public static List<HiveRoleGrant> getHiveRoleGrants(IMetaStoreClient client, String roleName) throws Exception { GetPrincipalsInRoleRequest request = new GetPrincipalsInRoleRequest(roleName); GetPrincipalsInRoleResponse princGrantInfo = client.get_principals_in_role(request); List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>(); for(RolePrincipalGrant thriftRoleGrant : princGrantInfo.getPrincipalGrants()){ hiveRoleGrants.add(new HiveRoleGrant(thriftRoleGrant)); } return hiveRoleGrants; }
private String writeHiveRoleGrantInfo(List<HiveRoleGrant> roleGrants, boolean testMode) { if (roleGrants == null || roleGrants.isEmpty()) { return ""; } StringBuilder builder = new StringBuilder(); // sort the list to get sorted (deterministic) output (for ease of testing) Collections.sort(roleGrants); for (HiveRoleGrant roleGrant : roleGrants) { // schema: // principal_name,principal_type,grant_option,grantor,grantor_type,grant_time appendNonNull(builder, roleGrant.getPrincipalName(), true); appendNonNull(builder, roleGrant.getPrincipalType()); appendNonNull(builder, roleGrant.isGrantOption()); appendNonNull(builder, roleGrant.getGrantor()); appendNonNull(builder, roleGrant.getGrantorType()); appendNonNull(builder, testMode ? -1 : roleGrant.getGrantTime() * 1000L); } return builder.toString(); }
static String writeRolesGrantedInfo(List<HiveRoleGrant> roles, boolean testMode) { if (roles == null || roles.isEmpty()) { return ""; } StringBuilder builder = new StringBuilder(); //sort the list to get sorted (deterministic) output (for ease of testing) Collections.sort(roles); for (HiveRoleGrant role : roles) { appendNonNull(builder, role.getRoleName(), true); appendNonNull(builder, role.isGrantOption()); appendNonNull(builder, testMode ? -1 : role.getGrantTime() * 1000L); appendNonNull(builder, role.getGrantor()); } return builder.toString(); }
private boolean doesUserHasAdminOption(List<String> roleNames) throws HiveAuthzPluginException { List<HiveRoleGrant> currentRoles; currentRoles = getCurrentRoles(); for (String roleName : roleNames) { boolean roleFound = false; for (HiveRoleGrant currentRole : currentRoles) { if (roleName.equalsIgnoreCase(currentRole.getRoleName())) { roleFound = true; if (!currentRole.isGrantOption()) { return false; } else { break; } } } if (!roleFound) { return false; } } return true; }
@Override public List<String> getCurrentRoleNames() throws HiveAuthzPluginException { List<String> roleNames = new ArrayList<String>(); for(HiveRoleGrant role : getCurrentRoles()){ roleNames.add(role.getRoleName()); } return roleNames; }
/** * @return true only if current role of user is Admin * @throws HiveAuthzPluginException */ boolean isUserAdmin() throws HiveAuthzPluginException { List<HiveRoleGrant> roles; roles = getCurrentRoles(); for (HiveRoleGrant role : roles) { if (role.getRoleName().equalsIgnoreCase(HiveMetaStore.ADMIN)) { return true; } } return false; }
private boolean doesUserHasAdminOption(List<String> roleNames) throws HiveAuthzPluginException { List<HiveRoleGrant> currentRoles; currentRoles = getCurrentRoles(); for (String roleName : roleNames) { boolean roleFound = false; for (HiveRoleGrant currentRole : currentRoles) { if (roleName.equalsIgnoreCase(currentRole.getRoleName())) { roleFound = true; if (!currentRole.isGrantOption()) { return false; } else { break; } } } if (!roleFound) { return false; } } return true; }
private String writeHiveRoleGrantInfo(List<HiveRoleGrant> roleGrants, boolean testMode) { if (roleGrants == null || roleGrants.isEmpty()) { return ""; } StringBuilder builder = new StringBuilder(); // sort the list to get sorted (deterministic) output (for ease of testing) Collections.sort(roleGrants); for (HiveRoleGrant roleGrant : roleGrants) { // schema: // principal_name,principal_type,grant_option,grantor,grantor_type,grant_time appendNonNull(builder, roleGrant.getPrincipalName(), true); appendNonNull(builder, roleGrant.getPrincipalType()); appendNonNull(builder, roleGrant.isGrantOption()); appendNonNull(builder, roleGrant.getGrantor()); appendNonNull(builder, roleGrant.getGrantorType()); appendNonNull(builder, testMode ? -1 : roleGrant.getGrantTime() * 1000L); } return builder.toString(); }
static String writeRolesGrantedInfo(List<HiveRoleGrant> roles, boolean testMode) { if (roles == null || roles.isEmpty()) { return ""; } StringBuilder builder = new StringBuilder(); //sort the list to get sorted (deterministic) output (for ease of testing) Collections.sort(roles); for (HiveRoleGrant role : roles) { appendNonNull(builder, role.getRoleName(), true); appendNonNull(builder, role.isGrantOption()); appendNonNull(builder, testMode ? -1 : role.getGrantTime() * 1000L); appendNonNull(builder, role.getGrantor()); } return builder.toString(); }
/** * @param roleName * @return true if roleName is the name of one of the roles (including the role hierarchy) * that the user belongs to. * @throws HiveAuthzPluginException */ private boolean userBelongsToRole(String roleName) throws HiveAuthzPluginException { for (HiveRoleGrant role : getRolesFromMS()) { // set to one of the roles user belongs to. if (role.getRoleName().equalsIgnoreCase(roleName)) { return true; } } return false; }
public static List<HiveRoleGrant> getHiveRoleGrants(IMetaStoreClient client, String roleName) throws Exception { GetPrincipalsInRoleRequest request = new GetPrincipalsInRoleRequest(roleName); GetPrincipalsInRoleResponse princGrantInfo = client.get_principals_in_role(request); List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>(); for(RolePrincipalGrant thriftRoleGrant : princGrantInfo.getPrincipalGrants()){ hiveRoleGrants.add(new HiveRoleGrant(thriftRoleGrant)); } return hiveRoleGrants; }
private boolean doesUserHasAdminOption(List<String> roleNames) throws HiveAuthzPluginException { List<HiveRoleGrant> currentRoles; currentRoles = getCurrentRoles(); for (String roleName : roleNames) { boolean roleFound = false; for (HiveRoleGrant currentRole : currentRoles) { if (roleName.equalsIgnoreCase(currentRole.getRoleName())) { roleFound = true; if (!currentRole.isGrantOption()) { return false; } else { break; } } } if (!roleFound) { return false; } } return true; }
private String writeHiveRoleGrantInfo(List<HiveRoleGrant> roleGrants, boolean testMode) { if (roleGrants == null || roleGrants.isEmpty()) { return ""; } StringBuilder builder = new StringBuilder(); // sort the list to get sorted (deterministic) output (for ease of testing) Collections.sort(roleGrants); for (HiveRoleGrant roleGrant : roleGrants) { // schema: // principal_name,principal_type,grant_option,grantor,grantor_type,grant_time appendNonNull(builder, roleGrant.getPrincipalName(), true); appendNonNull(builder, roleGrant.getPrincipalType()); appendNonNull(builder, roleGrant.isGrantOption()); appendNonNull(builder, roleGrant.getGrantor()); appendNonNull(builder, roleGrant.getGrantorType()); appendNonNull(builder, testMode ? -1 : roleGrant.getGrantTime() * 1000L); } return builder.toString(); }
static String writeRolesGrantedInfo(List<HiveRoleGrant> roles, boolean testMode) { if (roles == null || roles.isEmpty()) { return ""; } StringBuilder builder = new StringBuilder(); //sort the list to get sorted (deterministic) output (for ease of testing) Collections.sort(roles); for (HiveRoleGrant role : roles) { appendNonNull(builder, role.getRoleName(), true); appendNonNull(builder, role.isGrantOption()); appendNonNull(builder, testMode ? -1 : role.getGrantTime() * 1000L); appendNonNull(builder, role.getGrantor()); } return builder.toString(); }
@Override public List<String> getCurrentRoleNames() throws HiveAuthzPluginException { List<String> roleNames = new ArrayList<String>(); for(HiveRoleGrant role : getCurrentRoles()){ roleNames.add(role.getRoleName()); } return roleNames; }
/** * Add role names of parentRoles and its parents to processedRolesMap * * @param processedRolesMap * @param roleGrants * @throws TException * @throws HiveAuthzPluginException * @throws MetaException */ private void getAllRoleAncestors(Map<String, HiveRoleGrant> processedRolesMap, List<RolePrincipalGrant> roleGrants) throws MetaException, HiveAuthzPluginException, TException { for (RolePrincipalGrant parentRoleGrant : roleGrants) { String parentRoleName = parentRoleGrant.getRoleName(); if (processedRolesMap.get(parentRoleName) == null) { // unprocessed role: get its parents, add it to processed, and call this // function recursively List<RolePrincipalGrant> nextParentRoles = getRoleGrants(parentRoleName, PrincipalType.ROLE); processedRolesMap.put(parentRoleName, new HiveRoleGrant(parentRoleGrant)); getAllRoleAncestors(processedRolesMap, nextParentRoles); } } }
/** * @param roleName * @return true if roleName is the name of one of the roles (including the role hierarchy) * that the user belongs to. * @throws HiveAuthzPluginException */ private boolean userBelongsToRole(String roleName) throws HiveAuthzPluginException { for (HiveRoleGrant role : getRolesFromMS()) { // set to one of the roles user belongs to. if (role.getRoleName().equalsIgnoreCase(roleName)) { return true; } } return false; }
/** * Add role names of parentRoles and its parents to processedRolesMap * * @param processedRolesMap * @param roleGrants * @throws TException * @throws HiveAuthzPluginException * @throws MetaException */ private void getAllRoleAncestors(Map<String, HiveRoleGrant> processedRolesMap, List<RolePrincipalGrant> roleGrants) throws MetaException, HiveAuthzPluginException, TException { for (RolePrincipalGrant parentRoleGrant : roleGrants) { String parentRoleName = parentRoleGrant.getRoleName(); if (processedRolesMap.get(parentRoleName) == null) { // unprocessed role: get its parents, add it to processed, and call this // function recursively List<RolePrincipalGrant> nextParentRoles = getRoleGrants(parentRoleName, PrincipalType.ROLE); processedRolesMap.put(parentRoleName, new HiveRoleGrant(parentRoleGrant)); getAllRoleAncestors(processedRolesMap, nextParentRoles); } } }
/** * @return true only if current role of user is Admin * @throws HiveAuthzPluginException */ boolean isUserAdmin() throws HiveAuthzPluginException { List<HiveRoleGrant> roles; roles = getCurrentRoles(); for (HiveRoleGrant role : roles) { if (role.getRoleName().equalsIgnoreCase(HiveMetaStore.ADMIN)) { return true; } } return false; }
@Override public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) throws HiveAuthzPluginException, HiveAccessControlException { PrincipalType type = AuthorizationUtils.getThriftPrincipalType(principal.getType()); try { List<HiveRoleGrant> grants = new ArrayList<HiveRoleGrant>(); Hive hive = Hive.getWithFastCheck(this.conf); for (RolePrincipalGrant grant : hive.getRoleGrantInfoForPrincipal(principal.getName(), type)) { grants.add(new HiveRoleGrant(grant)); } return grants; } catch (HiveException e) { throw new HiveAuthzPluginException(e); } }