Examples of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal

• org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal
  Represents the user or role in grant/revoke statements

    //Convert to object types used by the authorization plugin interface
    List<HivePrincipal> hivePrincipals = getHivePrincipals(principals);
    List<HivePrivilege> hivePrivileges = getHivePrivileges(privileges);
    HivePrivilegeObject hivePrivObject = getHivePrivilegeObject(privSubjectDesc);
    HivePrincipal grantorPrincipal = new HivePrincipal(grantor, getHivePrincipalType(grantorType));

    if(isGrant){
      authorizer.grantPrivileges(hivePrincipals, hivePrivileges, hivePrivObject,
          grantorPrincipal, grantOption);
    }else {

  private HivePrincipal getHivePrincipal(PrincipalDesc principal) throws HiveException {
    if (principal == null) {
      return null;
    }
    return new HivePrincipal(principal.getName(),
        AuthorizationUtils.getHivePrincipalType(principal.getType()));
  }

      authorizer.dropRole(roleDDLDesc.getName());
      break;
    case SHOW_ROLE_GRANT:
      boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST);
      List<HiveRoleGrant> roles = authorizer.getRoleGrantInfoForPrincipal(
          new HivePrincipal(roleDDLDesc.getName(), getHivePrincipalType(roleDDLDesc.getPrincipalType())));
      writeToFile(writeRolesGrantedInfo(roles, testMode), roleDDLDesc.getResFile());
      break;
    case SHOW_ROLES:
      List<String> allRoles = authorizer.getAllRoles();
      writeListToFileAfterSort(allRoles, roleDDLDesc.getResFile());

    }
    return getHivePrincipal(principal.getName(), principal.getType());
  }

  public static HivePrincipal getHivePrincipal(String name, PrincipalType type) throws HiveException {
    return new HivePrincipal(name, AuthorizationUtils.getHivePrincipalType(type));
  }

      throws HiveException {
    List<HivePrivilegeInfo> hivePrivs = new ArrayList<HivePrivilegeInfo>();
    for (HiveObjectPrivilege priv : privs) {
      PrivilegeGrantInfo grantorInfo = priv.getGrantInfo();
      HiveObjectRef privObject = priv.getHiveObject();
      HivePrincipal hivePrincipal =
          getHivePrincipal(priv.getPrincipalName(), priv.getPrincipalType());
      HivePrincipal grantor =
          getHivePrincipal(grantorInfo.getGrantor(), grantorInfo.getGrantorType());
      HivePrivilegeObject object = getHiveObjectRef(privObject);
      HivePrivilege privilege = new HivePrivilege(grantorInfo.getPrivilege(), null);
      hivePrivs.add(new HivePrivilegeInfo(hivePrincipal, privilege, object, grantor,
          grantorInfo.isGrantOption(), grantorInfo.getCreateTime()));

  private int grantOrRevokeRole(GrantRevokeRoleDDL grantOrRevokeRoleDDL)
      throws HiveException {
    HiveAuthorizer authorizer = getSessionAuthorizer();
    //convert to the types needed for plugin api
    HivePrincipal grantorPrinc = null;
    if(grantOrRevokeRoleDDL.getGrantor() != null){
      grantorPrinc = new HivePrincipal(grantOrRevokeRoleDDL.getGrantor(),
          AuthorizationUtils.getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType()));
    }
    List<HivePrincipal> principals =
        AuthorizationUtils.getHivePrincipals(grantOrRevokeRoleDDL.getPrincipalDesc());
    List<String> roles = grantOrRevokeRoleDDL.getRoles();

    //Convert to object types used by the authorization plugin interface
    List<HivePrincipal> hivePrincipals = AuthorizationUtils.getHivePrincipals(principals);
    List<HivePrivilege> hivePrivileges = AuthorizationUtils.getHivePrivileges(privileges);
    HivePrivilegeObject hivePrivObject = AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc);

    HivePrincipal grantorPrincipal = new HivePrincipal(
        grantor, AuthorizationUtils.getHivePrincipalType(grantorType));

    if(isGrant){
      authorizer.grantPrivileges(hivePrincipals, hivePrivileges, hivePrivObject,
          grantorPrincipal, grantOption);

        return compare;
      }
    });

    for (HivePrivilegeInfo privilege : privileges) {
      HivePrincipal principal = privilege.getPrincipal();
      HivePrivilegeObject resource = privilege.getObject();
      HivePrincipal grantor = privilege.getGrantorPrincipal();

      appendNonNull(builder, resource.getDbname(), true);
      appendNonNull(builder, resource.getObjectName());
      appendNonNull(builder, resource.getPartKeys());
      appendNonNull(builder, resource.getColumns());
      appendNonNull(builder, principal.getName());
      appendNonNull(builder, principal.getType());
      appendNonNull(builder, privilege.getPrivilege().getName());
      appendNonNull(builder, privilege.isGrantOption());
      appendNonNull(builder, testMode ? -1 : privilege.getGrantTime() * 1000L);
      appendNonNull(builder, grantor.getName());
    }
    return builder.toString();
  }

    switch (hPrincipal.getType()) {
    case USER:
      return hPrincipal;
    case ROLE:
      // lower case role names, for case insensitive behavior
      return new HivePrincipal(hPrincipal.getName().toLowerCase(), hPrincipal.getType());
    default:
      throw new HiveAuthzPluginException("Invalid principal type in principal " + hPrincipal);
    }
  }

    // check if required privileges is subset of available privileges
    List<String> deniedMessages = new ArrayList<String>();
    Collection<SQLPrivTypeGrant> missingPrivs = reqPrivileges.findMissingPrivs(availPrivs);
    SQLAuthorizationUtils.addMissingPrivMsg(missingPrivs, hivePrivObject, deniedMessages);
    SQLAuthorizationUtils.assertNoDeniedPermissions(new HivePrincipal(userName,
        HivePrincipalType.USER), opType, deniedMessages);
  }