PageRenderTime 29ms CodeModel.GetById 12ms app.highlight 13ms RepoModel.GetById 1ms app.codeStats 1ms

/tags/release-0.0.0-rc0/hive/external/ql/src/java/org/apache/hadoop/hive/ql/session/CreateTableAutomaticGrant.java

#
Java | 134 lines | 104 code | 12 blank | 18 comment | 29 complexity | c6a6ab7c734967efec5fee24fd5f47fd MD5 | raw file
  1/**
  2 * Licensed to the Apache Software Foundation (ASF) under one
  3 * or more contributor license agreements.  See the NOTICE file
  4 * distributed with this work for additional information
  5 * regarding copyright ownership.  The ASF licenses this file
  6 * to you under the Apache License, Version 2.0 (the
  7 * "License"); you may not use this file except in compliance
  8 * with the License.  You may obtain a copy of the License at
  9 *
 10 *     http://www.apache.org/licenses/LICENSE-2.0
 11 *
 12 * Unless required by applicable law or agreed to in writing, software
 13 * distributed under the License is distributed on an "AS IS" BASIS,
 14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 15 * See the License for the specific language governing permissions and
 16 * limitations under the License.
 17 */
 18
 19package org.apache.hadoop.hive.ql.session;
 20
 21import java.util.ArrayList;
 22import java.util.HashMap;
 23import java.util.List;
 24import java.util.Map;
 25
 26import org.apache.hadoop.hive.conf.HiveConf;
 27import org.apache.hadoop.hive.metastore.api.PrincipalType;
 28import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo;
 29import org.apache.hadoop.hive.ql.metadata.HiveException;
 30import org.apache.hadoop.hive.ql.security.authorization.Privilege;
 31import org.apache.hadoop.hive.ql.security.authorization.PrivilegeRegistry;
 32
 33public class CreateTableAutomaticGrant {
 34  private Map<String, List<PrivilegeGrantInfo>> userGrants;
 35  private Map<String, List<PrivilegeGrantInfo>> groupGrants;
 36  private Map<String, List<PrivilegeGrantInfo>> roleGrants;
 37
 38  public static CreateTableAutomaticGrant create(HiveConf conf)
 39      throws HiveException {
 40    CreateTableAutomaticGrant grants = new CreateTableAutomaticGrant();
 41    grants.userGrants = getGrantMap(HiveConf.getVar(conf,
 42        HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLE_USER_GRANTS));
 43    grants.groupGrants = getGrantMap(HiveConf.getVar(conf,
 44        HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLE_GROUP_GRANTS));
 45    grants.roleGrants = getGrantMap(HiveConf.getVar(conf,
 46        HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLE_ROLE_GRANTS));
 47    
 48    String grantor = null;
 49    if (SessionState.get() != null
 50        && SessionState.get().getAuthenticator() != null) {
 51      grantor = SessionState.get().getAuthenticator().getUserName();
 52      List<PrivilegeGrantInfo> ownerGrant = getGrantorInfoList(HiveConf.getVar(conf,
 53          HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLE_OWNER_GRANTS));
 54      if(ownerGrant != null) {
 55        if (grants.userGrants == null) {
 56          grants.userGrants = new HashMap<String, List<PrivilegeGrantInfo>>();
 57        }
 58        grants.userGrants.put(grantor, ownerGrant);
 59      }
 60    }
 61    return grants;
 62  }
 63
 64  private static Map<String, List<PrivilegeGrantInfo>> getGrantMap(String grantMapStr)
 65      throws HiveException {
 66    if (grantMapStr != null && !grantMapStr.trim().equals("")) {
 67      String[] grantArrayStr = grantMapStr.split(";");
 68      Map<String, List<PrivilegeGrantInfo>> grantsMap = new HashMap<String, List<PrivilegeGrantInfo>>();
 69      for (String grantStr : grantArrayStr) {
 70        String[] principalListAndPrivList = grantStr.split(":");
 71        if (principalListAndPrivList.length != 2
 72            || principalListAndPrivList[0] == null
 73            || principalListAndPrivList[0].trim().equals("")) {
 74          throw new HiveException(
 75              "Can not understand the config privilege definition " + grantStr);
 76        }
 77        String userList = principalListAndPrivList[0];
 78        String privList = principalListAndPrivList[1];
 79        List<PrivilegeGrantInfo> grantInfoList = getGrantorInfoList(privList);
 80        if(grantInfoList != null) {
 81          String[] users = userList.split(",");
 82          for (String user : users) {
 83            grantsMap.put(user, grantInfoList);
 84          }
 85        }
 86      }
 87      return grantsMap;
 88    }
 89    return null;
 90  }
 91
 92  private static List<PrivilegeGrantInfo> getGrantorInfoList(String privList)
 93      throws HiveException {
 94    if (privList == null || privList.trim().equals("")) {
 95      return null;
 96    }
 97    checkPrivilege(privList);
 98    String[] grantArray = privList.split(",");
 99    List<PrivilegeGrantInfo> grantInfoList = new ArrayList<PrivilegeGrantInfo>();
100    String grantor = null;
101    if (SessionState.get().getAuthenticator() != null) {
102      grantor = SessionState.get().getAuthenticator().getUserName();  
103    }
104    for (String grant : grantArray) {
105      grantInfoList.add(new PrivilegeGrantInfo(grant, -1, grantor,
106          PrincipalType.USER, true));
107    }
108    return grantInfoList;
109  }
110
111  private static void checkPrivilege(String ownerGrantsInConfig)
112      throws HiveException {
113    String[] ownerGrantArray = ownerGrantsInConfig.split(",");
114    // verify the config
115    for (String ownerGrant : ownerGrantArray) {
116      Privilege prive = PrivilegeRegistry.getPrivilege(ownerGrant);
117      if (prive == null) {
118        throw new HiveException("Privilege " + ownerGrant + " is not found.");
119      }
120    }
121  }
122
123  public Map<String, List<PrivilegeGrantInfo>> getUserGrants() {
124    return userGrants;
125  }
126
127  public Map<String, List<PrivilegeGrantInfo>> getGroupGrants() {
128    return groupGrants;
129  }
130
131  public Map<String, List<PrivilegeGrantInfo>> getRoleGrants() {
132    return roleGrants;
133  }
134}