/**
* Raise error if the given query contains transforms
*/
@Override
public void run(HookContext hookContext) throws Exception {
HiveAuthzBinding hiveAuthzBinding = HiveAuthzBinding.get(hookContext.getConf());
try {
QueryPlan qPlan = hookContext.getQueryPlan();
if ((qPlan == null) || (qPlan.getQueryProperties() == null)) {
return;
}
// validate server level permissions permission for transforms
if (qPlan.getQueryProperties().usesScript()) {
if (hiveAuthzBinding == null) {
LOG.warn("No authorization binding found, skipping the authorization for transform");
return;
}
List<List<DBModelAuthorizable>> inputHierarchy = new ArrayList<List<DBModelAuthorizable>> ();
List<List<DBModelAuthorizable>> outputHierarchy = new ArrayList<List<DBModelAuthorizable>> ();
List<DBModelAuthorizable> serverHierarchy = new ArrayList<DBModelAuthorizable>();
serverHierarchy.add(hiveAuthzBinding.getAuthServer());
inputHierarchy.add(serverHierarchy);
hiveAuthzBinding.authorize(HiveOperation.QUERY,
HiveAuthzPrivilegesMap.getHiveExtendedAuthzPrivileges(HiveExtendedOperation.TRANSFORM),
new Subject(hookContext.getUserName()), inputHierarchy, outputHierarchy);
}
} finally {
if (hiveAuthzBinding != null) {
hiveAuthzBinding.clear(hookContext.getConf());
}
}
}