Skip to content

Commit

Permalink
RANGER-4952: Add support for Hive 4.0.1 (#400)
Browse files Browse the repository at this point in the history 
* RANGER-4952: Add support for Hive 4.0

* Fix unit test failure

---------

Co-authored-by: Simhadri Govindappa <[email protected]>
  • Loading branch information
@simhadri-g
simhadri-g and Simhadri Govindappa authored Oct 21, 2024
1 parent d767c78 commit 50f75d7
Show file tree
Hide file tree
Showing 6 changed files with 76 additions and 23 deletions.
10 changes: 10 additions & 0 deletions hive-agent/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,16 @@
<artifactId>commons-lang</artifactId>
<version>${commons.lang.version}</version>
</dependency>
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>${javax.validation}</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>${commons.collections.version}</version>
</dependency>
<dependency>
<groupId>org.apache.hive</groupId>
<artifactId>hive-common</artifactId>
Expand Down
59 changes: 42 additions & 17 deletions ...t/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1777,7 +1777,11 @@ private HiveAccessType getAccessType(HivePrivilegeObject hiveObj, HiveOperationT
accessType = HiveAccessType.CREATE;
}
break;

case CREATEDATACONNECTOR:
if(hiveObj.getType() == HivePrivilegeObjectType.DATACONNECTOR) {
accessType = HiveAccessType.CREATE;
}
break;
case CREATEFUNCTION:
if(hiveObj.getType() == HivePrivilegeObjectType.FUNCTION) {
accessType = HiveAccessType.CREATE;
Expand Down Expand Up @@ -1805,8 +1809,7 @@ private HiveAccessType getAccessType(HivePrivilegeObject hiveObj, HiveOperationT
case ALTERDATABASE:
case ALTERDATABASE_LOCATION:
case ALTERDATABASE_OWNER:
case ALTERINDEX_PROPS:
case ALTERINDEX_REBUILD:
// Refer - HIVE-21968
case ALTERPARTITION_BUCKETNUM:
case ALTERPARTITION_FILEFORMAT:
case ALTERPARTITION_LOCATION:
Expand All @@ -1828,6 +1831,12 @@ private HiveAccessType getAccessType(HivePrivilegeObject hiveObj, HiveOperationT
case ALTERTABLE_MERGEFILES:
case ALTERTABLE_PARTCOLTYPE:
case ALTERTABLE_PROPERTIES:
case ALTERTABLE_SETPARTSPEC:
case ALTERTABLE_EXECUTE:
case ALTERTABLE_CONVERT:
case ALTERDATACONNECTOR:
case ALTERDATACONNECTOR_OWNER:
case ALTERDATACONNECTOR_URL:
case ALTERTABLE_PROTECTMODE:
case ALTERTABLE_RENAME:
case ALTERTABLE_RENAMECOL:
Expand All @@ -1841,28 +1850,29 @@ private HiveAccessType getAccessType(HivePrivilegeObject hiveObj, HiveOperationT
case ALTERTABLE_UPDATEPARTSTATS:
case ALTERTABLE_UPDATETABLESTATS:
case ALTERTABLE_UPDATECOLUMNS:
case ALTERTABLE_CREATEBRANCH:
case ALTERTABLE_DROPBRANCH:
case ALTERTABLE_CREATETAG:
case ALTERTABLE_DROPTAG:
case ALTERTBLPART_SKEWED_LOCATION:
case ALTERVIEW_PROPERTIES:
case ALTERVIEW_RENAME:
case ALTER_MATERIALIZED_VIEW_REWRITE:
case DROPVIEW_PROPERTIES:
case ALTER_MATERIALIZED_VIEW_REBUILD:
// HIVE-22188
case MSCK:
accessType = HiveAccessType.ALTER;
break;

case DROPFUNCTION:
case DROPINDEX:
case DROPTABLE:
case DROPVIEW:
case DROP_MATERIALIZED_VIEW:
case DROPDATABASE:
case DROPDATACONNECTOR:
accessType = HiveAccessType.DROP;
break;

case CREATEINDEX:
accessType = HiveAccessType.INDEX;
break;

// HIVE-21968
case IMPORT:
/*
This can happen during hive IMPORT command IFF a table is also being created as part of IMPORT.
Expand Down Expand Up @@ -1895,7 +1905,6 @@ private HiveAccessType getAccessType(HivePrivilegeObject hiveObj, HiveOperationT
case QUERY:
case SHOW_TABLESTATUS:
case SHOW_CREATETABLE:
case SHOWINDEXES:
case SHOWPARTITIONS:
case SHOW_TBLPROPERTIES:
case ANALYZE_TABLE:
Expand All @@ -1921,9 +1930,11 @@ private HiveAccessType getAccessType(HivePrivilegeObject hiveObj, HiveOperationT

// any access done for metadata access of actions that have support from hive for filtering
case SHOWDATABASES:
case SHOWDATACONNECTORS:
case SHOW_GRANT:
case SWITCHDATABASE:
case DESCDATABASE:
case DESCDATACONNECTOR:
case SHOWTABLES:
case SHOWVIEWS:
accessType = HiveAccessType.USE;
Expand Down Expand Up @@ -1972,6 +1983,8 @@ private HiveAccessType getAccessType(HivePrivilegeObject hiveObj, HiveOperationT
case CREATEMACRO:
case CREATEROLE:
case DESCFUNCTION:
case PREPARE:
case EXECUTE:
case DFS:
case DROPMACRO:
case DROPROLE:
Expand Down Expand Up @@ -2010,6 +2023,7 @@ private FsAction getURIAccessType(HiveOperationType hiveOpType) {
break;

case CREATEDATABASE:
case CREATEDATACONNECTOR:
case CREATETABLE:
case CREATETABLE_AS_SELECT:
case CREATEFUNCTION:
Expand All @@ -2029,6 +2043,12 @@ private FsAction getURIAccessType(HiveOperationType hiveOpType) {
case ALTERTABLE_ARCHIVE:
case ALTERTABLE_UNARCHIVE:
case ALTERTABLE_PROPERTIES:
case ALTERTABLE_SETPARTSPEC:
case ALTERTABLE_EXECUTE:
case ALTERTABLE_CONVERT:
case ALTERDATACONNECTOR:
case ALTERDATACONNECTOR_OWNER:
case ALTERDATACONNECTOR_URL:
case ALTERTABLE_SERIALIZER:
case ALTERTABLE_PARTCOLTYPE:
case ALTERTABLE_DROPCONSTRAINT:
Expand All @@ -2039,10 +2059,13 @@ private FsAction getURIAccessType(HiveOperationType hiveOpType) {
case ALTERTABLE_UPDATETABLESTATS:
case ALTERTABLE_UPDATEPARTSTATS:
case ALTERTABLE_UPDATECOLUMNS:
case ALTERTABLE_CREATEBRANCH:
case ALTERTABLE_DROPBRANCH:
case ALTERTABLE_CREATETAG:
case ALTERTABLE_DROPTAG:
case ALTERTABLE_PROTECTMODE:
case ALTERTABLE_FILEFORMAT:
case ALTERTABLE_LOCATION:
case ALTERINDEX_PROPS:
case ALTERTABLE_MERGEFILES:
case ALTERTABLE_SKEWED:
case ALTERTABLE_COMPACT:
Expand All @@ -2064,16 +2087,20 @@ private FsAction getURIAccessType(HiveOperationType hiveOpType) {

case EXPLAIN:
case DROPDATABASE:
case DROPDATACONNECTOR:
case SWITCHDATABASE:
case LOCKDB:
case UNLOCKDB:
case DROPTABLE:
case DESCTABLE:
case DESCFUNCTION:
case PREPARE:
case EXECUTE:
case MSCK:
case ANALYZE_TABLE:
case CACHE_METADATA:
case SHOWDATABASES:
case SHOWDATACONNECTORS:
case SHOWTABLES:
case SHOWCOLUMNS:
case SHOW_TABLESTATUS:
Expand All @@ -2082,7 +2109,6 @@ private FsAction getURIAccessType(HiveOperationType hiveOpType) {
case SHOW_CREATETABLE:
case SHOWFUNCTIONS:
case SHOWVIEWS:
case SHOWINDEXES:
case SHOWPARTITIONS:
case SHOWLOCKS:
case SHOWCONF:
Expand All @@ -2091,13 +2117,10 @@ private FsAction getURIAccessType(HiveOperationType hiveOpType) {
case CREATEVIEW:
case DROPVIEW:
case CREATE_MATERIALIZED_VIEW:
case CREATEINDEX:
case DROPINDEX:
case ALTERINDEX_REBUILD:
case ALTERVIEW_PROPERTIES:
case DROPVIEW_PROPERTIES:
case DROP_MATERIALIZED_VIEW:
case ALTER_MATERIALIZED_VIEW_REWRITE:
case ALTER_MATERIALIZED_VIEW_REBUILD:
case LOCKTABLE:
case UNLOCKTABLE:
case CREATEROLE:
Expand All @@ -2112,11 +2135,13 @@ private FsAction getURIAccessType(HiveOperationType hiveOpType) {
case SHOW_ROLE_PRINCIPALS:
case TRUNCATETABLE:
case DESCDATABASE:
case DESCDATACONNECTOR:
case ALTERVIEW_RENAME:
case ALTERVIEW_AS:
case SHOW_COMPACTIONS:
case SHOW_TRANSACTIONS:
case ABORT_TRANSACTIONS:
case ABORT_COMPACTION:
case SET:
case RESET:
case DFS:
Expand Down
5 changes: 2 additions & 3 deletions ...c/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerBase.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@
import java.util.List;

import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
import org.apache.hadoop.hive.ql.security.authorization.plugin.AbstractHiveAuthorizer;
import org.apache.hadoop.hive.ql.security.authorization.plugin.DisallowTransformHook;
Expand Down Expand Up @@ -100,14 +99,14 @@ public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPl
// from SQLStdHiveAccessController.applyAuthorizationConfigPolicy()
if (mSessionContext != null && mSessionContext.getClientType() == CLIENT_TYPE.HIVESERVER2) {
// Configure PREEXECHOOKS with DisallowTransformHook to disallow transform queries
String hooks = hiveConf.getVar(ConfVars.PREEXECHOOKS).trim();
String hooks = hiveConf.getVar(HiveConf.getConfVars("hive.exec.pre.hooks")).trim();
if (hooks.isEmpty()) {
hooks = DisallowTransformHook.class.getName();
} else {
hooks = hooks + "," + DisallowTransformHook.class.getName();
}

hiveConf.setVar(ConfVars.PREEXECHOOKS, hooks);
hiveConf.setVar(HiveConf.getConfVars("hive.exec.pre.hooks"), hooks);

SettableConfigUpdater.setHiveConfWhiteList(hiveConf);
}
Expand Down
4 changes: 2 additions & 2 deletions hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ public static void setup() throws Exception {

// Warehouse
File warehouseDir = new File("./target/hdfs/warehouse").getAbsoluteFile();
conf.set(HiveConf.ConfVars.METASTOREWAREHOUSE.varname, warehouseDir.getPath());
conf.set(HiveConf.getConfVars("hive.metastore.warehouse.dir").varname, warehouseDir.getPath());

// Scratchdir
File scratchDir = new File("./target/hdfs/scratchdir").getAbsoluteFile();
Expand All @@ -90,7 +90,7 @@ public static void setup() throws Exception {

// Create a temporary directory for the Hive metastore
File metastoreDir = new File("./metastore_db/").getAbsoluteFile();
conf.set(HiveConf.ConfVars.METASTORECONNECTURLKEY.varname,
conf.set(HiveConf.getConfVars("javax.jdo.option.ConnectionURL").varname,
String.format("jdbc:derby:;databaseName=%s;create=true", metastoreDir.getPath()));

conf.set(HiveConf.ConfVars.METASTORE_AUTO_CREATE_ALL.varname, "true");
Expand Down
18 changes: 18 additions & 0 deletions hive-agent/src/test/java/org/apache/ranger/services/hive/RangerHiveOperationType.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@

public enum RangerHiveOperationType {
CREATEDATABASE,
CREATEDATACONNECTOR,
CREATEFUNCTION,
CREATETABLE,
CREATEVIEW,
Expand Down Expand Up @@ -56,6 +57,12 @@ public enum RangerHiveOperationType {
ALTERTABLE_MERGEFILES,
ALTERTABLE_PARTCOLTYPE,
ALTERTABLE_PROPERTIES,
ALTERTABLE_SETPARTSPEC,
ALTERTABLE_EXECUTE,
ALTERTABLE_CONVERT,
ALTERDATACONNECTOR,
ALTERDATACONNECTOR_OWNER,
ALTERDATACONNECTOR_URL,
ALTERTABLE_PROTECTMODE,
ALTERTABLE_RENAME,
ALTERTABLE_RENAMECOL,
Expand All @@ -69,6 +76,10 @@ public enum RangerHiveOperationType {
ALTERTABLE_UPDATEPARTSTATS,
ALTERTABLE_UPDATETABLESTATS,
ALTERTABLE_UPDATECOLUMNS,
ALTERTABLE_CREATEBRANCH,
ALTERTABLE_DROPBRANCH,
ALTERTABLE_CREATETAG,
ALTERTABLE_DROPTAG,
ALTERTABLE_EXCHANGEPARTITION,
ALTERTABLE_OWNER,
ALTERTBLPART_SKEWED_LOCATION,
Expand All @@ -77,18 +88,22 @@ public enum RangerHiveOperationType {
ALTERVIEW_RENAME,
ALTER_RESOURCEPLAN,
ALTER_MATERIALIZED_VIEW_REWRITE,
ALTER_MATERIALIZED_VIEW_REBUILD,
ALTER_MAPPING,
ALTER_TRIGGER,
ALTER_POOL,
ALTER_SCHEDULED_QUERY,
DROPVIEW_PROPERTIES,
PREPARE,
EXECUTE,
MSCK,
DROPFUNCTION,
DROPINDEX,
DROPTABLE,
DROPVIEW,
DROP_MATERIALIZED_VIEW,
DROPDATABASE,
DROPDATACONNECTOR,
DROP_RESOURCEPLAN,
DROP_TRIGGER,
DROP_POOL,
Expand All @@ -110,8 +125,10 @@ public enum RangerHiveOperationType {
SHOWCOLUMNS,
DESCTABLE,
SHOWDATABASES,
SHOWDATACONNECTORS,
SWITCHDATABASE,
DESCDATABASE,
DESCDATACONNECTOR,
SHOWTABLES,
TRUNCATETABLE,
GRANT_PRIVILEGE,
Expand Down Expand Up @@ -160,6 +177,7 @@ public enum RangerHiveOperationType {
SHOW_ROLE_PRINCIPALS,
SHOW_TRANSACTIONS,
ABORT_TRANSACTIONS,
ABORT_COMPACTION,
START_TRANSACTION,
REPLDUMP,
REPLLOAD,
Expand Down
3 changes: 2 additions & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@
<ozone.version>1.4.0</ozone.version>
<hamcrest.version>2.2</hamcrest.version>
<hbase.version>2.6.0</hbase.version>
<hive.version>3.1.3</hive.version>
<hive.version>4.0.1</hive.version>
<hive.storage-api.version>2.7.2</hive.storage-api.version>
<orc.version>1.5.8</orc.version>
<aircompressor.version>0.27</aircompressor.version>
Expand All @@ -145,6 +145,7 @@
<javax-inject.version>1</javax-inject.version>
<javax.annotation-api>1.3.2</javax.annotation-api>
<javax.el.version>3.0.1-b12</javax.el.version>
<javax.validation>2.0.1.Final</javax.validation>
<jaxb.api.version>2.3.1</jaxb.api.version>
<jericho.html.version>3.3</jericho.html.version>
<jersey-bundle.version>1.19.4</jersey-bundle.version>
Expand Down

0 comments on commit 50f75d7

Please sign in to comment.