[
https://issues.apache.org/jira/browse/HIVE-26248?focusedWorklogId=800804&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-800804
]
ASF GitHub Bot logged work on HIVE-26248:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 16/Aug/22 03:16
Start Date: 16/Aug/22 03:16
Worklog Time Spent: 10m
Work Description: nrg4878 commented on code in PR #3312:
URL: https://github.com/apache/hive/pull/3312#discussion_r946296512
##########
ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java:
##########
@@ -360,4 +362,53 @@ public void testQShowTablesUnauthorizedUser() throws
Exception {
}
}
}
+
+ @Test
+ public void testR_CreateDataConnector_unAuthorizedUser() throws Exception {
+
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(unAuthorizedUser));
+ try {
+ DataConnector connector = new DataConnector(dcName, "mysql",
"jdbc:mysql://localhost:3306/hive");
+ hmsHandler.create_dataconnector(connector);
+ } catch (Exception e) {
+ String err = e.getMessage();
+ String expected = "Operation type " +
HiveOperationType.CREATEDATACONNECTOR+ " not allowed for user:" +
unAuthorizedUser;
+ assertEquals(expected, err);
+ }
+ }
+
+ @Test
+ public void testS_CreateDataConnector_authorizedUser() throws Exception {
+
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
+ try {
+ DataConnector connector = new DataConnector(dcName, "mysql",
"jdbc:mysql://localhost:3306/hive");
+ hmsHandler.create_dataconnector(connector);
+ } catch (Exception e) {
+ // No Exception for create database for authorized user
+ }
+ }
+
+ @Test
+ public void testT_AlterDataConnector_AuthorizedUser() throws Exception {
+
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
+ try {
+ DataConnector connector = new DataConnector(dcName, "mysql",
"jdbc:mysql://localhost:3306/hive");
+ hmsHandler.create_dataconnector(connector);
+
+ DataConnector newConnector = new DataConnector(dcName, "mysql",
"jdbc:mysql://localhost:3308/hive");
+ hmsHandler.create_dataconnector(connector);
+ hmsHandler.alter_dataconnector(dcName, newConnector);
+ } catch (Exception e) {
+ // No Exception for create table for authorized user
+ }
+ }
+
+ @Test
+ public void testU_DropDataConnector_authorizedUser() throws Exception {
+
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
+ try {
+ hmsHandler.drop_dataconnector(dcName, true, true);
+ } catch (Exception e) {
+ // No Exception for dropDatabase for authorized user
Review Comment:
ditto as above. This method seems to catch Exception and ignore it. So this
will never throw an exception. Shouldn't the test fail if we got an exception?
##########
ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java:
##########
@@ -360,4 +362,53 @@ public void testQShowTablesUnauthorizedUser() throws
Exception {
}
}
}
+
+ @Test
+ public void testR_CreateDataConnector_unAuthorizedUser() throws Exception {
+
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(unAuthorizedUser));
+ try {
+ DataConnector connector = new DataConnector(dcName, "mysql",
"jdbc:mysql://localhost:3306/hive");
+ hmsHandler.create_dataconnector(connector);
+ } catch (Exception e) {
+ String err = e.getMessage();
+ String expected = "Operation type " +
HiveOperationType.CREATEDATACONNECTOR+ " not allowed for user:" +
unAuthorizedUser;
+ assertEquals(expected, err);
+ }
+ }
+
+ @Test
+ public void testS_CreateDataConnector_authorizedUser() throws Exception {
Review Comment:
This method catches Exception within the try/catch, will not throw an
exception.
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/AlterDataConnectorEvent.java:
##########
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hadoop.hive.metastore.api.DataConnector;
+import org.apache.hadoop.hive.metastore.events.PreAlterDataConnectorEvent;
+import org.apache.hadoop.hive.metastore.events.PreEventContext;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/*
+ Authorizable Event for HiveMetaStore operation AlterDataConnector
+ */
+
+public class AlterDataConnectorEvent extends HiveMetaStoreAuthorizableEvent {
+ private static final Logger LOG =
LoggerFactory.getLogger(AlterDataConnectorEvent.class);
+
+ private String COMMAND_STR = "alter connector";
+
+ public AlterDataConnectorEvent(PreEventContext preEventContext) {
+ super(preEventContext);
+ }
+
+ @Override
+ public HiveMetaStoreAuthzInfo getAuthzContext() {
+ HiveMetaStoreAuthzInfo ret =
+ new HiveMetaStoreAuthzInfo(preEventContext,
HiveOperationType.ALTERDATACONNECTOR, getInputHObjs(),
+ getOutputHObjs(), COMMAND_STR);
+
+ return ret;
+ }
+
+ private List<HivePrivilegeObject> getInputHObjs() {
+ LOG.debug("==> AlterDataConnectorEvent.getInputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreAlterDataConnectorEvent event = (PreAlterDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getOldDataConnector();
+
+ if (connector != null) {
+ ret.add(getHivePrivilegeObject(connector));
+
+ COMMAND_STR = buildCommandString(COMMAND_STR, connector);
+
+ LOG.debug("<== AlterDataConnectorEvent.getInputHObjs(): ret={}", ret);
+ }
+
+ return ret;
+
Review Comment:
nit: remove empty line
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateDataConnectorEvent.java:
##########
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hadoop.hive.metastore.api.DataConnector;
+import org.apache.hadoop.hive.metastore.events.PreCreateDataConnectorEvent;
+import org.apache.hadoop.hive.metastore.events.PreEventContext;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/*
+ Authorizable Event for HiveMetaStore operation CreateDataConnector
+ */
+
+public class CreateDataConnectorEvent extends HiveMetaStoreAuthorizableEvent {
+ private static final Logger LOG =
LoggerFactory.getLogger(CreateDataConnectorEvent.class);
+
+ private String COMMAND_STR = "create connector";
+
+ public CreateDataConnectorEvent(PreEventContext preEventContext) {
+ super(preEventContext);
+ }
+
+ @Override
+ public HiveMetaStoreAuthzInfo getAuthzContext() {
+ HiveMetaStoreAuthzInfo ret =
+ new HiveMetaStoreAuthzInfo(preEventContext,
HiveOperationType.CREATEDATACONNECTOR, getInputHObjs(),
+ getOutputHObjs(), COMMAND_STR);
+
+ return ret;
+ }
+
+ private List<HivePrivilegeObject> getInputHObjs() {
+ return Collections.emptyList();
+ }
+
+ private List<HivePrivilegeObject> getOutputHObjs() {
+ LOG.debug("==> CreateDataConnectorEvent.getOutputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreCreateDataConnectorEvent event = (PreCreateDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getDataConnector();
+
+ if (connector != null) {
+ ret.add(getHivePrivilegeObject(connector));
+
+ COMMAND_STR = buildCommandString(COMMAND_STR, connector);
+
+ LOG.debug("<== CreateDataConnectorEvent.getOutputHObjs(): ret={}", ret);
+ }
+
+ return ret;
+
Review Comment:
nit: remove empty line
##########
ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java:
##########
@@ -360,4 +362,53 @@ public void testQShowTablesUnauthorizedUser() throws
Exception {
}
}
}
+
+ @Test
+ public void testR_CreateDataConnector_unAuthorizedUser() throws Exception {
+
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(unAuthorizedUser));
+ try {
+ DataConnector connector = new DataConnector(dcName, "mysql",
"jdbc:mysql://localhost:3306/hive");
+ hmsHandler.create_dataconnector(connector);
+ } catch (Exception e) {
+ String err = e.getMessage();
+ String expected = "Operation type " +
HiveOperationType.CREATEDATACONNECTOR+ " not allowed for user:" +
unAuthorizedUser;
+ assertEquals(expected, err);
+ }
+ }
+
+ @Test
+ public void testS_CreateDataConnector_authorizedUser() throws Exception {
+
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
+ try {
+ DataConnector connector = new DataConnector(dcName, "mysql",
"jdbc:mysql://localhost:3306/hive");
+ hmsHandler.create_dataconnector(connector);
+ } catch (Exception e) {
+ // No Exception for create database for authorized user
Review Comment:
This method seems to catch Exception and ignore it. So this will never throw
an exception. Shouldn't the test fail if we got an exception?
##########
ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java:
##########
@@ -360,4 +362,53 @@ public void testQShowTablesUnauthorizedUser() throws
Exception {
}
}
}
+
+ @Test
+ public void testR_CreateDataConnector_unAuthorizedUser() throws Exception {
+
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(unAuthorizedUser));
+ try {
+ DataConnector connector = new DataConnector(dcName, "mysql",
"jdbc:mysql://localhost:3306/hive");
+ hmsHandler.create_dataconnector(connector);
+ } catch (Exception e) {
+ String err = e.getMessage();
+ String expected = "Operation type " +
HiveOperationType.CREATEDATACONNECTOR+ " not allowed for user:" +
unAuthorizedUser;
+ assertEquals(expected, err);
+ }
+ }
+
+ @Test
+ public void testS_CreateDataConnector_authorizedUser() throws Exception {
+
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
+ try {
+ DataConnector connector = new DataConnector(dcName, "mysql",
"jdbc:mysql://localhost:3306/hive");
+ hmsHandler.create_dataconnector(connector);
+ } catch (Exception e) {
+ // No Exception for create database for authorized user
+ }
+ }
+
+ @Test
+ public void testT_AlterDataConnector_AuthorizedUser() throws Exception {
+
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
+ try {
+ DataConnector connector = new DataConnector(dcName, "mysql",
"jdbc:mysql://localhost:3306/hive");
+ hmsHandler.create_dataconnector(connector);
+
+ DataConnector newConnector = new DataConnector(dcName, "mysql",
"jdbc:mysql://localhost:3308/hive");
+ hmsHandler.create_dataconnector(connector);
+ hmsHandler.alter_dataconnector(dcName, newConnector);
+ } catch (Exception e) {
+ // No Exception for create table for authorized user
Review Comment:
ditto as above. This method seems to catch Exception and ignore it. So this
will never throw an exception. Shouldn't the test fail if we got an exception?
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/AlterDataConnectorEvent.java:
##########
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hadoop.hive.metastore.api.DataConnector;
+import org.apache.hadoop.hive.metastore.events.PreAlterDataConnectorEvent;
+import org.apache.hadoop.hive.metastore.events.PreEventContext;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/*
+ Authorizable Event for HiveMetaStore operation AlterDataConnector
+ */
+
+public class AlterDataConnectorEvent extends HiveMetaStoreAuthorizableEvent {
+ private static final Logger LOG =
LoggerFactory.getLogger(AlterDataConnectorEvent.class);
+
+ private String COMMAND_STR = "alter connector";
+
+ public AlterDataConnectorEvent(PreEventContext preEventContext) {
+ super(preEventContext);
+ }
+
+ @Override
+ public HiveMetaStoreAuthzInfo getAuthzContext() {
+ HiveMetaStoreAuthzInfo ret =
+ new HiveMetaStoreAuthzInfo(preEventContext,
HiveOperationType.ALTERDATACONNECTOR, getInputHObjs(),
+ getOutputHObjs(), COMMAND_STR);
+
+ return ret;
+ }
+
+ private List<HivePrivilegeObject> getInputHObjs() {
+ LOG.debug("==> AlterDataConnectorEvent.getInputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreAlterDataConnectorEvent event = (PreAlterDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getOldDataConnector();
+
+ if (connector != null) {
+ ret.add(getHivePrivilegeObject(connector));
+
Review Comment:
nit: remove empty line
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/AlterDataConnectorEvent.java:
##########
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hadoop.hive.metastore.api.DataConnector;
+import org.apache.hadoop.hive.metastore.events.PreAlterDataConnectorEvent;
+import org.apache.hadoop.hive.metastore.events.PreEventContext;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/*
+ Authorizable Event for HiveMetaStore operation AlterDataConnector
+ */
+
+public class AlterDataConnectorEvent extends HiveMetaStoreAuthorizableEvent {
+ private static final Logger LOG =
LoggerFactory.getLogger(AlterDataConnectorEvent.class);
+
+ private String COMMAND_STR = "alter connector";
+
+ public AlterDataConnectorEvent(PreEventContext preEventContext) {
+ super(preEventContext);
+ }
+
+ @Override
+ public HiveMetaStoreAuthzInfo getAuthzContext() {
+ HiveMetaStoreAuthzInfo ret =
+ new HiveMetaStoreAuthzInfo(preEventContext,
HiveOperationType.ALTERDATACONNECTOR, getInputHObjs(),
+ getOutputHObjs(), COMMAND_STR);
+
+ return ret;
+ }
+
+ private List<HivePrivilegeObject> getInputHObjs() {
+ LOG.debug("==> AlterDataConnectorEvent.getInputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreAlterDataConnectorEvent event = (PreAlterDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getOldDataConnector();
+
+ if (connector != null) {
+ ret.add(getHivePrivilegeObject(connector));
+
+ COMMAND_STR = buildCommandString(COMMAND_STR, connector);
+
Review Comment:
nit: remove empty line
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/AlterDataConnectorEvent.java:
##########
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hadoop.hive.metastore.api.DataConnector;
+import org.apache.hadoop.hive.metastore.events.PreAlterDataConnectorEvent;
+import org.apache.hadoop.hive.metastore.events.PreEventContext;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/*
+ Authorizable Event for HiveMetaStore operation AlterDataConnector
+ */
+
+public class AlterDataConnectorEvent extends HiveMetaStoreAuthorizableEvent {
+ private static final Logger LOG =
LoggerFactory.getLogger(AlterDataConnectorEvent.class);
+
+ private String COMMAND_STR = "alter connector";
+
+ public AlterDataConnectorEvent(PreEventContext preEventContext) {
+ super(preEventContext);
+ }
+
+ @Override
+ public HiveMetaStoreAuthzInfo getAuthzContext() {
+ HiveMetaStoreAuthzInfo ret =
+ new HiveMetaStoreAuthzInfo(preEventContext,
HiveOperationType.ALTERDATACONNECTOR, getInputHObjs(),
+ getOutputHObjs(), COMMAND_STR);
+
+ return ret;
+ }
+
+ private List<HivePrivilegeObject> getInputHObjs() {
+ LOG.debug("==> AlterDataConnectorEvent.getInputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreAlterDataConnectorEvent event = (PreAlterDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getOldDataConnector();
+
+ if (connector != null) {
+ ret.add(getHivePrivilegeObject(connector));
+
+ COMMAND_STR = buildCommandString(COMMAND_STR, connector);
+
+ LOG.debug("<== AlterDataConnectorEvent.getInputHObjs(): ret={}", ret);
+ }
+
+ return ret;
+
+ }
+
+ private List<HivePrivilegeObject> getOutputHObjs() {
+ LOG.debug("==> AlterDataConnectorEvent.getOutputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreAlterDataConnectorEvent event = (PreAlterDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getNewDataConnector();
+
+ if (connector != null) {
+ ret.add(getHivePrivilegeObject(connector));
+
+ COMMAND_STR = buildCommandString(COMMAND_STR, connector);
+
+ LOG.debug("<== AlterDataConnectorEvent.getOutputHObjs(): ret={}", ret);
+ }
+
+ return ret;
+
Review Comment:
nit: remove empty line
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/AlterDataConnectorEvent.java:
##########
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hadoop.hive.metastore.api.DataConnector;
+import org.apache.hadoop.hive.metastore.events.PreAlterDataConnectorEvent;
+import org.apache.hadoop.hive.metastore.events.PreEventContext;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/*
+ Authorizable Event for HiveMetaStore operation AlterDataConnector
+ */
+
+public class AlterDataConnectorEvent extends HiveMetaStoreAuthorizableEvent {
+ private static final Logger LOG =
LoggerFactory.getLogger(AlterDataConnectorEvent.class);
+
+ private String COMMAND_STR = "alter connector";
+
+ public AlterDataConnectorEvent(PreEventContext preEventContext) {
+ super(preEventContext);
+ }
+
+ @Override
+ public HiveMetaStoreAuthzInfo getAuthzContext() {
+ HiveMetaStoreAuthzInfo ret =
+ new HiveMetaStoreAuthzInfo(preEventContext,
HiveOperationType.ALTERDATACONNECTOR, getInputHObjs(),
+ getOutputHObjs(), COMMAND_STR);
+
+ return ret;
+ }
+
+ private List<HivePrivilegeObject> getInputHObjs() {
+ LOG.debug("==> AlterDataConnectorEvent.getInputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreAlterDataConnectorEvent event = (PreAlterDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getOldDataConnector();
+
+ if (connector != null) {
+ ret.add(getHivePrivilegeObject(connector));
+
+ COMMAND_STR = buildCommandString(COMMAND_STR, connector);
+
+ LOG.debug("<== AlterDataConnectorEvent.getInputHObjs(): ret={}", ret);
+ }
+
+ return ret;
+
+ }
+
+ private List<HivePrivilegeObject> getOutputHObjs() {
+ LOG.debug("==> AlterDataConnectorEvent.getOutputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreAlterDataConnectorEvent event = (PreAlterDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getNewDataConnector();
+
+ if (connector != null) {
+ ret.add(getHivePrivilegeObject(connector));
+
Review Comment:
nit: remove empty line
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateDataConnectorEvent.java:
##########
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hadoop.hive.metastore.api.DataConnector;
+import org.apache.hadoop.hive.metastore.events.PreCreateDataConnectorEvent;
+import org.apache.hadoop.hive.metastore.events.PreEventContext;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/*
+ Authorizable Event for HiveMetaStore operation CreateDataConnector
+ */
+
+public class CreateDataConnectorEvent extends HiveMetaStoreAuthorizableEvent {
+ private static final Logger LOG =
LoggerFactory.getLogger(CreateDataConnectorEvent.class);
+
+ private String COMMAND_STR = "create connector";
+
+ public CreateDataConnectorEvent(PreEventContext preEventContext) {
+ super(preEventContext);
+ }
+
+ @Override
+ public HiveMetaStoreAuthzInfo getAuthzContext() {
+ HiveMetaStoreAuthzInfo ret =
+ new HiveMetaStoreAuthzInfo(preEventContext,
HiveOperationType.CREATEDATACONNECTOR, getInputHObjs(),
+ getOutputHObjs(), COMMAND_STR);
+
+ return ret;
+ }
+
+ private List<HivePrivilegeObject> getInputHObjs() {
+ return Collections.emptyList();
+ }
+
+ private List<HivePrivilegeObject> getOutputHObjs() {
+ LOG.debug("==> CreateDataConnectorEvent.getOutputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreCreateDataConnectorEvent event = (PreCreateDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getDataConnector();
+
+ if (connector != null) {
+ ret.add(getHivePrivilegeObject(connector));
+
+ COMMAND_STR = buildCommandString(COMMAND_STR, connector);
+
+ LOG.debug("<== CreateDataConnectorEvent.getOutputHObjs(): ret={}", ret);
+ }
+
+ return ret;
+
+ }
+
+ private String buildCommandString(String cmdStr, DataConnector connector) {
+ String ret = cmdStr;
+
+ if (connector != null) {
+ String dcName = connector.getName();
+ ret = ret + (StringUtils.isNotEmpty(dcName) ? " " + dcName : "");
+ }
+
+ return ret;
+
Review Comment:
nit: remove empty line
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/DropDataConnectorEvent.java:
##########
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hadoop.hive.metastore.api.DataConnector;
+import org.apache.hadoop.hive.metastore.events.PreDropDataConnectorEvent;
+import org.apache.hadoop.hive.metastore.events.PreEventContext;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/*
+ Authorizable Event for HiveMetaStore operation DropDataConnector
+ */
+
+public class DropDataConnectorEvent extends HiveMetaStoreAuthorizableEvent {
+ private static final Logger LOG =
LoggerFactory.getLogger(DropDataConnectorEvent.class);
+
+ private String COMMAND_STR = "drop connector";
+
+ public DropDataConnectorEvent(PreEventContext preEventContext) {
+ super(preEventContext);
+ }
+
+ @Override
+ public HiveMetaStoreAuthzInfo getAuthzContext() {
+ HiveMetaStoreAuthzInfo ret =
+ new HiveMetaStoreAuthzInfo(preEventContext,
HiveOperationType.DROPDATACONNECTOR, getInputHObjs(),
+ getOutputHObjs(), COMMAND_STR);
+
+ return ret;
+ }
+
+ private List<HivePrivilegeObject> getInputHObjs() {
+ LOG.debug("==> DropDataConnectorEvent.getInputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreDropDataConnectorEvent event = (PreDropDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getDataConnector();
+
+ ret.add(getHivePrivilegeObject(connector));
+
+ COMMAND_STR = buildCommandString(COMMAND_STR, connector);
+
+ LOG.debug("<== DropDataConnectorEvent.getInputHObjs(): ret={}", ret);
+
Review Comment:
nit: remove empty line
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateDataConnectorEvent.java:
##########
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hadoop.hive.metastore.api.DataConnector;
+import org.apache.hadoop.hive.metastore.events.PreCreateDataConnectorEvent;
+import org.apache.hadoop.hive.metastore.events.PreEventContext;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/*
+ Authorizable Event for HiveMetaStore operation CreateDataConnector
+ */
+
+public class CreateDataConnectorEvent extends HiveMetaStoreAuthorizableEvent {
+ private static final Logger LOG =
LoggerFactory.getLogger(CreateDataConnectorEvent.class);
+
+ private String COMMAND_STR = "create connector";
+
+ public CreateDataConnectorEvent(PreEventContext preEventContext) {
+ super(preEventContext);
+ }
+
+ @Override
+ public HiveMetaStoreAuthzInfo getAuthzContext() {
+ HiveMetaStoreAuthzInfo ret =
+ new HiveMetaStoreAuthzInfo(preEventContext,
HiveOperationType.CREATEDATACONNECTOR, getInputHObjs(),
+ getOutputHObjs(), COMMAND_STR);
+
+ return ret;
+ }
+
+ private List<HivePrivilegeObject> getInputHObjs() {
+ return Collections.emptyList();
+ }
+
+ private List<HivePrivilegeObject> getOutputHObjs() {
+ LOG.debug("==> CreateDataConnectorEvent.getOutputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreCreateDataConnectorEvent event = (PreCreateDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getDataConnector();
+
+ if (connector != null) {
+ ret.add(getHivePrivilegeObject(connector));
+
Review Comment:
nit: remove empty line
##########
ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/TestHiveMetaStoreAuthorizer.java:
##########
@@ -360,4 +362,53 @@ public void testQShowTablesUnauthorizedUser() throws
Exception {
}
}
}
+
+ @Test
+ public void testR_CreateDataConnector_unAuthorizedUser() throws Exception {
+
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(unAuthorizedUser));
+ try {
+ DataConnector connector = new DataConnector(dcName, "mysql",
"jdbc:mysql://localhost:3306/hive");
+ hmsHandler.create_dataconnector(connector);
+ } catch (Exception e) {
+ String err = e.getMessage();
+ String expected = "Operation type " +
HiveOperationType.CREATEDATACONNECTOR+ " not allowed for user:" +
unAuthorizedUser;
+ assertEquals(expected, err);
+ }
+ }
+
+ @Test
+ public void testS_CreateDataConnector_authorizedUser() throws Exception {
+
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
+ try {
+ DataConnector connector = new DataConnector(dcName, "mysql",
"jdbc:mysql://localhost:3306/hive");
+ hmsHandler.create_dataconnector(connector);
+ } catch (Exception e) {
+ // No Exception for create database for authorized user
+ }
+ }
+
+ @Test
+ public void testT_AlterDataConnector_AuthorizedUser() throws Exception {
+
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
+ try {
+ DataConnector connector = new DataConnector(dcName, "mysql",
"jdbc:mysql://localhost:3306/hive");
+ hmsHandler.create_dataconnector(connector);
+
+ DataConnector newConnector = new DataConnector(dcName, "mysql",
"jdbc:mysql://localhost:3308/hive");
+ hmsHandler.create_dataconnector(connector);
+ hmsHandler.alter_dataconnector(dcName, newConnector);
+ } catch (Exception e) {
+ // No Exception for create table for authorized user
+ }
+ }
+
+ @Test
+ public void testU_DropDataConnector_authorizedUser() throws Exception {
+
UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(authorizedUser));
+ try {
+ hmsHandler.drop_dataconnector(dcName, true, true);
+ } catch (Exception e) {
+ // No Exception for dropDatabase for authorized user
Review Comment:
nit: comment says "dropDatabase". It should say "dropConnector"
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/DropDataConnectorEvent.java:
##########
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hadoop.hive.metastore.api.DataConnector;
+import org.apache.hadoop.hive.metastore.events.PreDropDataConnectorEvent;
+import org.apache.hadoop.hive.metastore.events.PreEventContext;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/*
+ Authorizable Event for HiveMetaStore operation DropDataConnector
+ */
+
+public class DropDataConnectorEvent extends HiveMetaStoreAuthorizableEvent {
+ private static final Logger LOG =
LoggerFactory.getLogger(DropDataConnectorEvent.class);
+
+ private String COMMAND_STR = "drop connector";
+
+ public DropDataConnectorEvent(PreEventContext preEventContext) {
+ super(preEventContext);
+ }
+
+ @Override
+ public HiveMetaStoreAuthzInfo getAuthzContext() {
+ HiveMetaStoreAuthzInfo ret =
+ new HiveMetaStoreAuthzInfo(preEventContext,
HiveOperationType.DROPDATACONNECTOR, getInputHObjs(),
+ getOutputHObjs(), COMMAND_STR);
+
+ return ret;
+ }
+
+ private List<HivePrivilegeObject> getInputHObjs() {
+ LOG.debug("==> DropDataConnectorEvent.getInputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreDropDataConnectorEvent event = (PreDropDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getDataConnector();
+
+ ret.add(getHivePrivilegeObject(connector));
+
+ COMMAND_STR = buildCommandString(COMMAND_STR, connector);
+
Review Comment:
nit: remove empty line
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateDataConnectorEvent.java:
##########
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hadoop.hive.metastore.api.DataConnector;
+import org.apache.hadoop.hive.metastore.events.PreCreateDataConnectorEvent;
+import org.apache.hadoop.hive.metastore.events.PreEventContext;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/*
+ Authorizable Event for HiveMetaStore operation CreateDataConnector
+ */
+
+public class CreateDataConnectorEvent extends HiveMetaStoreAuthorizableEvent {
+ private static final Logger LOG =
LoggerFactory.getLogger(CreateDataConnectorEvent.class);
+
+ private String COMMAND_STR = "create connector";
+
+ public CreateDataConnectorEvent(PreEventContext preEventContext) {
+ super(preEventContext);
+ }
+
+ @Override
+ public HiveMetaStoreAuthzInfo getAuthzContext() {
+ HiveMetaStoreAuthzInfo ret =
+ new HiveMetaStoreAuthzInfo(preEventContext,
HiveOperationType.CREATEDATACONNECTOR, getInputHObjs(),
+ getOutputHObjs(), COMMAND_STR);
+
+ return ret;
+ }
+
+ private List<HivePrivilegeObject> getInputHObjs() {
+ return Collections.emptyList();
+ }
+
+ private List<HivePrivilegeObject> getOutputHObjs() {
+ LOG.debug("==> CreateDataConnectorEvent.getOutputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreCreateDataConnectorEvent event = (PreCreateDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getDataConnector();
+
+ if (connector != null) {
+ ret.add(getHivePrivilegeObject(connector));
+
+ COMMAND_STR = buildCommandString(COMMAND_STR, connector);
+
Review Comment:
nit: remove empty line
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/DropDataConnectorEvent.java:
##########
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hadoop.hive.metastore.api.DataConnector;
+import org.apache.hadoop.hive.metastore.events.PreDropDataConnectorEvent;
+import org.apache.hadoop.hive.metastore.events.PreEventContext;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/*
+ Authorizable Event for HiveMetaStore operation DropDataConnector
+ */
+
+public class DropDataConnectorEvent extends HiveMetaStoreAuthorizableEvent {
+ private static final Logger LOG =
LoggerFactory.getLogger(DropDataConnectorEvent.class);
+
+ private String COMMAND_STR = "drop connector";
+
+ public DropDataConnectorEvent(PreEventContext preEventContext) {
+ super(preEventContext);
+ }
+
+ @Override
+ public HiveMetaStoreAuthzInfo getAuthzContext() {
+ HiveMetaStoreAuthzInfo ret =
+ new HiveMetaStoreAuthzInfo(preEventContext,
HiveOperationType.DROPDATACONNECTOR, getInputHObjs(),
+ getOutputHObjs(), COMMAND_STR);
+
+ return ret;
+ }
+
+ private List<HivePrivilegeObject> getInputHObjs() {
+ LOG.debug("==> DropDataConnectorEvent.getInputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreDropDataConnectorEvent event = (PreDropDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getDataConnector();
+
+ ret.add(getHivePrivilegeObject(connector));
+
Review Comment:
nit: remove empty line
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/AlterDataConnectorEvent.java:
##########
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.events;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hadoop.hive.metastore.api.DataConnector;
+import org.apache.hadoop.hive.metastore.events.PreAlterDataConnectorEvent;
+import org.apache.hadoop.hive.metastore.events.PreEventContext;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthorizableEvent;
+import
org.apache.hadoop.hive.ql.security.authorization.plugin.metastore.HiveMetaStoreAuthzInfo;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/*
+ Authorizable Event for HiveMetaStore operation AlterDataConnector
+ */
+
+public class AlterDataConnectorEvent extends HiveMetaStoreAuthorizableEvent {
+ private static final Logger LOG =
LoggerFactory.getLogger(AlterDataConnectorEvent.class);
+
+ private String COMMAND_STR = "alter connector";
+
+ public AlterDataConnectorEvent(PreEventContext preEventContext) {
+ super(preEventContext);
+ }
+
+ @Override
+ public HiveMetaStoreAuthzInfo getAuthzContext() {
+ HiveMetaStoreAuthzInfo ret =
+ new HiveMetaStoreAuthzInfo(preEventContext,
HiveOperationType.ALTERDATACONNECTOR, getInputHObjs(),
+ getOutputHObjs(), COMMAND_STR);
+
+ return ret;
+ }
+
+ private List<HivePrivilegeObject> getInputHObjs() {
+ LOG.debug("==> AlterDataConnectorEvent.getInputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreAlterDataConnectorEvent event = (PreAlterDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getOldDataConnector();
+
+ if (connector != null) {
+ ret.add(getHivePrivilegeObject(connector));
+
+ COMMAND_STR = buildCommandString(COMMAND_STR, connector);
+
+ LOG.debug("<== AlterDataConnectorEvent.getInputHObjs(): ret={}", ret);
+ }
+
+ return ret;
+
+ }
+
+ private List<HivePrivilegeObject> getOutputHObjs() {
+ LOG.debug("==> AlterDataConnectorEvent.getOutputHObjs()");
+
+ List<HivePrivilegeObject> ret = new ArrayList<>();
+ PreAlterDataConnectorEvent event = (PreAlterDataConnectorEvent)
preEventContext;
+ DataConnector connector = event.getNewDataConnector();
+
+ if (connector != null) {
+ ret.add(getHivePrivilegeObject(connector));
+
+ COMMAND_STR = buildCommandString(COMMAND_STR, connector);
+
Review Comment:
nit: remove empty line
Issue Time Tracking
-------------------
Worklog Id: (was: 800804)
Time Spent: 2h (was: 1h 50m)
> Add data connector authorization on HMS server-side
> ---------------------------------------------------
>
> Key: HIVE-26248
> URL: https://issues.apache.org/jira/browse/HIVE-26248
> Project: Hive
> Issue Type: Sub-task
> Affects Versions: 4.0.0-alpha-1, 4.0.0-alpha-2
> Reporter: zhangbutao
> Assignee: zhangbutao
> Priority: Major
> Labels: pull-request-available
> Time Spent: 2h
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
