Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.ranger.authorization.hive.authorizer; import java.util.List; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.conf.HiveConf.ConfVars; import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider; import org.apache.hadoop.hive.ql.security.authorization.plugin.DisallowTransformHook; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext.CLIENT_TYPE; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant; import org.apache.hadoop.hive.ql.security.authorization.plugin.SettableConfigUpdater; import org.apache.hadoop.security.UserGroupInformation; import org.apache.ranger.authorization.utils.StringUtil; public abstract class RangerHiveAuthorizerBase implements HiveAuthorizer { private static final Log LOG = LogFactory.getLog(RangerHiveAuthorizerBase.class); private HiveMetastoreClientFactory mMetastoreClientFactory; private HiveConf mHiveConf; private HiveAuthenticationProvider mHiveAuthenticator; private HiveAuthzSessionContext mSessionContext; private UserGroupInformation mUgi; public RangerHiveAuthorizerBase(HiveMetastoreClientFactory metastoreClientFactory, HiveConf hiveConf, HiveAuthenticationProvider hiveAuthenticator, HiveAuthzSessionContext context) { mMetastoreClientFactory = metastoreClientFactory; mHiveConf = hiveConf; mHiveAuthenticator = hiveAuthenticator; mSessionContext = context; String userName = mHiveAuthenticator == null ? null : mHiveAuthenticator.getUserName(); mUgi = userName == null ? null : UserGroupInformation.createRemoteUser(userName); if (mHiveAuthenticator == null) { LOG.warn("RangerHiveAuthorizerBase.RangerHiveAuthorizerBase(): hiveAuthenticator is null"); } else if (StringUtil.isEmpty(userName)) { LOG.warn( "RangerHiveAuthorizerBase.RangerHiveAuthorizerBase(): hiveAuthenticator.getUserName() returned null/empty"); } else if (mUgi == null) { LOG.warn(String.format( "RangerHiveAuthorizerBase.RangerHiveAuthorizerBase(): UserGroupInformation.createRemoteUser(%s) returned null", userName)); } } public HiveMetastoreClientFactory getMetastoreClientFactory() { return mMetastoreClientFactory; } public HiveConf getHiveConf() { return mHiveConf; } public HiveAuthenticationProvider getHiveAuthenticator() { return mHiveAuthenticator; } public HiveAuthzSessionContext getHiveAuthzSessionContext() { return mSessionContext; } public UserGroupInformation getCurrentUserGroupInfo() { return mUgi; } @Override public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException { LOG.debug("RangerHiveAuthorizerBase.applyAuthorizationConfigPolicy()"); // from SQLStdHiveAccessController.applyAuthorizationConfigPolicy() if (mSessionContext != null && mSessionContext.getClientType() == CLIENT_TYPE.HIVESERVER2) { // Configure PREEXECHOOKS with DisallowTransformHook to disallow transform queries String hooks = hiveConf.getVar(ConfVars.PREEXECHOOKS).trim(); if (hooks.isEmpty()) { hooks = DisallowTransformHook.class.getName(); } else { hooks = hooks + "," + DisallowTransformHook.class.getName(); } hiveConf.setVar(ConfVars.PREEXECHOOKS, hooks); SettableConfigUpdater.setHiveConfWhiteList(hiveConf); } } /** * Show privileges for given principal on given object * @param principal * @param privObj * @return * @throws HiveAuthzPluginException * @throws HiveAccessControlException */ @Override public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj) throws HiveAuthzPluginException, HiveAccessControlException { LOG.debug("RangerHiveAuthorizerBase.showPrivileges()"); throwNotImplementedException("showPrivileges"); return null; } @Override public void createRole(String roleName, HivePrincipal adminGrantor) throws HiveAuthzPluginException, HiveAccessControlException { LOG.debug("RangerHiveAuthorizerBase.createRole()"); throwNotImplementedException("createRole"); } @Override public void dropRole(String roleName) throws HiveAuthzPluginException, HiveAccessControlException { LOG.debug("RangerHiveAuthorizerBase.dropRole()"); throwNotImplementedException("dropRole"); } @Override public List<String> getAllRoles() throws HiveAuthzPluginException, HiveAccessControlException { LOG.debug("RangerHiveAuthorizerBase.getAllRoles()"); throwNotImplementedException("getAllRoles"); return null; } @Override public List<String> getCurrentRoleNames() throws HiveAuthzPluginException { LOG.debug("RangerHiveAuthorizerBase.getCurrentRoleNames()"); throwNotImplementedException("getCurrentRoleNames"); return null; } @Override public List<HiveRoleGrant> getPrincipalGrantInfoForRole(String roleName) throws HiveAuthzPluginException, HiveAccessControlException { LOG.debug("RangerHiveAuthorizerBase.getPrincipalGrantInfoForRole()"); throwNotImplementedException("getPrincipalGrantInfoForRole"); return null; } @Override public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) throws HiveAuthzPluginException, HiveAccessControlException { LOG.debug("RangerHiveAuthorizerBase.getRoleGrantInfoForPrincipal()"); throwNotImplementedException("getRoleGrantInfoForPrincipal"); return null; } @Override public VERSION getVersion() { return VERSION.V1; } @Override public void grantRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException { LOG.debug("RangerHiveAuthorizerBase.grantRole()"); throwNotImplementedException("grantRole"); } @Override public void revokeRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException { LOG.debug("RangerHiveAuthorizerBase.revokeRole()"); throwNotImplementedException("revokeRole"); } @Override public void setCurrentRole(String roleName) throws HiveAccessControlException, HiveAuthzPluginException { LOG.debug("RangerHiveAuthorizerBase.setCurrentRole()"); throwNotImplementedException("setCurrentRole"); } public Object getHiveAuthorizationTranslator() throws HiveAuthzPluginException { return null; } private void throwNotImplementedException(String method) throws HiveAuthzPluginException { throw new HiveAuthzPluginException(method + "() not implemented in Ranger HiveAuthorizer"); } }