[jira] [Work logged] (HIVE-23786) HMS Server side filter

ASF GitHub Bot (Jira) Tue, 07 Jul 2020 22:07:22 -0700


     [ 
https://issues.apache.org/jira/browse/HIVE-23786?focusedWorklogId=455848&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-455848
 ]


ASF GitHub Bot logged work on HIVE-23786:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 08/Jul/20 05:06
            Start Date: 08/Jul/20 05:06
    Worklog Time Spent: 10m 
      Work Description: pvary commented on a change in pull request #1221:
URL: https://github.com/apache/hive/pull/1221#discussion_r451285302



##########
File path: 
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.java
##########
@@ -85,38 +97,268 @@ public final void onEvent(PreEventContext preEventContext) 
throws MetaException,
       LOG.debug("==> HiveMetaStoreAuthorizer.onEvent(): EventType=" + 
preEventContext.getEventType());
     }
 
-    HiveMetaStoreAuthzInfo authzContext = buildAuthzContext(preEventContext);
+    try {
+        HiveAuthorizer hiveAuthorizer = createHiveMetaStoreAuthorizer();
+        if (!skipAuthorization()) {
+          HiveMetaStoreAuthzInfo authzContext = 
buildAuthzContext(preEventContext);
+          checkPrivileges(authzContext, hiveAuthorizer);
+        }
+    } catch (Exception e) {
+      LOG.error("HiveMetaStoreAuthorizer.onEvent(): failed", e);
+      throw new MetaException(e.getMessage());
+    }
 
-    if (!skipAuthorization(authzContext)) {
-      try {
-        HiveConf              hiveConf          = new 
HiveConf(super.getConf(), HiveConf.class);
-        HiveAuthorizerFactory authorizerFactory = 
HiveUtils.getAuthorizerFactory(hiveConf, 
HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER);
+    if (LOG.isDebugEnabled()) {
+      LOG.debug("<== HiveMetaStoreAuthorizer.onEvent(): EventType=" + 
preEventContext.getEventType());
+    }
+  }
 
-        if (authorizerFactory != null) {
-          HiveMetastoreAuthenticationProvider authenticator = 
tAuthenticator.get();
+  @Override
+  public final List<String> filterDatabases(List<String> list) throws 
MetaException {
+    if (LOG.isDebugEnabled()) {
+      LOG.debug("HiveMetaStoreAuthorizer.filterDatabases()");
+    }
 
-          authenticator.setConf(hiveConf);
+    if (list == null) {
+      return Collections.emptyList();
+    }
 
-          HiveAuthzSessionContext.Builder authzContextBuilder = new 
HiveAuthzSessionContext.Builder();
+    DatabaseFilterContext   databaseFilterContext    = new 
DatabaseFilterContext(list);
+    HiveMetaStoreAuthzInfo  hiveMetaStoreAuthzInfo   = 
databaseFilterContext.getAuthzContext();
+    List<String>            filteredDatabases        = 
filterDatabaseObjects(hiveMetaStoreAuthzInfo);
+    if (CollectionUtils.isEmpty(filteredDatabases)) {
+      filteredDatabases = Collections.emptyList();
+    }
 
-          
authzContextBuilder.setClientType(HiveAuthzSessionContext.CLIENT_TYPE.HIVEMETASTORE);
-          authzContextBuilder.setSessionString("HiveMetaStore");
+    if (LOG.isDebugEnabled()) {
+      LOG.debug("HiveMetaStoreAuthorizer.filterDatabases() :" + 
filteredDatabases);
+    }
+    return filteredDatabases ;
+  }
 
-          HiveAuthzSessionContext authzSessionContext = 
authzContextBuilder.build();
+  @Override
+  public final Database filterDatabase(Database database) throws 
MetaException, NoSuchObjectException {
+    if (database != null) {
+      String dbName = database.getName();
+      List<String> databases = 
filterDatabases(Collections.singletonList(dbName));
+      if (databases.isEmpty()) {
+        throw new NoSuchObjectException(String.format("Database %s does not 
exist", dbName));
+      }
+    }
+    return database;
+  }
+
+  @Override
+  public final List<String> filterTableNames(String s, String s1, List<String> 
list) throws MetaException {
+    if (LOG.isDebugEnabled()) {

Review comment:
       This LOG.isDebugEnabled is unnecessary. I thrown on them even on cases 
where we do string concatenation inside the message, but when we have a static 
string this is entirely unnecessary, and bloats the code




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 455848)
    Time Spent: 1h 20m  (was: 1h 10m)

> HMS Server side filter
> ----------------------
>
>                 Key: HIVE-23786
>                 URL: https://issues.apache.org/jira/browse/HIVE-23786
>             Project: Hive
>          Issue Type: Improvement
>            Reporter: Sam An
>            Assignee: Sam An
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> HMS server side filter of results based on authorization. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Work logged] (HIVE-23786) HMS Server side filter

Reply via email to