[jira] [Work logged] (HIVE-26247) Filter out results 'show connectors' on HMS server-side

Mon, 19 Sep 2022 12:15:06 -0700 


     [ 
https://issues.apache.org/jira/browse/HIVE-26247?focusedWorklogId=810161&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-810161
 ]

ASF GitHub Bot logged work on HIVE-26247:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 19/Sep/22 19:14
            Start Date: 19/Sep/22 19:14
    Worklog Time Spent: 10m 
      Work Description: saihemanth-cloudera commented on code in PR #3545:
URL: https://github.com/apache/hive/pull/3545#discussion_r974586696


##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/filtercontext/DataConnectorFilterContext.java:
##########
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package 
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.filtercontext;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class DataConnectorFilterContext extends HiveMetaStoreAuthorizableEvent 
{
+
+    private static final Logger LOG = 
LoggerFactory.getLogger(DataConnectorFilterContext.class);
+
+    List<String> connectors = null;
+
+    public DataConnectorFilterContext(List<String> connectors) {
+        super(null);
+        this.connectors = connectors;
+        getAuthzContext();
+    }
+
+    @Override
+    public HiveMetaStoreAuthzInfo getAuthzContext() {
+        HiveMetaStoreAuthzInfo ret =
+                new HiveMetaStoreAuthzInfo(preEventContext, 
HiveOperationType.QUERY, getInputHObjs(), getOutputHObjs(), null);
+        return ret;
+    }
+
+    private List<HivePrivilegeObject> getInputHObjs() {
+        LOG.debug("==> DataConnectorFilterContext.getOutputHObjs()");
+
+        List<HivePrivilegeObject> ret = new ArrayList<>();
+        for (String connector : connectors) {
+            HivePrivilegeObject.HivePrivilegeObjectType type = 
HivePrivilegeObject.HivePrivilegeObjectType.DATACONNECTOR;
+            HivePrivilegeObject.HivePrivObjectActionType objectActionType =
+                    HivePrivilegeObject.HivePrivObjectActionType.OTHER;
+            HivePrivilegeObject hivePrivilegeObject =
+                    new HivePrivilegeObject(type, null, connector, null, null, 
objectActionType, null, null);

Review Comment:
   I think it would be nice to pass the owner's name and owner-type information 
in the privilege object. That would be useful for creating owner-related 
policies in ranger/sentry etc services.



##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/filtercontext/DataConnectorFilterContext.java:
##########
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package 
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.filtercontext;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class DataConnectorFilterContext extends HiveMetaStoreAuthorizableEvent 
{
+
+    private static final Logger LOG = 
LoggerFactory.getLogger(DataConnectorFilterContext.class);
+
+    List<String> connectors = null;
+
+    public DataConnectorFilterContext(List<String> connectors) {
+        super(null);
+        this.connectors = connectors;
+        getAuthzContext();
+    }
+
+    @Override
+    public HiveMetaStoreAuthzInfo getAuthzContext() {
+        HiveMetaStoreAuthzInfo ret =
+                new HiveMetaStoreAuthzInfo(preEventContext, 
HiveOperationType.QUERY, getInputHObjs(), getOutputHObjs(), null);
+        return ret;
+    }
+
+    private List<HivePrivilegeObject> getInputHObjs() {
+        LOG.debug("==> DataConnectorFilterContext.getOutputHObjs()");

Review Comment:
   Nit: getInputHObjs();



##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/filtercontext/DataConnectorFilterContext.java:
##########
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package 
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.filtercontext;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class DataConnectorFilterContext extends HiveMetaStoreAuthorizableEvent 
{
+
+    private static final Logger LOG = 
LoggerFactory.getLogger(DataConnectorFilterContext.class);
+
+    List<String> connectors = null;
+
+    public DataConnectorFilterContext(List<String> connectors) {
+        super(null);
+        this.connectors = connectors;
+        getAuthzContext();
+    }
+
+    @Override
+    public HiveMetaStoreAuthzInfo getAuthzContext() {
+        HiveMetaStoreAuthzInfo ret =
+                new HiveMetaStoreAuthzInfo(preEventContext, 
HiveOperationType.QUERY, getInputHObjs(), getOutputHObjs(), null);
+        return ret;
+    }
+
+    private List<HivePrivilegeObject> getInputHObjs() {
+        LOG.debug("==> DataConnectorFilterContext.getOutputHObjs()");
+
+        List<HivePrivilegeObject> ret = new ArrayList<>();
+        for (String connector : connectors) {
+            HivePrivilegeObject.HivePrivilegeObjectType type = 
HivePrivilegeObject.HivePrivilegeObjectType.DATACONNECTOR;
+            HivePrivilegeObject.HivePrivObjectActionType objectActionType =
+                    HivePrivilegeObject.HivePrivObjectActionType.OTHER;
+            HivePrivilegeObject hivePrivilegeObject =
+                    new HivePrivilegeObject(type, null, connector, null, null, 
objectActionType, null, null);
+            ret.add(hivePrivilegeObject);
+        }
+        LOG.debug("<== DataConnectorFilterContext.getOutputHObjs(): ret=" + 
ret);

Review Comment:
   nit: getInputHObjs();





Issue Time Tracking
-------------------

    Worklog Id:     (was: 810161)
    Time Spent: 50m  (was: 40m)

> Filter out results 'show connectors' on HMS server-side
> -------------------------------------------------------
>
>                 Key: HIVE-26247
>                 URL: https://issues.apache.org/jira/browse/HIVE-26247
>             Project: Hive
>          Issue Type: Sub-task
>    Affects Versions: 4.0.0-alpha-1, 4.0.0-alpha-2
>            Reporter: zhangbutao
>            Assignee: zhangbutao
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 50m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to