); } - for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { + for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) { Assert.assertEquals(PrincipalType.GROUP, principal.getType()); Assert.assertEquals(GROUP, principal.getName()); } @@ -303,15 +320,17 @@ public void testGrantRoleGroup() throws Exception { */ @Test public void testRevokeRoleUser() throws Exception { - DDLWork2 work = analyze("REVOKE ROLE " + ROLE + " FROM USER " + USER); - RevokeRoleDesc grantDesc = (RevokeRoleDesc)work.getDDLDesc(); + DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM USER " + USER); + GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL(); Assert.assertNotNull("Grant should not be null", grantDesc); + Assert.assertFalse("Did not expect grant ", grantDesc.getGrant()); Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption()); Assert.assertEquals(currentUser, grantDesc.getGrantor()); + Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType()); for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) { Assert.assertEquals(ROLE, role); } - for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { + for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) { Assert.assertEquals(PrincipalType.USER, principal.getType()); Assert.assertEquals(USER, principal.getName()); } @@ -321,15 +340,17 @@ public void testRevokeRoleUser() throws Exception { */ @Test public void testRevokeRoleRole() throws Exception { - DDLWork2 work = analyze("REVOKE ROLE " + ROLE + " FROM ROLE " + ROLE); - RevokeRoleDesc grantDesc = (RevokeRoleDesc)work.getDDLDesc(); + DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM ROLE " + ROLE); + GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL(); Assert.assertNotNull("Grant should not be null", grantDesc); + Assert.assertFalse("Did not expect grant ", grantDesc.getGrant()); Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption()); Assert.assertEquals(currentUser, grantDesc.getGrantor()); + Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType()); for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) { Assert.assertEquals(ROLE, role); } - for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { + for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) { Assert.assertEquals(PrincipalType.ROLE, principal.getType()); Assert.assertEquals(ROLE, principal.getName()); } @@ -339,15 +360,17 @@ public void testRevokeRoleRole() throws Exception { */ @Test public void testRevokeRoleGroup() throws Exception { - DDLWork2 work = analyze("REVOKE ROLE " + ROLE + " FROM GROUP " + GROUP); - RevokeRoleDesc grantDesc = (RevokeRoleDesc)work.getDDLDesc(); + DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM GROUP " + GROUP); + GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL(); Assert.assertNotNull("Grant should not be null", grantDesc); + Assert.assertFalse("Did not expect grant ", grantDesc.getGrant()); Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption()); Assert.assertEquals(currentUser, grantDesc.getGrantor()); + Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType()); for(String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) { Assert.assertEquals(ROLE, role); } - for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { + for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) { Assert.assertEquals(PrincipalType.GROUP, principal.getType()); Assert.assertEquals(GROUP, principal.getName()); } @@ -357,9 +380,10 @@ public void testRevokeRoleGroup() throws Exception { */ @Test public void testShowRoleGrantUser() throws Exception { - DDLWork2 work = analyze("SHOW ROLE GRANT USER " + USER); - ShowRoleGrantDesc roleDesc = (ShowRoleGrantDesc)work.getDDLDesc(); + DDLWork work = analyze("SHOW ROLE GRANT USER " + USER); + RoleDDLDesc roleDesc = work.getRoleDDLDesc(); Assert.assertNotNull("Role should not be null", roleDesc); + Assert.assertEquals(RoleOperation.SHOW_ROLE_GRANT, roleDesc.getOperation()); Assert.assertEquals(PrincipalType.USER, roleDesc.getPrincipalType()); Assert.assertEquals(USER, roleDesc.getName()); } @@ -368,9 +392,10 @@ public void testShowRoleGrantUser() throws Exception { */ @Test public void testShowRoleGrantRole() throws Exception { - DDLWork2 work = analyze("SHOW ROLE GRANT ROLE " + ROLE); - ShowRoleGrantDesc roleDesc = (ShowRoleGrantDesc)work.getDDLDesc(); + DDLWork work = analyze("SHOW ROLE GRANT ROLE " + ROLE); + RoleDDLDesc roleDesc = work.getRoleDDLDesc(); Assert.assertNotNull("Role should not be null", roleDesc); + Assert.assertEquals(RoleOperation.SHOW_ROLE_GRANT, roleDesc.getOperation()); Assert.assertEquals(PrincipalType.ROLE, roleDesc.getPrincipalType()); Assert.assertEquals(ROLE, roleDesc.getName()); } @@ -379,9 +404,10 @@ public void testShowRoleGrantRole() throws Exception { */ @Test public void testShowRoleGrantGroup() throws Exception { - DDLWork2 work = analyze("SHOW ROLE GRANT GROUP " + GROUP); - ShowRoleGrantDesc roleDesc = (ShowRoleGrantDesc)work.getDDLDesc(); + DDLWork work = analyze("SHOW ROLE GRANT GROUP " + GROUP); + RoleDDLDesc roleDesc = work.getRoleDDLDesc(); Assert.assertNotNull("Role should not be null", roleDesc); + Assert.assertEquals(RoleOperation.SHOW_ROLE_GRANT, roleDesc.getOperation()); Assert.assertEquals(PrincipalType.GROUP, roleDesc.getPrincipalType()); Assert.assertEquals(GROUP, roleDesc.getName()); } @@ -390,8 +416,8 @@ public void testShowRoleGrantGroup() throws Exception { */ @Test public void testShowGrantUserOnTable() throws Exception { - DDLWork2 work = analyze("SHOW GRANT USER " + USER + " ON TABLE " + TABLE); - ShowGrantDesc grantDesc = (ShowGrantDesc)work.getDDLDesc(); + DDLWork work = analyze("SHOW GRANT USER " + USER + " ON TABLE " + TABLE); + ShowGrantDesc grantDesc = work.getShowGrantDesc(); Assert.assertNotNull("Show grant should not be null", grantDesc); Assert.assertEquals(PrincipalType.USER, grantDesc.getPrincipalDesc().getType()); Assert.assertEquals(USER, grantDesc.getPrincipalDesc().getName()); @@ -404,8 +430,8 @@ public void testShowGrantUserOnTable() throws Exception { */ @Test public void testShowGrantRoleOnTable() throws Exception { - DDLWork2 work = analyze("SHOW GRANT ROLE " + ROLE + " ON TABLE " + TABLE); - ShowGrantDesc grantDesc = (ShowGrantDesc)work.getDDLDesc(); + DDLWork work = analyze("SHOW GRANT ROLE " + ROLE + " ON TABLE " + TABLE); + ShowGrantDesc grantDesc = work.getShowGrantDesc(); Assert.assertNotNull("Show grant should not be null", grantDesc); Assert.assertEquals(PrincipalType.ROLE, grantDesc.getPrincipalDesc().getType()); Assert.assertEquals(ROLE, grantDesc.getPrincipalDesc().getName()); @@ -418,8 +444,8 @@ public void testShowGrantRoleOnTable() throws Exception { */ @Test public void testShowGrantGroupOnTable() throws Exception { - DDLWork2 work = analyze("SHOW GRANT GROUP " + GROUP + " ON TABLE " + TABLE); - ShowGrantDesc grantDesc = (ShowGrantDesc)work.getDDLDesc(); + DDLWork work = analyze("SHOW GRANT GROUP " + GROUP + " ON TABLE " + TABLE); + ShowGrantDesc grantDesc = work.getShowGrantDesc(); Assert.assertNotNull("Show grant should not be null", grantDesc); Assert.assertEquals(PrincipalType.GROUP, grantDesc.getPrincipalDesc().getType()); Assert.assertEquals(GROUP, grantDesc.getPrincipalDesc().getName()); @@ -456,7 +482,7 @@ public void testGrantServer() throws Exception { } } - private DDLWork2 analyze(String command) throws Exception { + private DDLWork analyze(String command) throws Exception { return AuthorizationTestUtil.analyze(command, queryState, db); } diff --git ql/src/test/results/clientnegative/authorization_cannot_create_default_role.q.out ql/src/test/results/clientnegative/authorization_cannot_create_default_role.q.out index d72cb25724..f328beb5af 100644 --- ql/src/test/results/clientnegative/authorization_cannot_create_default_role.q.out +++ ql/src/test/results/clientnegative/authorization_cannot_create_default_role.q.out @@ -4,4 +4,4 @@ POSTHOOK: query: set role ADMIN POSTHOOK: type: SHOW_ROLES PREHOOK: query: create role default PREHOOK: type: CREATEROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Role name cannot be one of the reserved roles: [ALL, DEFAULT, NONE] +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Role name cannot be one of the reserved roles: [ALL, DEFAULT, NONE] diff --git ql/src/test/results/clientnegative/authorization_caseinsensitivity.q.out ql/src/test/results/clientnegative/authorization_caseinsensitivity.q.out index f1b469f7fb..8bc747eac0 100644 --- ql/src/test/results/clientnegative/authorization_caseinsensitivity.q.out +++ ql/src/test/results/clientnegative/authorization_caseinsensitivity.q.out @@ -55,4 +55,4 @@ public testrole PREHOOK: query: create role TESTRoLE PREHOOK: type: CREATEROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Error create role: Got exception: org.apache.hadoop.hive.metastore.api.InvalidObjectException Role testrole already exists. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Error create role: Got exception: org.apache.hadoop.hive.metastore.api.InvalidObjectException Role testrole already exists. diff --git ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out index 9faf5bc7b1..981c8cd691 100644 --- ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out +++ ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out @@ -1,3 +1,3 @@ PREHOOK: query: create role r1 PREHOOK: type: CREATEROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Current user : hive_test_user is not allowed to add roles. User has to belong to ADMIN role and have it as current role, for this action. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_test_user is not allowed to add roles. User has to belong to ADMIN role and have it as current role, for this action. diff --git ql/src/test/results/clientnegative/authorization_drop_admin_role.q.out ql/src/test/results/clientnegative/authorization_drop_admin_role.q.out index e5474ac312..8383f52312 100644 --- ql/src/test/results/clientnegative/authorization_drop_admin_role.q.out +++ ql/src/test/results/clientnegative/authorization_drop_admin_role.q.out @@ -4,4 +4,4 @@ POSTHOOK: query: set role admin POSTHOOK: type: SHOW_ROLES PREHOOK: query: drop role admin PREHOOK: type: DROPROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Error dropping role: public,admin roles can't be dropped. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Error dropping role: public,admin roles can't be dropped. diff --git ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out index e03796d492..637167b9ba 100644 --- ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out +++ ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out @@ -22,4 +22,4 @@ POSTHOOK: type: SHOW_ROLES public PREHOOK: query: drop role r1 PREHOOK: type: DROPROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Current user : hive_admin_user is not allowed to drop role. User has to belong to ADMIN role and have it as current role, for this action. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_admin_user is not allowed to drop role. User has to belong to ADMIN role and have it as current role, for this action. diff --git ql/src/test/results/clientnegative/authorization_fail_1.q.out ql/src/test/results/clientnegative/authorization_fail_1.q.out index 1fba5cf834..fc52cb338f 100644 --- ql/src/test/results/clientnegative/authorization_fail_1.q.out +++ ql/src/test/results/clientnegative/authorization_fail_1.q.out @@ -15,4 +15,4 @@ POSTHOOK: Output: default@authorization_fail_1 PREHOOK: query: grant Create on table authorization_fail_1 to user hive_test_user PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@authorization_fail_1 -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:Got exception: org.apache.hadoop.hive.metastore.api.InvalidObjectException CREATE is already granted on table [default,authorization_fail_1] by hive_test_user) +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:Got exception: org.apache.hadoop.hive.metastore.api.InvalidObjectException CREATE is already granted on table [default,authorization_fail_1] by hive_test_user) diff --git ql/src/test/results/clientnegative/authorization_fail_8.q.out ql/src/test/results/clientnegative/authorization_fail_8.q.out index adfe2d271c..e1ed1ad15c 100644 --- ql/src/test/results/clientnegative/authorization_fail_8.q.out +++ ql/src/test/results/clientnegative/authorization_fail_8.q.out @@ -43,4 +43,4 @@ default authorization_fail user2 USER SELECT false -1 user1 PREHOOK: query: GRANT SELECT ON authorization_fail TO USER user3 PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@authorization_fail -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Permission denied: Principal [name=user2, type=USER] does not have following privileges for operation GRANT_PRIVILEGE [[SELECT with grant] on Object [type=TABLE_OR_VIEW, name=default.authorization_fail]] +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied: Principal [name=user2, type=USER] does not have following privileges for operation GRANT_PRIVILEGE [[SELECT with grant] on Object [type=TABLE_OR_VIEW, name=default.authorization_fail]] diff --git ql/src/test/results/clientnegative/authorization_grant_group.q.out ql/src/test/results/clientnegative/authorization_grant_group.q.out index 7707458889..712a5abbf0 100644 --- ql/src/test/results/clientnegative/authorization_grant_group.q.out +++ ql/src/test/results/clientnegative/authorization_grant_group.q.out @@ -9,4 +9,4 @@ POSTHOOK: Output: default@table_gg PREHOOK: query: GRANT INSERT ON table_gg TO group g1 PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@table_gg -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Invalid principal type in principal Principal [name=g1, type=GROUP] +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Invalid principal type in principal Principal [name=g1, type=GROUP] diff --git ql/src/test/results/clientnegative/authorization_grant_table_allpriv.q.out ql/src/test/results/clientnegative/authorization_grant_table_allpriv.q.out index 139517d2aa..d613fe1244 100644 --- ql/src/test/results/clientnegative/authorization_grant_table_allpriv.q.out +++ ql/src/test/results/clientnegative/authorization_grant_table_allpriv.q.out @@ -15,4 +15,4 @@ POSTHOOK: Output: default@table_priv_allf PREHOOK: query: GRANT ALL ON table_priv_allf TO USER user3 PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@table_priv_allf -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Permission denied: Principal [name=user2, type=USER] does not have following privileges for operation GRANT_PRIVILEGE [[SELECT with grant, UPDATE with grant, DELETE with grant] on Object [type=TABLE_OR_VIEW, name=default.table_priv_allf]] +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied: Principal [name=user2, type=USER] does not have following privileges for operation GRANT_PRIVILEGE [[SELECT with grant, UPDATE with grant, DELETE with grant] on Object [type=TABLE_OR_VIEW, name=default.table_priv_allf]] diff --git ql/src/test/results/clientnegative/authorization_grant_table_dup.q.out ql/src/test/results/clientnegative/authorization_grant_table_dup.q.out index 3e50f11d8e..795dc83089 100644 --- ql/src/test/results/clientnegative/authorization_grant_table_dup.q.out +++ ql/src/test/results/clientnegative/authorization_grant_table_dup.q.out @@ -22,4 +22,4 @@ default tauth_gdup user1 USER UPDATE true -1 user1 PREHOOK: query: GRANT INSERT ON tauth_gdup TO USER user1 PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@tauth_gdup -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Error granting privileges: Got exception: org.apache.hadoop.hive.metastore.api.InvalidObjectException INSERT is already granted on table [default,tauth_gdup] by user1 +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Error granting privileges: Got exception: org.apache.hadoop.hive.metastore.api.InvalidObjectException INSERT is already granted on table [default,tauth_gdup] by user1 diff --git ql/src/test/results/clientnegative/authorization_grant_table_fail1.q.out ql/src/test/results/clientnegative/authorization_grant_table_fail1.q.out index f4d362b6b3..4dbb9e3c23 100644 --- ql/src/test/results/clientnegative/authorization_grant_table_fail1.q.out +++ ql/src/test/results/clientnegative/authorization_grant_table_fail1.q.out @@ -9,4 +9,4 @@ POSTHOOK: Output: default@table_priv_gfail1 PREHOOK: query: GRANT INSERT ON table_priv_gfail1 TO USER user3 PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@table_priv_gfail1 -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Permission denied: Principal [name=user2, type=USER] does not have following privileges for operation GRANT_PRIVILEGE [[INSERT with grant] on Object [type=TABLE_OR_VIEW, name=default.table_priv_gfail1]] +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied: Principal [name=user2, type=USER] does not have following privileges for operation GRANT_PRIVILEGE [[INSERT with grant] on Object [type=TABLE_OR_VIEW, name=default.table_priv_gfail1]] diff --git ql/src/test/results/clientnegative/authorization_grant_table_fail_nogrant.q.out ql/src/test/results/clientnegative/authorization_grant_table_fail_nogrant.q.out index d9e292f990..0656ae548c 100644 --- ql/src/test/results/clientnegative/authorization_grant_table_fail_nogrant.q.out +++ ql/src/test/results/clientnegative/authorization_grant_table_fail_nogrant.q.out @@ -15,4 +15,4 @@ POSTHOOK: Output: default@table_priv_gfail1 PREHOOK: query: GRANT INSERT ON table_priv_gfail1 TO USER user3 PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@table_priv_gfail1 -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Permission denied: Principal [name=user2, type=USER] does not have following privileges for operation GRANT_PRIVILEGE [[INSERT with grant] on Object [type=TABLE_OR_VIEW, name=default.table_priv_gfail1]] +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied: Principal [name=user2, type=USER] does not have following privileges for operation GRANT_PRIVILEGE [[INSERT with grant] on Object [type=TABLE_OR_VIEW, name=default.table_priv_gfail1]] diff --git ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out index 5c319c605e..d390d90834 100644 --- ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out +++ ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out @@ -9,4 +9,4 @@ POSTHOOK: Output: default@authorization_invalid_v2 PREHOOK: query: grant lock on table authorization_invalid_v2 to user hive_test_user PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@authorization_invalid_v2 -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Unsupported privilege type LOCK +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Unsupported privilege type LOCK diff --git ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out index ebfa03cd5d..330a06c2e3 100644 --- ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out +++ ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out @@ -61,4 +61,4 @@ POSTHOOK: type: SHOW_ROLES PREHOOK: query: grant all on table tpriv_current_role to user user5 PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@tpriv_current_role -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Permission denied: Principal [name=user2, type=USER] does not have following privileges for operation GRANT_PRIVILEGE [[SELECT with grant, INSERT with grant, UPDATE with grant, DELETE with grant] on Object [type=TABLE_OR_VIEW, name=default.tpriv_current_role]] +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied: Principal [name=user2, type=USER] does not have following privileges for operation GRANT_PRIVILEGE [[SELECT with grant, INSERT with grant, UPDATE with grant, DELETE with grant] on Object [type=TABLE_OR_VIEW, name=default.tpriv_current_role]] diff --git ql/src/test/results/clientnegative/authorization_public_create.q.out ql/src/test/results/clientnegative/authorization_public_create.q.out index 5aaf75d89d..7defa82871 100644 --- ql/src/test/results/clientnegative/authorization_public_create.q.out +++ ql/src/test/results/clientnegative/authorization_public_create.q.out @@ -1,3 +1,3 @@ PREHOOK: query: create role public PREHOOK: type: CREATEROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:public role implicitly exists. It can't be created.) +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:public role implicitly exists. It can't be created.) diff --git ql/src/test/results/clientnegative/authorization_public_drop.q.out ql/src/test/results/clientnegative/authorization_public_drop.q.out index 003a5f1497..6aaa1ffd15 100644 --- ql/src/test/results/clientnegative/authorization_public_drop.q.out +++ ql/src/test/results/clientnegative/authorization_public_drop.q.out @@ -1,3 +1,3 @@ PREHOOK: query: drop role public PREHOOK: type: DROPROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:public,admin roles can't be dropped.) +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:public,admin roles can't be dropped.) diff --git ql/src/test/results/clientnegative/authorization_revoke_table_fail1.q.out ql/src/test/results/clientnegative/authorization_revoke_table_fail1.q.out index bca1b92828..61fa52ac82 100644 --- ql/src/test/results/clientnegative/authorization_revoke_table_fail1.q.out +++ ql/src/test/results/clientnegative/authorization_revoke_table_fail1.q.out @@ -15,5 +15,5 @@ POSTHOOK: Output: default@table_priv_rfail1 PREHOOK: query: REVOKE INSERT ON TABLE table_priv_rfail1 FROM USER user2 PREHOOK: type: REVOKE_PRIVILEGE PREHOOK: Output: default@table_priv_rfail1 -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Cannot find privilege Privilege [name=INSERT, columns=null] for Principal [name=user2, type=USER] on Object [type=TABLE_OR_VIEW, name=default.table_priv_rfail1] granted by user3 +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege [name=INSERT, columns=null] for Principal [name=user2, type=USER] on Object [type=TABLE_OR_VIEW, name=default.table_priv_rfail1] granted by user3 diff --git ql/src/test/results/clientnegative/authorization_revoke_table_fail2.q.out ql/src/test/results/clientnegative/authorization_revoke_table_fail2.q.out index ee2a2a5d52..1b41d6189e 100644 --- ql/src/test/results/clientnegative/authorization_revoke_table_fail2.q.out +++ ql/src/test/results/clientnegative/authorization_revoke_table_fail2.q.out @@ -27,5 +27,5 @@ POSTHOOK: Output: default@table_priv_rfai2 PREHOOK: query: REVOKE INSERT ON TABLE table_priv_rfai2 FROM USER user2 PREHOOK: type: REVOKE_PRIVILEGE PREHOOK: Output: default@table_priv_rfai2 -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Cannot find privilege Privilege [name=INSERT, columns=null] for Principal [name=user2, type=USER] on Object [type=TABLE_OR_VIEW, name=default.table_priv_rfai2] granted by user3 +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege [name=INSERT, columns=null] for Principal [name=user2, type=USER] on Object [type=TABLE_OR_VIEW, name=default.table_priv_rfai2] granted by user3 diff --git ql/src/test/results/clientnegative/authorization_role_case.q.out ql/src/test/results/clientnegative/authorization_role_case.q.out index 7b07d1be40..4908e5dc26 100644 --- ql/src/test/results/clientnegative/authorization_role_case.q.out +++ ql/src/test/results/clientnegative/authorization_role_case.q.out @@ -31,4 +31,4 @@ POSTHOOK: Output: default@t1 PREHOOK: query: grant UPDATE on table t1 to role mixcaserole2 PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@t1 -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:Got exception: org.apache.hadoop.hive.metastore.api.NoSuchObjectException Role mixcaserole2 does not exist) +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:Got exception: org.apache.hadoop.hive.metastore.api.NoSuchObjectException Role mixcaserole2 does not exist) diff --git ql/src/test/results/clientnegative/authorization_role_cycles1.q.out ql/src/test/results/clientnegative/authorization_role_cycles1.q.out index 2085067420..9303c7e69e 100644 --- ql/src/test/results/clientnegative/authorization_role_cycles1.q.out +++ ql/src/test/results/clientnegative/authorization_role_cycles1.q.out @@ -16,4 +16,4 @@ POSTHOOK: query: grant role role1 to role role2 POSTHOOK: type: GRANT_ROLE PREHOOK: query: grant role role2 to role role1 PREHOOK: type: GRANT_ROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Error granting role: Cannot grant role role1 to role2 as role2 already belongs to the role role1. (no cycles allowed) +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Error granting role: Cannot grant role role1 to role2 as role2 already belongs to the role role1. (no cycles allowed) diff --git ql/src/test/results/clientnegative/authorization_role_cycles2.q.out ql/src/test/results/clientnegative/authorization_role_cycles2.q.out index cf6b3913ca..df27beeafd 100644 --- ql/src/test/results/clientnegative/authorization_role_cycles2.q.out +++ ql/src/test/results/clientnegative/authorization_role_cycles2.q.out @@ -40,4 +40,4 @@ POSTHOOK: query: grant role role5 to role role4 POSTHOOK: type: GRANT_ROLE PREHOOK: query: grant role role2 to role role4 PREHOOK: type: GRANT_ROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Error granting role: Cannot grant role role4 to role2 as role2 already belongs to the role role4. (no cycles allowed) +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Error granting role: Cannot grant role role4 to role2 as role2 already belongs to the role role4. (no cycles allowed) diff --git ql/src/test/results/clientnegative/authorization_role_grant.q.out ql/src/test/results/clientnegative/authorization_role_grant.q.out index 951b050dfc..cb79651f82 100644 --- ql/src/test/results/clientnegative/authorization_role_grant.q.out +++ ql/src/test/results/clientnegative/authorization_role_grant.q.out @@ -31,4 +31,4 @@ POSTHOOK: query: set role role_noadmin POSTHOOK: type: SHOW_ROLES PREHOOK: query: grant src_role_wadmin to user user3 PREHOOK: type: GRANT_ROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Current user : user2 is not allowed to grant role. User has to belong to ADMIN role and have it as current role, for this action. Otherwise, grantor need to have ADMIN OPTION on role being granted and have it as a current role for this action. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : user2 is not allowed to grant role. User has to belong to ADMIN role and have it as current role, for this action. Otherwise, grantor need to have ADMIN OPTION on role being granted and have it as a current role for this action. diff --git ql/src/test/results/clientnegative/authorization_role_grant2.q.out ql/src/test/results/clientnegative/authorization_role_grant2.q.out index 7beef281f6..ade675252f 100644 --- ql/src/test/results/clientnegative/authorization_role_grant2.q.out +++ ql/src/test/results/clientnegative/authorization_role_grant2.q.out @@ -48,4 +48,4 @@ POSTHOOK: query: set role src_role_wadmin POSTHOOK: type: SHOW_ROLES PREHOOK: query: grant src_role_wadmin to user user3 PREHOOK: type: GRANT_ROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Current user : user2 is not allowed to grant role. User has to belong to ADMIN role and have it as current role, for this action. Otherwise, grantor need to have ADMIN OPTION on role being granted and have it as a current role for this action. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : user2 is not allowed to grant role. User has to belong to ADMIN role and have it as current role, for this action. Otherwise, grantor need to have ADMIN OPTION on role being granted and have it as a current role for this action. diff --git ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out index 34675bfe58..481842cdd5 100644 --- ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out +++ ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out @@ -8,4 +8,4 @@ POSTHOOK: query: create role role1 POSTHOOK: type: CREATEROLE PREHOOK: query: grant role1 to role nosuchrole PREHOOK: type: GRANT_ROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Error granting role: Got exception: org.apache.hadoop.hive.metastore.api.NoSuchObjectException Role nosuchrole does not exist +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Error granting role: Got exception: org.apache.hadoop.hive.metastore.api.NoSuchObjectException Role nosuchrole does not exist diff --git ql/src/test/results/clientnegative/authorization_role_grant_otherrole.q.out ql/src/test/results/clientnegative/authorization_role_grant_otherrole.q.out index 3a0760d41b..144b78701b 100644 --- ql/src/test/results/clientnegative/authorization_role_grant_otherrole.q.out +++ ql/src/test/results/clientnegative/authorization_role_grant_otherrole.q.out @@ -8,4 +8,4 @@ POSTHOOK: query: create role accounting POSTHOOK: type: CREATEROLE PREHOOK: query: show role grant role accounting PREHOOK: type: SHOW_ROLE_GRANT -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Error getting role grant information for user accounting: User : user1 is not allowed check privileges of a role it does not belong to : accounting. User has to belong to ADMIN role and have it as current role, for this action. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Error getting role grant information for user accounting: User : user1 is not allowed check privileges of a role it does not belong to : accounting. User has to belong to ADMIN role and have it as current role, for this action. diff --git ql/src/test/results/clientnegative/authorization_role_grant_otheruser.q.out ql/src/test/results/clientnegative/authorization_role_grant_otheruser.q.out index 0da86c9e88..a0c6845468 100644 --- ql/src/test/results/clientnegative/authorization_role_grant_otheruser.q.out +++ ql/src/test/results/clientnegative/authorization_role_grant_otheruser.q.out @@ -19,4 +19,4 @@ POSTHOOK: type: SHOW_ROLE_GRANT public false -1 PREHOOK: query: show role grant user ruser2 PREHOOK: type: SHOW_ROLE_GRANT -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Error getting role grant information for user ruser2: User : ruser1 is not allowed check privileges of another user : ruser2. User has to belong to ADMIN role and have it as current role, for this action. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Error getting role grant information for user ruser2: User : ruser1 is not allowed check privileges of another user : ruser2. User has to belong to ADMIN role and have it as current role, for this action. diff --git ql/src/test/results/clientnegative/authorization_set_role_neg1.q.out ql/src/test/results/clientnegative/authorization_set_role_neg1.q.out index 56d6b7e314..ee056be75d 100644 --- ql/src/test/results/clientnegative/authorization_set_role_neg1.q.out +++ ql/src/test/results/clientnegative/authorization_set_role_neg1.q.out @@ -1,3 +1,3 @@ PREHOOK: query: set role nosuchroleexists PREHOOK: type: SHOW_ROLES -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. hive_test_user doesn't belong to role nosuchroleexists +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. hive_test_user doesn't belong to role nosuchroleexists diff --git ql/src/test/results/clientnegative/authorization_set_role_neg2.q.out ql/src/test/results/clientnegative/authorization_set_role_neg2.q.out index 0396a1f6d7..539ce39dec 100644 --- ql/src/test/results/clientnegative/authorization_set_role_neg2.q.out +++ ql/src/test/results/clientnegative/authorization_set_role_neg2.q.out @@ -20,4 +20,4 @@ POSTHOOK: query: set role public POSTHOOK: type: SHOW_ROLES PREHOOK: query: set role nosuchroleexists PREHOOK: type: SHOW_ROLES -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. user2 doesn't belong to role nosuchroleexists +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. user2 doesn't belong to role nosuchroleexists diff --git ql/src/test/results/clientnegative/authorization_show_grant_otherrole.q.out ql/src/test/results/clientnegative/authorization_show_grant_otherrole.q.out index d8dad360b0..736e69335f 100644 --- ql/src/test/results/clientnegative/authorization_show_grant_otherrole.q.out +++ ql/src/test/results/clientnegative/authorization_show_grant_otherrole.q.out @@ -8,4 +8,4 @@ POSTHOOK: query: create role role1 POSTHOOK: type: CREATEROLE PREHOOK: query: show grant role role1 PREHOOK: type: SHOW_GRANT -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Error showing privileges: User : user1 is not allowed check privileges of a role it does not belong to : role1. User has to belong to ADMIN role and have it as current role, for this action. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Error showing privileges: User : user1 is not allowed check privileges of a role it does not belong to : role1. User has to belong to ADMIN role and have it as current role, for this action. diff --git ql/src/test/results/clientnegative/authorization_show_grant_otheruser_all.q.out ql/src/test/results/clientnegative/authorization_show_grant_otheruser_all.q.out index 74e93d94d1..9adbd09016 100644 --- ql/src/test/results/clientnegative/authorization_show_grant_otheruser_all.q.out +++ ql/src/test/results/clientnegative/authorization_show_grant_otheruser_all.q.out @@ -1,3 +1,3 @@ PREHOOK: query: show grant PREHOOK: type: SHOW_GRANT -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Error showing privileges: User : user1 has to specify a user name or role in the show grant. User has to belong to ADMIN role and have it as current role, for this action. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Error showing privileges: User : user1 has to specify a user name or role in the show grant. User has to belong to ADMIN role and have it as current role, for this action. diff --git ql/src/test/results/clientnegative/authorization_show_grant_otheruser_alltabs.q.out ql/src/test/results/clientnegative/authorization_show_grant_otheruser_alltabs.q.out index b3aee245ae..dea22644c8 100644 --- ql/src/test/results/clientnegative/authorization_show_grant_otheruser_alltabs.q.out +++ ql/src/test/results/clientnegative/authorization_show_grant_otheruser_alltabs.q.out @@ -1,3 +1,3 @@ PREHOOK: query: show grant user user2 PREHOOK: type: SHOW_GRANT -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Error showing privileges: User : user1 is not allowed check privileges of another user : user2. User has to belong to ADMIN role and have it as current role, for this action. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Error showing privileges: User : user1 is not allowed check privileges of another user : user2. User has to belong to ADMIN role and have it as current role, for this action. diff --git ql/src/test/results/clientnegative/authorization_show_grant_otheruser_wtab.q.out ql/src/test/results/clientnegative/authorization_show_grant_otheruser_wtab.q.out index cadbe1161a..47d5c7ab68 100644 --- ql/src/test/results/clientnegative/authorization_show_grant_otheruser_wtab.q.out +++ ql/src/test/results/clientnegative/authorization_show_grant_otheruser_wtab.q.out @@ -8,4 +8,4 @@ POSTHOOK: Output: database:default POSTHOOK: Output: default@t1 PREHOOK: query: show grant user user2 on table t1 PREHOOK: type: SHOW_GRANT -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Error showing privileges: User : user1 is not allowed check privileges of another user : user2. User has to belong to ADMIN role and have it as current role, for this action. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Error showing privileges: User : user1 is not allowed check privileges of another user : user2. User has to belong to ADMIN role and have it as current role, for this action. diff --git ql/src/test/results/clientnegative/authorization_show_role_principals_no_admin.q.out ql/src/test/results/clientnegative/authorization_show_role_principals_no_admin.q.out index ee0fef12ea..8be27b5643 100644 --- ql/src/test/results/clientnegative/authorization_show_role_principals_no_admin.q.out +++ ql/src/test/results/clientnegative/authorization_show_role_principals_no_admin.q.out @@ -1,3 +1,3 @@ PREHOOK: query: show principals role1 PREHOOK: type: SHOW_ROLE_PRINCIPALS -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Current user : hive_test_user is not allowed get principals in a role. User has to belong to ADMIN role and have it as current role, for this action. Otherwise, grantor need to have ADMIN OPTION on role being granted and have it as a current role for this action. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_test_user is not allowed get principals in a role. User has to belong to ADMIN role and have it as current role, for this action. Otherwise, grantor need to have ADMIN OPTION on role being granted and have it as a current role for this action. diff --git ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out index 7cd4bb1e2a..adc2788961 100644 --- ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out +++ ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out @@ -1,3 +1,3 @@ PREHOOK: query: show roles PREHOOK: type: SHOW_ROLES -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Current user : hive_test_user is not allowed to list roles. User has to belong to ADMIN role and have it as current role, for this action. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_test_user is not allowed to list roles. User has to belong to ADMIN role and have it as current role, for this action. diff --git ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out index 506088d3b4..6eef774759 100644 --- ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out +++ ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out @@ -9,4 +9,4 @@ POSTHOOK: Output: default@t1 PREHOOK: query: grant ALL on t1 to role nosuchrole PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@t1 -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. Error granting privileges: Got exception: org.apache.hadoop.hive.metastore.api.NoSuchObjectException Role nosuchrole does not exist +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Error granting privileges: Got exception: org.apache.hadoop.hive.metastore.api.NoSuchObjectException Role nosuchrole does not exist diff --git ql/src/test/results/clientnegative/authorize_grant_public.q.out ql/src/test/results/clientnegative/authorize_grant_public.q.out index a25fa01528..6872b785d4 100644 --- ql/src/test/results/clientnegative/authorize_grant_public.q.out +++ ql/src/test/results/clientnegative/authorize_grant_public.q.out @@ -1,3 +1,3 @@ PREHOOK: query: grant role public to user hive_test_user PREHOOK: type: GRANT_ROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:No user can be added to public. Since all users implicitly belong to public role.) +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:No user can be added to public. Since all users implicitly belong to public role.) diff --git ql/src/test/results/clientnegative/authorize_revoke_public.q.out ql/src/test/results/clientnegative/authorize_revoke_public.q.out index af3fbcb4da..ede74871d2 100644 --- ql/src/test/results/clientnegative/authorize_revoke_public.q.out +++ ql/src/test/results/clientnegative/authorize_revoke_public.q.out @@ -1,3 +1,3 @@ PREHOOK: query: revoke role public from user hive_test_user PREHOOK: type: REVOKE_ROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.ddl.DDLTask2. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:public role can't be revoked.) +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:public role can't be revoked.) diff --git ql/src/test/results/clientpositive/tez/explainanalyze_3.q.out ql/src/test/results/clientpositive/tez/explainanalyze_3.q.out index 1ad26b5f66..235f8c9d42 100644 --- ql/src/test/results/clientpositive/tez/explainanalyze_3.q.out +++ ql/src/test/results/clientpositive/tez/explainanalyze_3.q.out @@ -454,7 +454,6 @@ POSTHOOK: query: explain analyze grant select on table src_autho_test_n4 to user POSTHOOK: type: GRANT_PRIVILEGE POSTHOOK: Output: default@src_autho_test_n4 Stage-0 - Grant{"Principals:":[{"Principal":{"name:":"hive_test_user"}}],"privilege subject":{"object:":"default.src_autho_test_n4"},"Privileges:":[{"Privilege":{"privilege:":{"type:":"Select"}}}],"grant option:":"false"} PREHOOK: query: grant select on table src_autho_test_n4 to user hive_test_user PREHOOK: type: GRANT_PRIVILEGE @@ -474,7 +473,6 @@ Stage-1 Fetch Operator limit:-1 Stage-0 - Show grant desc{"privilege subject":{"object:":"default.src_autho_test_n4"},"principal desc:":{"Principal":{"name:":"hive_test_user"}}} PREHOOK: query: show grant user hive_test_user on table src_autho_test_n4(key) PREHOOK: type: SHOW_GRANT @@ -488,7 +486,6 @@ Stage-1 Fetch Operator limit:-1 Stage-0 - Show grant desc{"privilege subject":{"object:":"default.src_autho_test_n4"},"principal desc:":{"Principal":{"name:":"hive_test_user"}}} PREHOOK: query: select key from src_autho_test_n4 order by key limit 20 PREHOOK: type: QUERY @@ -531,7 +528,6 @@ POSTHOOK: query: explain analyze revoke select on table src_autho_test_n4 from u POSTHOOK: type: REVOKE_PRIVILEGE POSTHOOK: Output: default@src_autho_test_n4 Stage-0 - Revoke{"Principals:":[{"Principal":{"name:":"hive_test_user"}}],"privilege subject":{"object:":"default.src_autho_test_n4"},"Privileges:":[{"Privilege":{"privilege:":{"type:":"Select"}}}]} PREHOOK: query: grant select(key) on table src_autho_test_n4 to user hive_test_user PREHOOK: type: GRANT_PRIVILEGE @@ -546,7 +542,6 @@ POSTHOOK: query: explain analyze grant select(key) on table src_autho_test_n4 to POSTHOOK: type: GRANT_PRIVILEGE POSTHOOK: Output: default@src_autho_test_n4 Stage-0 - Grant{"Principals:":[{"Principal":{"name:":"hive_test_user"}}],"privilege subject":{"object:":"default.src_autho_test_n4"},"Privileges:":[{"Privilege":{"columns:":["key"],"privilege:":{"type:":"Select"}}}],"grant option:":"false"} PREHOOK: query: revoke select(key) on table src_autho_test_n4 from user hive_test_user PREHOOK: type: REVOKE_PRIVILEGE @@ -561,7 +556,6 @@ POSTHOOK: query: explain analyze revoke select(key) on table src_autho_test_n4 f POSTHOOK: type: REVOKE_PRIVILEGE POSTHOOK: Output: default@src_autho_test_n4 Stage-0 - Revoke{"Principals:":[{"Principal":{"name:":"hive_test_user"}}],"privilege subject":{"object:":"default.src_autho_test_n4"},"Privileges:":[{"Privilege":{"columns:":["key"],"privilege:":{"type:":"Select"}}}]} PREHOOK: query: create role sRc_roLE PREHOOK: type: CREATEROLE @@ -574,7 +568,6 @@ POSTHOOK: query: explain analyze create role sRc_roLE POSTHOOK: type: CREATEROLE Stage-0 - Create Role{"name:":"sRc_roLE"} PREHOOK: query: create role sRc_roLE PREHOOK: type: CREATEROLE @@ -591,7 +584,6 @@ POSTHOOK: query: explain analyze grant role sRc_roLE to user hive_test_user POSTHOOK: type: GRANT_ROLE Stage-0 - Grant roles{"principals:":[{"Principal":{"name:":"hive_test_user"}}],"roles:":["sRc_roLE"]} PREHOOK: query: grant role sRc_roLE to user hive_test_user PREHOOK: type: GRANT_ROLE @@ -609,7 +601,6 @@ Stage-1 Fetch Operator limit:-1 Stage-0 - Show Role Grant{"name:":"hive_test_user"} PREHOOK: query: drop role sRc_roLE PREHOOK: type: DROPROLE @@ -620,7 +611,6 @@ PREHOOK: type: DROPROLE POSTHOOK: query: explain analyze drop role sRc_roLE POSTHOOK: type: DROPROLE Stage-0 - Drop Role{"name:":"sRc_roLE"} PREHOOK: query: drop role sRc_roLE PREHOOK: type: DROPROLE diff --git ql/src/test/results/clientpositive/tez/explainuser_3.q.out ql/src/test/results/clientpositive/tez/explainuser_3.q.out index c07c6a3572..40d1c32153 100644 --- ql/src/test/results/clientpositive/tez/explainuser_3.q.out +++ ql/src/test/results/clientpositive/tez/explainuser_3.q.out @@ -378,7 +378,6 @@ POSTHOOK: query: explain grant select on table src_autho_test_n3 to user hive_te POSTHOOK: type: GRANT_PRIVILEGE POSTHOOK: Output: default@src_autho_test_n3 Stage-0 - Grant{"Principals:":[{"Principal":{"name:":"hive_test_user"}}],"privilege subject":{"object:":"default.src_autho_test_n3"},"Privileges:":[{"Privilege":{"privilege:":{"type:":"Select"}}}],"grant option:":"false"} PREHOOK: query: grant select on table src_autho_test_n3 to user hive_test_user PREHOOK: type: GRANT_PRIVILEGE @@ -394,7 +393,6 @@ Stage-1 Fetch Operator limit:-1 Stage-0 - Show grant desc{"privilege subject":{"object:":"default.src_autho_test_n3"},"principal desc:":{"Principal":{"name:":"hive_test_user"}}} PREHOOK: query: explain show grant user hive_test_user on table src_autho_test_n3(key) PREHOOK: type: SHOW_GRANT @@ -404,7 +402,6 @@ Stage-1 Fetch Operator limit:-1 Stage-0 - Show grant desc{"privilege subject":{"object:":"default.src_autho_test_n3"},"principal desc:":{"Principal":{"name:":"hive_test_user"}}} PREHOOK: query: select key from src_autho_test_n3 order by key limit 20 PREHOOK: type: QUERY @@ -441,7 +438,6 @@ POSTHOOK: query: explain revoke select on table src_autho_test_n3 from user hive POSTHOOK: type: REVOKE_PRIVILEGE POSTHOOK: Output: default@src_autho_test_n3 Stage-0 - Revoke{"Principals:":[{"Principal":{"name:":"hive_test_user"}}],"privilege subject":{"object:":"default.src_autho_test_n3"},"Privileges:":[{"Privilege":{"privilege:":{"type:":"Select"}}}]} PREHOOK: query: explain grant select(key) on table src_autho_test_n3 to user hive_test_user PREHOOK: type: GRANT_PRIVILEGE @@ -450,7 +446,6 @@ POSTHOOK: query: explain grant select(key) on table src_autho_test_n3 to user hi POSTHOOK: type: GRANT_PRIVILEGE POSTHOOK: Output: default@src_autho_test_n3 Stage-0 - Grant{"Principals:":[{"Principal":{"name:":"hive_test_user"}}],"privilege subject":{"object:":"default.src_autho_test_n3"},"Privileges:":[{"Privilege":{"columns:":["key"],"privilege:":{"type:":"Select"}}}],"grant option:":"false"} PREHOOK: query: explain revoke select(key) on table src_autho_test_n3 from user hive_test_user PREHOOK: type: REVOKE_PRIVILEGE @@ -459,7 +454,6 @@ POSTHOOK: query: explain revoke select(key) on table src_autho_test_n3 from user POSTHOOK: type: REVOKE_PRIVILEGE POSTHOOK: Output: default@src_autho_test_n3 Stage-0 - Revoke{"Principals:":[{"Principal":{"name:":"hive_test_user"}}],"privilege subject":{"object:":"default.src_autho_test_n3"},"Privileges:":[{"Privilege":{"columns:":["key"],"privilege:":{"type:":"Select"}}}]} PREHOOK: query: explain create role sRc_roLE @@ -468,7 +462,6 @@ POSTHOOK: query: explain create role sRc_roLE POSTHOOK: type: CREATEROLE Stage-0 - Create Role{"name:":"sRc_roLE"} PREHOOK: query: create role sRc_roLE PREHOOK: type: CREATEROLE @@ -481,7 +474,6 @@ POSTHOOK: query: explain grant role sRc_roLE to user hive_test_user POSTHOOK: type: GRANT_ROLE Stage-0 - Grant roles{"principals:":[{"Principal":{"name:":"hive_test_user"}}],"roles:":["sRc_roLE"]} PREHOOK: query: grant role sRc_roLE to user hive_test_user PREHOOK: type: GRANT_ROLE @@ -495,14 +487,12 @@ Stage-1 Fetch Operator limit:-1 Stage-0 - Show Role Grant{"name:":"hive_test_user"} PREHOOK: query: explain drop role sRc_roLE PREHOOK: type: DROPROLE POSTHOOK: query: explain drop role sRc_roLE POSTHOOK: type: DROPROLE Stage-0 - Drop Role{"name:":"sRc_roLE"} PREHOOK: query: drop role sRc_roLE PREHOOK: type: DROPROLE