apache · miklosgergely · Sep 8, 2019
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/DDLSemanticAnalyzerFactory.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/DDLSemanticAnalyzerFactory.java
@@ -26,10 +26,13 @@
 import java.util.Set;
 
 import org.apache.hadoop.hive.ql.QueryState;
+import org.apache.hadoop.hive.ql.metadata.Hive;
 import org.apache.hadoop.hive.ql.parse.ASTNode;
 import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer;
 import org.reflections.Reflections;
 
+import com.google.common.annotations.VisibleForTesting;
+
 /**
  * Manages the DDL command analyzers.
  */
@@ -75,4 +78,17 @@ public static BaseSemanticAnalyzer getAnalyzer(ASTNode root, QueryState querySta
       throw new RuntimeException(e);
     }
   }
+
+  @VisibleForTesting
+  public static BaseSemanticAnalyzer getAnalyzer(ASTNode root, QueryState queryState, Hive db) {
+    Class<? extends BaseSemanticAnalyzer> analyzerClass = TYPE_TO_ANALYZER.get(root.getType());
+    try {
+      BaseSemanticAnalyzer analyzer =
+          analyzerClass.getConstructor(QueryState.class, Hive.class).newInstance(queryState, db);
+      return analyzer;
+    } catch (Exception e) {
+      e.printStackTrace();
+      throw new RuntimeException(e);
+    }
+  }
 }
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/database/alter/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/database/alter/package-info.java
@@ -16,5 +16,5 @@
  * limitations under the License.
  */
 
-/** Alter Database DDL operation descriptions and operations. */
+/** Alter Database DDL operations. */
 package org.apache.hadoop.hive.ql.ddl.database.alter;
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/AbstractPrivilegeAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/AbstractPrivilegeAnalyzer.java
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hive.ql.ddl.privilege;
+
+import java.lang.reflect.Constructor;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.ql.QueryState;
+import org.apache.hadoop.hive.ql.metadata.Hive;
+import org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer;
+import org.apache.hadoop.hive.ql.parse.SemanticException;
+import org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactory;
+import org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl;
+
+import com.google.common.annotations.VisibleForTesting;
+
+/**
+ * Abstract analyzer for all privilege related commands.
+ */
+public abstract class AbstractPrivilegeAnalyzer extends BaseSemanticAnalyzer {
+  protected final HiveAuthorizationTaskFactory hiveAuthorizationTaskFactory;
+
+  public AbstractPrivilegeAnalyzer(QueryState queryState) throws SemanticException {
+    super(queryState);
+    hiveAuthorizationTaskFactory = createAuthorizationTaskFactory(conf, db);
+  }
+
+  @VisibleForTesting
+  public AbstractPrivilegeAnalyzer(QueryState queryState, Hive db) throws SemanticException {
+    super(queryState, db);
+    hiveAuthorizationTaskFactory = createAuthorizationTaskFactory(conf, db);
+  }
+
+  private HiveAuthorizationTaskFactory createAuthorizationTaskFactory(HiveConf conf, Hive db) {
+    Class<? extends HiveAuthorizationTaskFactory> authProviderClass = conf.getClass(
+        HiveConf.ConfVars.HIVE_AUTHORIZATION_TASK_FACTORY.varname, HiveAuthorizationTaskFactoryImpl.class,
+        HiveAuthorizationTaskFactory.class);
+
+    try {
+      Constructor<? extends HiveAuthorizationTaskFactory> constructor =
+          authProviderClass.getConstructor(HiveConf.class, Hive.class);
+      return constructor.newInstance(conf, db);
+    } catch (Exception e) {
+      throw new IllegalStateException(
+          "Unable to create instance of " + authProviderClass.getName() + ": " + e.getMessage(), e);
+    }
+  }
+}
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/PrivilegeUtils.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/PrivilegeUtils.java
@@ -35,12 +35,12 @@
 /**
  * Common utilities for Privilege related ddl operations.
  */
-final class PrivilegeUtils {
+public final class PrivilegeUtils {
   private PrivilegeUtils() {
     throw new UnsupportedOperationException("PrivilegeUtils should not be instantiated");
   }
 
-  static HiveAuthorizer getSessionAuthorizer(HiveConf conf) {
+  public static HiveAuthorizer getSessionAuthorizer(HiveConf conf) {
     HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2();
     if (authorizer == null) {
       authorizer = new HiveV1Authorizer(conf);
@@ -49,7 +49,7 @@ static HiveAuthorizer getSessionAuthorizer(HiveConf conf) {
     return authorizer;
   }
 
-  static void writeListToFileAfterSort(List<String> entries, String resFile, DDLOperationContext context)
+  public static void writeListToFileAfterSort(List<String> entries, String resFile, DDLOperationContext context)
       throws IOException {
     Collections.sort(entries);
 
@@ -64,7 +64,7 @@ static void writeListToFileAfterSort(List<String> entries, String resFile, DDLOp
   private static final HiveAuthorizationTranslator DEFAULT_AUTHORIZATION_TRANSLATOR =
       new DefaultHiveAuthorizationTranslator();
 
-  static HiveAuthorizationTranslator getAuthorizationTranslator(HiveAuthorizer authorizer)
+  public static HiveAuthorizationTranslator getAuthorizationTranslator(HiveAuthorizer authorizer)
       throws HiveAuthzPluginException {
     if (authorizer.getHiveAuthorizationTranslator() == null) {
       return DEFAULT_AUTHORIZATION_TRANSLATOR;

diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/GrantAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/GrantAnalyzer.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hive.ql.ddl.privilege.grant;
+
+import org.apache.hadoop.hive.ql.QueryState;
+import org.apache.hadoop.hive.ql.exec.Task;
+import org.apache.hadoop.hive.ql.metadata.Hive;
+import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory.DDLType;
+import org.apache.hadoop.hive.ql.ddl.privilege.AbstractPrivilegeAnalyzer;
+import org.apache.hadoop.hive.ql.parse.ASTNode;
+import org.apache.hadoop.hive.ql.parse.HiveParser;
+import org.apache.hadoop.hive.ql.parse.SemanticException;
+
+import com.google.common.annotations.VisibleForTesting;
+
+/**
+ * Analyzer for granting commands.
+ */
+@DDLType(type=HiveParser.TOK_GRANT)
+public class GrantAnalyzer extends AbstractPrivilegeAnalyzer {
+  public GrantAnalyzer(QueryState queryState) throws SemanticException {
+    super(queryState);
+  }
+
+  @VisibleForTesting
+  public GrantAnalyzer(QueryState queryState, Hive db) throws SemanticException {
+    super(queryState, db);
+  }
+
+  @Override
+  public void analyzeInternal(ASTNode root) throws SemanticException {
+    Task<?> task = hiveAuthorizationTaskFactory.createGrantTask(root, getInputs(), getOutputs());
+    if (task != null) {
+      rootTasks.add(task);
+    }
+  }
+}
diff --git a/...doop/hive/ql/ddl/privilege/GrantDesc.java → ...ive/ql/ddl/privilege/grant/GrantDesc.java b/...doop/hive/ql/ddl/privilege/GrantDesc.java → ...ive/ql/ddl/privilege/grant/GrantDesc.java
@@ -16,13 +16,16 @@
  * limitations under the License.
  */
 
-package org.apache.hadoop.hive.ql.ddl.privilege;
+package org.apache.hadoop.hive.ql.ddl.privilege.grant;
 
 import java.io.Serializable;
 import java.util.List;
 
 import org.apache.hadoop.hive.metastore.api.PrincipalType;
 import org.apache.hadoop.hive.ql.ddl.DDLDesc;
+import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc;
+import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeDesc;
+import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeObjectDesc;
 import org.apache.hadoop.hive.ql.plan.Explain;
 import org.apache.hadoop.hive.ql.plan.Explain.Level;
 

diff --git a/...hive/ql/ddl/privilege/GrantOperation.java → ...l/ddl/privilege/grant/GrantOperation.java b/...hive/ql/ddl/privilege/GrantOperation.java → ...l/ddl/privilege/grant/GrantOperation.java
@@ -16,9 +16,10 @@
  * limitations under the License.
  */
 
-package org.apache.hadoop.hive.ql.ddl.privilege;
+package org.apache.hadoop.hive.ql.ddl.privilege.grant;
 
 import org.apache.hadoop.hive.ql.ddl.DDLOperationContext;
+import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeUtils;
 
 import java.util.List;
 

diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/grant/package-info.java
@@ -0,0 +1,20 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/** Granting DDL operation. */
+package org.apache.hadoop.hive.ql.ddl.privilege.grant;
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/RevokeAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/RevokeAnalyzer.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hive.ql.ddl.privilege.revoke;
+
+import org.apache.hadoop.hive.ql.QueryState;
+import org.apache.hadoop.hive.ql.exec.Task;
+import org.apache.hadoop.hive.ql.metadata.Hive;
+import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory.DDLType;
+import org.apache.hadoop.hive.ql.ddl.privilege.AbstractPrivilegeAnalyzer;
+import org.apache.hadoop.hive.ql.parse.ASTNode;
+import org.apache.hadoop.hive.ql.parse.HiveParser;
+import org.apache.hadoop.hive.ql.parse.SemanticException;
+
+import com.google.common.annotations.VisibleForTesting;
+
+/**
+ * Analyzer for revoke commands.
+ */
+@DDLType(type=HiveParser.TOK_REVOKE)
+public class RevokeAnalyzer extends AbstractPrivilegeAnalyzer {
+  public RevokeAnalyzer(QueryState queryState) throws SemanticException {
+    super(queryState);
+  }
+
+  @VisibleForTesting
+  public RevokeAnalyzer(QueryState queryState, Hive db) throws SemanticException {
+    super(queryState, db);
+  }
+
+  @Override
+  public void analyzeInternal(ASTNode root) throws SemanticException {
+    Task<?> task = hiveAuthorizationTaskFactory.createRevokeTask(root, getInputs(), getOutputs());
+    if (task != null) {
+      rootTasks.add(task);
+    }
+  }
+}
diff --git a/...oop/hive/ql/ddl/privilege/RevokeDesc.java → ...e/ql/ddl/privilege/revoke/RevokeDesc.java b/...oop/hive/ql/ddl/privilege/RevokeDesc.java → ...e/ql/ddl/privilege/revoke/RevokeDesc.java
@@ -16,12 +16,15 @@
  * limitations under the License.
  */
 
-package org.apache.hadoop.hive.ql.ddl.privilege;
+package org.apache.hadoop.hive.ql.ddl.privilege.revoke;
 
 import java.io.Serializable;
 import java.util.List;
 
 import org.apache.hadoop.hive.ql.ddl.DDLDesc;
+import org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc;
+import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeDesc;
+import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeObjectDesc;
 import org.apache.hadoop.hive.ql.plan.Explain;
 import org.apache.hadoop.hive.ql.plan.Explain.Level;
 

diff --git a/...ive/ql/ddl/privilege/RevokeOperation.java → ...ddl/privilege/revoke/RevokeOperation.java b/...ive/ql/ddl/privilege/RevokeOperation.java → ...ddl/privilege/revoke/RevokeOperation.java
@@ -16,9 +16,10 @@
  * limitations under the License.
  */
 
-package org.apache.hadoop.hive.ql.ddl.privilege;
+package org.apache.hadoop.hive.ql.ddl.privilege.revoke;
 
 import org.apache.hadoop.hive.ql.ddl.DDLOperationContext;
+import org.apache.hadoop.hive.ql.ddl.privilege.PrivilegeUtils;
 
 import java.util.List;
 

diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/package-info.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/revoke/package-info.java
@@ -0,0 +1,20 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/** Revoking DDL operation. */
+package org.apache.hadoop.hive.ql.ddl.privilege.revoke;
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/create/CreateRoleAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/ddl/privilege/role/create/CreateRoleAnalyzer.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hive.ql.ddl.privilege.role.create;
+
+import org.apache.hadoop.hive.ql.QueryState;
+import org.apache.hadoop.hive.ql.exec.Task;
+import org.apache.hadoop.hive.ql.metadata.Hive;
+import org.apache.hadoop.hive.ql.ddl.DDLSemanticAnalyzerFactory.DDLType;
+import org.apache.hadoop.hive.ql.ddl.privilege.AbstractPrivilegeAnalyzer;
+import org.apache.hadoop.hive.ql.parse.ASTNode;
+import org.apache.hadoop.hive.ql.parse.HiveParser;
+import org.apache.hadoop.hive.ql.parse.SemanticException;
+
+import com.google.common.annotations.VisibleForTesting;
+
+/**
+ * Analyzer for role creation commands.
+ */
+@DDLType(type=HiveParser.TOK_CREATEROLE)
+public class CreateRoleAnalyzer extends AbstractPrivilegeAnalyzer {
+  public CreateRoleAnalyzer(QueryState queryState) throws SemanticException {
+    super(queryState);
+  }
+
+  @VisibleForTesting
+  public CreateRoleAnalyzer(QueryState queryState, Hive db) throws SemanticException {
+    super(queryState, db);
+  }
+
+  @Override
+  public void analyzeInternal(ASTNode root) throws SemanticException {
+    Task<?> task = hiveAuthorizationTaskFactory.createCreateRoleTask(root, getInputs(), getOutputs());
+    if (task != null) {
+      rootTasks.add(task);
+    }
+  }
+}