diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/DDLSemanticAnalyzerFactory.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/DDLSemanticAnalyzerFactory.java index bc93d753f855..efbd90f2c58f 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/DDLSemanticAnalyzerFactory.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/DDLSemanticAnalyzerFactory.java @@ -26,10 +26,13 @@ import java.util.Set; import org.apache.hadoop.hive.ql.QueryState; +import org.apache.hadoop.hive.ql.metadata.Hive; import org.apache.hadoop.hive.ql.parse.ASTNode; import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer; import org.reflections.Reflections; +import com.google.common.annotations.VisibleForTesting; + /** * Manages the DDL command analyzers. */ @@ -75,4 +78,17 @@ public static BaseSemanticAnalyzer getAnalyzer(ASTNode root, QueryState querySta throw new RuntimeException(e); } } + + @VisibleForTesting + public static BaseSemanticAnalyzer getAnalyzer(ASTNode root, QueryState queryState, Hive db) { + Class analyzerClass = TYPE_TO_ANALYZER.get(root.getType()); + try { + BaseSemanticAnalyzer analyzer = + analyzerClass.getConstructor(QueryState.class, Hive.class).newInstance(queryState, db); + return analyzer; + } catch (Exception e) { + e.printStackTrace(); + throw new RuntimeException(e); + } + } } diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/database/alter/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/database/alter/package-info.java index ef1627578559..1c780143777d 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/database/alter/package-info.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/database/alter/package-info.java @@ -16,5 +16,5 @@ * limitations under the License. */ -/** Alter Database DDL operation descriptions and operations. */ +/** Alter Database DDL operations. */ package org.apache.hadoop.hive.ql.ddl.database.alter; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/AbstractPrivilegeAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/AbstractPrivilegeAnalyzer.java new file mode 100644 index 000000000000..f6e5256d309f --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/AbstractPrivilegeAnalyzer.java @@ -0,0 +1,64 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.ddl.privilege; + +import java.lang.reflect.Constructor; + +import org.apache.hadoop.hive.conf.HiveConf; +import org.apache.hadoop.hive.ql.QueryState; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer; +import org.apache.hadoop.hive.ql.parse.SemanticException; +import org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory; +import org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl; + +import com.google.common.annotations.VisibleForTesting; + +/** + * Abstract analyzer for all privilege related commands. + */ +public abstract class AbstractPrivilegeAnalyzer extends BaseSemanticAnalyzer { + protected final HiveAuthorizationTaskFactory hiveAuthorizationTaskFactory; + + public AbstractPrivilegeAnalyzer(QueryState queryState) throws SemanticException { + super(queryState); + hiveAuthorizationTaskFactory = createAuthorizationTaskFactory(conf, db); + } + + @VisibleForTesting + public AbstractPrivilegeAnalyzer(QueryState queryState, Hive db) throws SemanticException { + super(queryState, db); + hiveAuthorizationTaskFactory = createAuthorizationTaskFactory(conf, db); + } + + private HiveAuthorizationTaskFactory createAuthorizationTaskFactory(HiveConf conf, Hive db) { + Class authProviderClass = conf.getClass( + HiveConf.ConfVars.HIVE_AUTHORIZATION_TASK_FACTORY.varname, HiveAuthorizationTaskFactoryImpl.class, + HiveAuthorizationTaskFactory.class); + + try { + Constructor constructor = + authProviderClass.getConstructor(HiveConf.class, Hive.class); + return constructor.newInstance(conf, db); + } catch (Exception e) { + throw new IllegalStateException( + "Unable to create instance of " + authProviderClass.getName() + ": " + e.getMessage(), e); + } + } +} diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/PrivilegeUtils.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/PrivilegeUtils.java index ad431454de8a..f0e38d5f26d3 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/PrivilegeUtils.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/PrivilegeUtils.java @@ -35,12 +35,12 @@ /** * Common utilities for Privilege related ddl operations. */ -final class PrivilegeUtils { +public final class PrivilegeUtils { private PrivilegeUtils() { throw new UnsupportedOperationException("PrivilegeUtils should not be instantiated"); } - static HiveAuthorizer getSessionAuthorizer(HiveConf conf) { + public static HiveAuthorizer getSessionAuthorizer(HiveConf conf) { HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2(); if (authorizer == null) { authorizer = new HiveV1Authorizer(conf); @@ -49,7 +49,7 @@ static HiveAuthorizer getSessionAuthorizer(HiveConf conf) { return authorizer; } - static void writeListToFileAfterSort(List entries, String resFile, DDLOperationContext context) + public static void writeListToFileAfterSort(List entries, String resFile, DDLOperationContext context) throws IOException { Collections.sort(entries); @@ -64,7 +64,7 @@ static void writeListToFileAfterSort(List entries, String resFile, DDLOp private static final HiveAuthorizationTranslator DEFAULT_AUTHORIZATION_TRANSLATOR = new DefaultHiveAuthorizationTranslator(); - static HiveAuthorizationTranslator getAuthorizationTranslator(HiveAuthorizer authorizer) + public static HiveAuthorizationTranslator getAuthorizationTranslator(HiveAuthorizer authorizer) throws HiveAuthzPluginException { if (authorizer.getHiveAuthorizationTranslator() == null) { return DEFAULT_AUTHORIZATION_TRANSLATOR; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/GrantAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/GrantAnalyzer.java new file mode 100644 index 000000000000..c16609bc51e3 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/GrantAnalyzer.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.ddl.privilege.grant; + +import org.apache.hadoop.hive.ql.QueryState; +import org.apache.hadoop.hive.ql.exec.Task; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory.DDLType; +import org.apache.hadoop.hive.ql.ddl.privilege.AbstractPrivilegeAnalyzer; +import org.apache.hadoop.hive.ql.parse.ASTNode; +import org.apache.hadoop.hive.ql.parse.HiveParser; +import org.apache.hadoop.hive.ql.parse.SemanticException; + +import com.google.common.annotations.VisibleForTesting; + +/** + * Analyzer for granting commands. + */ +@DDLType(type=HiveParser.TOK_GRANT) +public class GrantAnalyzer extends AbstractPrivilegeAnalyzer { + public GrantAnalyzer(QueryState queryState) throws SemanticException { + super(queryState); + } + + @VisibleForTesting + public GrantAnalyzer(QueryState queryState, Hive db) throws SemanticException { + super(queryState, db); + } + + @Override + public void analyzeInternal(ASTNode root) throws SemanticException { + Task task = hiveAuthorizationTaskFactory.createGrantTask(root, getInputs(), getOutputs()); + if (task != null) { + rootTasks.add(task); + } + } +} diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantDesc.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/GrantDesc.java similarity index 91% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/GrantDesc.java index 7182bd3d55fe..2f235f470f88 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantDesc.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/GrantDesc.java @@ -16,13 +16,16 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.grant; import java.io.Serializable; import java.util.List; import org.apache.hadoop.hive.metastore.api.PrincipalType; import org.apache.hadoop.hive.ql.ddl.DDLDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeObjectDesc; import org.apache.hadoop.hive.ql.plan.Explain; import org.apache.hadoop.hive.ql.plan.Explain.Level; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantOperation.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/GrantOperation.java similarity index 95% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantOperation.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/GrantOperation.java index 363e45a0e0d2..1216298ca672 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantOperation.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/GrantOperation.java @@ -16,9 +16,10 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.grant; import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeUtils; import java.util.List; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/package-info.java new file mode 100644 index 000000000000..e08339bd682a --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/package-info.java @@ -0,0 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** Granting DDL operation. */ +package org.apache.hadoop.hive.ql.ddl.privilege.grant; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/RevokeAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/RevokeAnalyzer.java new file mode 100644 index 000000000000..8fe16119b952 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/RevokeAnalyzer.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.ddl.privilege.revoke; + +import org.apache.hadoop.hive.ql.QueryState; +import org.apache.hadoop.hive.ql.exec.Task; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory.DDLType; +import org.apache.hadoop.hive.ql.ddl.privilege.AbstractPrivilegeAnalyzer; +import org.apache.hadoop.hive.ql.parse.ASTNode; +import org.apache.hadoop.hive.ql.parse.HiveParser; +import org.apache.hadoop.hive.ql.parse.SemanticException; + +import com.google.common.annotations.VisibleForTesting; + +/** + * Analyzer for revoke commands. + */ +@DDLType(type=HiveParser.TOK_REVOKE) +public class RevokeAnalyzer extends AbstractPrivilegeAnalyzer { + public RevokeAnalyzer(QueryState queryState) throws SemanticException { + super(queryState); + } + + @VisibleForTesting + public RevokeAnalyzer(QueryState queryState, Hive db) throws SemanticException { + super(queryState, db); + } + + @Override + public void analyzeInternal(ASTNode root) throws SemanticException { + Task task = hiveAuthorizationTaskFactory.createRevokeTask(root, getInputs(), getOutputs()); + if (task != null) { + rootTasks.add(task); + } + } +} diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeDesc.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/RevokeDesc.java similarity index 90% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/RevokeDesc.java index f0e3021e7d8e..8a61a024452a 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeDesc.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/RevokeDesc.java @@ -16,12 +16,15 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.revoke; import java.io.Serializable; import java.util.List; import org.apache.hadoop.hive.ql.ddl.DDLDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeObjectDesc; import org.apache.hadoop.hive.ql.plan.Explain; import org.apache.hadoop.hive.ql.plan.Explain.Level; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeOperation.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/RevokeOperation.java similarity index 95% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeOperation.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/RevokeOperation.java index 5bd7cdab9739..0d7839c91be0 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeOperation.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/RevokeOperation.java @@ -16,9 +16,10 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.revoke; import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeUtils; import java.util.List; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/package-info.java new file mode 100644 index 000000000000..5e37b6951d17 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/package-info.java @@ -0,0 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** Revoking DDL operation. */ +package org.apache.hadoop.hive.ql.ddl.privilege.revoke; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/create/CreateRoleAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/create/CreateRoleAnalyzer.java new file mode 100644 index 000000000000..d4975d16a91e --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/create/CreateRoleAnalyzer.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.ddl.privilege.role.create; + +import org.apache.hadoop.hive.ql.QueryState; +import org.apache.hadoop.hive.ql.exec.Task; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory.DDLType; +import org.apache.hadoop.hive.ql.ddl.privilege.AbstractPrivilegeAnalyzer; +import org.apache.hadoop.hive.ql.parse.ASTNode; +import org.apache.hadoop.hive.ql.parse.HiveParser; +import org.apache.hadoop.hive.ql.parse.SemanticException; + +import com.google.common.annotations.VisibleForTesting; + +/** + * Analyzer for role creation commands. + */ +@DDLType(type=HiveParser.TOK_CREATEROLE) +public class CreateRoleAnalyzer extends AbstractPrivilegeAnalyzer { + public CreateRoleAnalyzer(QueryState queryState) throws SemanticException { + super(queryState); + } + + @VisibleForTesting + public CreateRoleAnalyzer(QueryState queryState, Hive db) throws SemanticException { + super(queryState, db); + } + + @Override + public void analyzeInternal(ASTNode root) throws SemanticException { + Task task = hiveAuthorizationTaskFactory.createCreateRoleTask(root, getInputs(), getOutputs()); + if (task != null) { + rootTasks.add(task); + } + } +} diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/CreateRoleDesc.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/create/CreateRoleDesc.java similarity index 96% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/CreateRoleDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/create/CreateRoleDesc.java index 4c2e1ddf1691..7a5df3edf5c9 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/CreateRoleDesc.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/create/CreateRoleDesc.java @@ -16,7 +16,7 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.role.create; import java.io.Serializable; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/CreateRoleOperation.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/create/CreateRoleOperation.java similarity index 92% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/CreateRoleOperation.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/create/CreateRoleOperation.java index e09ba6472a6d..3bc4930626df 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/CreateRoleOperation.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/create/CreateRoleOperation.java @@ -16,10 +16,10 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.role.create; import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; - +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeUtils; import org.apache.hadoop.hive.ql.ddl.DDLOperation; import org.apache.hadoop.hive.ql.metadata.HiveException; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/create/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/create/package-info.java new file mode 100644 index 000000000000..6e958d7397a9 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/create/package-info.java @@ -0,0 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** Role creation DDL operation. */ +package org.apache.hadoop.hive.ql.ddl.privilege.role.create; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/drop/DropRoleAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/drop/DropRoleAnalyzer.java new file mode 100644 index 000000000000..0b2a848d1c54 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/drop/DropRoleAnalyzer.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.ddl.privilege.role.drop; + +import org.apache.hadoop.hive.ql.QueryState; +import org.apache.hadoop.hive.ql.exec.Task; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory.DDLType; +import org.apache.hadoop.hive.ql.ddl.privilege.AbstractPrivilegeAnalyzer; +import org.apache.hadoop.hive.ql.parse.ASTNode; +import org.apache.hadoop.hive.ql.parse.HiveParser; +import org.apache.hadoop.hive.ql.parse.SemanticException; + +import com.google.common.annotations.VisibleForTesting; + +/** + * Analyzer for role dropping commands. + */ +@DDLType(type=HiveParser.TOK_DROPROLE) +public class DropRoleAnalyzer extends AbstractPrivilegeAnalyzer { + public DropRoleAnalyzer(QueryState queryState) throws SemanticException { + super(queryState); + } + + @VisibleForTesting + public DropRoleAnalyzer(QueryState queryState, Hive db) throws SemanticException { + super(queryState, db); + } + + @Override + public void analyzeInternal(ASTNode root) throws SemanticException { + Task task = hiveAuthorizationTaskFactory.createDropRoleTask(root, getInputs(), getOutputs()); + if (task != null) { + rootTasks.add(task); + } + } +} diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/DropRoleDesc.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/drop/DropRoleDesc.java similarity index 96% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/DropRoleDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/drop/DropRoleDesc.java index 671a0e72b85b..3280585a23a0 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/DropRoleDesc.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/drop/DropRoleDesc.java @@ -16,7 +16,7 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.role.drop; import java.io.Serializable; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/DropRoleOperation.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/drop/DropRoleOperation.java similarity index 92% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/DropRoleOperation.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/drop/DropRoleOperation.java index 096069817a8e..c2f8f57686c0 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/DropRoleOperation.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/drop/DropRoleOperation.java @@ -16,10 +16,10 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.role.drop; import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; - +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeUtils; import org.apache.hadoop.hive.ql.ddl.DDLOperation; import org.apache.hadoop.hive.ql.metadata.HiveException; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/drop/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/drop/package-info.java new file mode 100644 index 000000000000..37f9eae3c9db --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/drop/package-info.java @@ -0,0 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** Role dropping DDL operation. */ +package org.apache.hadoop.hive.ql.ddl.privilege.role.drop; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/grant/GrantRoleAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/grant/GrantRoleAnalyzer.java new file mode 100644 index 000000000000..d845c434119a --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/grant/GrantRoleAnalyzer.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.ddl.privilege.role.grant; + +import org.apache.hadoop.hive.ql.QueryState; +import org.apache.hadoop.hive.ql.exec.Task; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory.DDLType; +import org.apache.hadoop.hive.ql.ddl.privilege.AbstractPrivilegeAnalyzer; +import org.apache.hadoop.hive.ql.parse.ASTNode; +import org.apache.hadoop.hive.ql.parse.HiveParser; +import org.apache.hadoop.hive.ql.parse.SemanticException; + +import com.google.common.annotations.VisibleForTesting; + +/** + * Analyzer for granting to role commands. + */ +@DDLType(type=HiveParser.TOK_GRANT_ROLE) +public class GrantRoleAnalyzer extends AbstractPrivilegeAnalyzer { + public GrantRoleAnalyzer(QueryState queryState) throws SemanticException { + super(queryState); + } + + @VisibleForTesting + public GrantRoleAnalyzer(QueryState queryState, Hive db) throws SemanticException { + super(queryState, db); + } + + @Override + public void analyzeInternal(ASTNode root) throws SemanticException { + Task task = hiveAuthorizationTaskFactory.createGrantRoleTask(root, getInputs(), getOutputs()); + if (task != null) { + rootTasks.add(task); + } + } +} diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantRoleDesc.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/grant/GrantRoleDesc.java similarity index 94% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantRoleDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/grant/GrantRoleDesc.java index ec1215492529..3794a70c4bed 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantRoleDesc.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/grant/GrantRoleDesc.java @@ -16,11 +16,12 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.role.grant; import java.util.List; import org.apache.hadoop.hive.ql.ddl.DDLDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; import org.apache.hadoop.hive.ql.plan.Explain; import org.apache.hadoop.hive.ql.plan.Explain.Level; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantRoleOperation.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/grant/GrantRoleOperation.java similarity index 94% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantRoleOperation.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/grant/GrantRoleOperation.java index 44139066172d..a8d6a9281f62 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/GrantRoleOperation.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/grant/GrantRoleOperation.java @@ -16,9 +16,10 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.role.grant; import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeUtils; import java.util.List; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/grant/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/grant/package-info.java new file mode 100644 index 000000000000..68b215a7c823 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/grant/package-info.java @@ -0,0 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** Granting to role DDL operation. */ +package org.apache.hadoop.hive.ql.ddl.privilege.role.grant; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/revoke/RevokeRoleAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/revoke/RevokeRoleAnalyzer.java new file mode 100644 index 000000000000..21f71cb6300c --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/revoke/RevokeRoleAnalyzer.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.ddl.privilege.role.revoke; + +import org.apache.hadoop.hive.ql.QueryState; +import org.apache.hadoop.hive.ql.exec.Task; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory.DDLType; +import org.apache.hadoop.hive.ql.ddl.privilege.AbstractPrivilegeAnalyzer; +import org.apache.hadoop.hive.ql.parse.ASTNode; +import org.apache.hadoop.hive.ql.parse.HiveParser; +import org.apache.hadoop.hive.ql.parse.SemanticException; + +import com.google.common.annotations.VisibleForTesting; + +/** + * Analyzer for revoking from role commands. + */ +@DDLType(type=HiveParser.TOK_REVOKE_ROLE) +public class RevokeRoleAnalyzer extends AbstractPrivilegeAnalyzer { + public RevokeRoleAnalyzer(QueryState queryState) throws SemanticException { + super(queryState); + } + + @VisibleForTesting + public RevokeRoleAnalyzer(QueryState queryState, Hive db) throws SemanticException { + super(queryState, db); + } + + @Override + public void analyzeInternal(ASTNode root) throws SemanticException { + Task task = hiveAuthorizationTaskFactory.createRevokeRoleTask(root, getInputs(), getOutputs()); + if (task != null) { + rootTasks.add(task); + } + } +} diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeRoleDesc.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/revoke/RevokeRoleDesc.java similarity index 94% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeRoleDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/revoke/RevokeRoleDesc.java index 5282789adaa9..7871303c226f 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeRoleDesc.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/revoke/RevokeRoleDesc.java @@ -16,11 +16,12 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.role.revoke; import java.util.List; import org.apache.hadoop.hive.ql.ddl.DDLDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; import org.apache.hadoop.hive.ql.plan.Explain; import org.apache.hadoop.hive.ql.plan.Explain.Level; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeRoleOperation.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/revoke/RevokeRoleOperation.java similarity index 94% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeRoleOperation.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/revoke/RevokeRoleOperation.java index 4828dc8d2b96..71d2ad0170a4 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/RevokeRoleOperation.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/revoke/RevokeRoleOperation.java @@ -16,9 +16,10 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.role.revoke; import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeUtils; import java.util.List; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/revoke/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/revoke/package-info.java new file mode 100644 index 000000000000..89213a6daa22 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/revoke/package-info.java @@ -0,0 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** Revoking from role DDL operation. */ +package org.apache.hadoop.hive.ql.ddl.privilege.role.revoke; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/set/SetRoleAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/set/SetRoleAnalyzer.java new file mode 100644 index 000000000000..39d887c7a55f --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/set/SetRoleAnalyzer.java @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.ddl.privilege.role.set; + +import org.apache.hadoop.hive.ql.QueryState; +import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory.DDLType; +import org.apache.hadoop.hive.ql.ddl.privilege.AbstractPrivilegeAnalyzer; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.parse.ASTNode; +import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer; +import org.apache.hadoop.hive.ql.parse.HiveParser; +import org.apache.hadoop.hive.ql.parse.SemanticException; + +import com.google.common.annotations.VisibleForTesting; + +/** + * Analyzer for setting a role commands. + */ +@DDLType(type=HiveParser.TOK_SET_ROLE) +public class SetRoleAnalyzer extends AbstractPrivilegeAnalyzer { + public SetRoleAnalyzer(QueryState queryState) throws SemanticException { + super(queryState); + } + + @VisibleForTesting + public SetRoleAnalyzer(QueryState queryState, Hive db) throws SemanticException { + super(queryState, db); + } + + @Override + public void analyzeInternal(ASTNode root) throws SemanticException { + String roleName = BaseSemanticAnalyzer.unescapeIdentifier(root.getChild(0).getText()); + rootTasks.add(hiveAuthorizationTaskFactory.createSetRoleTask(roleName, getInputs(), getOutputs())); + } +} diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/SetRoleDesc.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/set/SetRoleDesc.java similarity index 96% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/SetRoleDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/set/SetRoleDesc.java index 124fd1d40daa..417cd94053a0 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/SetRoleDesc.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/set/SetRoleDesc.java @@ -16,7 +16,7 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.role.set; import java.io.Serializable; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/SetRoleOperation.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/set/SetRoleOperation.java similarity index 92% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/SetRoleOperation.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/set/SetRoleOperation.java index 816917578900..4e43865e0587 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/SetRoleOperation.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/set/SetRoleOperation.java @@ -16,10 +16,10 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.role.set; import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; - +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeUtils; import org.apache.hadoop.hive.ql.ddl.DDLOperation; import org.apache.hadoop.hive.ql.metadata.HiveException; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/set/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/set/package-info.java new file mode 100644 index 000000000000..9223f8275e92 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/set/package-info.java @@ -0,0 +1,21 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** Setting role DDL operation. + */ +package org.apache.hadoop.hive.ql.ddl.privilege.role.set; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/show/ShowRolesAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/show/ShowRolesAnalyzer.java new file mode 100644 index 000000000000..20860fd8828e --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/show/ShowRolesAnalyzer.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.ddl.privilege.role.show; + +import org.apache.hadoop.hive.ql.QueryState; +import org.apache.hadoop.hive.ql.exec.Task; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory.DDLType; +import org.apache.hadoop.hive.ql.ddl.privilege.AbstractPrivilegeAnalyzer; +import org.apache.hadoop.hive.ql.parse.ASTNode; +import org.apache.hadoop.hive.ql.parse.HiveParser; +import org.apache.hadoop.hive.ql.parse.SemanticException; + +import com.google.common.annotations.VisibleForTesting; + +/** + * Analyzer for showing roles commands. + */ +@DDLType(type=HiveParser.TOK_SHOW_ROLES) +public class ShowRolesAnalyzer extends AbstractPrivilegeAnalyzer { + public ShowRolesAnalyzer(QueryState queryState) throws SemanticException { + super(queryState); + } + + @VisibleForTesting + public ShowRolesAnalyzer(QueryState queryState, Hive db) throws SemanticException { + super(queryState, db); + } + + @Override + public void analyzeInternal(ASTNode root) throws SemanticException { + ctx.setResFile(ctx.getLocalTmpPath()); + Task task = hiveAuthorizationTaskFactory.createShowRolesTask(root, ctx.getResFile(), getInputs(), + getOutputs()); + if (task != null) { + rootTasks.add(task); + + task.setFetchSource(true); + setFetchTask(createFetchTask(ShowRolesDesc.SCHEMA)); + } + } +} diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRolesDesc.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/show/ShowRolesDesc.java similarity index 96% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRolesDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/show/ShowRolesDesc.java index d4eeba4bbb58..d78a3d22e94d 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRolesDesc.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/show/ShowRolesDesc.java @@ -16,7 +16,7 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.role.show; import java.io.Serializable; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRolesOperation.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/show/ShowRolesOperation.java similarity index 93% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRolesOperation.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/show/ShowRolesOperation.java index 412e0ec1f2f1..97797a69292a 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRolesOperation.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/show/ShowRolesOperation.java @@ -16,9 +16,10 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.role.show; import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeUtils; import java.io.IOException; import java.util.List; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/show/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/show/package-info.java new file mode 100644 index 000000000000..1f0b1cf533b5 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/show/package-info.java @@ -0,0 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** Role showing DDL operation. */ +package org.apache.hadoop.hive.ql.ddl.privilege.role.show; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/showcurrent/ShowCurrentRoleAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/showcurrent/ShowCurrentRoleAnalyzer.java new file mode 100644 index 000000000000..57823c7f56eb --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/showcurrent/ShowCurrentRoleAnalyzer.java @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.ddl.privilege.role.showcurrent; + +import java.io.Serializable; + +import org.apache.hadoop.hive.ql.QueryState; +import org.apache.hadoop.hive.ql.exec.Task; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory.DDLType; +import org.apache.hadoop.hive.ql.ddl.privilege.AbstractPrivilegeAnalyzer; +import org.apache.hadoop.hive.ql.ddl.privilege.role.show.ShowRolesDesc; +import org.apache.hadoop.hive.ql.parse.ASTNode; +import org.apache.hadoop.hive.ql.parse.HiveParser; +import org.apache.hadoop.hive.ql.parse.SemanticException; + +import com.google.common.annotations.VisibleForTesting; + +/** + * Analyzer for showing the current role command. + */ +@DDLType(type=HiveParser.TOK_SHOW_CURRENT_ROLE) +public class ShowCurrentRoleAnalyzer extends AbstractPrivilegeAnalyzer { + public ShowCurrentRoleAnalyzer(QueryState queryState) throws SemanticException { + super(queryState); + } + + @VisibleForTesting + public ShowCurrentRoleAnalyzer(QueryState queryState, Hive db) throws SemanticException { + super(queryState, db); + } + + @Override + public void analyzeInternal(ASTNode root) throws SemanticException { + ctx.setResFile(ctx.getLocalTmpPath()); + Task task = + hiveAuthorizationTaskFactory.createShowCurrentRoleTask(getInputs(), getOutputs(), ctx.getResFile()); + rootTasks.add(task); + + task.setFetchSource(true); + setFetchTask(createFetchTask(ShowRolesDesc.SCHEMA)); + } +} diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowCurrentRoleDesc.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/showcurrent/ShowCurrentRoleDesc.java similarity index 95% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowCurrentRoleDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/showcurrent/ShowCurrentRoleDesc.java index 53743cd20570..ce3aa7469e8c 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowCurrentRoleDesc.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/showcurrent/ShowCurrentRoleDesc.java @@ -16,7 +16,7 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.role.showcurrent; import java.io.Serializable; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowCurrentRoleOperation.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/showcurrent/ShowCurrentRoleOperation.java similarity index 92% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowCurrentRoleOperation.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/showcurrent/ShowCurrentRoleOperation.java index 7f70baed29be..d625c2b4b06d 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowCurrentRoleOperation.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/showcurrent/ShowCurrentRoleOperation.java @@ -16,9 +16,10 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.role.showcurrent; import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeUtils; import java.io.IOException; import java.util.List; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/showcurrent/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/showcurrent/package-info.java new file mode 100644 index 000000000000..f8f314f676f7 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/showcurrent/package-info.java @@ -0,0 +1,21 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** Show current role DDL operation. + */ +package org.apache.hadoop.hive.ql.ddl.privilege.role.showcurrent; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/grant/ShowGrantAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/grant/ShowGrantAnalyzer.java new file mode 100644 index 000000000000..8b0f51c53ce7 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/grant/ShowGrantAnalyzer.java @@ -0,0 +1,57 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.ddl.privilege.show.grant; + +import org.apache.hadoop.hive.ql.QueryState; +import org.apache.hadoop.hive.ql.exec.Task; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory.DDLType; +import org.apache.hadoop.hive.ql.ddl.privilege.AbstractPrivilegeAnalyzer; +import org.apache.hadoop.hive.ql.parse.ASTNode; +import org.apache.hadoop.hive.ql.parse.HiveParser; +import org.apache.hadoop.hive.ql.parse.SemanticException; + +import com.google.common.annotations.VisibleForTesting; + +/** + * Analyzer for showing grant commands. + */ +@DDLType(type=HiveParser.TOK_SHOW_GRANT) +public class ShowGrantAnalyzer extends AbstractPrivilegeAnalyzer { + public ShowGrantAnalyzer(QueryState queryState) throws SemanticException { + super(queryState); + } + + @VisibleForTesting + public ShowGrantAnalyzer(QueryState queryState, Hive db) throws SemanticException { + super(queryState, db); + } + + @Override + public void analyzeInternal(ASTNode root) throws SemanticException { + ctx.setResFile(ctx.getLocalTmpPath()); + Task task = hiveAuthorizationTaskFactory.createShowGrantTask(root, ctx.getResFile(), getInputs(), getOutputs()); + if (task != null) { + rootTasks.add(task); + + task.setFetchSource(true); + setFetchTask(createFetchTask(ShowGrantDesc.SCHEMA)); + } + } +} diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowGrantDesc.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/grant/ShowGrantDesc.java similarity index 91% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowGrantDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/grant/ShowGrantDesc.java index 8a2438a71d97..30fe4c4f6ab3 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowGrantDesc.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/grant/ShowGrantDesc.java @@ -16,9 +16,11 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.show.grant; import org.apache.hadoop.hive.ql.ddl.DDLDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeObjectDesc; import org.apache.hadoop.hive.ql.plan.Explain; import org.apache.hadoop.hive.ql.plan.Explain.Level; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowGrantOperation.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/grant/ShowGrantOperation.java similarity index 97% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowGrantOperation.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/grant/ShowGrantOperation.java index d1320a94d7f7..46f62a7be785 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowGrantOperation.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/grant/ShowGrantOperation.java @@ -16,10 +16,11 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.show.grant; import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; import org.apache.hadoop.hive.ql.ddl.DDLUtils; +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeUtils; import java.io.IOException; import java.util.Collections; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/grant/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/grant/package-info.java new file mode 100644 index 000000000000..e5beecafc842 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/grant/package-info.java @@ -0,0 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** Grant showing DDL operation. */ +package org.apache.hadoop.hive.ql.ddl.privilege.show.grant; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/principals/ShowPrincipalsAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/principals/ShowPrincipalsAnalyzer.java new file mode 100644 index 000000000000..7cdeef1abbcc --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/principals/ShowPrincipalsAnalyzer.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.ddl.privilege.show.principals; + +import org.apache.hadoop.hive.ql.QueryState; +import org.apache.hadoop.hive.ql.exec.Task; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory.DDLType; +import org.apache.hadoop.hive.ql.ddl.privilege.AbstractPrivilegeAnalyzer; +import org.apache.hadoop.hive.ql.parse.ASTNode; +import org.apache.hadoop.hive.ql.parse.HiveParser; +import org.apache.hadoop.hive.ql.parse.SemanticException; + +import com.google.common.annotations.VisibleForTesting; + +/** + * Analyzer for showing principals commands. + */ +@DDLType(type=HiveParser.TOK_SHOW_ROLE_PRINCIPALS) +public class ShowPrincipalsAnalyzer extends AbstractPrivilegeAnalyzer { + public ShowPrincipalsAnalyzer(QueryState queryState) throws SemanticException { + super(queryState); + } + + @VisibleForTesting + public ShowPrincipalsAnalyzer(QueryState queryState, Hive db) throws SemanticException { + super(queryState, db); + } + + @Override + public void analyzeInternal(ASTNode root) throws SemanticException { + ctx.setResFile(ctx.getLocalTmpPath()); + Task task = hiveAuthorizationTaskFactory.createShowRolePrincipalsTask(root, ctx.getResFile(), getInputs(), + getOutputs()); + if (task != null) { + rootTasks.add(task); + + task.setFetchSource(true); + setFetchTask(createFetchTask(ShowPrincipalsDesc.SCHEMA)); + } + } +} diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowPrincipalsDesc.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/principals/ShowPrincipalsDesc.java similarity index 96% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowPrincipalsDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/principals/ShowPrincipalsDesc.java index 0db1348addd2..7f6d3359f53c 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowPrincipalsDesc.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/principals/ShowPrincipalsDesc.java @@ -16,7 +16,7 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.show.principals; import java.io.Serializable; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowPrincipalsOperation.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/principals/ShowPrincipalsOperation.java similarity index 95% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowPrincipalsOperation.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/principals/ShowPrincipalsOperation.java index 2343f6d0f221..ab30f2d0f952 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowPrincipalsOperation.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/principals/ShowPrincipalsOperation.java @@ -16,10 +16,11 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.show.principals; import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; import org.apache.hadoop.hive.ql.ddl.DDLUtils; +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeUtils; import java.io.IOException; import java.util.Collections; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/principals/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/principals/package-info.java new file mode 100644 index 000000000000..0e27d31b5b67 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/principals/package-info.java @@ -0,0 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** Principal showing DDL operation. */ +package org.apache.hadoop.hive.ql.ddl.privilege.show.principals; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/rolegrant/ShowRoleGrantAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/rolegrant/ShowRoleGrantAnalyzer.java new file mode 100644 index 000000000000..2e093e7a74a0 --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/rolegrant/ShowRoleGrantAnalyzer.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.ql.ddl.privilege.show.rolegrant; + +import org.apache.hadoop.hive.ql.QueryState; +import org.apache.hadoop.hive.ql.exec.Task; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory.DDLType; +import org.apache.hadoop.hive.ql.ddl.privilege.AbstractPrivilegeAnalyzer; +import org.apache.hadoop.hive.ql.parse.ASTNode; +import org.apache.hadoop.hive.ql.parse.HiveParser; +import org.apache.hadoop.hive.ql.parse.SemanticException; + +import com.google.common.annotations.VisibleForTesting; + +/** + * Analyzer for showing role grant commands. + */ +@DDLType(type=HiveParser.TOK_SHOW_ROLE_GRANT) +public class ShowRoleGrantAnalyzer extends AbstractPrivilegeAnalyzer { + public ShowRoleGrantAnalyzer(QueryState queryState) throws SemanticException { + super(queryState); + } + + @VisibleForTesting + public ShowRoleGrantAnalyzer(QueryState queryState, Hive db) throws SemanticException { + super(queryState, db); + } + + @Override + public void analyzeInternal(ASTNode root) throws SemanticException { + ctx.setResFile(ctx.getLocalTmpPath()); + Task task = hiveAuthorizationTaskFactory.createShowRoleGrantTask(root, ctx.getResFile(), getInputs(), + getOutputs()); + if (task != null) { + rootTasks.add(task); + + task.setFetchSource(true); + setFetchTask(createFetchTask(ShowRoleGrantDesc.SCHEMA)); + } + } +} diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRoleGrantDesc.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/rolegrant/ShowRoleGrantDesc.java similarity index 96% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRoleGrantDesc.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/rolegrant/ShowRoleGrantDesc.java index 713fc53ba804..ab4433d078d4 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRoleGrantDesc.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/rolegrant/ShowRoleGrantDesc.java @@ -16,7 +16,7 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.show.rolegrant; import java.io.Serializable; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRoleGrantOperation.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/rolegrant/ShowRoleGrantOperation.java similarity index 95% rename from ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRoleGrantOperation.java rename to ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/rolegrant/ShowRoleGrantOperation.java index 88ddf1ef08d9..b83da181ab6f 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/ShowRoleGrantOperation.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/rolegrant/ShowRoleGrantOperation.java @@ -16,10 +16,11 @@ * limitations under the License. */ -package org.apache.hadoop.hive.ql.ddl.privilege; +package org.apache.hadoop.hive.ql.ddl.privilege.show.rolegrant; import org.apache.hadoop.hive.ql.ddl.DDLOperationContext; import org.apache.hadoop.hive.ql.ddl.DDLUtils; +import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeUtils; import java.io.IOException; import java.util.Collections; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/rolegrant/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/rolegrant/package-info.java new file mode 100644 index 000000000000..ccef832a89ed --- /dev/null +++ b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/show/rolegrant/package-info.java @@ -0,0 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** Role grant showing DDL operation. */ +package org.apache.hadoop.hive.ql.ddl.privilege.show.rolegrant; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java index 4ef33dc5d0dc..4170d43e45cf 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java @@ -19,8 +19,6 @@ package org.apache.hadoop.hive.ql.parse; import java.io.FileNotFoundException; -import java.lang.reflect.Constructor; -import java.lang.reflect.InvocationTargetException; import java.net.URI; import java.net.URISyntaxException; import java.util.ArrayList; @@ -74,10 +72,6 @@ import org.apache.hadoop.hive.ql.ddl.misc.MsckDesc; import org.apache.hadoop.hive.ql.ddl.misc.ShowConfDesc; import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowGrantDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowPrincipalsDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowRoleGrantDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowRolesDesc; import org.apache.hadoop.hive.ql.ddl.process.AbortTransactionsDesc; import org.apache.hadoop.hive.ql.ddl.process.KillQueriesDesc; import org.apache.hadoop.hive.ql.ddl.process.ShowCompactionsDesc; @@ -172,8 +166,6 @@ import org.apache.hadoop.hive.ql.metadata.Partition; import org.apache.hadoop.hive.ql.metadata.Table; import org.apache.hadoop.hive.ql.parse.authorization.AuthorizationParseUtils; -import org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory; -import org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl; import org.apache.hadoop.hive.ql.plan.BasicStatsWork; import org.apache.hadoop.hive.ql.plan.ColumnStatsUpdateWork; import org.apache.hadoop.hive.ql.plan.ExprNodeColumnDesc; @@ -217,7 +209,6 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { private static final Map TokenToTypeName = new HashMap(); private final Set reservedPartitionValues; - private final HiveAuthorizationTaskFactory hiveAuthorizationTaskFactory; private WriteEntity alterTableOutput; // Equivalent to acidSinks, but for DDL operations that change data. private DDLDescWithWriteId ddlDescWithWriteId; @@ -290,7 +281,6 @@ public DDLSemanticAnalyzer(QueryState queryState, Hive db) throws SemanticExcept reservedPartitionValues.add(HiveConf.getVar(conf, ConfVars.METASTORE_INT_ORIGINAL)); reservedPartitionValues.add(HiveConf.getVar(conf, ConfVars.METASTORE_INT_ARCHIVED)); reservedPartitionValues.add(HiveConf.getVar(conf, ConfVars.METASTORE_INT_EXTRACTED)); - hiveAuthorizationTaskFactory = createAuthorizationTaskFactory(conf, db); } @Override @@ -491,43 +481,6 @@ public void analyzeInternal(ASTNode input) throws SemanticException { case HiveParser.TOK_UNLOCKTABLE: analyzeUnlockTable(ast); break; - case HiveParser.TOK_CREATEROLE: - analyzeCreateRole(ast); - break; - case HiveParser.TOK_DROPROLE: - analyzeDropRole(ast); - break; - case HiveParser.TOK_SHOW_ROLE_GRANT: - ctx.setResFile(ctx.getLocalTmpPath()); - analyzeShowRoleGrant(ast); - break; - case HiveParser.TOK_SHOW_ROLE_PRINCIPALS: - ctx.setResFile(ctx.getLocalTmpPath()); - analyzeShowRolePrincipals(ast); - break; - case HiveParser.TOK_SHOW_ROLES: - ctx.setResFile(ctx.getLocalTmpPath()); - analyzeShowRoles(ast); - break; - case HiveParser.TOK_GRANT_ROLE: - analyzeGrantRevokeRole(true, ast); - break; - case HiveParser.TOK_REVOKE_ROLE: - analyzeGrantRevokeRole(false, ast); - break; - case HiveParser.TOK_GRANT: - analyzeGrant(ast); - break; - case HiveParser.TOK_SHOW_GRANT: - ctx.setResFile(ctx.getLocalTmpPath()); - analyzeShowGrant(ast); - break; - case HiveParser.TOK_REVOKE: - analyzeRevoke(ast); - break; - case HiveParser.TOK_SHOW_SET_ROLE: - analyzeSetShowRole(ast); - break; case HiveParser.TOK_CACHE_METADATA: analyzeCacheMetadata(ast); break; @@ -638,106 +591,6 @@ private void analyzeAlterTableUpdateStats(ASTNode ast, String tblName, Map task; - if(grant) { - task = hiveAuthorizationTaskFactory.createGrantRoleTask(ast, getInputs(), getOutputs()); - } else { - task = hiveAuthorizationTaskFactory.createRevokeRoleTask(ast, getInputs(), getOutputs()); - } - if(task != null) { - rootTasks.add(task); - } - } - - private void analyzeShowGrant(ASTNode ast) throws SemanticException { - Task task = hiveAuthorizationTaskFactory. - createShowGrantTask(ast, ctx.getResFile(), getInputs(), getOutputs()); - if(task != null) { - rootTasks.add(task); - setFetchTask(createFetchTask(ShowGrantDesc.SCHEMA)); - } - } - - private void analyzeGrant(ASTNode ast) throws SemanticException { - Task task = hiveAuthorizationTaskFactory. - createGrantTask(ast, getInputs(), getOutputs()); - if(task != null) { - rootTasks.add(task); - } - } - - private void analyzeRevoke(ASTNode ast) throws SemanticException { - Task task = hiveAuthorizationTaskFactory. - createRevokeTask(ast, getInputs(), getOutputs()); - if(task != null) { - rootTasks.add(task); - } - } - - private void analyzeCreateRole(ASTNode ast) throws SemanticException { - Task task = hiveAuthorizationTaskFactory. - createCreateRoleTask(ast, getInputs(), getOutputs()); - if(task != null) { - rootTasks.add(task); - } - } - - private void analyzeDropRole(ASTNode ast) throws SemanticException { - Task task = hiveAuthorizationTaskFactory. - createDropRoleTask(ast, getInputs(), getOutputs()); - if(task != null) { - rootTasks.add(task); - } - } - - private void analyzeShowRoleGrant(ASTNode ast) throws SemanticException { - Task task = hiveAuthorizationTaskFactory. - createShowRoleGrantTask(ast, ctx.getResFile(), getInputs(), getOutputs()); - if(task != null) { - rootTasks.add(task); - setFetchTask(createFetchTask(ShowRoleGrantDesc.SCHEMA)); - } - } - - private void analyzeShowRolePrincipals(ASTNode ast) throws SemanticException { - Task roleDDLTask = (Task) hiveAuthorizationTaskFactory - .createShowRolePrincipalsTask(ast, ctx.getResFile(), getInputs(), getOutputs()); - - if (roleDDLTask != null) { - rootTasks.add(roleDDLTask); - setFetchTask(createFetchTask(ShowPrincipalsDesc.SCHEMA)); - } - } - - private void analyzeShowRoles(ASTNode ast) throws SemanticException { - @SuppressWarnings("unchecked") - Task roleDDLTask = (Task) hiveAuthorizationTaskFactory - .createShowRolesTask(ast, ctx.getResFile(), getInputs(), getOutputs()); - - if (roleDDLTask != null) { - rootTasks.add(roleDDLTask); - setFetchTask(createFetchTask(ShowRolesDesc.SCHEMA)); - } - } - private void analyzeExchangePartition(String[] qualified, ASTNode ast) throws SemanticException { Table destTable = getTable(qualified); Table sourceTable = getTable(getUnescapedName((ASTNode)ast.getChild(1))); @@ -3960,31 +3813,6 @@ private void validateSkewedLocationString(String newLocation) throws SemanticExc } } - private HiveAuthorizationTaskFactory createAuthorizationTaskFactory(HiveConf conf, Hive db) { - Class authProviderClass = conf. - getClass(HiveConf.ConfVars.HIVE_AUTHORIZATION_TASK_FACTORY.varname, - HiveAuthorizationTaskFactoryImpl.class, - HiveAuthorizationTaskFactory.class); - String msg = "Unable to create instance of " + authProviderClass.getName() + ": "; - try { - Constructor constructor = - authProviderClass.getConstructor(HiveConf.class, Hive.class); - return constructor.newInstance(conf, db); - } catch (NoSuchMethodException e) { - throw new IllegalStateException(msg + e.getMessage(), e); - } catch (SecurityException e) { - throw new IllegalStateException(msg + e.getMessage(), e); - } catch (InstantiationException e) { - throw new IllegalStateException(msg + e.getMessage(), e); - } catch (IllegalAccessException e) { - throw new IllegalStateException(msg + e.getMessage(), e); - } catch (IllegalArgumentException e) { - throw new IllegalStateException(msg + e.getMessage(), e); - } catch (InvocationTargetException e) { - throw new IllegalStateException(msg + e.getMessage(), e); - } - } - private void analyzeAlterMaterializedViewRewrite(String fqMvName, ASTNode ast) throws SemanticException { // Value for the flag boolean enableFlag; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g index 73f1804e8cee..80ac76240198 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g @@ -321,9 +321,10 @@ TOK_PRIV_OBJECT; TOK_PRIV_OBJECT_COL; TOK_GRANT_ROLE; TOK_REVOKE_ROLE; +TOK_SET_ROLE; TOK_SHOW_ROLE_GRANT; TOK_SHOW_ROLES; -TOK_SHOW_SET_ROLE; +TOK_SHOW_CURRENT_ROLE; TOK_SHOW_ROLE_PRINCIPALS; TOK_SHOWDBLOCKS; TOK_DESCDATABASE; @@ -1750,7 +1751,7 @@ showCurrentRole @init {pushMsg("show current role", state);} @after {popMsg(state);} : KW_SHOW KW_CURRENT KW_ROLES - -> ^(TOK_SHOW_SET_ROLE) + -> ^(TOK_SHOW_CURRENT_ROLE) ; setRole @@ -1758,11 +1759,11 @@ setRole @after {popMsg(state);} : KW_SET KW_ROLE ( - (KW_ALL) => (all=KW_ALL) -> ^(TOK_SHOW_SET_ROLE Identifier[$all.text]) + (KW_ALL) => (all=KW_ALL) -> ^(TOK_SET_ROLE Identifier[$all.text]) | - (KW_NONE) => (none=KW_NONE) -> ^(TOK_SHOW_SET_ROLE Identifier[$none.text]) + (KW_NONE) => (none=KW_NONE) -> ^(TOK_SET_ROLE Identifier[$none.text]) | - identifier -> ^(TOK_SHOW_SET_ROLE identifier) + identifier -> ^(TOK_SET_ROLE identifier) ) ; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java b/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java index 3afead037825..5af2ee7cef2a 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java @@ -113,7 +113,8 @@ public final class SemanticAnalyzerFactory { commandType.put(HiveParser.TOK_GRANT_ROLE, HiveOperation.GRANT_ROLE); commandType.put(HiveParser.TOK_REVOKE_ROLE, HiveOperation.REVOKE_ROLE); commandType.put(HiveParser.TOK_SHOW_ROLES, HiveOperation.SHOW_ROLES); - commandType.put(HiveParser.TOK_SHOW_SET_ROLE, HiveOperation.SHOW_ROLES); + commandType.put(HiveParser.TOK_SET_ROLE, HiveOperation.SHOW_ROLES); + commandType.put(HiveParser.TOK_SHOW_CURRENT_ROLE, HiveOperation.SHOW_ROLES); commandType.put(HiveParser.TOK_SHOW_ROLE_PRINCIPALS, HiveOperation.SHOW_ROLE_PRINCIPALS); commandType.put(HiveParser.TOK_SHOW_ROLE_GRANT, HiveOperation.SHOW_ROLE_GRANT); commandType.put(HiveParser.TOK_ALTERDATABASE_PROPERTIES, HiveOperation.ALTERDATABASE); @@ -318,18 +319,7 @@ private static BaseSemanticAnalyzer getInternal(QueryState queryState, ASTNode t case HiveParser.TOK_ALTERTABLE_CLUSTER_SORT: case HiveParser.TOK_LOCKTABLE: case HiveParser.TOK_UNLOCKTABLE: - case HiveParser.TOK_CREATEROLE: - case HiveParser.TOK_DROPROLE: - case HiveParser.TOK_GRANT: - case HiveParser.TOK_REVOKE: - case HiveParser.TOK_SHOW_GRANT: - case HiveParser.TOK_GRANT_ROLE: - case HiveParser.TOK_REVOKE_ROLE: - case HiveParser.TOK_SHOW_ROLE_GRANT: - case HiveParser.TOK_SHOW_ROLE_PRINCIPALS: - case HiveParser.TOK_SHOW_ROLES: case HiveParser.TOK_TRUNCATETABLE: - case HiveParser.TOK_SHOW_SET_ROLE: case HiveParser.TOK_CACHE_METADATA: case HiveParser.TOK_KILL_QUERY: case HiveParser.TOK_CREATE_RP: diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java b/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java index 8f7bcf5d438b..6b2b7d15ce6c 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java @@ -28,21 +28,21 @@ import org.apache.hadoop.hive.metastore.api.PrincipalType; import org.apache.hadoop.hive.ql.ErrorMsg; import org.apache.hadoop.hive.ql.ddl.DDLWork; -import org.apache.hadoop.hive.ql.ddl.privilege.CreateRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.DropRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.GrantDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.GrantRoleDesc; import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeDesc; import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeObjectDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.RevokeDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.RevokeRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.SetRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowCurrentRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowGrantDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowPrincipalsDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowRoleGrantDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowRolesDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.grant.GrantDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.revoke.RevokeDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.role.create.CreateRoleDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.role.drop.DropRoleDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.role.grant.GrantRoleDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.role.set.SetRoleDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.role.show.ShowRolesDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.role.showcurrent.ShowCurrentRoleDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.show.grant.ShowGrantDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.show.principals.ShowPrincipalsDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.show.rolegrant.ShowRoleGrantDesc; import org.apache.hadoop.hive.ql.exec.Task; import org.apache.hadoop.hive.ql.exec.TaskFactory; import org.apache.hadoop.hive.ql.hooks.ReadEntity; diff --git a/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java b/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java index 5276b5892c1b..72a6c66aed74 100644 --- a/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java +++ b/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/AuthorizationTestUtil.java @@ -21,10 +21,12 @@ import org.apache.hadoop.hive.ql.Context; import org.apache.hadoop.hive.ql.QueryState; +import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory; import org.apache.hadoop.hive.ql.ddl.DDLWork; import org.apache.hadoop.hive.ql.exec.Task; import org.apache.hadoop.hive.ql.metadata.Hive; import org.apache.hadoop.hive.ql.parse.ASTNode; +import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer; import org.apache.hadoop.hive.ql.parse.DDLSemanticAnalyzer; import org.apache.hadoop.hive.ql.parse.ParseUtils; import org.apache.hadoop.hive.ql.session.SessionState; @@ -36,7 +38,10 @@ public class AuthorizationTestUtil { public static DDLWork analyze(ASTNode ast, QueryState queryState, Hive db) throws Exception { - DDLSemanticAnalyzer analyzer = new DDLSemanticAnalyzer(queryState, db); + BaseSemanticAnalyzer analyzer = DDLSemanticAnalyzerFactory.getAnalyzer(ast, queryState, db); + if (analyzer == null) { + analyzer = new DDLSemanticAnalyzer(queryState, db); + } SessionState.start(queryState.getConf()); analyzer.analyze(ast, new Context(queryState.getConf())); List> rootTasks = analyzer.getRootTasks(); diff --git a/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java b/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java index 7339e0871710..6fd07a00e39f 100644 --- a/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java +++ b/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/PrivilegesTestBase.java @@ -20,9 +20,9 @@ import org.apache.hadoop.hive.metastore.api.PrincipalType; import org.apache.hadoop.hive.ql.QueryState; import org.apache.hadoop.hive.ql.ddl.DDLWork; -import org.apache.hadoop.hive.ql.ddl.privilege.GrantDesc; import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.grant.GrantDesc; import org.apache.hadoop.hive.ql.metadata.Hive; import org.apache.hadoop.hive.ql.security.authorization.PrivilegeType; import org.junit.Assert; diff --git a/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java b/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java index f67867e19199..54ce8f3553bc 100644 --- a/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java +++ b/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestHiveAuthorizationTaskFactory.java @@ -26,17 +26,17 @@ import org.apache.hadoop.hive.metastore.api.PrincipalType; import org.apache.hadoop.hive.ql.QueryState; import org.apache.hadoop.hive.ql.ddl.DDLWork; -import org.apache.hadoop.hive.ql.ddl.privilege.CreateRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.DropRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.GrantDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.GrantRoleDesc; import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc; import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeDesc; import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeObjectDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.RevokeDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.RevokeRoleDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowGrantDesc; -import org.apache.hadoop.hive.ql.ddl.privilege.ShowRoleGrantDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.grant.GrantDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.revoke.RevokeDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.role.create.CreateRoleDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.role.drop.DropRoleDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.role.grant.GrantRoleDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.show.grant.ShowGrantDesc; +import org.apache.hadoop.hive.ql.ddl.privilege.show.rolegrant.ShowRoleGrantDesc; import org.apache.hadoop.hive.ql.metadata.Hive; import org.apache.hadoop.hive.ql.metadata.Partition; import org.apache.hadoop.hive.ql.metadata.Table;