http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java index f9bd64b..3f18605 100644 --- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java +++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java @@ -810,7 +810,7 @@ public class HiveMetaStore extends ThriftHiveMetastore { PrivilegeBag privs = new PrivilegeBag(); privs.addToPrivileges(new HiveObjectPrivilege( new HiveObjectRef(HiveObjectType.GLOBAL, null, null, null, null), ADMIN, PrincipalType.ROLE, new PrivilegeGrantInfo("All", 0, ADMIN, - PrincipalType.ROLE, true))); + PrincipalType.ROLE, true), "SQL")); try { ms.grantPrivileges(privs); } catch (InvalidObjectException e) { @@ -6242,14 +6242,14 @@ public class HiveMetaStore extends ThriftHiveMetastore { } @Override - public GrantRevokePrivilegeResponse refresh_privileges(HiveObjectRef objToRefresh, + public GrantRevokePrivilegeResponse refresh_privileges(HiveObjectRef objToRefresh, String authorizer, GrantRevokePrivilegeRequest grantRequest) throws TException { incrementCounter("refresh_privileges"); firePreEvent(new PreAuthorizationCallEvent(this)); GrantRevokePrivilegeResponse response = new GrantRevokePrivilegeResponse(); try { - boolean result = getMS().refreshPrivileges(objToRefresh, grantRequest.getPrivileges()); + boolean result = getMS().refreshPrivileges(objToRefresh, authorizer, grantRequest.getPrivileges()); response.setSuccess(result); } catch (MetaException e) { throw e;
http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java index 23cf7e4..2965e72 100644 --- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java +++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java @@ -2277,7 +2277,7 @@ public class HiveMetaStoreClient implements IMetaStoreClient, AutoCloseable { } @Override - public boolean refresh_privileges(HiveObjectRef objToRefresh, + public boolean refresh_privileges(HiveObjectRef objToRefresh, String authorizer, PrivilegeBag grantPrivileges) throws MetaException, TException { String defaultCat = getDefaultCatalog(conf); @@ -2294,7 +2294,7 @@ public class HiveMetaStoreClient implements IMetaStoreClient, AutoCloseable { grantReq.setRequestType(GrantRevokeType.GRANT); grantReq.setPrivileges(grantPrivileges); - GrantRevokePrivilegeResponse res = client.refresh_privileges(objToRefresh, grantReq); + GrantRevokePrivilegeResponse res = client.refresh_privileges(objToRefresh, authorizer, grantReq); if (!res.isSetSuccess()) { throw new MetaException("GrantRevokePrivilegeResponse missing success field"); } http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java index 09f9bb1..7ba286a 100644 --- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java +++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java @@ -2567,12 +2567,13 @@ public interface IMetaStoreClient { /** * @param revokePrivileges + * @param authorizer * @param objToRefresh * @return true on success * @throws MetaException * @throws TException */ - boolean refresh_privileges(HiveObjectRef objToRefresh, PrivilegeBag grantPrivileges) + boolean refresh_privileges(HiveObjectRef objToRefresh, String authorizer, PrivilegeBag grantPrivileges) throws MetaException, TException; /** http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java index 61c565c..e475be8 100644 --- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java +++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java @@ -1094,7 +1094,7 @@ public class ObjectStore implements RawStore, Configurable { MDatabase db = getMDatabase(catName, dbname); pm.retrieve(db); if (db != null) { - List<MDBPrivilege> dbGrants = this.listDatabaseGrants(catName, dbname, queryWrapper); + List<MDBPrivilege> dbGrants = this.listDatabaseGrants(catName, dbname, null, queryWrapper); if (CollectionUtils.isNotEmpty(dbGrants)) { pm.deletePersistentAll(dbGrants); } @@ -1311,13 +1311,13 @@ public class ObjectStore implements RawStore, Configurable { int now = (int)(System.currentTimeMillis()/1000); Map<String, List<PrivilegeGrantInfo>> userPrivs = principalPrivs.getUserPrivileges(); - putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, userPrivs, PrincipalType.USER); + putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, userPrivs, PrincipalType.USER, "SQL"); Map<String, List<PrivilegeGrantInfo>> groupPrivs = principalPrivs.getGroupPrivileges(); - putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, groupPrivs, PrincipalType.GROUP); + putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, groupPrivs, PrincipalType.GROUP, "SQL"); Map<String, List<PrivilegeGrantInfo>> rolePrivs = principalPrivs.getRolePrivileges(); - putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, rolePrivs, PrincipalType.ROLE); + putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, rolePrivs, PrincipalType.ROLE, "SQL"); } pm.makePersistentAll(toPersistPrivObjs); commited = commitTransaction(); @@ -1347,7 +1347,7 @@ public class ObjectStore implements RawStore, Configurable { * @param type */ private void putPersistentPrivObjects(MTable mtbl, List<Object> toPersistPrivObjs, - int now, Map<String, List<PrivilegeGrantInfo>> privMap, PrincipalType type) { + int now, Map<String, List<PrivilegeGrantInfo>> privMap, PrincipalType type, String authorizer) { if (privMap != null) { for (Map.Entry<String, List<PrivilegeGrantInfo>> entry : privMap .entrySet()) { @@ -1361,7 +1361,7 @@ public class ObjectStore implements RawStore, Configurable { MTablePrivilege mTblSec = new MTablePrivilege( principalName, type.toString(), mtbl, priv.getPrivilege(), now, priv.getGrantor(), priv.getGrantorType().toString(), priv - .isGrantOption()); + .isGrantOption(), authorizer); toPersistPrivObjs.add(mTblSec); } } @@ -2239,7 +2239,8 @@ public class ObjectStore implements RawStore, Configurable { for (MTablePrivilege tab: tabGrants) { toPersist.add(new MPartitionPrivilege(tab.getPrincipalName(), tab.getPrincipalType(), mpart, tab.getPrivilege(), now, - tab.getGrantor(), tab.getGrantorType(), tab.getGrantOption())); + tab.getGrantor(), tab.getGrantorType(), tab.getGrantOption(), + tab.getAuthorizer())); } } @@ -2247,7 +2248,8 @@ public class ObjectStore implements RawStore, Configurable { for (MTableColumnPrivilege col : tabColumnGrants) { toPersist.add(new MPartitionColumnPrivilege(col.getPrincipalName(), col.getPrincipalType(), mpart, col.getColumnName(), col.getPrivilege(), - now, col.getGrantor(), col.getGrantorType(), col.getGrantOption())); + now, col.getGrantor(), col.getGrantorType(), col.getGrantOption(), + col.getAuthorizer())); } } } @@ -2311,7 +2313,8 @@ public class ObjectStore implements RawStore, Configurable { for (MTablePrivilege tab : tabGrants) { pm.makePersistent(new MPartitionPrivilege(tab.getPrincipalName(), tab.getPrincipalType(), mpart, tab.getPrivilege(), now, - tab.getGrantor(), tab.getGrantorType(), tab.getGrantOption())); + tab.getGrantor(), tab.getGrantorType(), tab.getGrantOption(), + tab.getAuthorizer())); } } @@ -2319,7 +2322,8 @@ public class ObjectStore implements RawStore, Configurable { for (MTableColumnPrivilege col : tabColumnGrants) { pm.makePersistent(new MPartitionColumnPrivilege(col.getPrincipalName(), col.getPrincipalType(), mpart, col.getColumnName(), col.getPrivilege(), - now, col.getGrantor(), col.getGrantorType(), col.getGrantOption())); + now, col.getGrantor(), col.getGrantorType(), col.getGrantOption(), + col.getAuthorizer())); } } } @@ -2360,7 +2364,7 @@ public class ObjectStore implements RawStore, Configurable { MPartitionPrivilege partGrant = new MPartitionPrivilege(tab .getPrincipalName(), tab.getPrincipalType(), mpart, tab.getPrivilege(), now, tab.getGrantor(), tab - .getGrantorType(), tab.getGrantOption()); + .getGrantorType(), tab.getGrantOption(), tab.getAuthorizer()); toPersist.add(partGrant); } } @@ -2370,7 +2374,7 @@ public class ObjectStore implements RawStore, Configurable { MPartitionColumnPrivilege partColumn = new MPartitionColumnPrivilege(col .getPrincipalName(), col.getPrincipalType(), mpart, col .getColumnName(), col.getPrivilege(), now, col.getGrantor(), col - .getGrantorType(), col.getGrantOption()); + .getGrantorType(), col.getGrantOption(), col.getAuthorizer()); toPersist.add(partColumn); } @@ -5630,6 +5634,7 @@ public class ObjectStore implements RawStore, Configurable { String privilegeStr = privDef.getGrantInfo().getPrivilege(); String[] privs = privilegeStr.split(","); String userName = privDef.getPrincipalName(); + String authorizer = privDef.getAuthorizer(); PrincipalType principalType = privDef.getPrincipalType(); String grantor = privDef.getGrantInfo().getGrantor(); String grantorType = privDef.getGrantInfo().getGrantorType().toString(); @@ -5644,7 +5649,7 @@ public class ObjectStore implements RawStore, Configurable { getDefaultCatalog(conf); if (hiveObject.getObjectType() == HiveObjectType.GLOBAL) { List<MGlobalPrivilege> globalPrivs = this - .listPrincipalMGlobalGrants(userName, principalType); + .listPrincipalMGlobalGrants(userName, principalType, authorizer); if (globalPrivs != null) { for (MGlobalPrivilege priv : globalPrivs) { if (priv.getGrantor().equalsIgnoreCase(grantor)) { @@ -5658,14 +5663,15 @@ public class ObjectStore implements RawStore, Configurable { + " is already granted by " + grantor); } MGlobalPrivilege mGlobalPrivs = new MGlobalPrivilege(userName, - principalType.toString(), privilege, now, grantor, grantorType, grantOption); + principalType.toString(), privilege, now, grantor, grantorType, grantOption, + authorizer); persistentObjs.add(mGlobalPrivs); } } else if (hiveObject.getObjectType() == HiveObjectType.DATABASE) { MDatabase dbObj = getMDatabase(catName, hiveObject.getDbName()); if (dbObj != null) { List<MDBPrivilege> dbPrivs = this.listPrincipalMDBGrants( - userName, principalType, catName, hiveObject.getDbName()); + userName, principalType, catName, hiveObject.getDbName(), authorizer); if (dbPrivs != null) { for (MDBPrivilege priv : dbPrivs) { if (priv.getGrantor().equalsIgnoreCase(grantor)) { @@ -5680,7 +5686,7 @@ public class ObjectStore implements RawStore, Configurable { + hiveObject.getDbName() + " by " + grantor); } MDBPrivilege mDb = new MDBPrivilege(userName, principalType - .toString(), dbObj, privilege, now, grantor, grantorType, grantOption); + .toString(), dbObj, privilege, now, grantor, grantorType, grantOption, authorizer); persistentObjs.add(mDb); } } @@ -5690,7 +5696,7 @@ public class ObjectStore implements RawStore, Configurable { if (tblObj != null) { List<MTablePrivilege> tablePrivs = this .listAllMTableGrants(userName, principalType, - catName, hiveObject.getDbName(), hiveObject.getObjectName()); + catName, hiveObject.getDbName(), hiveObject.getObjectName(), authorizer); if (tablePrivs != null) { for (MTablePrivilege priv : tablePrivs) { if (priv.getGrantor() != null @@ -5708,7 +5714,7 @@ public class ObjectStore implements RawStore, Configurable { } MTablePrivilege mTab = new MTablePrivilege( userName, principalType.toString(), tblObj, - privilege, now, grantor, grantorType, grantOption); + privilege, now, grantor, grantorType, grantOption, authorizer); persistentObjs.add(mTab); } } @@ -5721,7 +5727,7 @@ public class ObjectStore implements RawStore, Configurable { List<MPartitionPrivilege> partPrivs = this .listPrincipalMPartitionGrants(userName, principalType, catName, hiveObject.getDbName(), hiveObject - .getObjectName(), partObj.getPartitionName()); + .getObjectName(), partObj.getPartitionName(), authorizer); if (partPrivs != null) { for (MPartitionPrivilege priv : partPrivs) { if (priv.getGrantor().equalsIgnoreCase(grantor)) { @@ -5739,7 +5745,7 @@ public class ObjectStore implements RawStore, Configurable { } MPartitionPrivilege mTab = new MPartitionPrivilege(userName, principalType.toString(), partObj, privilege, now, grantor, - grantorType, grantOption); + grantorType, grantOption, authorizer); persistentObjs.add(mTab); } } @@ -5758,7 +5764,7 @@ public class ObjectStore implements RawStore, Configurable { colPrivs = this.listPrincipalMPartitionColumnGrants( userName, principalType, catName, hiveObject.getDbName(), hiveObject .getObjectName(), partObj.getPartitionName(), - hiveObject.getColumnName()); + hiveObject.getColumnName(), authorizer); if (colPrivs != null) { for (MPartitionColumnPrivilege priv : colPrivs) { @@ -5779,7 +5785,7 @@ public class ObjectStore implements RawStore, Configurable { MPartitionColumnPrivilege mCol = new MPartitionColumnPrivilege(userName, principalType.toString(), partObj, hiveObject .getColumnName(), privilege, now, grantor, grantorType, - grantOption); + grantOption, authorizer); persistentObjs.add(mCol); } @@ -5787,7 +5793,7 @@ public class ObjectStore implements RawStore, Configurable { List<MTableColumnPrivilege> colPrivs = null; colPrivs = this.listPrincipalMTableColumnGrants( userName, principalType, catName, hiveObject.getDbName(), hiveObject - .getObjectName(), hiveObject.getColumnName()); + .getObjectName(), hiveObject.getColumnName(), authorizer); if (colPrivs != null) { for (MTableColumnPrivilege priv : colPrivs) { @@ -5807,7 +5813,7 @@ public class ObjectStore implements RawStore, Configurable { MTableColumnPrivilege mCol = new MTableColumnPrivilege(userName, principalType.toString(), tblObj, hiveObject .getColumnName(), privilege, now, grantor, grantorType, - grantOption); + grantOption, authorizer); persistentObjs.add(mCol); } } @@ -6088,7 +6094,7 @@ public class ObjectStore implements RawStore, Configurable { } @Override - public boolean refreshPrivileges(HiveObjectRef objToRefresh, PrivilegeBag grantPrivileges) + public boolean refreshPrivileges(HiveObjectRef objToRefresh, String authorizer, PrivilegeBag grantPrivileges) throws InvalidObjectException, MetaException, NoSuchObjectException { boolean committed = false; try { @@ -6103,15 +6109,15 @@ public class ObjectStore implements RawStore, Configurable { getDefaultCatalog(conf); switch (objToRefresh.getObjectType()) { case DATABASE: - grants = this.listDBGrantsAll(catName, objToRefresh.getDbName()); + grants = this.listDBGrantsAll(catName, objToRefresh.getDbName(), authorizer); break; case TABLE: - grants = listTableGrantsAll(catName, objToRefresh.getDbName(), objToRefresh.getObjectName()); + grants = listTableGrantsAll(catName, objToRefresh.getDbName(), objToRefresh.getObjectName(), authorizer); break; case COLUMN: Preconditions.checkArgument(objToRefresh.getColumnName()==null, "columnName must be null"); grants = convertTableCols(listTableAllColumnGrants(catName, - objToRefresh.getDbName(), objToRefresh.getObjectName())); + objToRefresh.getDbName(), objToRefresh.getObjectName(), authorizer)); break; default: throw new MetaException("Unexpected object type " + objToRefresh.getObjectType()); @@ -6205,9 +6211,14 @@ public class ObjectStore implements RawStore, Configurable { return rolePrinGrantList; } + private List<MGlobalPrivilege> listPrincipalMGlobalGrants(String principalName, + PrincipalType principalType) { + return listPrincipalMGlobalGrants(principalName, principalType, null); + } + @SuppressWarnings("unchecked") private List<MGlobalPrivilege> listPrincipalMGlobalGrants(String principalName, - PrincipalType principalType) { + PrincipalType principalType, String authorizer) { boolean commited = false; Query query = null; List<MGlobalPrivilege> userNameDbPriv = new ArrayList<>(); @@ -6215,10 +6226,18 @@ public class ObjectStore implements RawStore, Configurable { List<MGlobalPrivilege> mPrivs = null; openTransaction(); if (principalName != null) { - query = pm.newQuery(MGlobalPrivilege.class, "principalName == t1 && principalType == t2 "); - query.declareParameters("java.lang.String t1, java.lang.String t2"); - mPrivs = (List<MGlobalPrivilege>) query - .executeWithArray(principalName, principalType.toString()); + if (authorizer != null) { + query = pm.newQuery(MGlobalPrivilege.class, "principalName == t1 && principalType == t2 " + + "&& authorizer == t3"); + query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3"); + mPrivs = (List<MGlobalPrivilege>) query + .executeWithArray(principalName, principalType.toString(), authorizer); + } else { + query = pm.newQuery(MGlobalPrivilege.class, "principalName == t1 && principalType == t2 "); + query.declareParameters("java.lang.String t1, java.lang.String t2"); + mPrivs = (List<MGlobalPrivilege>) query + .executeWithArray(principalName, principalType.toString()); + } pm.retrieveAll(mPrivs); } commited = commitTransaction(); @@ -6248,7 +6267,8 @@ public class ObjectStore implements RawStore, Configurable { objectRef, sUsr.getPrincipalName(), principalType, new PrivilegeGrantInfo(sUsr.getPrivilege(), sUsr .getCreateTime(), sUsr.getGrantor(), PrincipalType - .valueOf(sUsr.getGrantorType()), sUsr.getGrantOption())); + .valueOf(sUsr.getGrantorType()), sUsr.getGrantOption()), + sUsr.getAuthorizer()); result.add(secUser); } return result; @@ -6274,20 +6294,26 @@ public class ObjectStore implements RawStore, Configurable { List<HiveObjectPrivilege> result = new ArrayList<>(); for (MGlobalPrivilege priv : privs) { String pname = priv.getPrincipalName(); + String authorizer = priv.getAuthorizer(); PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType()); HiveObjectRef objectRef = new HiveObjectRef(HiveObjectType.GLOBAL, null, null, null, null); PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(), priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption()); - result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor)); + result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor, authorizer)); } return result; } - @SuppressWarnings("unchecked") private List<MDBPrivilege> listPrincipalMDBGrants(String principalName, PrincipalType principalType, String catName, String dbName) { + return listPrincipalMDBGrants(principalName, principalType, catName, dbName, null); + } + + @SuppressWarnings("unchecked") + private List<MDBPrivilege> listPrincipalMDBGrants(String principalName, + PrincipalType principalType, String catName, String dbName, String authorizer) { boolean success = false; Query query = null; List<MDBPrivilege> mSecurityDBList = new ArrayList<>(); @@ -6296,14 +6322,24 @@ public class ObjectStore implements RawStore, Configurable { LOG.debug("Executing listPrincipalDBGrants"); openTransaction(); - query = - pm.newQuery(MDBPrivilege.class, - "principalName == t1 && principalType == t2 && database.name == t3 && database.catalogName == t4"); - query.declareParameters( - "java.lang.String t1, java.lang.String t2, java.lang.String t3, java.lang.String t4"); - List<MDBPrivilege> mPrivs = - (List<MDBPrivilege>) query.executeWithArray(principalName, principalType.toString(), - dbName, catName); + List<MDBPrivilege> mPrivs; + if (authorizer != null) { + query = pm.newQuery(MDBPrivilege.class, + "principalName == t1 && principalType == t2 && database.name == t3 && " + + "database.catalogName == t4 && authorizer == t5"); + query.declareParameters( + "java.lang.String t1, java.lang.String t2, java.lang.String t3, java.lang.String t4, " + + "java.lang.String t5"); + mPrivs = (List<MDBPrivilege>) query.executeWithArray(principalName, principalType.toString(), + dbName, catName, authorizer); + } else { + query = pm.newQuery(MDBPrivilege.class, + "principalName == t1 && principalType == t2 && database.name == t3 && database.catalogName == t4"); + query.declareParameters( + "java.lang.String t1, java.lang.String t2, java.lang.String t3, java.lang.String t4"); + mPrivs = (List<MDBPrivilege>) query.executeWithArray(principalName, principalType.toString(), + dbName, catName); + } pm.retrieveAll(mPrivs); success = commitTransaction(); @@ -6333,7 +6369,7 @@ public class ObjectStore implements RawStore, Configurable { sDB.getPrincipalName(), principalType, new PrivilegeGrantInfo(sDB.getPrivilege(), sDB .getCreateTime(), sDB.getGrantor(), PrincipalType - .valueOf(sDB.getGrantorType()), sDB.getGrantOption())); + .valueOf(sDB.getGrantorType()), sDB.getGrantOption()), sDB.getAuthorizer()); result.add(secObj); } return result; @@ -6352,9 +6388,13 @@ public class ObjectStore implements RawStore, Configurable { @Override public List<HiveObjectPrivilege> listDBGrantsAll(String catName, String dbName) { + return listDBGrantsAll(catName, dbName, null); + } + + private List<HiveObjectPrivilege> listDBGrantsAll(String catName, String dbName, String authorizer) { QueryWrapper queryWrapper = new QueryWrapper(); try { - return convertDB(listDatabaseGrants(catName, dbName, queryWrapper)); + return convertDB(listDatabaseGrants(catName, dbName, authorizer, queryWrapper)); } finally { queryWrapper.close(); } @@ -6364,6 +6404,7 @@ public class ObjectStore implements RawStore, Configurable { List<HiveObjectPrivilege> result = new ArrayList<>(); for (MDBPrivilege priv : privs) { String pname = priv.getPrincipalName(); + String authorizer = priv.getAuthorizer(); PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType()); String database = priv.getDatabase().getName(); @@ -6373,7 +6414,7 @@ public class ObjectStore implements RawStore, Configurable { PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(), priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption()); - result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor)); + result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor, authorizer)); } return result; } @@ -6471,9 +6512,14 @@ public class ObjectStore implements RawStore, Configurable { return mSecurityTabPartList; } - @SuppressWarnings("unchecked") private List<MTableColumnPrivilege> listTableAllColumnGrants( String catName, String dbName, String tableName) { + return listTableAllColumnGrants(catName, dbName, tableName, null); + } + + @SuppressWarnings("unchecked") + private List<MTableColumnPrivilege> listTableAllColumnGrants( + String catName, String dbName, String tableName, String authorizer) { boolean success = false; Query query = null; List<MTableColumnPrivilege> mTblColPrivilegeList = new ArrayList<>(); @@ -6484,12 +6530,21 @@ public class ObjectStore implements RawStore, Configurable { LOG.debug("Executing listTableAllColumnGrants"); openTransaction(); - String queryStr = "table.tableName == t1 && table.database.name == t2 &&" + - "table.database.catalogName == t3"; - query = pm.newQuery(MTableColumnPrivilege.class, queryStr); - query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3"); - List<MTableColumnPrivilege> mPrivs = - (List<MTableColumnPrivilege>) query.executeWithArray(tableName, dbName, catName); + List<MTableColumnPrivilege> mPrivs = null; + if (authorizer != null) { + String queryStr = "table.tableName == t1 && table.database.name == t2 &&" + + "table.database.catalogName == t3 && authorizer == t4"; + query = pm.newQuery(MTableColumnPrivilege.class, queryStr); + query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, " + + "java.lang.String t4"); + mPrivs = (List<MTableColumnPrivilege>) query.executeWithArray(tableName, dbName, catName, authorizer); + } else { + String queryStr = "table.tableName == t1 && table.database.name == t2 &&" + + "table.database.catalogName == t3"; + query = pm.newQuery(MTableColumnPrivilege.class, queryStr); + query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3"); + mPrivs = (List<MTableColumnPrivilege>) query.executeWithArray(tableName, dbName, catName); + } pm.retrieveAll(mPrivs); success = commitTransaction(); @@ -6571,7 +6626,8 @@ public class ObjectStore implements RawStore, Configurable { } @SuppressWarnings("unchecked") - private List<MDBPrivilege> listDatabaseGrants(String catName, String dbName, QueryWrapper queryWrapper) { + private List<MDBPrivilege> listDatabaseGrants(String catName, String dbName, + String authorizer, QueryWrapper queryWrapper) { dbName = normalizeIdentifier(dbName); catName = normalizeIdentifier(catName); boolean success = false; @@ -6579,11 +6635,18 @@ public class ObjectStore implements RawStore, Configurable { LOG.debug("Executing listDatabaseGrants"); openTransaction(); - Query query = queryWrapper.query = pm.newQuery(MDBPrivilege.class, - "database.name == t1 && database.catalogName == t2"); - query.declareParameters("java.lang.String t1, java.lang.String t2"); - List<MDBPrivilege> mSecurityDBList = - (List<MDBPrivilege>) query.executeWithArray(dbName, catName); + List<MDBPrivilege> mSecurityDBList = null; + if (authorizer != null) { + Query query = queryWrapper.query = pm.newQuery(MDBPrivilege.class, + "database.name == t1 && database.catalogName == t2 && authorizer == t3"); + query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3"); + mSecurityDBList = (List<MDBPrivilege>) query.executeWithArray(dbName, catName, authorizer); + } else { + Query query = queryWrapper.query = pm.newQuery(MDBPrivilege.class, + "database.name == t1 && database.catalogName == t2"); + query.declareParameters("java.lang.String t1, java.lang.String t2"); + mSecurityDBList = (List<MDBPrivilege>) query.executeWithArray(dbName, catName); + } pm.retrieveAll(mSecurityDBList); success = commitTransaction(); LOG.debug("Done retrieving all objects for listDatabaseGrants"); @@ -6662,10 +6725,16 @@ public class ObjectStore implements RawStore, Configurable { return new ObjectPair<>(query, params); } - @SuppressWarnings("unchecked") private List<MTablePrivilege> listAllMTableGrants( String principalName, PrincipalType principalType, String catName, String dbName, String tableName) { + return listAllMTableGrants(principalName, principalType, catName, dbName, tableName, null); + } + + @SuppressWarnings("unchecked") + private List<MTablePrivilege> listAllMTableGrants( + String principalName, PrincipalType principalType, String catName, String dbName, + String tableName, String authorizer) { tableName = normalizeIdentifier(tableName); dbName = normalizeIdentifier(dbName); catName = normalizeIdentifier(catName); @@ -6675,16 +6744,24 @@ public class ObjectStore implements RawStore, Configurable { try { openTransaction(); LOG.debug("Executing listAllTableGrants"); - query = - pm.newQuery(MTablePrivilege.class, - "principalName == t1 && principalType == t2 && table.tableName == t3 &&" + - "table.database.name == t4 && table.database.catalogName == t5"); - query - .declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3," + - "java.lang.String t4, java.lang.String t5"); - List<MTablePrivilege> mPrivs = - (List<MTablePrivilege>) query.executeWithArray(principalName, principalType.toString(), - tableName, dbName, catName); + List<MTablePrivilege> mPrivs; + if (authorizer != null) { + query = pm.newQuery(MTablePrivilege.class, + "principalName == t1 && principalType == t2 && table.tableName == t3 &&" + + "table.database.name == t4 && table.database.catalogName == t5 && authorizer == t6"); + query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3," + + "java.lang.String t4, java.lang.String t5, java.lang.String t6"); + mPrivs = (List<MTablePrivilege>) query.executeWithArray(principalName, principalType.toString(), + tableName, dbName, catName, authorizer); + } else { + query = pm.newQuery(MTablePrivilege.class, + "principalName == t1 && principalType == t2 && table.tableName == t3 &&" + + "table.database.name == t4 && table.database.catalogName == t5"); + query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3," + + "java.lang.String t4, java.lang.String t5"); + mPrivs = (List<MTablePrivilege>) query.executeWithArray(principalName, principalType.toString(), + tableName, dbName, catName); + } pm.retrieveAll(mPrivs); success = commitTransaction(); @@ -6718,16 +6795,22 @@ public class ObjectStore implements RawStore, Configurable { sTbl.getPrincipalName(), principalType, new PrivilegeGrantInfo(sTbl.getPrivilege(), sTbl.getCreateTime(), sTbl .getGrantor(), PrincipalType.valueOf(sTbl - .getGrantorType()), sTbl.getGrantOption())); + .getGrantorType()), sTbl.getGrantOption()), sTbl.getAuthorizer()); result.add(secObj); } return result; } - @SuppressWarnings("unchecked") private List<MPartitionPrivilege> listPrincipalMPartitionGrants( String principalName, PrincipalType principalType, String catName, String dbName, String tableName, String partName) { + return listPrincipalMPartitionGrants(principalName, principalType, catName, dbName, tableName, partName, null); + } + + @SuppressWarnings("unchecked") + private List<MPartitionPrivilege> listPrincipalMPartitionGrants( + String principalName, PrincipalType principalType, String catName, String dbName, + String tableName, String partName, String authorizer) { boolean success = false; Query query = null; tableName = normalizeIdentifier(tableName); @@ -6738,17 +6821,26 @@ public class ObjectStore implements RawStore, Configurable { LOG.debug("Executing listPrincipalPartitionGrants"); openTransaction(); - query = - pm.newQuery(MPartitionPrivilege.class, - "principalName == t1 && principalType == t2 && partition.table.tableName == t3 " - + "&& partition.table.database.name == t4 && partition.table.database.catalogName == t5" - + "&& partition.partitionName == t6"); - query - .declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, java.lang.String t4, " - + "java.lang.String t5, java.lang.String t6"); - List<MPartitionPrivilege> mPrivs = - (List<MPartitionPrivilege>) query.executeWithArray(principalName, - principalType.toString(), tableName, dbName, catName, partName); + List<MPartitionPrivilege> mPrivs; + if (authorizer != null) { + query = pm.newQuery(MPartitionPrivilege.class, + "principalName == t1 && principalType == t2 && partition.table.tableName == t3 " + + "&& partition.table.database.name == t4 && partition.table.database.catalogName == t5" + + "&& partition.partitionName == t6 && authorizer == t7"); + query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, java.lang.String t4, " + + "java.lang.String t5, java.lang.String t6, java.lang.String t7"); + mPrivs = (List<MPartitionPrivilege>) query.executeWithArray(principalName, + principalType.toString(), tableName, dbName, catName, partName, authorizer); + } else { + query = pm.newQuery(MPartitionPrivilege.class, + "principalName == t1 && principalType == t2 && partition.table.tableName == t3 " + + "&& partition.table.database.name == t4 && partition.table.database.catalogName == t5" + + "&& partition.partitionName == t6"); + query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, java.lang.String t4, " + + "java.lang.String t5, java.lang.String t6"); + mPrivs = (List<MPartitionPrivilege>) query.executeWithArray(principalName, + principalType.toString(), tableName, dbName, catName, partName); + } pm.retrieveAll(mPrivs); success = commitTransaction(); @@ -6785,17 +6877,24 @@ public class ObjectStore implements RawStore, Configurable { new PrivilegeGrantInfo(sPart.getPrivilege(), sPart .getCreateTime(), sPart.getGrantor(), PrincipalType .valueOf(sPart.getGrantorType()), sPart - .getGrantOption())); + .getGrantOption()), sPart.getAuthorizer()); result.add(secObj); } return result; } - @SuppressWarnings("unchecked") private List<MTableColumnPrivilege> listPrincipalMTableColumnGrants( String principalName, PrincipalType principalType, String catName, String dbName, String tableName, String columnName) { + return listPrincipalMTableColumnGrants(principalName, principalType, catName, dbName, tableName, + columnName, null); + } + + @SuppressWarnings("unchecked") + private List<MTableColumnPrivilege> listPrincipalMTableColumnGrants( + String principalName, PrincipalType principalType, String catName, String dbName, + String tableName, String columnName, String authorizer) { boolean success = false; Query query = null; tableName = normalizeIdentifier(tableName); @@ -6806,16 +6905,28 @@ public class ObjectStore implements RawStore, Configurable { LOG.debug("Executing listPrincipalTableColumnGrants"); openTransaction(); - String queryStr = - "principalName == t1 && principalType == t2 && " - + "table.tableName == t3 && table.database.name == t4 && " + - "table.database.catalogName == t5 && columnName == t6 "; - query = pm.newQuery(MTableColumnPrivilege.class, queryStr); - query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, " - + "java.lang.String t4, java.lang.String t5, java.lang.String t6"); - List<MTableColumnPrivilege> mPrivs = - (List<MTableColumnPrivilege>) query.executeWithArray(principalName, - principalType.toString(), tableName, dbName, catName, columnName); + List<MTableColumnPrivilege> mPrivs; + if (authorizer != null) { + String queryStr = + "principalName == t1 && principalType == t2 && " + + "table.tableName == t3 && table.database.name == t4 && " + + "table.database.catalogName == t5 && columnName == t6 && authorizer == t7"; + query = pm.newQuery(MTableColumnPrivilege.class, queryStr); + query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, " + + "java.lang.String t4, java.lang.String t5, java.lang.String t6, java.lang.String t7"); + mPrivs = (List<MTableColumnPrivilege>) query.executeWithArray(principalName, + principalType.toString(), tableName, dbName, catName, columnName, authorizer); + } else { + String queryStr = + "principalName == t1 && principalType == t2 && " + + "table.tableName == t3 && table.database.name == t4 && " + + "table.database.catalogName == t5 && columnName == t6 "; + query = pm.newQuery(MTableColumnPrivilege.class, queryStr); + query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, " + + "java.lang.String t4, java.lang.String t5, java.lang.String t6"); + mPrivs = (List<MTableColumnPrivilege>) query.executeWithArray(principalName, + principalType.toString(), tableName, dbName, catName, columnName); + } pm.retrieveAll(mPrivs); success = commitTransaction(); @@ -6851,16 +6962,23 @@ public class ObjectStore implements RawStore, Configurable { new PrivilegeGrantInfo(sCol.getPrivilege(), sCol .getCreateTime(), sCol.getGrantor(), PrincipalType .valueOf(sCol.getGrantorType()), sCol - .getGrantOption())); + .getGrantOption()), sCol.getAuthorizer()); result.add(secObj); } return result; } - @SuppressWarnings("unchecked") private List<MPartitionColumnPrivilege> listPrincipalMPartitionColumnGrants( String principalName, PrincipalType principalType, String catName, String dbName, String tableName, String partitionName, String columnName) { + return listPrincipalMPartitionColumnGrants(principalName, principalType, catName, dbName, + tableName, partitionName, columnName, null); + } + + @SuppressWarnings("unchecked") + private List<MPartitionColumnPrivilege> listPrincipalMPartitionColumnGrants( + String principalName, PrincipalType principalType, String catName, String dbName, + String tableName, String partitionName, String columnName, String authorizer) { boolean success = false; Query query = null; tableName = normalizeIdentifier(tableName); @@ -6872,16 +6990,29 @@ public class ObjectStore implements RawStore, Configurable { LOG.debug("Executing listPrincipalPartitionColumnGrants"); openTransaction(); - query = pm.newQuery( - MPartitionColumnPrivilege.class, - "principalName == t1 && principalType == t2 && partition.table.tableName == t3 " - + "&& partition.table.database.name == t4 && partition.table.database.catalogName == t5" + - " && partition.partitionName == t6 && columnName == t7"); - query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, " - + "java.lang.String t4, java.lang.String t5, java.lang.String t6, java.lang.String t7"); - List<MPartitionColumnPrivilege> mPrivs = - (List<MPartitionColumnPrivilege>) query.executeWithArray(principalName, - principalType.toString(), tableName, dbName, catName, partitionName, columnName); + List<MPartitionColumnPrivilege> mPrivs; + if (authorizer != null) { + query = pm.newQuery( + MPartitionColumnPrivilege.class, + "principalName == t1 && principalType == t2 && partition.table.tableName == t3 " + + "&& partition.table.database.name == t4 && partition.table.database.catalogName == t5" + + " && partition.partitionName == t6 && columnName == t7 && authorizer == t8"); + query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, " + + "java.lang.String t4, java.lang.String t5, java.lang.String t6, java.lang.String t7, " + + "java.lang.String t8"); + mPrivs = (List<MPartitionColumnPrivilege>) query.executeWithArray(principalName, + principalType.toString(), tableName, dbName, catName, partitionName, columnName, authorizer); + } else { + query = pm.newQuery( + MPartitionColumnPrivilege.class, + "principalName == t1 && principalType == t2 && partition.table.tableName == t3 " + + "&& partition.table.database.name == t4 && partition.table.database.catalogName == t5" + + " && partition.partitionName == t6 && columnName == t7"); + query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, " + + "java.lang.String t4, java.lang.String t5, java.lang.String t6, java.lang.String t7"); + mPrivs = (List<MPartitionColumnPrivilege>) query.executeWithArray(principalName, + principalType.toString(), tableName, dbName, catName, partitionName, columnName); + } pm.retrieveAll(mPrivs); success = commitTransaction(); @@ -6919,7 +7050,7 @@ public class ObjectStore implements RawStore, Configurable { sCol.getPrincipalName(), principalType, new PrivilegeGrantInfo(sCol.getPrivilege(), sCol .getCreateTime(), sCol.getGrantor(), PrincipalType - .valueOf(sCol.getGrantorType()), sCol.getGrantOption())); + .valueOf(sCol.getGrantorType()), sCol.getGrantOption()), sCol.getAuthorizer()); result.add(secObj); } return result; @@ -6990,6 +7121,7 @@ public class ObjectStore implements RawStore, Configurable { List<HiveObjectPrivilege> result = new ArrayList<>(); for (MPartitionColumnPrivilege priv : privs) { String pname = priv.getPrincipalName(); + String authorizer = priv.getAuthorizer(); PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType()); MPartition mpartition = priv.getPartition(); @@ -7002,7 +7134,7 @@ public class ObjectStore implements RawStore, Configurable { PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(), priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption()); - result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor)); + result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor, authorizer)); } return result; } @@ -7064,6 +7196,11 @@ public class ObjectStore implements RawStore, Configurable { @Override public List<HiveObjectPrivilege> listTableGrantsAll(String catName, String dbName, String tableName) { + return listTableGrantsAll(catName, dbName, tableName, null); + } + + private List<HiveObjectPrivilege> listTableGrantsAll(String catName, String dbName, String tableName, + String authorizer) { boolean success = false; Query query = null; dbName = normalizeIdentifier(dbName); @@ -7071,12 +7208,20 @@ public class ObjectStore implements RawStore, Configurable { try { openTransaction(); LOG.debug("Executing listTableGrantsAll"); - query = - pm.newQuery(MTablePrivilege.class, - "table.tableName == t1 && table.database.name == t2 && table.database.catalogName == t3"); - query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3"); - List<MTablePrivilege> mSecurityTabPartList = - (List<MTablePrivilege>) query.executeWithArray(tableName, dbName, catName); + List<MTablePrivilege> mSecurityTabPartList = null; + if (authorizer != null) { + query = pm.newQuery(MTablePrivilege.class, + "table.tableName == t1 && table.database.name == t2 && table.database.catalogName == t3" + + " && authorizer == t4"); + query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3, " + + "java.lang.String t4"); + mSecurityTabPartList = (List<MTablePrivilege>) query.executeWithArray(tableName, dbName, catName, authorizer); + } else { + query = pm.newQuery(MTablePrivilege.class, + "table.tableName == t1 && table.database.name == t2 && table.database.catalogName == t3"); + query.declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3"); + mSecurityTabPartList = (List<MTablePrivilege>) query.executeWithArray(tableName, dbName, catName); + } LOG.debug("Done executing query for listTableGrantsAll"); pm.retrieveAll(mSecurityTabPartList); List<HiveObjectPrivilege> result = convertTable(mSecurityTabPartList); @@ -7092,6 +7237,7 @@ public class ObjectStore implements RawStore, Configurable { List<HiveObjectPrivilege> result = new ArrayList<>(); for (MTablePrivilege priv : privs) { String pname = priv.getPrincipalName(); + String authorizer = priv.getAuthorizer(); PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType()); String table = priv.getTable().getTableName(); @@ -7103,7 +7249,7 @@ public class ObjectStore implements RawStore, Configurable { PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(), priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption()); - result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor)); + result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor, authorizer)); } return result; } @@ -7192,6 +7338,7 @@ public class ObjectStore implements RawStore, Configurable { List<HiveObjectPrivilege> result = new ArrayList<>(); for (MPartitionPrivilege priv : privs) { String pname = priv.getPrincipalName(); + String authorizer = priv.getAuthorizer(); PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType()); MPartition mpartition = priv.getPartition(); @@ -7204,7 +7351,7 @@ public class ObjectStore implements RawStore, Configurable { PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(), priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption()); - result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor)); + result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor, authorizer)); } return result; } @@ -7301,6 +7448,7 @@ public class ObjectStore implements RawStore, Configurable { List<HiveObjectPrivilege> result = new ArrayList<>(); for (MTableColumnPrivilege priv : privs) { String pname = priv.getPrincipalName(); + String authorizer = priv.getAuthorizer(); PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType()); MTable mtable = priv.getTable(); @@ -7312,7 +7460,7 @@ public class ObjectStore implements RawStore, Configurable { PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(), priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption()); - result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor)); + result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor, authorizer)); } return result; } http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/RawStore.java ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/RawStore.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/RawStore.java index ce7d286..283798c 100644 --- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/RawStore.java +++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/RawStore.java @@ -754,7 +754,7 @@ public interface RawStore extends Configurable { boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) throws InvalidObjectException, MetaException, NoSuchObjectException; - boolean refreshPrivileges(HiveObjectRef objToRefresh, PrivilegeBag grantPrivileges) + boolean refreshPrivileges(HiveObjectRef objToRefresh, String authorizer, PrivilegeBag grantPrivileges) throws InvalidObjectException, MetaException, NoSuchObjectException; org.apache.hadoop.hive.metastore.api.Role getRole( http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/cache/CachedStore.java ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/cache/CachedStore.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/cache/CachedStore.java index b223920..9da8d72 100644 --- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/cache/CachedStore.java +++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/cache/CachedStore.java @@ -1452,9 +1452,9 @@ public class CachedStore implements RawStore, Configurable { } @Override - public boolean refreshPrivileges(HiveObjectRef objToRefresh, PrivilegeBag grantPrivileges) + public boolean refreshPrivileges(HiveObjectRef objToRefresh, String authorizer, PrivilegeBag grantPrivileges) throws InvalidObjectException, MetaException, NoSuchObjectException { - return rawStore.refreshPrivileges(objToRefresh, grantPrivileges); + return rawStore.refreshPrivileges(objToRefresh, authorizer, grantPrivileges); } @Override http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/client/builder/HiveObjectPrivilegeBuilder.java ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/client/builder/HiveObjectPrivilegeBuilder.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/client/builder/HiveObjectPrivilegeBuilder.java index d802e1a..ed32f1c 100644 --- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/client/builder/HiveObjectPrivilegeBuilder.java +++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/client/builder/HiveObjectPrivilegeBuilder.java @@ -31,6 +31,7 @@ public class HiveObjectPrivilegeBuilder { private String principleName; private PrincipalType principalType; private PrivilegeGrantInfo grantInfo; + private String authorizer; public HiveObjectPrivilegeBuilder setHiveObjectRef(HiveObjectRef hiveObjectRef) { this.hiveObjectRef = hiveObjectRef; @@ -52,12 +53,17 @@ public class HiveObjectPrivilegeBuilder { return this; } + public HiveObjectPrivilegeBuilder setAuthorizer(String authorizer) { + this.authorizer = authorizer; + return this; + } + public HiveObjectPrivilege build() throws MetaException { if (hiveObjectRef == null || principleName == null || principalType == null || grantInfo == null) { throw new MetaException("hive object reference, principle name and type, and grant info " + "must all be provided"); } - return new HiveObjectPrivilege(hiveObjectRef, principleName, principalType, grantInfo); + return new HiveObjectPrivilege(hiveObjectRef, principleName, principalType, grantInfo, authorizer); } } http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MDBPrivilege.java ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MDBPrivilege.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MDBPrivilege.java index 3d8fa21..5f51692 100644 --- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MDBPrivilege.java +++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MDBPrivilege.java @@ -36,12 +36,14 @@ public class MDBPrivilege { private boolean grantOption; + private String authorizer; + public MDBPrivilege() { } public MDBPrivilege(String principalName, String principalType, MDatabase database, String dbPrivileges, int createTime, String grantor, - String grantorType, boolean grantOption) { + String grantorType, boolean grantOption, String authorizer) { super(); this.principalName = principalName; this.principalType = principalType; @@ -51,6 +53,7 @@ public class MDBPrivilege { this.grantorType = grantorType; this.grantOption = grantOption; this.grantor = grantor; + this.authorizer = authorizer; } /** @@ -129,4 +132,11 @@ public class MDBPrivilege { this.principalType = principalType; } + public String getAuthorizer() { + return authorizer; + } + + public void setAuthorizer(String authorizer) { + this.authorizer = authorizer; + } } http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MGlobalPrivilege.java ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MGlobalPrivilege.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MGlobalPrivilege.java index 5b496e0..a6ce541 100644 --- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MGlobalPrivilege.java +++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MGlobalPrivilege.java @@ -38,13 +38,15 @@ public class MGlobalPrivilege { private boolean grantOption; + private String authorizer; + public MGlobalPrivilege() { super(); } public MGlobalPrivilege(String userName, String principalType, String dbPrivilege, int createTime, String grantor, String grantorType, - boolean grantOption) { + boolean grantOption, String authorizer) { super(); this.principalName = userName; this.principalType = principalType; @@ -53,6 +55,7 @@ public class MGlobalPrivilege { this.grantor = grantor; this.grantorType = grantorType; this.grantOption = grantOption; + this.authorizer = authorizer; } /** @@ -117,4 +120,11 @@ public class MGlobalPrivilege { this.grantorType = grantorType; } + public String getAuthorizer() { + return authorizer; + } + + public void setAuthorizer(String authorizer) { + this.authorizer = authorizer; + } } http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionColumnPrivilege.java ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionColumnPrivilege.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionColumnPrivilege.java index ab50a92..cc87f75 100644 --- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionColumnPrivilege.java +++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionColumnPrivilege.java @@ -39,6 +39,8 @@ public class MPartitionColumnPrivilege { private boolean grantOption; + private String authorizer; + public MPartitionColumnPrivilege() { } @@ -52,10 +54,11 @@ public class MPartitionColumnPrivilege { * @param grantor * @param grantorType * @param grantOption + * @param authorizer */ public MPartitionColumnPrivilege(String principalName, String principalType, MPartition partition, String columnName, String privileges, int createTime, - String grantor, String grantorType, boolean grantOption) { + String grantor, String grantorType, boolean grantOption, String authorizer) { super(); this.principalName = principalName; this.principalType = principalType; @@ -66,6 +69,7 @@ public class MPartitionColumnPrivilege { this.grantor = grantor; this.grantorType = grantorType; this.grantOption = grantOption; + this.authorizer = authorizer; } /** @@ -157,5 +161,11 @@ public class MPartitionColumnPrivilege { public void setPrincipalType(String principalType) { this.principalType = principalType; } + public String getAuthorizer() { + return authorizer; + } + public void setAuthorizer(String authorizer) { + this.authorizer = authorizer; + } } http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionPrivilege.java ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionPrivilege.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionPrivilege.java index 3193bc1..b2ec5e1 100644 --- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionPrivilege.java +++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MPartitionPrivilege.java @@ -36,12 +36,14 @@ public class MPartitionPrivilege { private boolean grantOption; + private String authorizer; + public MPartitionPrivilege() { } public MPartitionPrivilege(String principalName, String principalType, MPartition partition, String privilege, int createTime, - String grantor, String grantorType, boolean grantOption) { + String grantor, String grantorType, boolean grantOption, String authorizer) { super(); this.principalName = principalName; this.principalType = principalType; @@ -51,6 +53,7 @@ public class MPartitionPrivilege { this.grantor = grantor; this.grantorType = grantorType; this.grantOption = grantOption; + this.authorizer = authorizer; } public String getPrincipalName() { @@ -136,4 +139,11 @@ public class MPartitionPrivilege { this.grantorType = grantorType; } + public String getAuthorizer() { + return authorizer; + } + + public void setAuthorizer(String authorizer) { + this.authorizer = authorizer; + } } http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTableColumnPrivilege.java ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTableColumnPrivilege.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTableColumnPrivilege.java index ad7322f..e2cc0f1 100644 --- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTableColumnPrivilege.java +++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTableColumnPrivilege.java @@ -38,6 +38,8 @@ public class MTableColumnPrivilege { private boolean grantOption; + private String authorizer; + public MTableColumnPrivilege() { } @@ -54,7 +56,7 @@ public class MTableColumnPrivilege { */ public MTableColumnPrivilege(String principalName, String principalType, MTable table, String columnName, String privileges, int createTime, - String grantor, String grantorType, boolean grantOption) { + String grantor, String grantorType, boolean grantOption, String authorizer) { super(); this.principalName = principalName; this.principalType = principalType; @@ -65,6 +67,7 @@ public class MTableColumnPrivilege { this.grantor = grantor; this.grantorType = grantorType; this.grantOption = grantOption; + this.authorizer = authorizer; } /** @@ -157,4 +160,11 @@ public class MTableColumnPrivilege { this.principalType = principalType; } + public String getAuthorizer() { + return authorizer; + } + + public void setAuthorizer(String authorizer) { + this.authorizer = authorizer; + } } http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTablePrivilege.java ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTablePrivilege.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTablePrivilege.java index 6460400..f45576c 100644 --- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTablePrivilege.java +++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/model/MTablePrivilege.java @@ -36,12 +36,14 @@ public class MTablePrivilege { private boolean grantOption; + private String authorizer; + public MTablePrivilege() { } public MTablePrivilege(String principalName, String principalType, MTable table, String privilege, int createTime, - String grantor, String grantorType, boolean grantOption) { + String grantor, String grantorType, boolean grantOption, String authorizer) { super(); this.principalName = principalName; this.principalType = principalType; @@ -51,6 +53,7 @@ public class MTablePrivilege { this.grantor = grantor; this.grantorType = grantorType; this.grantOption = grantOption; + this.authorizer = authorizer; } public String getPrincipalName() { @@ -136,4 +139,11 @@ public class MTablePrivilege { this.grantorType = grantorType; } + public String getAuthorizer() { + return authorizer; + } + + public void setAuthorizer(String authorizer) { + this.authorizer = authorizer; + } } http://git-wip-us.apache.org/repos/asf/hive/blob/80eafb4f/standalone-metastore/src/main/resources/package.jdo ---------------------------------------------------------------------- diff --git a/standalone-metastore/src/main/resources/package.jdo b/standalone-metastore/src/main/resources/package.jdo index 2d2cb19..1be3e98 100644 --- a/standalone-metastore/src/main/resources/package.jdo +++ b/standalone-metastore/src/main/resources/package.jdo @@ -598,6 +598,7 @@ <class name="MGlobalPrivilege" table="GLOBAL_PRIVS" identity-type="datastore" detachable="true"> <index name="GlobalPrivilegeIndex" unique="true"> + <column name="AUTHORIZER"/> <column name="PRINCIPAL_NAME"/> <column name="PRINCIPAL_TYPE"/> <column name="USER_PRIV"/> @@ -630,11 +631,15 @@ <field name="grantOption"> <column name="GRANT_OPTION" jdbc-type="SMALLINT"/> </field> + <field name="authorizer"> + <column name="AUTHORIZER" length="128" jdbc-type="VARCHAR"/> + </field> </class> <class name="MDBPrivilege" table="DB_PRIVS" identity-type="datastore" detachable="true"> <index name="DBPrivilegeIndex" unique="true"> + <column name="AUTHORIZER"/> <column name="DB_ID"/> <column name="PRINCIPAL_NAME"/> <column name="PRINCIPAL_TYPE"/> @@ -671,11 +676,15 @@ <field name="grantOption"> <column name="GRANT_OPTION" jdbc-type="SMALLINT"/> </field> + <field name="authorizer"> + <column name="AUTHORIZER" length="128" jdbc-type="VARCHAR"/> + </field> </class> <class name="MTablePrivilege" table="TBL_PRIVS" identity-type="datastore" detachable="true"> <index name="TablePrivilegeIndex" unique="false"> + <column name="AUTHORIZER"/> <column name="TBL_ID"/> <column name="PRINCIPAL_NAME"/> <column name="PRINCIPAL_TYPE"/> @@ -712,11 +721,15 @@ <field name="grantOption"> <column name="GRANT_OPTION" jdbc-type="SMALLINT"/> </field> + <field name="authorizer"> + <column name="AUTHORIZER" length="128" jdbc-type="VARCHAR"/> + </field> </class> <class name="MPartitionPrivilege" table="PART_PRIVS" identity-type="datastore" detachable="true"> <index name="PartPrivilegeIndex" unique="false"> + <column name="AUTHORIZER"/> <column name="PART_ID"/> <column name="PRINCIPAL_NAME"/> <column name="PRINCIPAL_TYPE"/> @@ -753,11 +766,15 @@ <field name="grantOption"> <column name="GRANT_OPTION" jdbc-type="SMALLINT"/> </field> + <field name="authorizer"> + <column name="AUTHORIZER" length="128" jdbc-type="VARCHAR"/> + </field> </class> <class name="MTableColumnPrivilege" table="TBL_COL_PRIVS" identity-type="datastore" detachable="true"> <index name="TableColumnPrivilegeIndex" unique="false"> + <column name="AUTHORIZER"/> <column name="TBL_ID"/> <column name="COLUMN_NAME"/> <column name="PRINCIPAL_NAME"/> @@ -798,11 +815,15 @@ <field name="grantOption"> <column name="GRANT_OPTION" jdbc-type="SMALLINT"/> </field> + <field name="authorizer"> + <column name="AUTHORIZER" length="128" jdbc-type="VARCHAR"/> + </field> </class> <class name="MPartitionColumnPrivilege" table="PART_COL_PRIVS" identity-type="datastore" detachable="true"> <index name="PartitionColumnPrivilegeIndex" unique="false"> + <column name="AUTHORIZER"/> <column name="PART_ID"/> <column name="COLUMN_NAME"/> <column name="PRINCIPAL_NAME"/> @@ -843,6 +864,9 @@ <field name="grantOption"> <column name="GRANT_OPTION" jdbc-type="SMALLINT"/> </field> + <field name="authorizer"> + <column name="AUTHORIZER" length="128" jdbc-type="VARCHAR"/> + </field> </class> <class name="MPartitionEvent" table="PARTITION_EVENTS" identity-type="datastore" detachable="true">