@Override
 public void runInternal() throws HiveSQLException {
   setState(OperationState.RUNNING);
   try {
     IMetaStoreClient metastoreClient = getParentSession().getMetaStoreClient();
     String schemaPattern = convertSchemaPattern(schemaName);
     for (String dbName : metastoreClient.getDatabases(schemaPattern)) {
       rowSet.addRow(new Object[] {dbName, DEFAULT_HIVE_CATALOG});
     }
     setState(OperationState.FINISHED);
   } catch (Exception e) {
     setState(OperationState.ERROR);
     throw new HiveSQLException(e);
   }
 }
Beispiel #2
0
  public static List<HiveObjectPrivilege> authorizeAndGetRevokePrivileges(
      List<HivePrincipal> principals,
      List<HivePrivilege> hivePrivileges,
      HivePrivilegeObject hivePrivObject,
      boolean grantOption,
      IMetaStoreClient mClient,
      String userName)
      throws HiveAuthzPluginException, HiveAccessControlException {

    List<HiveObjectPrivilege> matchingPrivs = new ArrayList<HiveObjectPrivilege>();

    StringBuilder errMsg = new StringBuilder();
    for (HivePrincipal principal : principals) {

      // get metastore/thrift privilege object for this principal and object, not looking at
      // privileges obtained indirectly via roles
      List<HiveObjectPrivilege> msObjPrivs;
      try {
        msObjPrivs =
            mClient.list_privileges(
                principal.getName(),
                AuthorizationUtils.getThriftPrincipalType(principal.getType()),
                SQLAuthorizationUtils.getThriftHiveObjectRef(hivePrivObject));
      } catch (MetaException e) {
        throw new HiveAuthzPluginException(e);
      } catch (TException e) {
        throw new HiveAuthzPluginException(e);
      }

      // the resulting privileges need to be filtered on privilege type and
      // username

      // create a Map to capture object privileges corresponding to privilege
      // type
      Map<String, HiveObjectPrivilege> priv2privObj = new HashMap<String, HiveObjectPrivilege>();

      for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
        PrivilegeGrantInfo grantInfo = msObjPriv.getGrantInfo();
        // check if the grantor matches current user
        if (grantInfo.getGrantor() != null
            && grantInfo.getGrantor().equals(userName)
            && grantInfo.getGrantorType() == PrincipalType.USER) {
          // add to the map
          priv2privObj.put(grantInfo.getPrivilege(), msObjPriv);
        }
        // else skip this one
      }

      // find the privileges that we are looking for
      for (HivePrivilege hivePrivilege : hivePrivileges) {
        HiveObjectPrivilege matchedPriv = priv2privObj.get(hivePrivilege.getName());
        if (matchedPriv != null) {
          matchingPrivs.add(matchedPriv);
        } else {
          errMsg
              .append("Cannot find privilege ")
              .append(hivePrivilege)
              .append(" for ")
              .append(principal)
              .append(" on ")
              .append(hivePrivObject)
              .append(" granted by ")
              .append(userName)
              .append(System.getProperty("line.separator"));
        }
      }
    }

    if (errMsg.length() != 0) {
      throw new HiveAccessControlException(errMsg.toString());
    }
    return matchingPrivs;
  }