[jira] [Work logged] (HIVE-23786) HMS Server side filter

Tue, 07 Jul 2020 22:11:50 -0700 


     [ 
https://issues.apache.org/jira/browse/HIVE-23786?focusedWorklogId=455850&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-455850
 ]

ASF GitHub Bot logged work on HIVE-23786:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 08/Jul/20 05:10
            Start Date: 08/Jul/20 05:10
    Worklog Time Spent: 10m 
      Work Description: pvary commented on a change in pull request #1221:
URL: https://github.com/apache/hive/pull/1221#discussion_r451286260



##########
File path: 
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.java
##########
@@ -85,38 +97,268 @@ public final void onEvent(PreEventContext preEventContext) 
throws MetaException,
       LOG.debug("==> HiveMetaStoreAuthorizer.onEvent(): EventType=" + 
preEventContext.getEventType());
     }
 
-    HiveMetaStoreAuthzInfo authzContext = buildAuthzContext(preEventContext);
+    try {
+        HiveAuthorizer hiveAuthorizer = createHiveMetaStoreAuthorizer();
+        if (!skipAuthorization()) {
+          HiveMetaStoreAuthzInfo authzContext = 
buildAuthzContext(preEventContext);
+          checkPrivileges(authzContext, hiveAuthorizer);
+        }
+    } catch (Exception e) {
+      LOG.error("HiveMetaStoreAuthorizer.onEvent(): failed", e);
+      throw new MetaException(e.getMessage());
+    }
 
-    if (!skipAuthorization(authzContext)) {
-      try {
-        HiveConf              hiveConf          = new 
HiveConf(super.getConf(), HiveConf.class);
-        HiveAuthorizerFactory authorizerFactory = 
HiveUtils.getAuthorizerFactory(hiveConf, 
HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER);
+    if (LOG.isDebugEnabled()) {
+      LOG.debug("<== HiveMetaStoreAuthorizer.onEvent(): EventType=" + 
preEventContext.getEventType());
+    }
+  }
 
-        if (authorizerFactory != null) {
-          HiveMetastoreAuthenticationProvider authenticator = 
tAuthenticator.get();
+  @Override
+  public final List<String> filterDatabases(List<String> list) throws 
MetaException {
+    if (LOG.isDebugEnabled()) {
+      LOG.debug("HiveMetaStoreAuthorizer.filterDatabases()");
+    }
 
-          authenticator.setConf(hiveConf);
+    if (list == null) {
+      return Collections.emptyList();
+    }
 
-          HiveAuthzSessionContext.Builder authzContextBuilder = new 
HiveAuthzSessionContext.Builder();
+    DatabaseFilterContext   databaseFilterContext    = new 
DatabaseFilterContext(list);
+    HiveMetaStoreAuthzInfo  hiveMetaStoreAuthzInfo   = 
databaseFilterContext.getAuthzContext();
+    List<String>            filteredDatabases        = 
filterDatabaseObjects(hiveMetaStoreAuthzInfo);
+    if (CollectionUtils.isEmpty(filteredDatabases)) {
+      filteredDatabases = Collections.emptyList();
+    }
 
-          
authzContextBuilder.setClientType(HiveAuthzSessionContext.CLIENT_TYPE.HIVEMETASTORE);
-          authzContextBuilder.setSessionString("HiveMetaStore");
+    if (LOG.isDebugEnabled()) {
+      LOG.debug("HiveMetaStoreAuthorizer.filterDatabases() :" + 
filteredDatabases);
+    }
+    return filteredDatabases ;
+  }
 
-          HiveAuthzSessionContext authzSessionContext = 
authzContextBuilder.build();
+  @Override
+  public final Database filterDatabase(Database database) throws 
MetaException, NoSuchObjectException {
+    if (database != null) {
+      String dbName = database.getName();
+      List<String> databases = 
filterDatabases(Collections.singletonList(dbName));
+      if (databases.isEmpty()) {
+        throw new NoSuchObjectException(String.format("Database %s does not 
exist", dbName));
+      }
+    }
+    return database;
+  }
+
+  @Override
+  public final List<String> filterTableNames(String s, String s1, List<String> 
list) throws MetaException {
+    if (LOG.isDebugEnabled()) {
+      LOG.debug("==> HiveMetaStoreAuthorizer.filterTableNames()");
+    }
+    List<String> filteredTableNames = null;
+    if (list != null) {
+      String dbName = getDBName(s1);
+      TableFilterContext     tableFilterContext     = new 
TableFilterContext(dbName, list);
+      HiveMetaStoreAuthzInfo hiveMetaStoreAuthzInfo = 
tableFilterContext.getAuthzContext();
+      filteredTableNames = filterTableNames(hiveMetaStoreAuthzInfo, dbName, 
list);
+      if (CollectionUtils.isEmpty(filteredTableNames)) {
+        filteredTableNames = Collections.emptyList();
+      }
+    }
 
-          HiveAuthorizer hiveAuthorizer = 
authorizerFactory.createHiveAuthorizer(new HiveMetastoreClientFactoryImpl(), 
hiveConf, authenticator, authzSessionContext);
+    if (LOG.isDebugEnabled()) {
+      LOG.debug("<== HiveMetaStoreAuthorizer.filterTableNames() : " + 
filteredTableNames);
+    }
 
-          checkPrivileges(authzContext, hiveAuthorizer);
-        }
-      } catch (Exception e) {
-        LOG.error("HiveMetaStoreAuthorizer.onEvent(): failed", e);
-        throw new MetaException(e.getMessage());
+    return filteredTableNames;
+  }
+
+  @Override
+  public final Table filterTable(Table table) throws MetaException, 
NoSuchObjectException {
+    if (table != null) {
+      List<Table> tables = filterTables(Collections.singletonList(table));
+      if (tables.isEmpty()) {
+        throw new NoSuchObjectException(String.format("Database %s does not 
exist", table.getTableName()));
       }
     }
+    return table;
+  }
 
+  @Override
+  public final List<Table> filterTables(List<Table> list) throws MetaException 
{
     if (LOG.isDebugEnabled()) {
-      LOG.debug("<== HiveMetaStoreAuthorizer.onEvent(): EventType=" + 
preEventContext.getEventType());
+      LOG.debug("==> HiveMetaStoreAuthorizer.filterTables()");
+    }
+
+    List<Table> filteredTables = null;
+
+    if (list != null) {
+      TableFilterContext     tableFilterContext     = new 
TableFilterContext(list);
+      HiveMetaStoreAuthzInfo hiveMetaStoreAuthzInfo = 
tableFilterContext.getAuthzContext();
+      filteredTables = filterTableObjects(hiveMetaStoreAuthzInfo, list);
+      if (CollectionUtils.isEmpty(filteredTables)) {
+        filteredTables = Collections.emptyList();
+      }
+    }
+
+    if (LOG.isDebugEnabled()) {
+      LOG.debug("<== HiveMetaStoreAuthorizer.filterTables(): " + 
filteredTables);
+    }
+    return filteredTables;
+  }
+
+  @Override
+  public final Catalog filterCatalog(Catalog catalog) throws MetaException {
+    return catalog;
+  }
+
+  @Override
+  public final List<String> filterCatalogs(List<String> catalogs) throws 
MetaException {
+    return catalogs;
+  }
+
+  @Override
+  public final List<TableMeta> filterTableMetas(String catName,String 
dbName,List<TableMeta> tableMetas) throws MetaException {

Review comment:
       Please use spaces between method parameters




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 455850)
    Time Spent: 1.5h  (was: 1h 20m)

> HMS Server side filter
> ----------------------
>
>                 Key: HIVE-23786
>                 URL: https://issues.apache.org/jira/browse/HIVE-23786
>             Project: Hive
>          Issue Type: Improvement
>            Reporter: Sam An
>            Assignee: Sam An
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> HMS server side filter of results based on authorization. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to