http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/analysis/UpdateStmt.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/analysis/UpdateStmt.java b/fe/src/main/java/com/cloudera/impala/analysis/UpdateStmt.java deleted file mode 100644 index 34e907b..0000000 --- a/fe/src/main/java/com/cloudera/impala/analysis/UpdateStmt.java +++ /dev/null @@ -1,117 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.analysis; - -import java.util.List; - -import com.cloudera.impala.common.Pair; -import com.cloudera.impala.planner.DataSink; -import com.cloudera.impala.planner.KuduTableSink; -import com.cloudera.impala.planner.TableSink; -import com.google.common.base.Preconditions; -import com.google.common.collect.ImmutableList; -import com.google.common.collect.Lists; - -import static java.lang.String.format; - -/** - * Representation of an Update statement. - * - * Example UPDATE statement: - * - * UPDATE target_table - * SET slotRef=expr, [slotRef=expr, ...] - * FROM table_ref_list - * WHERE conjunct_list - * - * An update statement consists of four major parts. First, the target table path, - * second, the list of assignments, the optional FROM clause, and the optional where - * clause. The type of the right-hand side of each assignments must be - * assignment compatible with the left-hand side column type. - * - * Currently, only Kudu tables can be updated. - */ -public class UpdateStmt extends ModifyStmt { - public UpdateStmt(List<String> targetTablePath, FromClause tableRefs, - List<Pair<SlotRef, Expr>> assignmentExprs, Expr wherePredicate, - boolean ignoreNotFound) { - super(targetTablePath, tableRefs, assignmentExprs, wherePredicate, ignoreNotFound); - } - - public UpdateStmt(UpdateStmt other) { - super(other.targetTablePath_, other.fromClause_.clone(), - Lists.<Pair<SlotRef, Expr>>newArrayList(), other.wherePredicate_, - other.ignoreNotFound_); - } - - /** - * Return an instance of a KuduTableSink specialized as an Update operation. - */ - public DataSink createDataSink() { - // analyze() must have been called before. - Preconditions.checkState(table_ != null); - DataSink dataSink = TableSink.create(table_, TableSink.Op.UPDATE, - ImmutableList.<Expr>of(), referencedColumns_, false, ignoreNotFound_); - Preconditions.checkState(!referencedColumns_.isEmpty()); - return dataSink; - } - - @Override - public UpdateStmt clone() { - return new UpdateStmt(this); - } - - @Override - public String toSql() { - StringBuilder b = new StringBuilder(); - b.append("UPDATE "); - - if (ignoreNotFound_) b.append("IGNORE "); - - if (fromClause_ == null) { - b.append(targetTableRef_.toSql()); - } else { - if (targetTableRef_.hasExplicitAlias()) { - b.append(targetTableRef_.getExplicitAlias()); - } else { - b.append(targetTableRef_.toSql()); - } - } - b.append(" SET"); - - boolean first = true; - for (Pair<SlotRef, Expr> i : assignments_) { - if (!first) { - b.append(","); - } else { - first = false; - } - b.append(format(" %s = %s", - i.first.toSql(), - i.second.toSql())); - } - - b.append(fromClause_.toSql()); - - if (wherePredicate_ != null) { - b.append(" WHERE "); - b.append(wherePredicate_.toSql()); - } - return b.toString(); - } -}
http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/analysis/UseStmt.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/analysis/UseStmt.java b/fe/src/main/java/com/cloudera/impala/analysis/UseStmt.java deleted file mode 100644 index c62c454..0000000 --- a/fe/src/main/java/com/cloudera/impala/analysis/UseStmt.java +++ /dev/null @@ -1,55 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.analysis; - -import com.cloudera.impala.authorization.Privilege; -import com.cloudera.impala.catalog.Catalog; -import com.cloudera.impala.common.AnalysisException; -import com.cloudera.impala.thrift.TUseDbParams; - -/** - * Representation of a USE db statement. - */ -public class UseStmt extends StatementBase { - private final String database_; - - public UseStmt(String db) { - database_ = db; - } - - public String getDatabase() { return database_; } - - @Override - public String toSql() { - return "USE " + database_; - } - - @Override - public void analyze(Analyzer analyzer) throws AnalysisException { - if (!database_.equalsIgnoreCase(Catalog.DEFAULT_DB)) { - // USE <default> should always be allowed. - analyzer.getDb(database_, Privilege.ANY, true); - } - } - - public TUseDbParams toThrift() { - TUseDbParams params = new TUseDbParams(); - params.setDb(getDatabase()); - return params; - } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/analysis/ValuesStmt.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/analysis/ValuesStmt.java b/fe/src/main/java/com/cloudera/impala/analysis/ValuesStmt.java deleted file mode 100644 index ed3339d..0000000 --- a/fe/src/main/java/com/cloudera/impala/analysis/ValuesStmt.java +++ /dev/null @@ -1,82 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.analysis; - -import java.util.ArrayList; -import java.util.List; - -import com.google.common.base.Preconditions; - -/** - * Representation of a values() statement with a list of constant-expression lists. - * ValuesStmt is a special case of a UnionStmt with the following restrictions: - * - Operands are only constant selects - * - Operands are connected by UNION ALL - * - No nesting of ValuesStmts - */ -public class ValuesStmt extends UnionStmt { - - public ValuesStmt(List<UnionOperand> operands, - ArrayList<OrderByElement> orderByElements, LimitElement limitElement) { - super(operands, orderByElements, limitElement); - } - - /** - * C'tor for cloning. - */ - private ValuesStmt(ValuesStmt other) { super(other); } - - @Override - protected String queryStmtToSql(QueryStmt queryStmt) { - StringBuilder strBuilder = new StringBuilder(); - strBuilder.append("("); - appendSelectList((SelectStmt) queryStmt, strBuilder); - strBuilder.append(")"); - return strBuilder.toString(); - } - - @Override - public String toSql() { - StringBuilder strBuilder = new StringBuilder(); - if (withClause_ != null) { - strBuilder.append(withClause_.toSql()); - strBuilder.append(" "); - } - Preconditions.checkState(operands_.size() > 0); - strBuilder.append("VALUES("); - for (int i = 0; i < operands_.size(); ++i) { - if (operands_.size() != 1) strBuilder.append("("); - appendSelectList((SelectStmt) operands_.get(i).getQueryStmt(), strBuilder); - if (operands_.size() != 1) strBuilder.append(")"); - strBuilder.append((i+1 != operands_.size()) ? ", " : ""); - } - strBuilder.append(")"); - return strBuilder.toString(); - } - - private void appendSelectList(SelectStmt select, StringBuilder strBuilder) { - SelectList selectList = select.getSelectList(); - for (int j = 0; j < selectList.getItems().size(); ++j) { - strBuilder.append(selectList.getItems().get(j).toSql()); - strBuilder.append((j+1 != selectList.getItems().size()) ? ", " : ""); - } - } - - @Override - public ValuesStmt clone() { return new ValuesStmt(this); } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/analysis/WithClause.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/analysis/WithClause.java b/fe/src/main/java/com/cloudera/impala/analysis/WithClause.java deleted file mode 100644 index 70e1f29..0000000 --- a/fe/src/main/java/com/cloudera/impala/analysis/WithClause.java +++ /dev/null @@ -1,140 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.analysis; - -import java.util.ArrayList; -import java.util.List; - -import com.cloudera.impala.authorization.PrivilegeRequest; -import com.cloudera.impala.catalog.View; -import com.cloudera.impala.common.AnalysisException; -import com.google.common.base.Joiner; -import com.google.common.base.Preconditions; -import com.google.common.collect.Lists; - -/** - * Representation of the WITH clause that may appear before a query statement or insert - * statement. A WITH clause contains a list of named view definitions that may be - * referenced in the query statement that follows it. - * - * Scoping rules: - * A WITH-clause view is visible inside the query statement that it belongs to. - * This includes inline views and nested WITH clauses inside the query statement. - * - * Each WITH clause establishes a new analysis scope. A WITH-clause view definition - * may refer to views from the same WITH-clause appearing to its left, and to all - * WITH-clause views from outer scopes. - * - * References to WITH-clause views are resolved inside out, i.e., a match is found by - * first looking in the current scope and then in the enclosing scope(s). - * - * Views defined within the same WITH-clause may not use the same alias. - */ -public class WithClause implements ParseNode { - ///////////////////////////////////////// - // BEGIN: Members that need to be reset() - - private final ArrayList<View> views_; - - // END: Members that need to be reset() - ///////////////////////////////////////// - - public WithClause(ArrayList<View> views) { - Preconditions.checkNotNull(views); - Preconditions.checkState(!views.isEmpty()); - views_ = views; - } - - /** - * Analyzes all views and registers them with the analyzer. Enforces scoping rules. - * All local views registered with the analyzer are have QueryStmts with resolved - * TableRefs to simplify the analysis of view references. - */ - @Override - public void analyze(Analyzer analyzer) throws AnalysisException { - // Create a new analyzer for the WITH clause with a new global state (IMPALA-1357) - // but a child of 'analyzer' so that the global state for 'analyzer' is not polluted - // during analysis of the WITH clause. withClauseAnalyzer is a child of 'analyzer' so - // that local views registered in parent blocks are visible here. - Analyzer withClauseAnalyzer = Analyzer.createWithNewGlobalState(analyzer); - withClauseAnalyzer.setIsWithClause(); - if (analyzer.isExplain()) withClauseAnalyzer.setIsExplain(); - try { - for (View view: views_) { - Analyzer viewAnalyzer = new Analyzer(withClauseAnalyzer); - view.getQueryStmt().analyze(viewAnalyzer); - // Register this view so that the next view can reference it. - withClauseAnalyzer.registerLocalView(view); - } - // Register all local views with the analyzer. - for (View localView: withClauseAnalyzer.getLocalViews().values()) { - analyzer.registerLocalView(localView); - } - // Record audit events because the resolved table references won't generate any - // when a view is referenced. - analyzer.getAccessEvents().addAll(withClauseAnalyzer.getAccessEvents()); - - // Register all privilege requests made from the root analyzer. - for (PrivilegeRequest req: withClauseAnalyzer.getPrivilegeReqs()) { - analyzer.registerPrivReq(req); - } - } finally { - // Record missing tables in the original analyzer. - if (analyzer.isRootAnalyzer()) { - analyzer.getMissingTbls().addAll(withClauseAnalyzer.getMissingTbls()); - } - } - } - - /** - * C'tor for cloning. - */ - private WithClause(WithClause other) { - Preconditions.checkNotNull(other); - views_ = Lists.newArrayList(); - for (View view: other.views_) { - views_.add(new View(view.getName(), view.getQueryStmt().clone(), - view.getOriginalColLabels())); - } - } - - public void reset() { - for (View view: views_) view.getQueryStmt().reset(); - } - - @Override - public WithClause clone() { return new WithClause(this); } - - @Override - public String toSql() { - List<String> viewStrings = Lists.newArrayList(); - for (View view: views_) { - // Enclose the view alias and explicit labels in quotes if Hive cannot parse it - // without quotes. This is needed for view compatibility between Impala and Hive. - String aliasSql = ToSqlUtils.getIdentSql(view.getName()); - if (view.hasColLabels()) { - aliasSql += "(" + Joiner.on(", ").join( - ToSqlUtils.getIdentSqlList(view.getOriginalColLabels())) + ")"; - } - viewStrings.add(aliasSql + " AS (" + view.getQueryStmt().toSql() + ")"); - } - return "WITH " + Joiner.on(",").join(viewStrings); - } - - public List<View> getViews() { return views_; } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/authorization/AuthorizationChecker.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizationChecker.java b/fe/src/main/java/com/cloudera/impala/authorization/AuthorizationChecker.java deleted file mode 100644 index 32f60df..0000000 --- a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizationChecker.java +++ /dev/null @@ -1,190 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.authorization; - -import java.util.EnumSet; -import java.util.List; -import java.util.Set; - -import org.apache.commons.lang.reflect.ConstructorUtils; -import org.apache.sentry.core.common.ActiveRoleSet; -import org.apache.sentry.core.common.Subject; -import org.apache.sentry.core.model.db.DBModelAction; -import org.apache.sentry.core.model.db.DBModelAuthorizable; -import org.apache.sentry.policy.db.SimpleDBPolicyEngine; -import org.apache.sentry.provider.cache.SimpleCacheProviderBackend; -import org.apache.sentry.provider.common.ProviderBackend; -import org.apache.sentry.provider.common.ProviderBackendContext; -import org.apache.sentry.provider.common.ResourceAuthorizationProvider; -import org.apache.sentry.provider.file.SimpleFileProviderBackend; - -import com.cloudera.impala.catalog.AuthorizationException; -import com.cloudera.impala.catalog.AuthorizationPolicy; -import com.cloudera.impala.common.InternalException; -import com.google.common.base.Preconditions; -import com.google.common.collect.Lists; - -/* - * Class used to check whether a user has access to a given resource. - */ -public class AuthorizationChecker { - private final ResourceAuthorizationProvider provider_; - private final AuthorizationConfig config_; - private final AuthorizeableServer server_; - - /* - * Creates a new AuthorizationChecker based on the config values. - */ - public AuthorizationChecker(AuthorizationConfig config, AuthorizationPolicy policy) { - Preconditions.checkNotNull(config); - config_ = config; - if (config.isEnabled()) { - server_ = new AuthorizeableServer(config.getServerName()); - provider_ = createProvider(config, policy); - Preconditions.checkNotNull(provider_); - } else { - provider_ = null; - server_ = null; - } - } - - /* - * Creates a new ResourceAuthorizationProvider based on the given configuration. - */ - private static ResourceAuthorizationProvider createProvider(AuthorizationConfig config, - AuthorizationPolicy policy) { - try { - ProviderBackend providerBe; - // Create the appropriate backend provider. - if (config.isFileBasedPolicy()) { - providerBe = new SimpleFileProviderBackend(config.getSentryConfig().getConfig(), - config.getPolicyFile()); - } else { - // Note: The second parameter to the ProviderBackend is a "resourceFile" path - // which is not used by Impala. We cannot pass 'null' so instead pass an empty - // string. - providerBe = new SimpleCacheProviderBackend(config.getSentryConfig().getConfig(), - ""); - Preconditions.checkNotNull(policy); - ProviderBackendContext context = new ProviderBackendContext(); - context.setBindingHandle(policy); - providerBe.initialize(context); - } - - SimpleDBPolicyEngine engine = - new SimpleDBPolicyEngine(config.getServerName(), providerBe); - - // Try to create an instance of the specified policy provider class. - // Re-throw any exceptions that are encountered. - String policyFile = config.getPolicyFile() == null ? "" : config.getPolicyFile(); - return (ResourceAuthorizationProvider) ConstructorUtils.invokeConstructor( - Class.forName(config.getPolicyProviderClassName()), - new Object[] {policyFile, engine}); - } catch (Exception e) { - // Re-throw as unchecked exception. - throw new IllegalStateException( - "Error creating ResourceAuthorizationProvider: ", e); - } - } - - /* - * Returns the configuration used to create this AuthorizationProvider. - */ - public AuthorizationConfig getConfig() { return config_; } - - /** - * Returns the set of groups this user belongs to. Uses the GroupMappingService - * that is in the AuthorizationProvider to properly resolve Hadoop groups or - * local group mappings. - */ - public Set<String> getUserGroups(User user) throws InternalException { - return provider_.getGroupMapping().getGroups(user.getShortName()); - } - - /** - * Authorizes the PrivilegeRequest, throwing an Authorization exception if - * the user does not have sufficient privileges. - */ - public void checkAccess(User user, PrivilegeRequest privilegeRequest) - throws AuthorizationException, InternalException { - Preconditions.checkNotNull(privilegeRequest); - - if (!hasAccess(user, privilegeRequest)) { - if (privilegeRequest.getAuthorizeable() instanceof AuthorizeableFn) { - throw new AuthorizationException(String.format( - "User '%s' does not have privileges to CREATE/DROP functions.", - user.getName())); - } - - Privilege privilege = privilegeRequest.getPrivilege(); - if (EnumSet.of(Privilege.ANY, Privilege.ALL, Privilege.VIEW_METADATA) - .contains(privilege)) { - throw new AuthorizationException(String.format( - "User '%s' does not have privileges to access: %s", - user.getName(), privilegeRequest.getName())); - } else { - throw new AuthorizationException(String.format( - "User '%s' does not have privileges to execute '%s' on: %s", - user.getName(), privilege, privilegeRequest.getName())); - } - } - } - - /* - * Returns true if the given user has permission to execute the given - * request, false otherwise. Always returns true if authorization is disabled. - */ - public boolean hasAccess(User user, PrivilegeRequest request) - throws InternalException { - Preconditions.checkNotNull(user); - Preconditions.checkNotNull(request); - - // If authorization is not enabled the user will always have access. If this is - // an internal request, the user will always have permission. - if (!config_.isEnabled() || user instanceof ImpalaInternalAdminUser) { - return true; - } - - EnumSet<DBModelAction> actions = request.getPrivilege().getHiveActions(); - - List<DBModelAuthorizable> authorizeables = Lists.newArrayList( - server_.getHiveAuthorizeableHierarchy()); - // If request.getAuthorizeable() is null, the request is for server-level permission. - if (request.getAuthorizeable() != null) { - authorizeables.addAll(request.getAuthorizeable().getHiveAuthorizeableHierarchy()); - } - - // The Hive Access API does not currently provide a way to check if the user - // has any privileges on a given resource. - if (request.getPrivilege().getAnyOf()) { - for (DBModelAction action: actions) { - if (provider_.hasAccess(new Subject(user.getShortName()), authorizeables, - EnumSet.of(action), ActiveRoleSet.ALL)) { - return true; - } - } - return false; - } else if (request.getPrivilege() == Privilege.CREATE && authorizeables.size() > 1) { - // CREATE on an object requires CREATE on the parent, - // so don't check access on the object we're creating. - authorizeables.remove(authorizeables.size() - 1); - } - return provider_.hasAccess(new Subject(user.getShortName()), authorizeables, actions, - ActiveRoleSet.ALL); - } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/authorization/AuthorizationConfig.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizationConfig.java b/fe/src/main/java/com/cloudera/impala/authorization/AuthorizationConfig.java deleted file mode 100644 index 34dbada..0000000 --- a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizationConfig.java +++ /dev/null @@ -1,148 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.authorization; - - -import org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider; -import org.apache.sentry.provider.common.ResourceAuthorizationProvider; - -import com.google.common.base.Preconditions; -import com.google.common.base.Strings; - -/* - * Class that contains configuration details for Impala authorization. - */ -public class AuthorizationConfig { - private final String serverName_; - // Set only if the policy provider is file-based. - private final String policyFile_; - private final SentryConfig sentryConfig_; - private final String policyProviderClassName_; - - /** - * Creates a new authorization configuration object. - * @param serverName - The name of this Impala server. - * @param policyFile - The path to the authorization policy file or null if - * the policy engine is not file based. - * @param sentryConfigFile - Absolute path and file name of the sentry service. - * @param policyProviderClassName - Class name of the policy provider to use. - */ - public AuthorizationConfig(String serverName, String policyFile, - String sentryConfigFile, String policyProviderClassName) { - serverName_ = serverName; - policyFile_ = policyFile; - sentryConfig_ = new SentryConfig(sentryConfigFile); - if (!Strings.isNullOrEmpty(policyProviderClassName)) { - policyProviderClassName = policyProviderClassName.trim(); - } - policyProviderClassName_ = policyProviderClassName; - } - - /** - * Returns an AuthorizationConfig object that has authorization disabled. - */ - public static AuthorizationConfig createAuthDisabledConfig() { - return new AuthorizationConfig(null, null, null, null); - } - - /** - * Returns an AuthorizationConfig object configured to use Hadoop user->group mappings - * for the authorization provider. - */ - public static AuthorizationConfig createHadoopGroupAuthConfig(String serverName, - String policyFile, String sentryConfigFile) { - return new AuthorizationConfig(serverName, policyFile, sentryConfigFile, - HadoopGroupResourceAuthorizationProvider.class.getName()); - } - - /* - * Validates the authorization configuration and throws an AuthorizationException - * if any problems are found. If authorization is disabled, config checks are skipped. - */ - public void validateConfig() throws IllegalArgumentException { - // If authorization is not enabled, config checks are skipped. - if (!isEnabled()) return; - - // Only load the sentry configuration if a sentry-site.xml configuration file was - // specified. It is optional for impalad. - if (!Strings.isNullOrEmpty(sentryConfig_.getConfigFile())) { - sentryConfig_.loadConfig(); - } - - if (Strings.isNullOrEmpty(serverName_)) { - throw new IllegalArgumentException( - "Authorization is enabled but the server name is null or empty. Set the " + - "server name using the impalad --server_name flag."); - } - if (Strings.isNullOrEmpty(policyProviderClassName_)) { - throw new IllegalArgumentException("Authorization is enabled but the " + - "authorization policy provider class name is null or empty. Set the class " + - "name using the --authorization_policy_provider_class impalad flag."); - } - - Class<?> providerClass = null; - try { - // Get the Class object without performing any initialization. - providerClass = Class.forName(policyProviderClassName_, false, - this.getClass().getClassLoader()); - } catch (ClassNotFoundException e) { - throw new IllegalArgumentException(String.format("The authorization policy " + - "provider class '%s' was not found.", policyProviderClassName_), e); - } - Preconditions.checkNotNull(providerClass); - if (!ResourceAuthorizationProvider.class.isAssignableFrom(providerClass)) { - throw new IllegalArgumentException(String.format("The authorization policy " + - "provider class '%s' must be a subclass of '%s'.", - policyProviderClassName_, - ResourceAuthorizationProvider.class.getName())); - } - } - - /** - * Returns true if authorization is enabled. - * If either serverName, policyFile, or sentryServiceConfig_ file is set (not null - * or empty), authorization is considered enabled. - */ - public boolean isEnabled() { - return !Strings.isNullOrEmpty(serverName_) || !Strings.isNullOrEmpty(policyFile_) || - !Strings.isNullOrEmpty(sentryConfig_.getConfigFile()); - } - - /** - * Returns true if using an authorization policy from a file in HDFS. If false, - * uses an authorization policy based on cached metadata sent from the catalog server - * via the statestore. - */ - public boolean isFileBasedPolicy() { return !Strings.isNullOrEmpty(policyFile_); } - - /** - * The server name to secure. - */ - public String getServerName() { return serverName_; } - - /** - * The policy file path. - */ - public String getPolicyFile() { return policyFile_; } - - /** - * The Sentry configuration. - */ - public SentryConfig getSentryConfig() { return sentryConfig_; } - public String getPolicyProviderClassName() { return policyProviderClassName_; } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/authorization/Authorizeable.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/authorization/Authorizeable.java b/fe/src/main/java/com/cloudera/impala/authorization/Authorizeable.java deleted file mode 100644 index 5782ed5..0000000 --- a/fe/src/main/java/com/cloudera/impala/authorization/Authorizeable.java +++ /dev/null @@ -1,56 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.authorization; - -import java.util.List; - -import org.apache.sentry.core.model.db.DBModelAuthorizable; - -/* - * Abstract class representing an authorizeable object (Table, Db, Column, etc). - */ -public abstract class Authorizeable { - /* - * Returns the list of the Hive "authorizeable" objects in their hierarchical order. - * For example: - * [Column] would return Db -> Table -> Column - * [Table] would return Db -> Table - * [Db] would return [Db] - * [URI] would return [URI] - */ - public abstract List<DBModelAuthorizable> getHiveAuthorizeableHierarchy(); - - // Returns the name of the object. - public abstract String getName(); - - // Returns the full table name if applicable, null otherwise. - public String getFullTableName() { return null; } - - // Returns the database name if applicable, null otherwise. - public String getDbName() { return null; } - - @Override - public int hashCode() { return getName().hashCode(); } - - @Override - public boolean equals(Object o) { - if (o == null) return false; - if (o.getClass() != this.getClass()) return false; - return ((Authorizeable) o).getName().equals(this.getName()); - } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableColumn.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableColumn.java b/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableColumn.java deleted file mode 100644 index d5c9cd0..0000000 --- a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableColumn.java +++ /dev/null @@ -1,66 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.authorization; - -import java.util.List; - -import org.apache.sentry.core.model.db.DBModelAuthorizable; - -import com.google.common.base.Preconditions; -import com.google.common.base.Strings; -import com.google.common.collect.Lists; - -/** - * Class used to authorize access to a column. - */ -public class AuthorizeableColumn extends Authorizeable { - private final org.apache.sentry.core.model.db.Column column_; - private final org.apache.sentry.core.model.db.Table table_; - private final org.apache.sentry.core.model.db.Database database_; - public final static String ANY_COLUMN_NAME = - org.apache.sentry.core.model.db.AccessConstants.ALL; - - public AuthorizeableColumn(String dbName, String tableName, String columnName) { - Preconditions.checkState(!Strings.isNullOrEmpty(dbName)); - Preconditions.checkState(!Strings.isNullOrEmpty(tableName)); - Preconditions.checkState(!Strings.isNullOrEmpty(columnName)); - column_ = new org.apache.sentry.core.model.db.Column(columnName); - table_ = new org.apache.sentry.core.model.db.Table(tableName); - database_ = new org.apache.sentry.core.model.db.Database(dbName); - } - - @Override - public List<DBModelAuthorizable> getHiveAuthorizeableHierarchy() { - return Lists.newArrayList(database_, table_, column_); - } - - @Override - public String getName() { return database_.getName() + "." + table_.getName() + "." - + column_.getName(); } - - @Override - public String getFullTableName() { - return database_.getName() + "." + table_.getName(); - } - - @Override - public String getDbName() { return database_.getName(); } - - public String getTblName() { return table_.getName(); } - public String getColumnName() { return column_.getName(); } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableDb.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableDb.java b/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableDb.java deleted file mode 100644 index e27ac52..0000000 --- a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableDb.java +++ /dev/null @@ -1,48 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.authorization; - -import java.util.List; - -import org.apache.sentry.core.model.db.DBModelAuthorizable; - -import com.google.common.base.Preconditions; -import com.google.common.collect.Lists; - -/* - * Class used to authorize access to a database. - */ -public class AuthorizeableDb extends Authorizeable { - private final org.apache.sentry.core.model.db.Database database_; - - public AuthorizeableDb(String dbName) { - Preconditions.checkState(dbName != null && !dbName.isEmpty()); - database_ = new org.apache.sentry.core.model.db.Database(dbName); - } - - @Override - public List<DBModelAuthorizable> getHiveAuthorizeableHierarchy() { - return Lists.newArrayList((DBModelAuthorizable) database_); - } - - @Override - public String getName() { return database_.getName(); } - - @Override - public String getDbName() { return getName(); } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableFn.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableFn.java b/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableFn.java deleted file mode 100644 index 0ff4ca3..0000000 --- a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableFn.java +++ /dev/null @@ -1,45 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.authorization; - -import java.util.List; - -import org.apache.sentry.core.model.db.DBModelAuthorizable; - -import com.google.common.base.Preconditions; -import com.google.common.collect.Lists; - -/** - * Class used to authorize access to a Function. - */ -public class AuthorizeableFn extends Authorizeable { - private final String fnName_; - - public AuthorizeableFn(String fnName) { - Preconditions.checkState(fnName != null && !fnName.isEmpty()); - fnName_ = fnName; - } - - @Override - public List<DBModelAuthorizable> getHiveAuthorizeableHierarchy() { - return Lists.newArrayList(); - } - - @Override - public String getName() { return fnName_; } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableServer.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableServer.java b/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableServer.java deleted file mode 100644 index 4ca3218..0000000 --- a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableServer.java +++ /dev/null @@ -1,49 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.authorization; - -import java.util.List; - -import org.apache.sentry.core.model.db.DBModelAuthorizable; - -import com.google.common.base.Preconditions; -import com.google.common.base.Strings; -import com.google.common.collect.Lists; - -/** - * Class used to authorize access at the catalog level. Generally, all Impala - * services in the cluster will be configured with the same catalog name. - * What Sentry refers to as a Server maps to our concept of a Catalog, thus - * the name AuthorizeableServer. - */ -public class AuthorizeableServer extends Authorizeable { - private final org.apache.sentry.core.model.db.Server server_; - - public AuthorizeableServer(String serverName) { - Preconditions.checkState(!Strings.isNullOrEmpty(serverName)); - server_ = new org.apache.sentry.core.model.db.Server(serverName); - } - - @Override - public List<DBModelAuthorizable> getHiveAuthorizeableHierarchy() { - return Lists.newArrayList((DBModelAuthorizable) server_); - } - - @Override - public String getName() { return server_.getName(); } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableTable.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableTable.java b/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableTable.java deleted file mode 100644 index e28d5a1..0000000 --- a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableTable.java +++ /dev/null @@ -1,63 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.authorization; - -import java.util.List; - -import org.apache.sentry.core.model.db.DBModelAuthorizable; - -import com.google.common.base.Preconditions; -import com.google.common.base.Strings; -import com.google.common.collect.Lists; - -/** - * Class used to authorize access to a table or view. - * Even though Hive's spec includes an authorizable object 'view', we chose - * to treat views the same way as tables for the sake of authorization. - */ -public class AuthorizeableTable extends Authorizeable { - // Constant to represent privileges in the policy for "ANY" table in a - // a database. - public final static String ANY_TABLE_NAME = - org.apache.sentry.core.model.db.AccessConstants.ALL; - - private final org.apache.sentry.core.model.db.Table table_; - private final org.apache.sentry.core.model.db.Database database_; - - public AuthorizeableTable(String dbName, String tableName) { - Preconditions.checkState(!Strings.isNullOrEmpty(tableName)); - Preconditions.checkState(!Strings.isNullOrEmpty(dbName)); - table_ = new org.apache.sentry.core.model.db.Table(tableName); - database_ = new org.apache.sentry.core.model.db.Database(dbName); - } - - @Override - public List<DBModelAuthorizable> getHiveAuthorizeableHierarchy() { - return Lists.newArrayList(database_, table_); - } - - @Override - public String getName() { return database_.getName() + "." + table_.getName(); } - - @Override - public String getDbName() { return database_.getName(); } - public String getTblName() { return table_.getName(); } - - @Override - public String getFullTableName() { return getName(); } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableUri.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableUri.java b/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableUri.java deleted file mode 100644 index 1997457..0000000 --- a/fe/src/main/java/com/cloudera/impala/authorization/AuthorizeableUri.java +++ /dev/null @@ -1,47 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.authorization; - -import java.util.List; - -import com.google.common.base.Preconditions; -import com.google.common.collect.Lists; - -/* - * Class used to authorize access to a URI. - */ -public class AuthorizeableUri extends Authorizeable { - private final String uriName_; - - public AuthorizeableUri(String uriName) { - Preconditions.checkNotNull(uriName); - uriName_ = uriName; - } - - @Override - public List<org.apache.sentry.core.model.db.DBModelAuthorizable> - getHiveAuthorizeableHierarchy() { - org.apache.sentry.core.model.db.AccessURI accessURI = - new org.apache.sentry.core.model.db.AccessURI(uriName_); - return Lists.newArrayList( - (org.apache.sentry.core.model.db.DBModelAuthorizable) accessURI); - } - - @Override - public String getName() { return uriName_; } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/authorization/ImpalaInternalAdminUser.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/authorization/ImpalaInternalAdminUser.java b/fe/src/main/java/com/cloudera/impala/authorization/ImpalaInternalAdminUser.java deleted file mode 100644 index a5c14c1..0000000 --- a/fe/src/main/java/com/cloudera/impala/authorization/ImpalaInternalAdminUser.java +++ /dev/null @@ -1,36 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.authorization; - -/* - * A singleton class that represents a special user type used for internal Impala - * sessions (for example, populating the debug webpage Catalog view). This user has - * all privileges on all objects in the server. - */ -public class ImpalaInternalAdminUser extends User { - private final static ImpalaInternalAdminUser instance_ = new ImpalaInternalAdminUser(); - - private ImpalaInternalAdminUser() { - super("Impala Internal Admin User"); - } - - /* - * Returns an instance of the ImpalaInternalAdminUser. - */ - public static ImpalaInternalAdminUser getInstance() { return instance_; } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/authorization/Privilege.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/authorization/Privilege.java b/fe/src/main/java/com/cloudera/impala/authorization/Privilege.java deleted file mode 100644 index 9b44517..0000000 --- a/fe/src/main/java/com/cloudera/impala/authorization/Privilege.java +++ /dev/null @@ -1,70 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.authorization; - -import java.util.EnumSet; - -import org.apache.sentry.core.model.db.DBModelAction; - -/* - * Maps an Impala Privilege to one or more Hive Access "Actions". - */ -public enum Privilege { - ALL(DBModelAction.ALL, false), - ALTER(DBModelAction.ALL, false), - DROP(DBModelAction.ALL, false), - CREATE(DBModelAction.ALL, false), - INSERT(DBModelAction.INSERT, false), - SELECT(DBModelAction.SELECT, false), - // Privileges required to view metadata on a server object. - VIEW_METADATA(EnumSet.of(DBModelAction.INSERT, DBModelAction.SELECT), true), - // Special privilege that is used to determine if the user has any valid privileges - // on a target object. - ANY(EnumSet.allOf(DBModelAction.class), true), - ; - - private final EnumSet<DBModelAction> actions; - - // Determines whether to check if the user has ANY the privileges defined in the - // actions list or whether to check if the user has ALL of the privileges in the - // actions list. - private final boolean anyOf_; - - private Privilege(EnumSet<DBModelAction> actions, boolean anyOf) { - this.actions = actions; - this.anyOf_ = anyOf; - } - - private Privilege(DBModelAction action, boolean anyOf) { - this(EnumSet.of(action), anyOf); - } - - /* - * Returns the set of Hive Access Actions mapping to this Privilege. - */ - public EnumSet<DBModelAction> getHiveActions() { - return actions; - } - - /* - * Determines whether to check if the user has ANY the privileges defined in the - * actions list or whether to check if the user has ALL of the privileges in the - * actions list. - */ - public boolean getAnyOf() { return anyOf_; } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/authorization/PrivilegeRequest.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/authorization/PrivilegeRequest.java b/fe/src/main/java/com/cloudera/impala/authorization/PrivilegeRequest.java deleted file mode 100644 index bacc4b2..0000000 --- a/fe/src/main/java/com/cloudera/impala/authorization/PrivilegeRequest.java +++ /dev/null @@ -1,77 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.authorization; - -import com.google.common.base.Preconditions; - -/* - * Represents a privilege request in the context of an Authorizeable object. If no - * Authorizeable object is provided, it represents a privilege request on the server. - * For example, SELECT on table Foo in database Bar. - */ -public class PrivilegeRequest { - private final Authorizeable authorizeable_; - private final Privilege privilege_; - - public PrivilegeRequest(Authorizeable authorizeable, Privilege privilege) { - Preconditions.checkNotNull(authorizeable); - Preconditions.checkNotNull(privilege); - authorizeable_ = authorizeable; - privilege_ = privilege; - } - - public PrivilegeRequest(Privilege privilege) { - Preconditions.checkNotNull(privilege); - authorizeable_ = null; - privilege_ = privilege; - } - - /* - * Name of the Authorizeable. Authorizeable refers to the server if it's null. - */ - public String getName() { - return (authorizeable_ != null) ? authorizeable_.getName() : "server"; - } - - /* - * Requested privilege on the Authorizeable. - */ - public Privilege getPrivilege() { return privilege_; } - - - /* - * Returns Authorizeable object. Null if the request is for server-level permission. - */ - public Authorizeable getAuthorizeable() { return authorizeable_; } - - @Override - public int hashCode() { - return (authorizeable_ == null ? 0 : authorizeable_.hashCode()) * 37 + - privilege_.hashCode(); - } - - @Override - public boolean equals(Object o) { - if (!(o instanceof PrivilegeRequest)) return false; - if (authorizeable_ == null) { - return ((PrivilegeRequest) o).getPrivilege().equals(privilege_); - } - return ((PrivilegeRequest) o).getAuthorizeable().equals(authorizeable_) && - ((PrivilegeRequest) o).getPrivilege().equals(privilege_); - } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/authorization/PrivilegeRequestBuilder.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/authorization/PrivilegeRequestBuilder.java b/fe/src/main/java/com/cloudera/impala/authorization/PrivilegeRequestBuilder.java deleted file mode 100644 index 13dc909..0000000 --- a/fe/src/main/java/com/cloudera/impala/authorization/PrivilegeRequestBuilder.java +++ /dev/null @@ -1,119 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.authorization; - -import com.google.common.base.Preconditions; - -/** - * Class that helps build PrivilegeRequest objects. - * For example: - * PrivilegeRequestBuilder builder = new PrivilegeRequestBuilder(); - * PrivilegeRequest = builder.allOf(Privilege.SELECT).onTable("db", "tbl").toRequest(); - * - * TODO: In the future, this class could be extended to provide the option to specify - * multiple permissions. For example: - * builder.allOf(SELECT, INSERT).onTable(..); - * It could also be extended to support an "anyOf" to check if the user has any of the - * permissions specified: - * builder.anyOf(SELECT, INSERT).onTable(...); - */ -public class PrivilegeRequestBuilder { - Authorizeable authorizeable_; - Privilege privilege_; - - /** - * Sets the authorizeable object to be a column. - */ - public PrivilegeRequestBuilder onColumn(String dbName, String tableName, - String columnName) { - authorizeable_ = new AuthorizeableColumn(dbName, tableName, columnName); - return this; - } - - /** - * Sets the authorizeable object to be a table. - */ - public PrivilegeRequestBuilder onTable(String dbName, String tableName) { - authorizeable_ = new AuthorizeableTable(dbName, tableName); - return this; - } - - /** - * Sets the authorizeable object to be a database. - */ - public PrivilegeRequestBuilder onDb(String dbName) { - authorizeable_ = new AuthorizeableDb(dbName); - return this; - } - - /** - * Sets the authorizeable object to be a URI. - */ - public PrivilegeRequestBuilder onURI(String uriName) { - authorizeable_ = new AuthorizeableUri(uriName); - return this; - } - - /** - * Specifies that permissions on any table in the given database. - */ - public PrivilegeRequestBuilder onAnyTable(String dbName) { - return onTable(dbName, AuthorizeableTable.ANY_TABLE_NAME); - } - - /** - * Specifies that permissions on any column in the given table. - */ - public PrivilegeRequestBuilder onAnyColumn(String dbName, String tableName) { - return onColumn(dbName, tableName, AuthorizeableColumn.ANY_COLUMN_NAME); - } - - /** - * Specifies the privilege the user needs to have. - */ - public PrivilegeRequestBuilder allOf(Privilege privilege) { - privilege_ = privilege; - return this; - } - - /** - * Specifies the user needs "ALL" privileges - */ - public PrivilegeRequestBuilder all() { - privilege_ = Privilege.ALL; - return this; - } - - /** - * Specifies that any privileges are sufficient. - */ - public PrivilegeRequestBuilder any() { - privilege_ = Privilege.ANY; - return this; - } - - /** - * Builds a PrivilegeRequest object based on the current Authorizeable object - * and privilege settings. - */ - public PrivilegeRequest toRequest() { - Preconditions.checkNotNull(authorizeable_); - Preconditions.checkNotNull(privilege_); - return new PrivilegeRequest(authorizeable_, privilege_); - } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/authorization/SentryConfig.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/authorization/SentryConfig.java b/fe/src/main/java/com/cloudera/impala/authorization/SentryConfig.java deleted file mode 100644 index 48300f4..0000000 --- a/fe/src/main/java/com/cloudera/impala/authorization/SentryConfig.java +++ /dev/null @@ -1,74 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.authorization; - -import java.io.File; -import java.net.MalformedURLException; - -import org.apache.hadoop.conf.Configuration; - -import com.cloudera.impala.common.FileSystemUtil; -import com.google.common.base.Strings; - -/** - * Class used to load a sentry-site.xml configuration file. - */ -public class SentryConfig { - // Absolute path to the sentry-site.xml configuration file. - private final String configFile_; - - // The Sentry configuration. Valid only after calling loadConfig(). - private final Configuration config_; - - public SentryConfig(String configFilePath) { - configFile_ = configFilePath; - config_ = FileSystemUtil.getConfiguration(); - } - - /** - * Initializes the Sentry configuration. - */ - public void loadConfig() { - if (Strings.isNullOrEmpty(configFile_)) { - throw new IllegalArgumentException("A valid path to a sentry-site.xml config " + - "file must be set using --sentry_config to enable authorization."); - } - - File configFile = new File(configFile_); - if (!configFile.exists()) { - String configFilePath = "\"" + configFile_ + "\""; - throw new RuntimeException("Sentry configuration file does not exist: " + - configFilePath); - } - - if (!configFile.canRead()) { - throw new RuntimeException("Cannot read Sentry configuration file: " + - configFile_); - } - - // Load the config. - try { - config_.addResource(configFile.toURI().toURL()); - } catch (MalformedURLException e) { - throw new RuntimeException("Invalid Sentry config file path: " + configFile_, e); - } - } - - public Configuration getConfig() { return config_; } - public String getConfigFile() { return configFile_; } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/authorization/User.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/authorization/User.java b/fe/src/main/java/com/cloudera/impala/authorization/User.java deleted file mode 100644 index a282e54..0000000 --- a/fe/src/main/java/com/cloudera/impala/authorization/User.java +++ /dev/null @@ -1,104 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.authorization; - -import com.google.common.base.Preconditions; -import com.google.common.annotations.VisibleForTesting; -import com.cloudera.impala.common.InternalException; -import com.cloudera.impala.common.RuntimeEnv; -import com.cloudera.impala.service.BackendConfig; - -import java.io.IOException; - -import org.apache.hadoop.conf.Configuration; -import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTH_TO_LOCAL; -import org.apache.hadoop.security.authentication.util.KerberosName; - -/* - * Class that represents a User of an Impala session. - */ -public class User { - - static { - // If auth_to_local is enabled, we read the configuration hadoop.security.auth_to_local - // from core-site.xml and use it for principal to short name conversion. If it is not, - // we use the defaultRule ("RULE:[1:$1] RULE:[2:$1]"), which just extracts the user - // name from any principal of form a@REALM or a/b@REALM. If auth_to_local is enabled - // and hadoop.security.auth_to_local is not specified in the hadoop configs, we use - // the "DEFAULT" rule that just extracts the username from any principal in the - // cluster's local realm. For more details on principal to short name translation, - // refer to org.apache.hadoop.security.KerberosName. - final String defaultRule = "RULE:[1:$1] RULE:[2:$1]"; - final Configuration conf = new Configuration(); - if (BackendConfig.isAuthToLocalEnabled()) { - KerberosName.setRules(conf.get(HADOOP_SECURITY_AUTH_TO_LOCAL, "DEFAULT")); - } else { - // just extract the simple user name - KerberosName.setRules(defaultRule); - } - } - - private final String name_; - - private KerberosName kerberosName_; - - public User(String name) { - Preconditions.checkNotNull(name); - name_ = name; - this.kerberosName_ = new KerberosName(name); - } - - public String getName() { return name_; } - - public String getShortName() throws InternalException { - try { - return kerberosName_.getShortName(); - } catch (IOException e) { - throw new InternalException( - "Error calling getShortName() for user: " + getName(), e); - } - } - - /* - * Returns the shortname for the user after applying auth_to_local - * rules from string 'rules'. This is exposed for testing purposes only. - * Ideally these rules are populated from hdfs configuration files. - */ - @VisibleForTesting - public String getShortNameForTesting(String rules) { - Preconditions.checkNotNull(rules); - Preconditions.checkState(RuntimeEnv.INSTANCE.isTestEnv()); - String currentRules = KerberosName.getRules(); - KerberosName.setRules(rules); - String shortName = null; - try { - shortName = getShortName(); - } catch (InternalException e) { - e.printStackTrace(); - } - // reset the rules - KerberosName.setRules(currentRules); - return shortName; - } - - @VisibleForTesting - public static void setRulesForTesting(String rules) { - Preconditions.checkState(RuntimeEnv.INSTANCE.isTestEnv()); - KerberosName.setRules(rules); - } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/catalog/AggregateFunction.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/catalog/AggregateFunction.java b/fe/src/main/java/com/cloudera/impala/catalog/AggregateFunction.java deleted file mode 100644 index eb968fd..0000000 --- a/fe/src/main/java/com/cloudera/impala/catalog/AggregateFunction.java +++ /dev/null @@ -1,241 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.catalog; - -import java.util.ArrayList; -import java.util.List; - -import com.cloudera.impala.analysis.FunctionName; -import com.cloudera.impala.analysis.HdfsUri; -import com.cloudera.impala.thrift.TAggregateFunction; -import com.cloudera.impala.thrift.TFunction; -import com.cloudera.impala.thrift.TFunctionBinaryType; - -/** - * Internal representation of an aggregate function. - * TODO: Create separate AnalyticFunction class - */ -public class AggregateFunction extends Function { - // Set if different from retType_, null otherwise. - private Type intermediateType_; - - // The symbol inside the binary at location_ that contains this particular. - // They can be null if it is not required. - private String updateFnSymbol_; - private String initFnSymbol_; - private String serializeFnSymbol_; - private String mergeFnSymbol_; - private String getValueFnSymbol_; - private String removeFnSymbol_; - private String finalizeFnSymbol_; - - private static String BE_BUILTINS_CLASS = "AggregateFunctions"; - - // If true, this aggregate function should ignore distinct. - // e.g. min(distinct col) == min(col). - // TODO: currently it is not possible for user functions to specify this. We should - // extend the create aggregate function stmt to allow additional metadata like this. - private boolean ignoresDistinct_; - - // True if this function can appear within an analytic expr (fn() OVER(...)). - // TODO: Instead of manually setting this flag for all builtin aggregate functions - // we should identify this property from the function itself (e.g., based on which - // functions of the UDA API are implemented). - // Currently, there is no reliable way of doing that. - private boolean isAnalyticFn_; - - // True if this function can be used for aggregation (without an OVER() clause). - private boolean isAggregateFn_; - - // True if this function returns a non-null value on an empty input. It is used - // primarily during the rewrite of scalar subqueries. - // TODO: Instead of manually setting this flag, we should identify this - // property from the function itself (e.g. evaluating the function on an - // empty input in BE). - private boolean returnsNonNullOnEmpty_; - - public AggregateFunction(FunctionName fnName, ArrayList<Type> argTypes, Type retType, - boolean hasVarArgs) { - super(fnName, argTypes, retType, hasVarArgs); - } - - public AggregateFunction(FunctionName fnName, List<Type> argTypes, - Type retType, Type intermediateType, - HdfsUri location, String updateFnSymbol, String initFnSymbol, - String serializeFnSymbol, String mergeFnSymbol, String getValueFnSymbol, - String removeFnSymbol, String finalizeFnSymbol) { - super(fnName, argTypes, retType, false); - setLocation(location); - intermediateType_ = (intermediateType.equals(retType)) ? null : intermediateType; - updateFnSymbol_ = updateFnSymbol; - initFnSymbol_ = initFnSymbol; - serializeFnSymbol_ = serializeFnSymbol; - mergeFnSymbol_ = mergeFnSymbol; - getValueFnSymbol_ = getValueFnSymbol; - removeFnSymbol_ = removeFnSymbol; - finalizeFnSymbol_ = finalizeFnSymbol; - ignoresDistinct_ = false; - isAnalyticFn_ = false; - isAggregateFn_ = true; - returnsNonNullOnEmpty_ = false; - } - - public static AggregateFunction createForTesting(FunctionName fnName, - List<Type> argTypes, Type retType, Type intermediateType, - HdfsUri location, String updateFnSymbol, String initFnSymbol, - String serializeFnSymbol, String mergeFnSymbol, String getValueFnSymbol, - String removeFnSymbol, String finalizeFnSymbol, - TFunctionBinaryType fnType) { - AggregateFunction fn = new AggregateFunction(fnName, argTypes, retType, - intermediateType, location, updateFnSymbol, initFnSymbol, - serializeFnSymbol, mergeFnSymbol, getValueFnSymbol, removeFnSymbol, - finalizeFnSymbol); - fn.setBinaryType(fnType); - return fn; - } - - public static AggregateFunction createBuiltin(Db db, String name, - List<Type> argTypes, Type retType, Type intermediateType, - String initFnSymbol, String updateFnSymbol, String mergeFnSymbol, - String serializeFnSymbol, String finalizeFnSymbol, boolean ignoresDistinct, - boolean isAnalyticFn, boolean returnsNonNullOnEmpty) { - return createBuiltin(db, name, argTypes, retType, intermediateType, initFnSymbol, - updateFnSymbol, mergeFnSymbol, serializeFnSymbol, null, null, finalizeFnSymbol, - ignoresDistinct, isAnalyticFn, returnsNonNullOnEmpty); - } - - public static AggregateFunction createBuiltin(Db db, String name, - List<Type> argTypes, Type retType, Type intermediateType, - String initFnSymbol, String updateFnSymbol, String mergeFnSymbol, - String serializeFnSymbol, String getValueFnSymbol, String removeFnSymbol, - String finalizeFnSymbol, boolean ignoresDistinct, boolean isAnalyticFn, - boolean returnsNonNullOnEmpty) { - AggregateFunction fn = new AggregateFunction(new FunctionName(db.getName(), name), - argTypes, retType, intermediateType, null, updateFnSymbol, initFnSymbol, - serializeFnSymbol, mergeFnSymbol, getValueFnSymbol, removeFnSymbol, - finalizeFnSymbol); - fn.setBinaryType(TFunctionBinaryType.BUILTIN); - fn.ignoresDistinct_ = ignoresDistinct; - fn.isAnalyticFn_ = isAnalyticFn; - fn.isAggregateFn_ = true; - fn.returnsNonNullOnEmpty_ = returnsNonNullOnEmpty; - fn.setIsPersistent(true); - return fn; - } - - public static AggregateFunction createAnalyticBuiltin(Db db, String name, - List<Type> argTypes, Type retType, Type intermediateType) { - return createAnalyticBuiltin(db, name, argTypes, retType, intermediateType, null, - null, null, null, null, true); - } - - public static AggregateFunction createAnalyticBuiltin(Db db, String name, - List<Type> argTypes, Type retType, Type intermediateType, - String initFnSymbol, String updateFnSymbol, String removeFnSymbol, - String getValueFnSymbol, String finalizeFnSymbol) { - return createAnalyticBuiltin(db, name, argTypes, retType, intermediateType, - initFnSymbol, updateFnSymbol, removeFnSymbol, getValueFnSymbol, finalizeFnSymbol, - true); - } - - public static AggregateFunction createAnalyticBuiltin(Db db, String name, - List<Type> argTypes, Type retType, Type intermediateType, - String initFnSymbol, String updateFnSymbol, String removeFnSymbol, - String getValueFnSymbol, String finalizeFnSymbol, boolean isUserVisible) { - AggregateFunction fn = new AggregateFunction(new FunctionName(db.getName(), name), - argTypes, retType, intermediateType, null, updateFnSymbol, initFnSymbol, - null, null, getValueFnSymbol, removeFnSymbol, finalizeFnSymbol); - fn.setBinaryType(TFunctionBinaryType.BUILTIN); - fn.ignoresDistinct_ = false; - fn.isAnalyticFn_ = true; - fn.isAggregateFn_ = false; - fn.returnsNonNullOnEmpty_ = false; - fn.setUserVisible(isUserVisible); - fn.setIsPersistent(true); - return fn; - } - - public String getUpdateFnSymbol() { return updateFnSymbol_; } - public String getInitFnSymbol() { return initFnSymbol_; } - public String getSerializeFnSymbol() { return serializeFnSymbol_; } - public String getMergeFnSymbol() { return mergeFnSymbol_; } - public String getGetValueFnSymbol() { return getValueFnSymbol_; } - public String getRemoveFnSymbol() { return removeFnSymbol_; } - public String getFinalizeFnSymbol() { return finalizeFnSymbol_; } - public boolean ignoresDistinct() { return ignoresDistinct_; } - public boolean isAnalyticFn() { return isAnalyticFn_; } - public boolean isAggregateFn() { return isAggregateFn_; } - public boolean returnsNonNullOnEmpty() { return returnsNonNullOnEmpty_; } - - /** - * Returns the intermediate type of this aggregate function or null - * if it is identical to the return type. - */ - public Type getIntermediateType() { return intermediateType_; } - public void setUpdateFnSymbol(String fn) { updateFnSymbol_ = fn; } - public void setInitFnSymbol(String fn) { initFnSymbol_ = fn; } - public void setSerializeFnSymbol(String fn) { serializeFnSymbol_ = fn; } - public void setMergeFnSymbol(String fn) { mergeFnSymbol_ = fn; } - public void setGetValueFnSymbol(String fn) { getValueFnSymbol_ = fn; } - public void setRemoveFnSymbol(String fn) { removeFnSymbol_ = fn; } - public void setFinalizeFnSymbol(String fn) { finalizeFnSymbol_ = fn; } - public void setIntermediateType(Type t) { intermediateType_ = t; } - - @Override - public String toSql(boolean ifNotExists) { - StringBuilder sb = new StringBuilder("CREATE AGGREGATE FUNCTION "); - if (ifNotExists) sb.append("IF NOT EXISTS "); - sb.append(dbName() + "." + signatureString() + "\n") - .append(" RETURNS " + getReturnType() + "\n"); - if (getIntermediateType() != null) { - sb.append(" INTERMEDIATE " + getIntermediateType() + "\n"); - } - sb.append(" LOCATION '" + getLocation() + "'\n") - .append(" UPDATE_FN='" + getUpdateFnSymbol() + "'\n") - .append(" INIT_FN='" + getInitFnSymbol() + "'\n") - .append(" MERGE_FN='" + getMergeFnSymbol() + "'\n"); - if (getSerializeFnSymbol() != null) { - sb.append(" SERIALIZE_FN='" + getSerializeFnSymbol() + "'\n"); - } - if (getFinalizeFnSymbol() != null) { - sb.append(" FINALIZE_FN='" + getFinalizeFnSymbol() + "'\n"); - } - return sb.toString(); - } - - @Override - public TFunction toThrift() { - TFunction fn = super.toThrift(); - TAggregateFunction agg_fn = new TAggregateFunction(); - agg_fn.setUpdate_fn_symbol(updateFnSymbol_); - agg_fn.setInit_fn_symbol(initFnSymbol_); - if (serializeFnSymbol_ != null) agg_fn.setSerialize_fn_symbol(serializeFnSymbol_); - agg_fn.setMerge_fn_symbol(mergeFnSymbol_); - if (getValueFnSymbol_ != null) agg_fn.setGet_value_fn_symbol(getValueFnSymbol_); - if (removeFnSymbol_ != null) agg_fn.setRemove_fn_symbol(removeFnSymbol_); - if (finalizeFnSymbol_ != null) agg_fn.setFinalize_fn_symbol(finalizeFnSymbol_); - if (intermediateType_ != null) { - agg_fn.setIntermediate_type(intermediateType_.toThrift()); - } else { - agg_fn.setIntermediate_type(getReturnType().toThrift()); - } - agg_fn.setIgnores_distinct(ignoresDistinct_); - fn.setAggregate_fn(agg_fn); - return fn; - } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/catalog/ArrayType.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/catalog/ArrayType.java b/fe/src/main/java/com/cloudera/impala/catalog/ArrayType.java deleted file mode 100644 index 25edde2..0000000 --- a/fe/src/main/java/com/cloudera/impala/catalog/ArrayType.java +++ /dev/null @@ -1,71 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.catalog; - -import org.apache.commons.lang3.StringUtils; - -import com.cloudera.impala.thrift.TColumnType; -import com.cloudera.impala.thrift.TTypeNode; -import com.cloudera.impala.thrift.TTypeNodeType; -import com.google.common.base.Preconditions; - -/** - * Describes an ARRAY type. - */ -public class ArrayType extends Type { - private final Type itemType_; - - public ArrayType(Type itemType) { - itemType_ = itemType; - } - - public Type getItemType() { return itemType_; } - - @Override - public String toSql(int depth) { - if (depth >= MAX_NESTING_DEPTH) return "ARRAY<...>"; - return String.format("ARRAY<%s>", itemType_.toSql(depth + 1)); - } - - @Override - public boolean equals(Object other) { - if (!(other instanceof ArrayType)) return false; - ArrayType otherArrayType = (ArrayType) other; - return otherArrayType.itemType_.equals(itemType_); - } - - @Override - public void toThrift(TColumnType container) { - TTypeNode node = new TTypeNode(); - container.types.add(node); - Preconditions.checkNotNull(itemType_); - node.setType(TTypeNodeType.ARRAY); - itemType_.toThrift(container); - } - - @Override - protected String prettyPrint(int lpad) { - String leftPadding = StringUtils.repeat(' ', lpad); - if (itemType_.isScalarType()) return leftPadding + toSql(); - // Pass in the padding to make sure nested fields are aligned properly, - // even if we then strip the top-level padding. - String structStr = itemType_.prettyPrint(lpad); - structStr = structStr.substring(lpad); - return String.format("%sARRAY<%s>", leftPadding, structStr); - } -} http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/b544f019/fe/src/main/java/com/cloudera/impala/catalog/AuthorizationException.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/com/cloudera/impala/catalog/AuthorizationException.java b/fe/src/main/java/com/cloudera/impala/catalog/AuthorizationException.java deleted file mode 100644 index ab97c83..0000000 --- a/fe/src/main/java/com/cloudera/impala/catalog/AuthorizationException.java +++ /dev/null @@ -1,32 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package com.cloudera.impala.catalog; - - -/** - * Thrown for authorization errors encountered when accessing Catalog objects. - */ -public class AuthorizationException extends CatalogException { - public AuthorizationException(String msg, Throwable cause) { - super(msg, cause); - } - - public AuthorizationException(String msg) { - super(msg); - } -} \ No newline at end of file
