Return-Path: X-Original-To: apmail-hive-commits-archive@www.apache.org Delivered-To: apmail-hive-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3DE22187AB for ; Fri, 18 Dec 2015 19:50:45 +0000 (UTC) Received: (qmail 98910 invoked by uid 500); 18 Dec 2015 19:50:45 -0000 Delivered-To: apmail-hive-commits-archive@hive.apache.org Received: (qmail 98865 invoked by uid 500); 18 Dec 2015 19:50:45 -0000 Mailing-List: contact commits-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hive-dev@hive.apache.org Delivered-To: mailing list commits@hive.apache.org Received: (qmail 98854 invoked by uid 99); 18 Dec 2015 19:50:45 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Dec 2015 19:50:45 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id D648BE0441; Fri, 18 Dec 2015 19:50:44 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: thejas@apache.org To: commits@hive.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: hive git commit: HIVE-12698 : Remove exposure to internal privilege and principal classes in HiveAuthorizer (Thejas Nair, reviewed by Ferdinand Xu ) Date: Fri, 18 Dec 2015 19:50:44 +0000 (UTC) Repository: hive Updated Branches: refs/heads/master 1907977cf -> 1199754cc HIVE-12698 : Remove exposure to internal privilege and principal classes in HiveAuthorizer (Thejas Nair, reviewed by Ferdinand Xu ) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/1199754c Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/1199754c Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/1199754c Branch: refs/heads/master Commit: 1199754cc030e12bf73f54e937f552326ac96f2f Parents: 1907977 Author: Thejas Nair Authored: Fri Dec 18 11:49:28 2015 -0800 Committer: Thejas Nair Committed: Fri Dec 18 11:50:26 2015 -0800 ---------------------------------------------------------------------- .../org/apache/hadoop/hive/ql/exec/DDLTask.java | 31 ++++++-- .../authorization/AuthorizationUtils.java | 50 +++--------- .../DefaultHiveAuthorizationTranslator.java | 81 ++++++++++++++++++++ .../plugin/HiveAuthorizationTranslator.java | 46 +++++++++++ .../authorization/plugin/HiveAuthorizer.java | 26 ++++--- .../plugin/HiveAuthorizerImpl.java | 26 +++---- .../authorization/plugin/HiveV1Authorizer.java | 18 +---- 7 files changed, 188 insertions(+), 90 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/1199754c/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java index 4fb6c00..290f489 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java @@ -19,6 +19,7 @@ package org.apache.hadoop.hive.ql.exec; import com.google.common.collect.Iterables; + import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; import org.apache.hadoop.mapreduce.MRJobConfig; @@ -153,7 +154,10 @@ import org.apache.hadoop.hive.ql.plan.UnlockDatabaseDesc; import org.apache.hadoop.hive.ql.plan.UnlockTableDesc; import org.apache.hadoop.hive.ql.plan.api.StageType; import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils; +import org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationTranslator; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationTranslator; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo; @@ -237,6 +241,7 @@ public class DDLTask extends Task implements Serializable { private static String INTERMEDIATE_EXTRACTED_DIR_SUFFIX; private MetaDataFormatter formatter; + private final HiveAuthorizationTranslator defaultAuthorizationTranslator = new DefaultHiveAuthorizationTranslator(); @Override public boolean requireLock() { @@ -661,8 +666,8 @@ public class DDLTask extends Task implements Serializable { grantorPrinc = new HivePrincipal(grantOrRevokeRoleDDL.getGrantor(), AuthorizationUtils.getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType())); } - List principals = - authorizer.getHivePrincipals(grantOrRevokeRoleDDL.getPrincipalDesc()); + List principals = AuthorizationUtils.getHivePrincipals( + grantOrRevokeRoleDDL.getPrincipalDesc(), getAuthorizationTranslator(authorizer)); List roles = grantOrRevokeRoleDDL.getRoles(); boolean grantOption = grantOrRevokeRoleDDL.isGrantOption(); @@ -674,13 +679,22 @@ public class DDLTask extends Task implements Serializable { return 0; } + private HiveAuthorizationTranslator getAuthorizationTranslator(HiveAuthorizer authorizer) + throws HiveAuthzPluginException { + if (authorizer.getHiveAuthorizationTranslator() == null) { + return defaultAuthorizationTranslator; + } else { + return (HiveAuthorizationTranslator)authorizer.getHiveAuthorizationTranslator(); + } + } + private int showGrants(ShowGrantDesc showGrantDesc) throws HiveException { HiveAuthorizer authorizer = getSessionAuthorizer(); try { List privInfos = authorizer.showPrivileges( - AuthorizationUtils.getHivePrincipal(showGrantDesc.getPrincipalDesc()), - authorizer.getHivePrivilegeObject(showGrantDesc.getHiveObj())); + getAuthorizationTranslator(authorizer).getHivePrincipal(showGrantDesc.getPrincipalDesc()), + getAuthorizationTranslator(authorizer).getHivePrivilegeObject(showGrantDesc.getHiveObj())); boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST); writeToFile(writeGrantInfo(privInfos, testMode), showGrantDesc.getResFile()); } catch (IOException e) { @@ -697,9 +711,12 @@ public class DDLTask extends Task implements Serializable { HiveAuthorizer authorizer = getSessionAuthorizer(); //Convert to object types used by the authorization plugin interface - List hivePrincipals = authorizer.getHivePrincipals(principals); - List hivePrivileges = authorizer.getHivePrivileges(privileges); - HivePrivilegeObject hivePrivObject = authorizer.getHivePrivilegeObject(privSubjectDesc); + List hivePrincipals = AuthorizationUtils.getHivePrincipals( + principals, getAuthorizationTranslator(authorizer)); + List hivePrivileges = AuthorizationUtils.getHivePrivileges( + privileges, getAuthorizationTranslator(authorizer)); + HivePrivilegeObject hivePrivObject = getAuthorizationTranslator(authorizer) + .getHivePrivilegeObject(privSubjectDesc); HivePrincipal grantorPrincipal = new HivePrincipal( grantor, AuthorizationUtils.getHivePrincipalType(grantorType)); http://git-wip-us.apache.org/repos/asf/hive/blob/1199754c/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java index 1e1f3da..04e5565 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java @@ -36,6 +36,7 @@ import org.apache.hadoop.hive.ql.metadata.HiveException; import org.apache.hadoop.hive.ql.plan.PrincipalDesc; import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationTranslator; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal.HivePrincipalType; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege; @@ -111,32 +112,25 @@ public class AuthorizationUtils { HivePrivilegeObjectType.DATABASE; } - public static List getHivePrivileges(List privileges) { - List hivePrivileges = new ArrayList(); + public static List getHivePrivileges(List privileges, + HiveAuthorizationTranslator trans) { + List hivePrivileges = new ArrayList(); for(PrivilegeDesc privilege : privileges){ - Privilege priv = privilege.getPrivilege(); - hivePrivileges.add( - new HivePrivilege(priv.toString(), privilege.getColumns(), priv.getScopeList())); + hivePrivileges.add(trans.getHivePrivilege(privilege)); } return hivePrivileges; } - public static List getHivePrincipals(List principals) + public static List getHivePrincipals(List principals, + HiveAuthorizationTranslator trans) throws HiveException { - - ArrayList hivePrincipals = new ArrayList(); + ArrayList hivePrincipals = new ArrayList(); for(PrincipalDesc principal : principals){ - hivePrincipals.add(getHivePrincipal(principal)); + hivePrincipals.add(trans.getHivePrincipal(principal)); } return hivePrincipals; } - public static HivePrincipal getHivePrincipal(PrincipalDesc principal) throws HiveException { - if (principal == null) { - return null; - } - return getHivePrincipal(principal.getName(), principal.getType()); - } public static HivePrincipal getHivePrincipal(String name, PrincipalType type) throws HiveException { return new HivePrincipal(name, AuthorizationUtils.getHivePrincipalType(type)); @@ -169,32 +163,6 @@ public class AuthorizationUtils { privObj.getPartValues(), privObj.getColumnName()); } - public static HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) - throws HiveException { - - // null means ALL for show grants, GLOBAL for grant/revoke - HivePrivilegeObjectType objectType = null; - - String[] dbTable; - List partSpec = null; - List columns = null; - if (privSubjectDesc == null) { - dbTable = new String[] {null, null}; - } else { - if (privSubjectDesc.getTable()) { - dbTable = Utilities.getDbTableName(privSubjectDesc.getObject()); - } else { - dbTable = new String[] {privSubjectDesc.getObject(), null}; - } - if (privSubjectDesc.getPartSpec() != null) { - partSpec = new ArrayList(privSubjectDesc.getPartSpec().values()); - } - columns = privSubjectDesc.getColumns(); - objectType = getPrivObjectType(privSubjectDesc); - } - return new HivePrivilegeObject(objectType, dbTable[0], dbTable[1], partSpec, columns, null); - } - /** * Convert authorization plugin principal type to thrift principal type * @param type http://git-wip-us.apache.org/repos/asf/hive/blob/1199754c/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java new file mode 100644 index 0000000..319a801 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationTranslator.java @@ -0,0 +1,81 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.hive.ql.security.authorization; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.hadoop.hive.ql.exec.Utilities; +import org.apache.hadoop.hive.ql.metadata.HiveException; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationTranslator; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType; + + +/** + * Default implementation of HiveAuthorizationTranslator + */ +public class DefaultHiveAuthorizationTranslator implements HiveAuthorizationTranslator { + + @Override + public HivePrincipal getHivePrincipal(PrincipalDesc principal) throws HiveException { + if (principal == null) { + return null; + } + return AuthorizationUtils.getHivePrincipal(principal.getName(), principal.getType()); + } + + @Override + public HivePrivilege getHivePrivilege(PrivilegeDesc privilege) { + Privilege priv = privilege.getPrivilege(); + return new HivePrivilege(priv.toString(), privilege.getColumns(), priv.getScopeList()); + } + + @Override + public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) + throws HiveException { + // null means ALL for show grants, GLOBAL for grant/revoke + HivePrivilegeObjectType objectType = null; + + String[] dbTable; + List partSpec = null; + List columns = null; + if (privSubjectDesc == null) { + dbTable = new String[] {null, null}; + } else { + if (privSubjectDesc.getTable()) { + dbTable = Utilities.getDbTableName(privSubjectDesc.getObject()); + } else { + dbTable = new String[] {privSubjectDesc.getObject(), null}; + } + if (privSubjectDesc.getPartSpec() != null) { + partSpec = new ArrayList(privSubjectDesc.getPartSpec().values()); + } + columns = privSubjectDesc.getColumns(); + objectType = AuthorizationUtils.getPrivObjectType(privSubjectDesc); + } + return new HivePrivilegeObject(objectType, dbTable[0], dbTable[1], partSpec, columns, null); + } + + +} http://git-wip-us.apache.org/repos/asf/hive/blob/1199754c/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java new file mode 100644 index 0000000..540f1f3 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationTranslator.java @@ -0,0 +1,46 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.hive.ql.security.authorization.plugin; + +import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate; +import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving; +import org.apache.hadoop.hive.ql.metadata.HiveException; +import org.apache.hadoop.hive.ql.plan.PrincipalDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; +import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; + +/** + * This interface has functions that provide the ability to customize the translation + * from Hive internal representations of Authorization objects to the public API objects + * This is an interface that is not meant for general use, it is targeted to some + * specific use cases of Apache Sentry (incubating). + * The API uses several classes that are considered internal to Hive, and it is + * subject to change across releases. + */ +@LimitedPrivate(value = { "Apache Sentry (incubating)" }) +@Evolving +public interface HiveAuthorizationTranslator { + + public HivePrincipal getHivePrincipal(PrincipalDesc principal) + throws HiveException; + + public HivePrivilege getHivePrivilege(PrivilegeDesc privilege); + + public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privObject) + throws HiveException; +} http://git-wip-us.apache.org/repos/asf/hive/blob/1199754c/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java index 512772b..09112fe 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java @@ -23,9 +23,6 @@ import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPri import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving; import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.ql.metadata.HiveException; -import org.apache.hadoop.hive.ql.plan.PrincipalDesc; -import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; -import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider; /** @@ -212,14 +209,23 @@ public interface HiveAuthorizer { * @param hiveConf * @throws HiveAuthzPluginException */ - public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException; + void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException; - public List getHivePrincipals(List principals) - throws HiveException; - - public List getHivePrivileges(List privileges); + /** + * Get a {@link HiveAuthorizationTranslator} implementation. See + * {@link HiveAuthorizationTranslator} for details. Return null if no + * customization is needed. Most implementations are expected to return null. + * + * The java signature of the method makes it necessary to only return Object + * type so that older implementations can extend the interface to build + * against older versions of Hive that don't include this additional method + * and HiveAuthorizationTranslator class. However, if a non null value is + * returned, the Object has to be of type HiveAuthorizationTranslator + * + * @return + * @throws HiveException + */ + Object getHiveAuthorizationTranslator() throws HiveAuthzPluginException; - public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) - throws HiveException; } http://git-wip-us.apache.org/repos/asf/hive/blob/1199754c/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java index 76a80e0..37ea1c4 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java @@ -23,10 +23,6 @@ import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPri import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving; import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.ql.metadata.HiveException; -import org.apache.hadoop.hive.ql.plan.PrincipalDesc; -import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; -import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; -import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils; /** * Convenience implementation of HiveAuthorizer. @@ -140,20 +136,16 @@ public class HiveAuthorizerImpl implements HiveAuthorizer { accessController.applyAuthorizationConfigPolicy(hiveConf); } + /* (non-Javadoc) + * @see org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer#getHiveAuthorizationTranslator() + * + * No customization of this API is done for most Authorization implementations. It is meant + * to be used for special cases in Apache Sentry (incubating) + * + */ @Override - public List getHivePrincipals( - List principals) throws HiveException { - return AuthorizationUtils.getHivePrincipals(principals); + public HiveAuthorizationTranslator getHiveAuthorizationTranslator() throws HiveAuthzPluginException{ + return null; } - @Override - public List getHivePrivileges(List privileges) { - return AuthorizationUtils.getHivePrivileges(privileges); - } - - @Override - public HivePrivilegeObject getHivePrivilegeObject( - PrivilegeObjectDesc privSubjectDesc) throws HiveException { - return AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc); - } } http://git-wip-us.apache.org/repos/asf/hive/blob/1199754c/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java index c387800..c7f9e13 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveV1Authorizer.java @@ -37,9 +37,6 @@ import org.apache.hadoop.hive.metastore.api.RolePrincipalGrant; import org.apache.hadoop.hive.ql.metadata.Hive; import org.apache.hadoop.hive.ql.metadata.HiveException; import org.apache.hadoop.hive.ql.metadata.Table; -import org.apache.hadoop.hive.ql.plan.PrincipalDesc; -import org.apache.hadoop.hive.ql.plan.PrivilegeDesc; -import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc; import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils; import org.apache.hadoop.hive.ql.security.authorization.PrivilegeScope; import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessController; @@ -383,19 +380,10 @@ public class HiveV1Authorizer implements HiveAuthorizer { } @Override - public List getHivePrincipals( - List principals) throws HiveException { - return AuthorizationUtils.getHivePrincipals(principals); + public HiveAuthorizationTranslator getHiveAuthorizationTranslator() throws HiveAuthzPluginException { + // custom translator is not needed, so return null + return null; } - @Override - public List getHivePrivileges(List privileges) { - return AuthorizationUtils.getHivePrivileges(privileges); - } - @Override - public HivePrivilegeObject getHivePrivilegeObject( - PrivilegeObjectDesc privSubjectDesc) throws HiveException { - return AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc); - } }