Return-Path: 
 <commits-return-7497-apmail-hive-commits-archive=hive.apache.org@hive.apache.org>
X-Original-To: apmail-hive-commits-archive@www.apache.org
Delivered-To: apmail-hive-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 08C6F101F6
	for <apmail-hive-commits-archive@www.apache.org>;
 Wed, 12 Mar 2014 10:07:47 +0000 (UTC)
Received: (qmail 69939 invoked by uid 500); 12 Mar 2014 10:07:46 -0000
Delivered-To: apmail-hive-commits-archive@hive.apache.org
Received: (qmail 69899 invoked by uid 500); 12 Mar 2014 10:07:44 -0000
Mailing-List: contact commits-help@hive.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@hive.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@hive.apache.org>
List-Post: <mailto:commits@hive.apache.org>
List-Id: <commits.hive.apache.org>
Reply-To: hive-dev@hive.apache.org
Delivered-To: mailing list commits@hive.apache.org
Received: (qmail 69519 invoked by uid 99); 12 Mar 2014 10:07:42 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Mar 2014 10:07:42 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Mar 2014 10:07:37 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id CDC7623888E4;
	Wed, 12 Mar 2014 10:07:15 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1576677 [1/13] - in /hive/branches/branch-0.13:
 metastore/if/
 metastore/src/gen/thrift/gen-cpp/
 metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/
 metastore/src/gen/thrift/gen-php/metastore/ metastore/src/gen/thrif...
Date: Wed, 12 Mar 2014 10:07:11 -0000
To: commits@hive.apache.org
From: thejas@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20140312100715.CDC7623888E4@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: thejas
Date: Wed Mar 12 10:07:09 2014
New Revision: 1576677

URL: http://svn.apache.org/r1576677
Log:
HIVE-5931 : SQL std auth - add metastore get_principals_in_role api, support SHOW PRINCIPALS role_name (Thejas Nair via Ashutosh Chauhan)

Added:
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/GetPrincipalsInRoleRequest.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/GetPrincipalsInRoleResponse.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/RolePrincipalGrant.java
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRoleGrant.java
    hive/branches/branch-0.13/ql/src/test/queries/clientnegative/authorization_show_role_principals_no_admin.q
    hive/branches/branch-0.13/ql/src/test/queries/clientnegative/authorization_show_role_principals_v1.q
    hive/branches/branch-0.13/ql/src/test/results/clientnegative/authorization_show_role_principals_no_admin.q.out
    hive/branches/branch-0.13/ql/src/test/results/clientnegative/authorization_show_role_principals_v1.q.out
Modified:
    hive/branches/branch-0.13/metastore/if/hive_metastore.thrift
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-cpp/hive_metastore_types.cpp
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-cpp/hive_metastore_types.h
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/AddPartitionsRequest.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/AddPartitionsResult.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ColumnStatistics.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Database.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/DropPartitionsResult.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/EnvironmentContext.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Function.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/GetOpenTxnsInfoResponse.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/GetOpenTxnsResponse.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/HiveObjectRef.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Index.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/LockRequest.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/OpenTxnsResponse.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Partition.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/PartitionsByExprResult.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/PartitionsStatsRequest.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/PartitionsStatsResult.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/PrincipalPrivilegeSet.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/PrivilegeBag.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/RequestPartsSpec.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Schema.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/SerDeInfo.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ShowCompactResponse.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ShowLocksResponse.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/SkewedInfo.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/StorageDescriptor.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Table.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/TableStatsRequest.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/TableStatsResult.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Type.java
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-php/metastore/ThriftHiveMetastore.php
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-php/metastore/Types.php
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-py/hive_metastore/ttypes.py
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-rb/hive_metastore_types.rb
    hive/branches/branch-0.13/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb
    hive/branches/branch-0.13/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
    hive/branches/branch-0.13/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
    hive/branches/branch-0.13/metastore/src/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java
    hive/branches/branch-0.13/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java
    hive/branches/branch-0.13/metastore/src/java/org/apache/hadoop/hive/metastore/RawStore.java
    hive/branches/branch-0.13/metastore/src/test/org/apache/hadoop/hive/metastore/DummyRawStoreControlledCommit.java
    hive/branches/branch-0.13/metastore/src/test/org/apache/hadoop/hive/metastore/DummyRawStoreForJdoConnection.java
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactory.java
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/plan/HiveOperation.java
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveOperationType.java
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/Operation2Privilege.java
    hive/branches/branch-0.13/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
    hive/branches/branch-0.13/ql/src/test/queries/clientpositive/authorization_role_grant2.q
    hive/branches/branch-0.13/ql/src/test/results/clientpositive/authorization_role_grant2.q.out

Modified: hive/branches/branch-0.13/metastore/if/hive_metastore.thrift
URL: http://svn.apache.org/viewvc/hive/branches/branch-0.13/metastore/if/hive_metastore.thrift?rev=1576677&r1=1576676&r2=1576677&view=diff
==============================================================================
--- hive/branches/branch-0.13/metastore/if/hive_metastore.thrift (original)
+++ hive/branches/branch-0.13/metastore/if/hive_metastore.thrift Wed Mar 12 10:07:09 2014
@@ -138,6 +138,11 @@ struct Role {
   1: string roleName,
   2: i32 createTime,
   3: string ownerName,
+
+  // Following fields are populated by list_roles
+  // They are ignored during other commands such as role creation
+  // See RolePrincipalGrant which gives a 'normalized' representation
+  // of this information
   4: optional string principalName,
   5: optional string principalType,
   6: optional bool grantOption,
@@ -145,6 +150,25 @@ struct Role {
   8: optional string grantor
 }
 
+// Representation of a grant for a principal to a role
+struct RolePrincipalGrant {
+  1: string roleName,
+  2: string principalName,
+  3: PrincipalType principalType,
+  4: bool grantOption,
+  5: i32 grantTime,
+  6: string grantorName,
+  7: PrincipalType grantorPrincipalType
+}
+
+struct GetPrincipalsInRoleRequest {
+  1: string roleName;
+}
+
+struct GetPrincipalsInRoleResponse {
+  1: list<RolePrincipalGrant> principalGrants;
+}
+
 // namespace for tables
 struct Database {
   1: string name,
@@ -916,6 +940,11 @@ service ThriftHiveMetastore extends fb30
                         throws(1:MetaException o1)
   list<Role> list_roles(1:string principal_name, 2:PrincipalType principal_type) throws(1:MetaException o1)
 
+  // get all role-grants for users/roles that have been granted the given role
+  // Note that in the returned list of RolePrincipalGrants, the roleName is
+  // redundant as it would match the role_name argument of this function
+  GetPrincipalsInRoleResponse get_principals_in_role(1: GetPrincipalsInRoleRequest request) throws(1:MetaException o1)
+
   PrincipalPrivilegeSet get_privilege_set(1:HiveObjectRef hiveObject, 2:string user_name,
     3: list<string> group_names) throws(1:MetaException o1)
   list<HiveObjectPrivilege> list_privileges(1:string principal_name, 2:PrincipalType principal_type,