Skip to content

Commit

Permalink
Add grantor to HivePrivilegeInfo
Browse files Browse the repository at this point in the history
  • Loading branch information
Andrii Rosa authored and Andrii Rosa committed Mar 17, 2017
1 parent de85798 commit 2944b74
Show file tree
Hide file tree
Showing 9 changed files with 53 additions and 37 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -527,12 +527,13 @@ private static Table buildTableObject(

private static PrincipalPrivileges buildInitialPrivilegeSet(String tableOwner)
{
PrestoPrincipal grantor = new PrestoPrincipal(USER, tableOwner);
return new PrincipalPrivileges(
ImmutableMultimap.<String, HivePrivilegeInfo>builder()
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.SELECT, true))
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.INSERT, true))
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.UPDATE, true))
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.DELETE, true))
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.SELECT, true, grantor))
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.INSERT, true, grantor))
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.UPDATE, true, grantor))
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.DELETE, true, grantor))
.build(),
ImmutableMultimap.of());
}
Expand Down Expand Up @@ -1283,7 +1284,7 @@ public void grantTablePrivileges(ConnectorSession session, SchemaTableName schem
String tableName = schemaTableName.getTableName();

Set<HivePrivilegeInfo> hivePrivilegeInfos = privileges.stream()
.map(privilege -> new HivePrivilegeInfo(toHivePrivilege(privilege), grantOption))
.map(privilege -> new HivePrivilegeInfo(toHivePrivilege(privilege), grantOption, new PrestoPrincipal(USER, session.getUser())))
.collect(toSet());

metastore.grantTablePrivileges(schemaName, tableName, grantee, hivePrivilegeInfos);
Expand All @@ -1296,7 +1297,7 @@ public void revokeTablePrivileges(ConnectorSession session, SchemaTableName sche
String tableName = schemaTableName.getTableName();

Set<HivePrivilegeInfo> hivePrivilegeInfos = privileges.stream()
.map(privilege -> new HivePrivilegeInfo(toHivePrivilege(privilege), grantOption))
.map(privilege -> new HivePrivilegeInfo(toHivePrivilege(privilege), grantOption, new PrestoPrincipal(USER, session.getUser())))
.collect(toSet());

metastore.revokeTablePrivileges(schemaName, tableName, grantee, hivePrivilegeInfos);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
*/
package com.facebook.presto.hive.metastore;

import com.facebook.presto.spi.security.PrestoPrincipal;
import com.facebook.presto.spi.security.Privilege;
import com.facebook.presto.spi.security.PrivilegeInfo;
import com.google.common.collect.ImmutableSet;
Expand All @@ -38,6 +39,7 @@ public enum HivePrivilege

private final HivePrivilege hivePrivilege;
private final boolean grantOption;
private final PrestoPrincipal grantor;

public static HivePrivilege toHivePrivilege(Privilege privilege)
{
Expand All @@ -55,10 +57,11 @@ public static HivePrivilege toHivePrivilege(Privilege privilege)
}
}

public HivePrivilegeInfo(HivePrivilege hivePrivilege, boolean grantOption)
public HivePrivilegeInfo(HivePrivilege hivePrivilege, boolean grantOption, PrestoPrincipal grantor)
{
this.hivePrivilege = requireNonNull(hivePrivilege, "hivePrivilege is null");
this.grantOption = grantOption;
this.grantor = requireNonNull(grantor, "grantor is null");
}

public HivePrivilege getHivePrivilege()
Expand All @@ -71,6 +74,11 @@ public boolean isGrantOption()
return grantOption;
}

public PrestoPrincipal getGrantor()
{
return grantor;
}

public boolean isContainedIn(HivePrivilegeInfo hivePrivilegeInfo)
{
return (getHivePrivilege().equals(hivePrivilegeInfo.getHivePrivilege()) &&
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
import static com.google.common.base.Strings.nullToEmpty;
import static java.lang.String.format;
import static java.util.Locale.ENGLISH;
import static java.util.Objects.requireNonNull;
import static java.util.stream.Collectors.toList;
import static java.util.stream.Collectors.toSet;
import static org.apache.hadoop.hive.metastore.MetaStoreUtils.typeToThriftType;
Expand Down Expand Up @@ -234,38 +235,38 @@ public static org.apache.hadoop.hive.metastore.api.Table toMetastoreApiTable(Tab
result.setParameters(table.getParameters());
result.setPartitionKeys(table.getPartitionColumns().stream().map(MetastoreUtil::toMetastoreApiFieldSchema).collect(toList()));
result.setSd(makeStorageDescriptor(table.getTableName(), table.getDataColumns(), table.getStorage()));
result.setPrivileges(toMetastoreApiPrincipalPrivilegeSet(new PrestoPrincipal(USER, table.getOwner()), privileges));
result.setPrivileges(toMetastoreApiPrincipalPrivilegeSet(privileges));
result.setViewOriginalText(table.getViewOriginalText().orElse(null));
result.setViewExpandedText(table.getViewExpandedText().orElse(null));
return result;
}

private static PrincipalPrivilegeSet toMetastoreApiPrincipalPrivilegeSet(PrestoPrincipal grantee, PrincipalPrivileges privileges)
private static PrincipalPrivilegeSet toMetastoreApiPrincipalPrivilegeSet(PrincipalPrivileges privileges)
{
ImmutableMap.Builder<String, List<PrivilegeGrantInfo>> userPrivileges = ImmutableMap.builder();
for (Entry<String, Collection<HivePrivilegeInfo>> entry : privileges.getUserPrivileges().asMap().entrySet()) {
userPrivileges.put(entry.getKey(), entry.getValue().stream()
.map(privilegeInfo -> toMetastoreApiPrivilegeGrantInfo(grantee, privilegeInfo))
.map(MetastoreUtil::toMetastoreApiPrivilegeGrantInfo)
.collect(toList()));
}

ImmutableMap.Builder<String, List<PrivilegeGrantInfo>> rolePrivileges = ImmutableMap.builder();
for (Entry<String, Collection<HivePrivilegeInfo>> entry : privileges.getRolePrivileges().asMap().entrySet()) {
rolePrivileges.put(entry.getKey(), entry.getValue().stream()
.map(privilegeInfo -> toMetastoreApiPrivilegeGrantInfo(grantee, privilegeInfo))
.map(MetastoreUtil::toMetastoreApiPrivilegeGrantInfo)
.collect(toList()));
}

return new PrincipalPrivilegeSet(userPrivileges.build(), ImmutableMap.of(), rolePrivileges.build());
}

public static PrivilegeGrantInfo toMetastoreApiPrivilegeGrantInfo(PrestoPrincipal grantee, HivePrivilegeInfo privilegeInfo)
public static PrivilegeGrantInfo toMetastoreApiPrivilegeGrantInfo(HivePrivilegeInfo privilegeInfo)
{
return new PrivilegeGrantInfo(
privilegeInfo.getHivePrivilege().name().toLowerCase(),
0,
grantee.getName(),
fromPrestoPrincipalType(grantee.getType()),
privilegeInfo.getGrantor().getName(),
fromPrestoPrincipalType(privilegeInfo.getGrantor().getType()),
privilegeInfo.isGrantOption());
}

Expand Down Expand Up @@ -478,6 +479,7 @@ public static Set<String> listEnabledRoles(ConnectorIdentity identity, Function<

private static PrincipalType fromMetastoreApiPrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType principalType)
{
requireNonNull(principalType, "principalType is null");
switch (principalType) {
case USER:
return PrincipalType.USER;
Expand Down Expand Up @@ -580,21 +582,22 @@ public static Set<HivePrivilegeInfo> parsePrivilege(PrivilegeGrantInfo userGrant
{
boolean withGrantOption = userGrant.isGrantOption();
String name = userGrant.getPrivilege().toUpperCase(ENGLISH);
PrestoPrincipal grantor = new PrestoPrincipal(fromMetastoreApiPrincipalType(userGrant.getGrantorType()), userGrant.getGrantor());
switch (name) {
case "ALL":
return ImmutableSet.copyOf(Arrays.stream(HivePrivilegeInfo.HivePrivilege.values())
.map(hivePrivilege -> new HivePrivilegeInfo(hivePrivilege, withGrantOption))
.map(hivePrivilege -> new HivePrivilegeInfo(hivePrivilege, withGrantOption, grantor))
.collect(toSet()));
case "SELECT":
return ImmutableSet.of(new HivePrivilegeInfo(SELECT, withGrantOption));
return ImmutableSet.of(new HivePrivilegeInfo(SELECT, withGrantOption, grantor));
case "INSERT":
return ImmutableSet.of(new HivePrivilegeInfo(INSERT, withGrantOption));
return ImmutableSet.of(new HivePrivilegeInfo(INSERT, withGrantOption, grantor));
case "UPDATE":
return ImmutableSet.of(new HivePrivilegeInfo(UPDATE, withGrantOption));
return ImmutableSet.of(new HivePrivilegeInfo(UPDATE, withGrantOption, grantor));
case "DELETE":
return ImmutableSet.of(new HivePrivilegeInfo(DELETE, withGrantOption));
return ImmutableSet.of(new HivePrivilegeInfo(DELETE, withGrantOption, grantor));
case "OWNERSHIP":
return ImmutableSet.of(new HivePrivilegeInfo(OWNERSHIP, withGrantOption));
return ImmutableSet.of(new HivePrivilegeInfo(OWNERSHIP, withGrantOption, grantor));
default:
throw new IllegalArgumentException("Unsupported privilege name: " + name);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@
import static com.facebook.presto.spi.StandardErrorCode.ALREADY_EXISTS;
import static com.facebook.presto.spi.StandardErrorCode.NOT_SUPPORTED;
import static com.facebook.presto.spi.StandardErrorCode.TRANSACTION_CONFLICT;
import static com.facebook.presto.spi.security.PrincipalType.USER;
import static com.google.common.base.MoreObjects.toStringHelper;
import static com.google.common.base.Preconditions.checkArgument;
import static com.google.common.base.Preconditions.checkState;
Expand Down Expand Up @@ -649,7 +650,7 @@ public synchronized Set<HivePrivilegeInfo> listTablePrivileges(String databaseNa
Collection<HivePrivilegeInfo> privileges = tableAction.getData().getPrincipalPrivileges().getUserPrivileges().get(principal.getName());
return ImmutableSet.<HivePrivilegeInfo>builder()
.addAll(privileges)
.add(new HivePrivilegeInfo(OWNERSHIP, true))
.add(new HivePrivilegeInfo(OWNERSHIP, true, new PrestoPrincipal(USER, principal.getName())))
.build();
}
case INSERT_EXISTING:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,6 @@
import static com.facebook.presto.hive.metastore.MetastoreUtil.fromPrestoPrincipalType;
import static com.facebook.presto.hive.metastore.MetastoreUtil.fromRolePrincipalGrants;
import static com.facebook.presto.hive.metastore.MetastoreUtil.parsePrivilege;
import static com.facebook.presto.hive.metastore.MetastoreUtil.toMetastoreApiPrivilegeGrantInfo;
import static com.facebook.presto.spi.StandardErrorCode.ALREADY_EXISTS;
import static com.facebook.presto.spi.StandardErrorCode.NOT_SUPPORTED;
import static com.facebook.presto.spi.security.PrincipalType.USER;
Expand Down Expand Up @@ -752,7 +751,7 @@ public List<Partition> getPartitionsByNames(String databaseName, String tableNam
public void grantTablePrivileges(String databaseName, String tableName, PrestoPrincipal grantee, Set<HivePrivilegeInfo> privileges)
{
Set<PrivilegeGrantInfo> requestedPrivileges = privileges.stream()
.map(privilege -> toMetastoreApiPrivilegeGrantInfo(grantee, privilege))
.map(MetastoreUtil::toMetastoreApiPrivilegeGrantInfo)
.collect(Collectors.toSet());
checkArgument(!containsAllPrivilege(requestedPrivileges), "\"ALL\" not supported in PrivilegeGrantInfo.privilege");

Expand Down Expand Up @@ -802,7 +801,7 @@ else if (existingPrivilege.isContainedIn(requestedPrivilege)) {
public void revokeTablePrivileges(String databaseName, String tableName, PrestoPrincipal grantee, Set<HivePrivilegeInfo> privileges)
{
Set<PrivilegeGrantInfo> requestedPrivileges = privileges.stream()
.map(privilege -> toMetastoreApiPrivilegeGrantInfo(grantee, privilege))
.map(MetastoreUtil::toMetastoreApiPrivilegeGrantInfo)
.collect(Collectors.toSet());
checkArgument(!containsAllPrivilege(requestedPrivileges), "\"ALL\" not supported in PrivilegeGrantInfo.privilege");

Expand Down Expand Up @@ -850,7 +849,7 @@ public Set<HivePrivilegeInfo> listTablePrivileges(String databaseName, String ta
Table table = client.getTable(databaseName, tableName);
ImmutableSet.Builder<HivePrivilegeInfo> privileges = ImmutableSet.builder();
if (principal.getType() == USER && table.getOwner().equals(principal.getName())) {
privileges.add(new HivePrivilegeInfo(OWNERSHIP, true));
privileges.add(new HivePrivilegeInfo(OWNERSHIP, true, principal));
}
List<HiveObjectPrivilege> hiveObjectPrivilegeList = client.listPrivileges(
principal.getName(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -831,7 +831,7 @@ public synchronized Set<HivePrivilegeInfo> listTablePrivileges(String databaseNa
ImmutableSet.Builder<HivePrivilegeInfo> result = ImmutableSet.builder();
Table table = getRequiredTable(databaseName, tableName);
if (principal.getType() == USER && table.getOwner().equals(principal.getName())) {
result.add(new HivePrivilegeInfo(OWNERSHIP, true));
result.add(new HivePrivilegeInfo(OWNERSHIP, true, principal));
}
Path permissionFilePath = getPermissionsPath(getPermissionsDirectory(table), principal);
result.addAll(readFile("permissions", permissionFilePath, permissionsCodec).orElse(ImmutableList.of()).stream()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,11 @@

import com.facebook.presto.hive.metastore.HivePrivilegeInfo;
import com.facebook.presto.hive.metastore.HivePrivilegeInfo.HivePrivilege;
import com.facebook.presto.spi.security.PrestoPrincipal;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;

import static com.facebook.presto.spi.security.PrincipalType.USER;
import static java.util.Objects.requireNonNull;

public class PermissionMetadata
Expand Down Expand Up @@ -54,6 +56,6 @@ public boolean isGrantOption()

public HivePrivilegeInfo toHivePrivilegeInfo()
{
return new HivePrivilegeInfo(permission, grantOption);
return new HivePrivilegeInfo(permission, grantOption, new PrestoPrincipal(USER, "admin"));
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
import com.facebook.presto.hive.HiveTransactionHandle;
import com.facebook.presto.hive.metastore.Database;
import com.facebook.presto.hive.metastore.ExtendedHiveMetastore;
import com.facebook.presto.hive.metastore.HivePrivilegeInfo;
import com.facebook.presto.hive.metastore.SemiTransactionalHiveMetastore;
import com.facebook.presto.spi.SchemaTableName;
import com.facebook.presto.spi.SchemaTablePrefix;
Expand Down Expand Up @@ -458,7 +457,8 @@ private boolean hasGrantOptionForPrivilege(ConnectorTransactionHandle transactio
tableName.getSchemaName(),
tableName.getTableName(),
identity.getUser())
.contains(new HivePrivilegeInfo(toHivePrivilege(privilege), true));
.stream()
.anyMatch(privilegeInfo -> privilegeInfo.getHivePrivilege().equals(toHivePrivilege(privilege)) && privilegeInfo.isGrantOption());
}

private boolean hasAdminOptionForRoles(ConnectorTransactionHandle transaction, ConnectorIdentity identity, Set<String> roles)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@
import com.facebook.presto.spi.predicate.Range;
import com.facebook.presto.spi.predicate.TupleDomain;
import com.facebook.presto.spi.predicate.ValueSet;
import com.facebook.presto.spi.security.PrestoPrincipal;
import com.facebook.presto.spi.type.NamedTypeSignature;
import com.facebook.presto.spi.type.SqlDate;
import com.facebook.presto.spi.type.SqlTimestamp;
Expand Down Expand Up @@ -154,6 +155,7 @@
import static com.facebook.presto.hive.HiveUtil.columnExtraInfo;
import static com.facebook.presto.hive.HiveWriteUtils.createDirectory;
import static com.facebook.presto.spi.StandardErrorCode.NOT_SUPPORTED;
import static com.facebook.presto.spi.security.PrincipalType.USER;
import static com.facebook.presto.spi.type.BigintType.BIGINT;
import static com.facebook.presto.spi.type.BooleanType.BOOLEAN;
import static com.facebook.presto.spi.type.Chars.isCharType;
Expand Down Expand Up @@ -869,10 +871,10 @@ protected void doTestMismatchSchemaTable(
ConnectorSession session = newSession();
PrincipalPrivileges principalPrivileges = new PrincipalPrivileges(
ImmutableMultimap.<String, HivePrivilegeInfo>builder()
.put(session.getUser(), new HivePrivilegeInfo(HivePrivilege.SELECT, true))
.put(session.getUser(), new HivePrivilegeInfo(HivePrivilege.INSERT, true))
.put(session.getUser(), new HivePrivilegeInfo(HivePrivilege.UPDATE, true))
.put(session.getUser(), new HivePrivilegeInfo(HivePrivilege.DELETE, true))
.put(session.getUser(), new HivePrivilegeInfo(HivePrivilege.SELECT, true, new PrestoPrincipal(USER, session.getUser())))
.put(session.getUser(), new HivePrivilegeInfo(HivePrivilege.INSERT, true, new PrestoPrincipal(USER, session.getUser())))
.put(session.getUser(), new HivePrivilegeInfo(HivePrivilege.UPDATE, true, new PrestoPrincipal(USER, session.getUser())))
.put(session.getUser(), new HivePrivilegeInfo(HivePrivilege.DELETE, true, new PrestoPrincipal(USER, session.getUser())))
.build(),
ImmutableMultimap.of());
Table oldTable = transaction.getMetastore(schemaName).getTable(schemaName, tableName).get();
Expand Down Expand Up @@ -3101,10 +3103,10 @@ protected void createEmptyTable(SchemaTableName schemaTableName, HiveStorageForm

PrincipalPrivileges principalPrivileges = new PrincipalPrivileges(
ImmutableMultimap.<String, HivePrivilegeInfo>builder()
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.SELECT, true))
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.INSERT, true))
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.UPDATE, true))
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.DELETE, true))
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.SELECT, true, new PrestoPrincipal(USER, session.getUser())))
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.INSERT, true, new PrestoPrincipal(USER, session.getUser())))
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.UPDATE, true, new PrestoPrincipal(USER, session.getUser())))
.put(tableOwner, new HivePrivilegeInfo(HivePrivilege.DELETE, true, new PrestoPrincipal(USER, session.getUser())))
.build(),
ImmutableMultimap.of());
transaction.getMetastore(schemaName).createTable(session, tableBuilder.build(), principalPrivileges, Optional.empty());
Expand Down

0 comments on commit 2944b74

Please sign in to comment.