sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s..@apache.org
Subject incubator-sentry git commit: SENTRY-997: Update HiveAuthorizer of Sentry after HiveAuthorizer interface changes (Dapeng Sun, reviewed by Colin Ma)
Date Wed, 03 Feb 2016 01:52:09 GMT
Repository: incubator-sentry
Updated Branches:
  refs/heads/master 7f123002c -> cda611aee


SENTRY-997: Update HiveAuthorizer of Sentry after HiveAuthorizer interface changes (Dapeng
Sun, reviewed by Colin Ma)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/cda611ae
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/cda611ae
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/cda611ae

Branch: refs/heads/master
Commit: cda611aee5f93862e1e3db3f27aa6e37672d1d91
Parents: 7f12300
Author: Sun Dapeng <sdp@apache.org>
Authored: Wed Feb 3 09:50:55 2016 +0800
Committer: Sun Dapeng <sdp@apache.org>
Committed: Wed Feb 3 09:50:55 2016 +0800

----------------------------------------------------------------------
 .../v2/authorizer/SentryHiveAuthorizer.java     | 53 +++++++++-----------
 1 file changed, 25 insertions(+), 28 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/cda611ae/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/SentryHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/SentryHiveAuthorizer.java
b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/SentryHiveAuthorizer.java
index 9d227b8..14b952f 100644
--- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/SentryHiveAuthorizer.java
+++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/authorizer/SentryHiveAuthorizer.java
@@ -19,11 +19,10 @@ import java.util.List;
 import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.ql.exec.SentryHivePrivilegeObjectDesc;
 import org.apache.hadoop.hive.ql.metadata.HiveException;
-import org.apache.hadoop.hive.ql.plan.PrincipalDesc;
-import org.apache.hadoop.hive.ql.plan.PrivilegeDesc;
 import org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc;
-import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
+import org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationTranslator;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizationTranslator;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
@@ -45,6 +44,8 @@ public class SentryHiveAuthorizer implements HiveAuthorizer {
 
   private SentryHiveAccessController accessController;
   private SentryHiveAuthorizationValidator authValidator;
+  static private HiveAuthorizationTranslator hiveTranslator =
+      new SentryHiveAuthorizationTranslator();
 
   public SentryHiveAuthorizer(SentryHiveAccessController accessController,
       SentryHiveAuthorizationValidator authValidator) {
@@ -152,31 +153,6 @@ public class SentryHiveAuthorizer implements HiveAuthorizer {
     return authValidator.filterListCmdObjects(listObjs, context);
   }
 
-  @Override
-  public List<HivePrincipal> getHivePrincipals(List<PrincipalDesc> principals)
throws HiveException {
-    return AuthorizationUtils.getHivePrincipals(principals);
-  }
-
-  @Override
-  public List<HivePrivilege> getHivePrivileges(List<PrivilegeDesc> privileges)
{
-    return AuthorizationUtils.getHivePrivileges(privileges);
-  }
-
-  @Override
-  public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc)
-      throws HiveException {
-    SentryHivePrivilegeObjectDesc sPrivSubjectDesc = null;
-    if (privSubjectDesc instanceof SentryHivePrivilegeObjectDesc) {
-      sPrivSubjectDesc = (SentryHivePrivilegeObjectDesc) privSubjectDesc;
-    }
-    if (sPrivSubjectDesc != null && sPrivSubjectDesc.isSentryPrivObjectDesc()) {
-      HivePrivilegeObjectType objectType = getPrivObjectType(sPrivSubjectDesc);
-      return new SentryHivePrivilegeObject(objectType, privSubjectDesc.getObject());
-    } else {
-      return AuthorizationUtils.getHivePrivilegeObject(privSubjectDesc);
-    }
-  }
-
   protected static HivePrivilegeObjectType getPrivObjectType(
       SentryHivePrivilegeObjectDesc privSubjectDesc) {
     if (privSubjectDesc.getObject() == null) {
@@ -192,4 +168,25 @@ public class SentryHiveAuthorizer implements HiveAuthorizer {
     }
   }
 
+  @Override
+  public Object getHiveAuthorizationTranslator() throws HiveAuthzPluginException {
+    return hiveTranslator;
+  }
+
+  private static class SentryHiveAuthorizationTranslator extends DefaultHiveAuthorizationTranslator
{
+
+    @Override
+    public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc)
+        throws HiveException {
+      if (privSubjectDesc != null && privSubjectDesc instanceof SentryHivePrivilegeObjectDesc)
{
+        SentryHivePrivilegeObjectDesc sPrivSubjectDesc =
+            (SentryHivePrivilegeObjectDesc) privSubjectDesc;
+        if (sPrivSubjectDesc.isSentryPrivObjectDesc()) {
+          HivePrivilegeObjectType objectType = getPrivObjectType(sPrivSubjectDesc);
+          return new SentryHivePrivilegeObject(objectType, privSubjectDesc.getObject());
+        }
+      }
+      return super.getHivePrivilegeObject(privSubjectDesc);
+    }
+  }
 }


Mime
View raw message