[ https://issues.apache.org/jira/browse/SENTRY-1876?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
dongyifeng updated SENTRY-1876: ------------------------------- Status: Patch Available (was: Open) diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java index 672acb6..204821e 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java @@ -17,6 +17,8 @@ package org.apache.hadoop.hive.ql.exec; import com.google.common.base.Preconditions; +import java.util.SortedSet; +import java.util.TreeSet; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.fs.FileSystem; @@ -28,8 +30,11 @@ import org.apache.hadoop.hive.ql.metadata.Hive; import org.apache.hadoop.hive.ql.metadata.HiveException; import org.apache.hadoop.hive.ql.metadata.Table; import org.apache.hadoop.hive.ql.metadata.formatting.MetaDataFormatUtils; +import org.apache.hadoop.hive.ql.metadata.formatting.MetaDataFormatter; import org.apache.hadoop.hive.ql.plan.HiveOperation; import org.apache.hadoop.hive.ql.plan.ShowColumnsDesc; +import org.apache.hadoop.hive.ql.plan.ShowDatabasesDesc; +import org.apache.hadoop.hive.ql.plan.ShowTablesDesc; import org.apache.hadoop.hive.ql.session.SessionState; import org.apache.hadoop.io.IOUtils; import org.apache.sentry.binding.hive.authz.HiveAuthzBindingHookBase; @@ -75,7 +80,29 @@ public class SentryFilterDDLTask extends DDLTask { @Override public int execute(DriverContext driverContext) { - // Currently the SentryFilterDDLTask only supports filter the "show columns in table " command. + //show databases + ShowDatabasesDesc showDbs = work.getShowDatabasesDesc(); + try { + if (showDbs != null) { + return showFilterDatabases(showDbs); + } + } catch (Throwable e) { + failed(e); + return 1; + } + + //show tables + ShowTablesDesc showTbls = work.getShowTblsDesc(); + try { + if (showTbls != null) { + return showFilterTables(showTbls); + } + } catch (Throwable e) { + failed(e); + return 1; + } + + // show columns in table ShowColumnsDesc showCols = work.getShowColumnsDesc(); try { if (showCols != null) { @@ -100,6 +127,62 @@ public class SentryFilterDDLTask extends DDLTask { } /** + * Filter the command "show databases" + * + */ + private int showFilterDatabases(ShowDatabasesDesc showDbs) throws HiveException { + Hive hive = Hive.get(conf); + + // write the results in the file + DataOutputStream outStream = null; + try { + Path resFile = new Path(showDbs.getResFile()); + FileSystem fs = resFile.getFileSystem(conf); + outStream = fs.create(resFile); + + List<String> dbs = hive.getAllDatabases(); + MetaDataFormatter formatter = MetaDataFormatUtils.getFormatter(conf); + formatter.showDatabases(outStream, filterDatabases(dbs)); + outStream.close(); + outStream = null; + } catch (IOException e) { + throw new HiveException(e, ErrorMsg.GENERIC_ERROR); + } finally { + IOUtils.closeStream(outStream); + } + return 0; + } + + + /** + * Filter the command "show tables" + * + */ + private int showFilterTables(ShowTablesDesc showTbls) throws HiveException { + Hive hive = Hive.get(conf); + + // write the results in the file + DataOutputStream outStream = null; + try { + Path resFile = new Path(showTbls.getResFile()); + FileSystem fs = resFile.getFileSystem(conf); + outStream = fs.create(resFile); + + List<String> tbls = hive.getAllTables(showTbls.getDbName()); + MetaDataFormatter formatter = MetaDataFormatUtils.getFormatter(conf); + SortedSet<String> sortedTbls = new TreeSet<String>(filterTables(tbls, showTbls.getDbName())); + formatter.showTables(outStream, sortedTbls); + outStream.close(); + outStream = null; + } catch (IOException e) { + throw new HiveException(e, ErrorMsg.GENERIC_ERROR); + } finally { + IOUtils.closeStream(outStream); + } + return 0; + } + + /** * Filter the command "show columns in table" * */ @@ -130,6 +213,18 @@ public class SentryFilterDDLTask extends DDLTask { return 0; } + private List<String> filterDatabases(List<String> dbs) throws HiveException { + // filter some databases that the subject has privilege on + return HiveAuthzBindingHookBase.filterShowDatabases(getHiveAuthzBinding(), + dbs, getStmtOperation(), getSubject().getName()); + } + + private List<String> filterTables(List<String> tbls, String dbName) throws HiveException { + // filter some tables that the subject has privilege on + return HiveAuthzBindingHookBase.filterShowTables(getHiveAuthzBinding(), + tbls, getStmtOperation(), getSubject().getName(), dbName); + } + private List<FieldSchema> fiterColumns(List<FieldSchema> cols, Table table) throws HiveException { // filter some columns that the subject has privilege on return HiveAuthzBindingHookBase.filterShowColumns(getHiveAuthzBinding(), diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java index 9f3d42d..c439d6c 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java @@ -286,7 +286,9 @@ public class HiveAuthzPrivilegesMap { hiveAuthzStmtPrivMap.put(HiveOperation.SHOWCOLUMNS, columnMetaDataPrivilege); // SHOWDATABASES + hiveAuthzStmtPrivMap.put(HiveOperation.SHOWDATABASES, anyPrivilege); // SHOWTABLES + hiveAuthzStmtPrivMap.put(HiveOperation.SHOWTABLES, anyPrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.SHOW_TABLESTATUS, tableMetaDataPrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.SHOW_TBLPROPERTIES, tableMetaDataPrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.SHOW_CREATETABLE, tableMetaDataPrivilege); > Filter the result of show databases and show tables in hive > ----------------------------------------------------------- > > Key: SENTRY-1876 > URL: https://issues.apache.org/jira/browse/SENTRY-1876 > Project: Sentry > Issue Type: Bug > Components: Hive Binding > Affects Versions: 1.8.0, 1.7.0, 2.0.0 > Reporter: dongyifeng > Fix For: 2.0.0, 1.8.0, 1.7.0 > > > Since now sentry only filter the result of show columns.It's very necessary > to filter the result of show databases and show tables in hive. -- This message was sent by Atlassian JIRA (v6.4.14#64029)