hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From the...@apache.org
Subject hive git commit: HIVE-12698 : Remove exposure to internal privilege and principal classes in HiveAuthorizer (Thejas Nair, reviewed by Ferdinand Xu )
Date Fri, 18 Dec 2015 19:50:44 GMT
Repository: hive
Updated Branches:
  refs/heads/master 1907977cf -> 1199754cc


HIVE-12698 : Remove exposure to internal privilege and principal classes in HiveAuthorizer
(Thejas Nair, reviewed by Ferdinand Xu )


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/1199754c
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/1199754c
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/1199754c

Branch: refs/heads/master
Commit: 1199754cc030e12bf73f54e937f552326ac96f2f
Parents: 1907977
Author: Thejas Nair <thejas@hortonworks.com>
Authored: Fri Dec 18 11:49:28 2015 -0800
Committer: Thejas Nair <thejas@hortonworks.com>
Committed: Fri Dec 18 11:50:26 2015 -0800

----------------------------------------------------------------------
 .../org/apache/hadoop/hive/ql/exec/DDLTask.java | 31 ++++++--
 .../authorization/AuthorizationUtils.java       | 50 +++---------
 .../DefaultHiveAuthorizationTranslator.java     | 81 ++++++++++++++++++++
 .../plugin/HiveAuthorizationTranslator.java     | 46 +++++++++++
 .../authorization/plugin/HiveAuthorizer.java    | 26 ++++---
 .../plugin/HiveAuthorizerImpl.java              | 26 +++----
 .../authorization/plugin/HiveV1Authorizer.java  | 18 +----
 7 files changed, 188 insertions(+), 90 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/1199754c/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
index 4fb6c00..290f489 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
@@ -19,6 +19,7 @@
 package org.apache.hadoop.hive.ql.exec;
 
 import com.google.common.collect.Iterables;
+
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.hadoop.mapreduce.MRJobConfig;
@@ -153,7 +154,10 @@ import org.apache.hadoop.hive.ql.plan.UnlockDatabaseDesc;
 import org.apache.hadoop.hive.ql.plan.UnlockTableDesc;
 import org.apache.hadoop.hive.ql.plan.api.StageType;
 import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
+import org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationTranslator;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationTranslator;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo;
@@ -237,6 +241,7 @@ public class DDLTask extends Task<DDLWork> implements Serializable
{
   private static String INTERMEDIATE_EXTRACTED_DIR_SUFFIX;
 
   private MetaDataFormatter formatter;
+  private final HiveAuthorizationTranslator defaultAuthorizationTranslator = new DefaultHiveAuthorizationTranslator();
 
   @Override
   public boolean requireLock() {
@@ -661,8 +666,8 @@ public class DDLTask extends Task<DDLWork> implements Serializable
{
       grantorPrinc = new HivePrincipal(grantOrRevokeRoleDDL.getGrantor(),
           AuthorizationUtils.getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType()));
     }
-    List<HivePrincipal> principals =
-        authorizer.getHivePrincipals(grantOrRevokeRoleDDL.getPrincipalDesc());
+    List<HivePrincipal> principals = AuthorizationUtils.getHivePrincipals(
+        grantOrRevokeRoleDDL.getPrincipalDesc(), getAuthorizationTranslator(authorizer));
     List<String> roles = grantOrRevokeRoleDDL.getRoles();
 
     boolean grantOption = grantOrRevokeRoleDDL.isGrantOption();
@@ -674,13 +679,22 @@ public class DDLTask extends Task<DDLWork> implements Serializable
{
     return 0;
   }
 
+  private HiveAuthorizationTranslator getAuthorizationTranslator(HiveAuthorizer authorizer)
+      throws HiveAuthzPluginException {
+    if (authorizer.getHiveAuthorizationTranslator() == null) {
+      return defaultAuthorizationTranslator;
+    } else {
+      return (HiveAuthorizationTranslator)authorizer.getHiveAuthorizationTranslator();
+    }
+  }
+
   private int showGrants(ShowGrantDesc showGrantDesc) throws HiveException {
 
     HiveAuthorizer authorizer = getSessionAuthorizer();
     try {
       List<HivePrivilegeInfo> privInfos = authorizer.showPrivileges(
-          AuthorizationUtils.getHivePrincipal(showGrantDesc.getPrincipalDesc()),
-          authorizer.getHivePrivilegeObject(showGrantDesc.getHiveObj()));
+          getAuthorizationTranslator(authorizer).getHivePrincipal(showGrantDesc.getPrincipalDesc()),
+          getAuthorizationTranslator(authorizer).getHivePrivilegeObject(showGrantDesc.getHiveObj()));
       boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST);
       writeToFile(writeGrantInfo(privInfos, testMode), showGrantDesc.getResFile());
     } catch (IOException e) {
@@ -697,9 +711,12 @@ public class DDLTask extends Task<DDLWork> implements Serializable
{
     HiveAuthorizer authorizer = getSessionAuthorizer();
 
     //Convert to object types used by the authorization plugin interface
-    List<HivePrincipal> hivePrincipals = authorizer.getHivePrincipals(principals);
-    List<HivePrivilege> hivePrivileges = authorizer.getHivePrivileges(privileges);
-    HivePrivilegeObject hivePrivObject = authorizer.getHivePrivilegeObject(privSubjectDesc);
+    List<HivePrincipal> hivePrincipals = AuthorizationUtils.getHivePrincipals(
+        principals, getAuthorizationTranslator(authorizer));
+    List<HivePrivilege> hivePrivileges = AuthorizationUtils.getHivePrivileges(
+        privileges, getAuthorizationTranslator(authorizer));
+    HivePrivilegeObject hivePrivObject = getAuthorizationTranslator(authorizer)
+        .getHivePrivilegeObject(privSubjectDesc);
 
     HivePrincipal grantorPrincipal = new HivePrincipal(
         grantor, AuthorizationUtils.getHivePrincipalType(grantorType));

http://git-wip-us.apache.org/repos/asf/hive/blob/1199754c/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
index 1e1f3da..04e5565 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
@@ -36,6 +36,7 @@ import org.apache.hadoop.hive.ql.metadata.HiveException;
 import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
 import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
 import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationTranslator;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal.HivePrincipalType;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
@@ -111,32 +112,25 @@ public class AuthorizationUtils {
         HivePrivilegeObjectType.DATABASE;
   }
 
-  public static List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges)
{
-    List<HivePrivilege> hivePrivileges = new ArrayList<HivePrivilege>();
+  public static List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges,
+      HiveAuthorizationTranslator trans) {
+  List<HivePrivilege> hivePrivileges = new ArrayList<HivePrivilege>();
     for(PrivilegeDesc privilege : privileges){
-      Privilege priv = privilege.getPrivilege();
-      hivePrivileges.add(
-          new HivePrivilege(priv.toString(), privilege.getColumns(), priv.getScopeList()));
+      hivePrivileges.add(trans.getHivePrivilege(privilege));
     }
     return hivePrivileges;
   }
 
-  public static List<HivePrincipal> getHivePrincipals(List<PrincipalDesc> principals)
+  public static List<HivePrincipal> getHivePrincipals(List<PrincipalDesc> principals,
+      HiveAuthorizationTranslator trans)
       throws HiveException {
-
-    ArrayList<HivePrincipal> hivePrincipals = new ArrayList<HivePrincipal>();
+  ArrayList<HivePrincipal> hivePrincipals = new ArrayList<HivePrincipal>();
     for(PrincipalDesc principal : principals){
-      hivePrincipals.add(getHivePrincipal(principal));
+      hivePrincipals.add(trans.getHivePrincipal(principal));
     }
     return hivePrincipals;
   }
 
-  public static HivePrincipal getHivePrincipal(PrincipalDesc principal) throws HiveException
{
-    if (principal == null) {
-      return null;
-    }
-    return getHivePrincipal(principal.getName(), principal.getType());
-  }
 
   public static HivePrincipal getHivePrincipal(String name, PrincipalType type) throws HiveException
{
     return new HivePrincipal(name, AuthorizationUtils.getHivePrincipalType(type));
@@ -169,32 +163,6 @@ public class AuthorizationUtils {
         privObj.getPartValues(), privObj.getColumnName());
   }
 
-  public static HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc)
-      throws HiveException {
-
-    // null means ALL for show grants, GLOBAL for grant/revoke
-    HivePrivilegeObjectType objectType = null;
-
-    String[] dbTable;
-    List<String> partSpec = null;
-    List<String> columns = null;
-    if (privSubjectDesc == null) {
-      dbTable = new String[] {null, null};
-    } else {
-      if (privSubjectDesc.getTable()) {
-        dbTable = Utilities.getDbTableName(privSubjectDesc.getObject());
-      } else {
-        dbTable = new String[] {privSubjectDesc.getObject(), null};
-      }
-      if (privSubjectDesc.getPartSpec() != null) {
-        partSpec = new ArrayList<String>(privSubjectDesc.getPartSpec().values());
-      }
-      columns = privSubjectDesc.getColumns();
-      objectType = getPrivObjectType(privSubjectDesc);
-    }
-    return new HivePrivilegeObject(objectType, dbTable[0], dbTable[1], partSpec, columns,
null);
-  }
-
   /**
    * Convert authorization plugin principal type to thrift principal type
    * @param type

http://git-wip-us.apache.org/repos/asf/hive/blob/1199754c/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java
new file mode 100644
index 0000000..319a801
--- /dev/null
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java
@@ -0,0 +1,81 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.security.authorization;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.hadoop.hive.ql.exec.Utilities;
+import org.apache.hadoop.hive.ql.metadata.HiveException;
+import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationTranslator;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType;
+
+
+/**
+ * Default implementation of HiveAuthorizationTranslator
+ */
+public class DefaultHiveAuthorizationTranslator implements HiveAuthorizationTranslator {
+
+  @Override
+  public HivePrincipal getHivePrincipal(PrincipalDesc principal) throws HiveException {
+    if (principal == null) {
+      return null;
+    }
+    return AuthorizationUtils.getHivePrincipal(principal.getName(), principal.getType());
+  }
+
+  @Override
+  public HivePrivilege getHivePrivilege(PrivilegeDesc privilege) {
+    Privilege priv = privilege.getPrivilege();
+    return new HivePrivilege(priv.toString(), privilege.getColumns(), priv.getScopeList());
+  }
+
+  @Override
+  public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc)
+      throws HiveException {
+    // null means ALL for show grants, GLOBAL for grant/revoke
+    HivePrivilegeObjectType objectType = null;
+
+    String[] dbTable;
+    List<String> partSpec = null;
+    List<String> columns = null;
+    if (privSubjectDesc == null) {
+      dbTable = new String[] {null, null};
+    } else {
+      if (privSubjectDesc.getTable()) {
+        dbTable = Utilities.getDbTableName(privSubjectDesc.getObject());
+      } else {
+        dbTable = new String[] {privSubjectDesc.getObject(), null};
+      }
+      if (privSubjectDesc.getPartSpec() != null) {
+        partSpec = new ArrayList<String>(privSubjectDesc.getPartSpec().values());
+      }
+      columns = privSubjectDesc.getColumns();
+      objectType = AuthorizationUtils.getPrivObjectType(privSubjectDesc);
+    }
+    return new HivePrivilegeObject(objectType, dbTable[0], dbTable[1], partSpec, columns,
null);
+  }
+
+
+}

http://git-wip-us.apache.org/repos/asf/hive/blob/1199754c/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java
new file mode 100644
index 0000000..540f1f3
--- /dev/null
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.security.authorization.plugin;
+
+import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate;
+import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving;
+import org.apache.hadoop.hive.ql.metadata.HiveException;
+import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
+import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
+
+/**
+ * This interface has functions that provide the ability to customize the translation
+ * from Hive internal representations of Authorization objects to the public API objects
+ * This is an interface that is not meant for general use, it is targeted to some
+ * specific use cases of Apache Sentry (incubating).
+ * The API uses several classes that are considered internal to Hive, and it is
+ * subject to change across releases.
+ */
+@LimitedPrivate(value = { "Apache Sentry (incubating)" })
+@Evolving
+public interface HiveAuthorizationTranslator {
+
+  public HivePrincipal getHivePrincipal(PrincipalDesc principal)
+      throws HiveException;
+
+  public HivePrivilege getHivePrivilege(PrivilegeDesc privilege);
+
+  public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privObject)
+      throws HiveException;
+}

http://git-wip-us.apache.org/repos/asf/hive/blob/1199754c/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
index 512772b..09112fe 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
@@ -23,9 +23,6 @@ import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPri
 import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving;
 import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.ql.metadata.HiveException;
-import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
-import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
-import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
 import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider;
 
 /**
@@ -212,14 +209,23 @@ public interface HiveAuthorizer {
    * @param hiveConf
    * @throws HiveAuthzPluginException
    */
-  public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException;
+  void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException;
 
-  public List<HivePrincipal> getHivePrincipals(List<PrincipalDesc> principals)
-      throws HiveException;
-
-  public List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges);
+  /**
+   * Get a {@link HiveAuthorizationTranslator} implementation. See
+   * {@link HiveAuthorizationTranslator} for details. Return null if no
+   * customization is needed. Most implementations are expected to return null.
+   *
+   * The java signature of the method makes it necessary to only return Object
+   * type so that older implementations can extend the interface to build
+   * against older versions of Hive that don't include this additional method
+   * and HiveAuthorizationTranslator class. However, if a non null value is
+   * returned, the Object has to be of type HiveAuthorizationTranslator
+   *
+   * @return
+   * @throws HiveException
+   */
+  Object getHiveAuthorizationTranslator() throws HiveAuthzPluginException;
 
-  public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc)
-      throws HiveException;
 }
 

http://git-wip-us.apache.org/repos/asf/hive/blob/1199754c/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java
index 76a80e0..37ea1c4 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java
@@ -23,10 +23,6 @@ import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPri
 import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving;
 import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.ql.metadata.HiveException;
-import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
-import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
-import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
-import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
 
 /**
  * Convenience implementation of HiveAuthorizer.
@@ -140,20 +136,16 @@ public class HiveAuthorizerImpl implements HiveAuthorizer {
     accessController.applyAuthorizationConfigPolicy(hiveConf);
   }
 
+  /* (non-Javadoc)
+   * @see org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer#getHiveAuthorizationTranslator()
+   *
+   * No customization of this API is done for most Authorization implementations. It is meant

+   * to be used for special cases in Apache Sentry (incubating)
+   *
+   */
   @Override
-  public List<HivePrincipal> getHivePrincipals(
-      List<PrincipalDesc> principals) throws HiveException {
-    return AuthorizationUtils.getHivePrincipals(principals);
+  public HiveAuthorizationTranslator getHiveAuthorizationTranslator() throws HiveAuthzPluginException{
+    return null;
   }
 
-  @Override
-  public List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges)
{
-    return AuthorizationUtils.getHivePrivileges(privileges);
-  }
-
-  @Override
-  public HivePrivilegeObject getHivePrivilegeObject(
-      PrivilegeObjectDesc privSubjectDesc) throws HiveException {
-    return AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc);
-  }
 }

http://git-wip-us.apache.org/repos/asf/hive/blob/1199754c/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java
b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java
index c387800..c7f9e13 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java
@@ -37,9 +37,6 @@ import org.apache.hadoop.hive.metastore.api.RolePrincipalGrant;
 import org.apache.hadoop.hive.ql.metadata.Hive;
 import org.apache.hadoop.hive.ql.metadata.HiveException;
 import org.apache.hadoop.hive.ql.metadata.Table;
-import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
-import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
-import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
 import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
 import org.apache.hadoop.hive.ql.security.authorization.PrivilegeScope;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessController;
@@ -383,19 +380,10 @@ public class HiveV1Authorizer implements HiveAuthorizer {
   }
 
   @Override
-  public List<HivePrincipal> getHivePrincipals(
-      List<PrincipalDesc> principals) throws HiveException {
-    return AuthorizationUtils.getHivePrincipals(principals);
+  public HiveAuthorizationTranslator getHiveAuthorizationTranslator() throws HiveAuthzPluginException
{
+    // custom translator is not needed, so return null
+    return null;
   }
 
-  @Override
-  public List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges)
{
-    return AuthorizationUtils.getHivePrivileges(privileges);
-  }
 
-  @Override
-  public HivePrivilegeObject getHivePrivilegeObject(
-      PrivilegeObjectDesc privSubjectDesc) throws HiveException {
-    return AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc);
-  }
 }


Mime
View raw message