Examples of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException

Package org.apache.hadoop.hive.ql.security.authorization.plugin

Examples of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException

org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException
Exception thrown by the Authorization plugin api (v2). Indicates an error while performing authorization, and not a authorization being denied.

          this.adminRole = role;
        }
      }
      return currentRoles;
    } catch (Exception e) {
      throw new HiveAuthzPluginException("Failed to retrieve roles for " + currentUserName + ": "
          + e.getMessage(), e);
    }
  }

View Full Code Here

    PrivilegeBag privBag = SQLAuthorizationUtils.getThriftPrivilegesBag(hivePrincipals, hivePrivileges, hivePrivObject,
        grantorPrincipal, grantOption);
    try {
      metastoreClient.grant_privileges(privBag);
    } catch (Exception e) {
      throw new HiveAuthzPluginException("Error granting privileges: " + e.getMessage(), e);
    }
  }

View Full Code Here

      // So this will revoke privileges that are granted by other users.This is
      // not SQL compliant behavior. Need to change/add a metastore api
      // that has desired behavior.
      metastoreClient.revoke_privileges(new PrivilegeBag(revokePrivs));
    } catch (Exception e) {
      throw new HiveAuthzPluginException("Error revoking privileges", e);
    }
  }

View Full Code Here

    if (!isUserAdmin()) {
      throw new HiveAccessControlException("Current user : " + currentUserName+ " is not"
      + " allowed to add roles. " + ADMIN_ONLY_MSG);
    }
    if (RESERVED_ROLE_NAMES.contains(roleName.trim().toUpperCase())) {
      throw new HiveAuthzPluginException("Role name cannot be one of the reserved roles: " +
          RESERVED_ROLE_NAMES);
    }
    try {
      String grantorName = adminGrantor == null ? null : adminGrantor.getName();
      metastoreClientFactory.getHiveMetastoreClient().create_role(
        new Role(roleName, 0, grantorName));
    } catch (TException e) {
      throw new HiveAuthzPluginException("Error create role : " + e.getMessage(), e);
    }
  }

View Full Code Here

      + " allowed to drop role. " + ADMIN_ONLY_MSG);
    }
    try {
      metastoreClientFactory.getHiveMetastoreClient().drop_role(roleName);
    } catch (Exception e) {
      throw new HiveAuthzPluginException("Error dropping role", e);
    }
  }

View Full Code Here

          mClient.grant_role(roleName, hivePrincipal.getName(),
              AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType()),
              grantorPrinc.getName(),
              AuthorizationUtils.getThriftPrincipalType(grantorPrinc.getType()), grantOption);
        } catch (MetaException e) {
          throw new HiveAuthzPluginException(e.getMessage(), e);
        } catch (Exception e) {
          String msg = "Error granting roles for " + hivePrincipal.getName() + " to role "
              + roleName + ": " + e.getMessage();
          throw new HiveAuthzPluginException(msg, e);
        }
      }
    }
  }

View Full Code Here

  public void revokeRole(List<HivePrincipal> hivePrincipals, List<String> roleNames,
    boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException,
    HiveAccessControlException {
    if (grantOption) {
      // removing grant privileges only is not supported in metastore api
      throw new HiveAuthzPluginException("Revoking only the admin privileges on "
        + "role is not currently supported");
    }
    if (!(isUserAdmin() || doesUserHasAdminOption(roleNames))) {
      throw new HiveAccessControlException("Current user : " + currentUserName+ " is not"
          + " allowed to revoke role. " + ADMIN_ONLY_MSG + " Otherwise, " + HAS_ADMIN_PRIV_MSG);
    }
    for (HivePrincipal hivePrincipal : hivePrincipals) {
      for (String roleName : roleNames) {
        try {
          IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient();
          mClient.revoke_role(roleName, hivePrincipal.getName(),
              AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType()));
        } catch (Exception e) {
          String msg = "Error revoking roles for " + hivePrincipal.getName() + " to role "
              + roleName + ": " + e.getMessage();
          throw new HiveAuthzPluginException(msg, e);
        }
      }
    }
  }

View Full Code Here

        + " allowed to list roles. " + ADMIN_ONLY_MSG);
    }
    try {
      return metastoreClientFactory.getHiveMetastoreClient().listRoleNames();
    } catch (Exception e) {
      throw new HiveAuthzPluginException("Error listing all roles", e);
    }
  }

View Full Code Here

      for(RolePrincipalGrant thriftRoleGrant :  princGrantInfo.getPrincipalGrants()){
        hiveRoleGrants.add(new HiveRoleGrant(thriftRoleGrant));
      }
      return hiveRoleGrants;
    } catch (Exception e) {
      throw new HiveAuthzPluginException("Error getting principals for all roles", e);
    }
  }

View Full Code Here

        resPrivInfos.add(resPrivInfo);
      }
      return resPrivInfos;


    } catch (Exception e) {
      throw new HiveAuthzPluginException("Error showing privileges: "+ e.getMessage(), e);
    }


  }

View Full Code Here

0 1 2 3 4 5 6

TOP

Related Classes of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException

org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.RevokePrivAuthUtils

org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLAuthorizationUtils

org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessController

org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizationValidator

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.