[jira] [Issue Comment Deleted] (SENTRY-1876) Filter the result of show databases and show tables in hive

dongyifeng (JIRA) Tue, 08 Aug 2017 19:41:16 -0700

     [ 
https://issues.apache.org/jira/browse/SENTRY-1876?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


dongyifeng updated SENTRY-1876:
-------------------------------
    Comment: was deleted

(was: diff --git 
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java
 
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java
index 672acb6..204821e 100644
--- 
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java
+++ 
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java
@@ -17,6 +17,8 @@
 package org.apache.hadoop.hive.ql.exec;

 import com.google.common.base.Preconditions;
+import java.util.SortedSet;
+import java.util.TreeSet;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.fs.FileSystem;
@@ -28,8 +30,11 @@ import org.apache.hadoop.hive.ql.metadata.Hive;
 import org.apache.hadoop.hive.ql.metadata.HiveException;
 import org.apache.hadoop.hive.ql.metadata.Table;
 import org.apache.hadoop.hive.ql.metadata.formatting.MetaDataFormatUtils;
+import org.apache.hadoop.hive.ql.metadata.formatting.MetaDataFormatter;
 import org.apache.hadoop.hive.ql.plan.HiveOperation;
 import org.apache.hadoop.hive.ql.plan.ShowColumnsDesc;
+import org.apache.hadoop.hive.ql.plan.ShowDatabasesDesc;
+import org.apache.hadoop.hive.ql.plan.ShowTablesDesc;
 import org.apache.hadoop.hive.ql.session.SessionState;
 import org.apache.hadoop.io.IOUtils;
 import org.apache.sentry.binding.hive.authz.HiveAuthzBindingHookBase;
@@ -75,7 +80,29 @@ public class SentryFilterDDLTask extends DDLTask {

   @Override
   public int execute(DriverContext driverContext) {
-    // Currently the SentryFilterDDLTask only supports filter the "show 
columns in table " command.
+    //show databases
+    ShowDatabasesDesc showDbs = work.getShowDatabasesDesc();
+    try {
+      if (showDbs != null) {
+        return showFilterDatabases(showDbs);
+      }
+    } catch (Throwable e) {
+      failed(e);
+      return 1;
+    }
+
+    //show tables
+    ShowTablesDesc showTbls = work.getShowTblsDesc();
+    try {
+      if (showTbls != null) {
+        return showFilterTables(showTbls);
+      }
+    } catch (Throwable e) {
+      failed(e);
+      return 1;
+    }
+
+    // show columns in table
     ShowColumnsDesc showCols = work.getShowColumnsDesc();
     try {
       if (showCols != null) {
@@ -100,6 +127,62 @@ public class SentryFilterDDLTask extends DDLTask {
   }

   /**
+   * Filter the command "show databases"
+   *
+   */
+  private int showFilterDatabases(ShowDatabasesDesc showDbs) throws 
HiveException {
+    Hive hive = Hive.get(conf);
+
+    // write the results in the file
+    DataOutputStream outStream = null;
+    try {
+      Path resFile = new Path(showDbs.getResFile());
+      FileSystem fs = resFile.getFileSystem(conf);
+      outStream = fs.create(resFile);
+
+      List<String> dbs = hive.getAllDatabases();
+      MetaDataFormatter formatter = MetaDataFormatUtils.getFormatter(conf);
+      formatter.showDatabases(outStream, filterDatabases(dbs));
+      outStream.close();
+      outStream = null;
+    } catch (IOException e) {
+      throw new HiveException(e, ErrorMsg.GENERIC_ERROR);
+    } finally {
+      IOUtils.closeStream(outStream);
+    }
+    return 0;
+  }
+
+
+  /**
+   * Filter the command "show tables"
+   *
+   */
+  private int showFilterTables(ShowTablesDesc showTbls) throws HiveException {
+    Hive hive = Hive.get(conf);
+
+    // write the results in the file
+    DataOutputStream outStream = null;
+    try {
+      Path resFile = new Path(showTbls.getResFile());
+      FileSystem fs = resFile.getFileSystem(conf);
+      outStream = fs.create(resFile);
+
+      List<String> tbls = hive.getAllTables(showTbls.getDbName());
+      MetaDataFormatter formatter = MetaDataFormatUtils.getFormatter(conf);
+      SortedSet<String> sortedTbls = new TreeSet<String>(filterTables(tbls, 
showTbls.getDbName()));
+      formatter.showTables(outStream, sortedTbls);
+      outStream.close();
+      outStream = null;
+    } catch (IOException e) {
+      throw new HiveException(e, ErrorMsg.GENERIC_ERROR);
+    } finally {
+      IOUtils.closeStream(outStream);
+    }
+    return 0;
+  }
+
+  /**
    * Filter the command "show columns in table"
    *
    */
@@ -130,6 +213,18 @@ public class SentryFilterDDLTask extends DDLTask {
     return 0;
   }

+  private List<String> filterDatabases(List<String> dbs) throws HiveException {
+    // filter some databases that the subject has privilege on
+    return HiveAuthzBindingHookBase.filterShowDatabases(getHiveAuthzBinding(),
+      dbs, getStmtOperation(), getSubject().getName());
+  }
+
+  private List<String> filterTables(List<String> tbls, String dbName) throws 
HiveException {
+    // filter some tables that the subject has privilege on
+    return HiveAuthzBindingHookBase.filterShowTables(getHiveAuthzBinding(),
+      tbls, getStmtOperation(), getSubject().getName(), dbName);
+  }
+
   private List<FieldSchema> fiterColumns(List<FieldSchema> cols, Table table) 
throws HiveException {
     // filter some columns that the subject has privilege on
     return HiveAuthzBindingHookBase.filterShowColumns(getHiveAuthzBinding(),
diff --git 
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
 
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
index 9f3d42d..c439d6c 100644
--- 
a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
+++ 
b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
@@ -286,7 +286,9 @@ public class HiveAuthzPrivilegesMap {
     hiveAuthzStmtPrivMap.put(HiveOperation.SHOWCOLUMNS, 
columnMetaDataPrivilege);

     // SHOWDATABASES
+    hiveAuthzStmtPrivMap.put(HiveOperation.SHOWDATABASES, anyPrivilege);
     // SHOWTABLES
+    hiveAuthzStmtPrivMap.put(HiveOperation.SHOWTABLES, anyPrivilege);
     hiveAuthzStmtPrivMap.put(HiveOperation.SHOW_TABLESTATUS, 
tableMetaDataPrivilege);
     hiveAuthzStmtPrivMap.put(HiveOperation.SHOW_TBLPROPERTIES, 
tableMetaDataPrivilege);
     hiveAuthzStmtPrivMap.put(HiveOperation.SHOW_CREATETABLE, 
tableMetaDataPrivilege);)

> Filter the result of show databases and show tables in hive
> -----------------------------------------------------------
>
>                 Key: SENTRY-1876
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1876
>             Project: Sentry
>          Issue Type: Bug
>          Components: Hive Binding
>    Affects Versions: 1.7.0, 1.8.0, 2.0.0
>            Reporter: dongyifeng
>             Fix For: 1.7.0, 1.8.0, 2.0.0
>
>
> Since now sentry only filter the result of show columns.It's very necessary 
> to filter the result of show databases and show tables in hive.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Issue Comment Deleted] (SENTRY-1876) Filter the result of show databases and show tables in hive

Reply via email to