Repository: hive Updated Branches: refs/heads/master addeab8d0 -> 31077be9b
HIVE-17544: Provide classname info for function authorization (Aihua Xu, reviewed by Sergio Pena) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/31077be9 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/31077be9 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/31077be9 Branch: refs/heads/master Commit: 31077be9b90832acc5eb1641690955945ed5a3a1 Parents: addeab8 Author: Aihua Xu <aihu...@apache.org> Authored: Fri Sep 29 15:57:27 2017 -0700 Committer: Aihua Xu <aihu...@apache.org> Committed: Wed Oct 4 13:06:04 2017 -0700 ---------------------------------------------------------------------- .../java/org/apache/hadoop/hive/ql/Driver.java | 4 +++- .../org/apache/hadoop/hive/ql/hooks/Entity.java | 17 ++++++++++++- .../hadoop/hive/ql/hooks/WriteEntity.java | 5 ++-- .../hive/ql/parse/FunctionSemanticAnalyzer.java | 9 ++++--- .../plugin/HiveAuthorizerImpl.java | 1 - .../plugin/HivePrivilegeObject.java | 25 ++++++++++++++++---- 6 files changed, 46 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/31077be9/ql/src/java/org/apache/hadoop/hive/ql/Driver.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java index f01edf8..1943c6d 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java @@ -1103,6 +1103,7 @@ public class Driver implements CommandProcessor { String objName = null; List<String> partKeys = null; List<String> columns = null; + String className = null; switch(privObject.getType()){ case DATABASE: dbname = privObject.getDatabase().getName(); @@ -1122,6 +1123,7 @@ public class Driver implements CommandProcessor { dbname = privObject.getDatabase().getName(); } objName = privObject.getFunctionName(); + className = privObject.getClassName(); break; case DUMMYPARTITION: case PARTITION: @@ -1135,7 +1137,7 @@ public class Driver implements CommandProcessor { } HivePrivObjectActionType actionType = AuthorizationUtils.getActionType(privObject); HivePrivilegeObject hPrivObject = new HivePrivilegeObject(privObjType, dbname, objName, - partKeys, columns, actionType, null); + partKeys, columns, actionType, null, className); hivePrivobjs.add(hPrivObject); } return hivePrivobjs; http://git-wip-us.apache.org/repos/asf/hive/blob/31077be9/ql/src/java/org/apache/hadoop/hive/ql/hooks/Entity.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/hooks/Entity.java b/ql/src/java/org/apache/hadoop/hive/ql/hooks/Entity.java index 820e4e2..c3c4512 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/hooks/Entity.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/hooks/Entity.java @@ -76,6 +76,11 @@ public class Entity implements Serializable { private String stringObject; /** + * The class name for a function + */ + private String className; + + /** * This is derived from t and p, but we need to serialize this field to make * sure Entity.hashCode() does not need to recursively read into t and p. */ @@ -139,6 +144,14 @@ public class Entity implements Serializable { this.d = d; } + public String getClassName() { + return this.className; + } + + public void setClassName(String className) { + this.className = className; + } + public String getFunctionName() { if (typ == Type.FUNCTION) { return stringObject; @@ -254,15 +267,17 @@ public class Entity implements Serializable { * Create an entity representing a object with given name, database namespace and type * @param database - database namespace * @param strObj - object name as string + * @param className - function class name * @param type - the entity type. this constructor only supports FUNCTION type currently */ - public Entity(Database database, String strObj, Type type) { + public Entity(Database database, String strObj, String className, Type type) { if (type != Type.FUNCTION) { throw new IllegalArgumentException("This constructor is supported only for type:" + Type.FUNCTION); } this.database = database; this.stringObject = strObj; + this.className = className; this.typ = type; this.complete = true; name = computeName(); http://git-wip-us.apache.org/repos/asf/hive/blob/31077be9/ql/src/java/org/apache/hadoop/hive/ql/hooks/WriteEntity.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/hooks/WriteEntity.java b/ql/src/java/org/apache/hadoop/hive/ql/hooks/WriteEntity.java index 4707c4d..a0eae96 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/hooks/WriteEntity.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/hooks/WriteEntity.java @@ -87,11 +87,12 @@ public class WriteEntity extends Entity implements Serializable { * Currently applicable only for function names. * @param db * @param objName + * @param className * @param type * @param writeType */ - public WriteEntity(Database db, String objName, Type type, WriteType writeType) { - super(db, objName, type); + public WriteEntity(Database db, String objName, String className, Type type, WriteType writeType) { + super(db, objName, className, type); this.writeType = writeType; } http://git-wip-us.apache.org/repos/asf/hive/blob/31077be9/ql/src/java/org/apache/hadoop/hive/ql/parse/FunctionSemanticAnalyzer.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/FunctionSemanticAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/parse/FunctionSemanticAnalyzer.java index c538075..6c03cbf 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/FunctionSemanticAnalyzer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/FunctionSemanticAnalyzer.java @@ -20,7 +20,6 @@ package org.apache.hadoop.hive.ql.parse; import java.util.ArrayList; import java.util.List; -import org.apache.parquet.Log; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.apache.hadoop.hive.conf.HiveConf; @@ -89,7 +88,7 @@ public class FunctionSemanticAnalyzer extends BaseSemanticAnalyzer { new CreateFunctionDesc(functionName, isTemporaryFunction, className, resources, null); rootTasks.add(TaskFactory.get(new FunctionWork(desc), conf)); - addEntities(functionName, isTemporaryFunction, resources); + addEntities(functionName, className, isTemporaryFunction, resources); } private void analyzeDropFunction(ASTNode ast) throws SemanticException { @@ -117,7 +116,7 @@ public class FunctionSemanticAnalyzer extends BaseSemanticAnalyzer { DropFunctionDesc desc = new DropFunctionDesc(functionName, isTemporaryFunction, null); rootTasks.add(TaskFactory.get(new FunctionWork(desc), conf)); - addEntities(functionName, isTemporaryFunction, null); + addEntities(functionName, info.getClassName(), isTemporaryFunction, null); } private ResourceType getResourceType(ASTNode token) throws SemanticException { @@ -163,7 +162,7 @@ public class FunctionSemanticAnalyzer extends BaseSemanticAnalyzer { /** * Add write entities to the semantic analyzer to restrict function creation to privileged users. */ - private void addEntities(String functionName, boolean isTemporaryFunction, + private void addEntities(String functionName, String className, boolean isTemporaryFunction, List<ResourceUri> resources) throws SemanticException { // If the function is being added under a database 'namespace', then add an entity representing // the database (only applicable to permanent/metastore functions). @@ -192,7 +191,7 @@ public class FunctionSemanticAnalyzer extends BaseSemanticAnalyzer { } // Add the function name as a WriteEntity - outputs.add(new WriteEntity(database, functionName, Type.FUNCTION, + outputs.add(new WriteEntity(database, functionName, className, Type.FUNCTION, WriteEntity.WriteType.DDL_NO_LOCK)); if (resources != null) { http://git-wip-us.apache.org/repos/asf/hive/blob/31077be9/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java index 570571b..3a51d1b 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java @@ -23,7 +23,6 @@ import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPri import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving; import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.ql.parse.SemanticException; -import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider; /** * Convenience implementation of HiveAuthorizer. http://git-wip-us.apache.org/repos/asf/hive/blob/31077be9/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java index fb4c320..7783679 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java @@ -17,7 +17,6 @@ */ package org.apache.hadoop.hive.ql.security.authorization.plugin; -import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.Iterator; @@ -61,6 +60,12 @@ public class HivePrivilegeObject implements Comparable<HivePrivilegeObject> { (o.columns != null ? compare(columns, o.columns) : 1) : (o.columns != null ? -1 : 0); } + if (compare == 0) { + compare = className != null ? + (o.className != null ? className.compareTo(o.className) : 1) : + (o.className != null ? -1 : 0); + } + return compare; } @@ -112,6 +117,7 @@ public class HivePrivilegeObject implements Comparable<HivePrivilegeObject> { private final List<String> partKeys; private final List<String> columns; private final HivePrivObjectActionType actionType; + private final String className; // cellValueTransformers is corresponding to the columns. // Its size should be the same as columns. // For example, if a table has two columns, "key" and "value" @@ -129,14 +135,14 @@ public class HivePrivilegeObject implements Comparable<HivePrivilegeObject> { public HivePrivilegeObject(HivePrivilegeObjectType type, String dbname, String objectName , HivePrivObjectActionType actionType) { - this(type, dbname, objectName, null, null, actionType, null); + this(type, dbname, objectName, null, null, actionType, null, null); } public HivePrivilegeObject(HivePrivilegeObjectType type, String dbname, String objectName, List<String> partKeys, String column) { this(type, dbname, objectName, partKeys, column == null ? null : Arrays.asList(column), - HivePrivObjectActionType.OTHER, null); + HivePrivObjectActionType.OTHER, null, null); } /** @@ -151,7 +157,7 @@ public class HivePrivilegeObject implements Comparable<HivePrivilegeObject> { public HivePrivilegeObject(HivePrivilegeObjectType type, String dbname, String objectName, List<String> partKeys, List<String> columns, List<String> commandParams) { - this(type, dbname, objectName, partKeys, columns, HivePrivObjectActionType.OTHER, commandParams); + this(type, dbname, objectName, partKeys, columns, HivePrivObjectActionType.OTHER, commandParams, null); } public HivePrivilegeObject(String dbname, String objectName, List<String> columns) { @@ -160,7 +166,7 @@ public class HivePrivilegeObject implements Comparable<HivePrivilegeObject> { public HivePrivilegeObject(HivePrivilegeObjectType type, String dbname, String objectName, List<String> partKeys, List<String> columns, HivePrivObjectActionType actionType, - List<String> commandParams) { + List<String> commandParams, String className) { this.type = type; this.dbname = dbname; this.objectName = objectName; @@ -168,6 +174,7 @@ public class HivePrivilegeObject implements Comparable<HivePrivilegeObject> { this.columns = columns; this.actionType = actionType; this.commandParams = commandParams; + this.className = className; } public HivePrivilegeObjectType getType() { @@ -217,6 +224,14 @@ public class HivePrivilegeObject implements Comparable<HivePrivilegeObject> { return columns; } + /** + * The class name when the type is {@link HivePrivilegeObjectType.FUNCTION} + * @return the class name + */ + public String getClassName() { + return className; + } + @Override public String toString() { String name = null;