Move Hive legacy security config to separate class

presto-docs/src/main/sphinx/connector/hive-security.rst

@@ -12,8 +12,10 @@ property must be one of the following values:
 ================================================== ============================================================
 Property Value                                     Description
 ================================================== ============================================================
-``legacy`` (default value)                         No authorization checks are enforced, thus allowing any
-                                                   operation.
+``legacy`` (default value)                         Few authorization checks are enforced, thus allowing most
+                                                   operations. The config properties ``hive.allow-drop-table``,
+                                                   ``hive.allow-rename-table``, ``hive.allow-add-column`` and
+                                                   ``hive.allow-rename-column`` are used.
 
 ``read-only``                                      Operations that read data or metadata, such as ``SELECT``,
                                                    are permitted, but none of the operations that write data or

presto-docs/src/main/sphinx/connector/hive.rst

@@ -137,10 +137,6 @@ Property Name                                      Description
                                                    installations where Presto is collocated with every
                                                    DataNode.
 
-``hive.allow-drop-table``                          Allow the Hive connector to drop tables.                     ``false``
-
-``hive.allow-rename-table``                        Allow the Hive connector to rename tables.                   ``false``
-
 ``hive.respect-table-format``                      Should new partitions be written using the existing table    ``true``
                                                    format or the default Presto format?
 

presto-hive/src/main/java/com/facebook/presto/hive/HiveClientConfig.java

@@ -61,11 +61,6 @@ public class HiveClientConfig
 
     private int maxConcurrentFileRenames = 20;
 
-    private boolean allowAddColumn;
-    private boolean allowDropTable;
-    private boolean allowRenameTable;
-    private boolean allowRenameColumn;
-
     private boolean allowCorruptWritesForTesting;
 
     private Duration metastoreCacheTtl = new Duration(1, TimeUnit.HOURS);
@@ -270,32 +265,6 @@ public HiveClientConfig setMaxSplitIteratorThreads(int maxSplitIteratorThreads)
         return this;
     }
 
-    public boolean getAllowRenameTable()
-    {
-        return this.allowRenameTable;
-    }
-
-    @Config("hive.allow-rename-table")
-    @ConfigDescription("Allow hive connector to rename table")
-    public HiveClientConfig setAllowRenameTable(boolean allowRenameTable)
-    {
-        this.allowRenameTable = allowRenameTable;
-        return this;
-    }
-
-    public boolean getAllowRenameColumn()
-    {
-        return this.allowRenameColumn;
-    }
-
-    @Config("hive.allow-rename-column")
-    @ConfigDescription("Allow hive connector to rename column")
-    public HiveClientConfig setAllowRenameColumn(boolean allowRenameColumn)
-    {
-        this.allowRenameColumn = allowRenameColumn;
-        return this;
-    }
-
     @Deprecated
     public boolean getAllowCorruptWritesForTesting()
     {
@@ -311,32 +280,6 @@ public HiveClientConfig setAllowCorruptWritesForTesting(boolean allowCorruptWrit
         return this;
     }
 
-    public boolean getAllowAddColumn()
-    {
-        return this.allowAddColumn;
-    }
-
-    @Config("hive.allow-add-column")
-    @ConfigDescription("Allow Hive connector to add column")
-    public HiveClientConfig setAllowAddColumn(boolean allowAddColumn)
-    {
-        this.allowAddColumn = allowAddColumn;
-        return this;
-    }
-
-    public boolean getAllowDropTable()
-    {
-        return this.allowDropTable;
-    }
-
-    @Config("hive.allow-drop-table")
-    @ConfigDescription("Allow Hive connector to drop table")
-    public HiveClientConfig setAllowDropTable(boolean allowDropTable)
-    {
-        this.allowDropTable = allowDropTable;
-        return this;
-    }
-
     @NotNull
     public Duration getMetastoreCacheTtl()
     {

presto-hive/src/main/java/com/facebook/presto/hive/security/LegacyAccessControl.java

@@ -13,7 +13,6 @@
  */
 package com.facebook.presto.hive.security;
 
-import com.facebook.presto.hive.HiveClientConfig;
 import com.facebook.presto.hive.HiveTransactionHandle;
 import com.facebook.presto.hive.metastore.SemiTransactionalHiveMetastore;
 import com.facebook.presto.hive.metastore.Table;
@@ -46,14 +45,15 @@ public class LegacyAccessControl
     @Inject
     public LegacyAccessControl(
             Function<HiveTransactionHandle, SemiTransactionalHiveMetastore> metastoreProvider,
-            HiveClientConfig hiveClientConfig)
+            LegacySecurityConfig securityConfig)
     {
-        requireNonNull(hiveClientConfig, "hiveClientConfig is null");
-        allowDropTable = hiveClientConfig.getAllowDropTable();
-        allowRenameTable = hiveClientConfig.getAllowRenameTable();
-        allowAddColumn = hiveClientConfig.getAllowAddColumn();
-        allowRenameColumn = hiveClientConfig.getAllowRenameColumn();
         this.metastoreProvider = requireNonNull(metastoreProvider, "metastoreProvider is null");
+
+        requireNonNull(securityConfig, "securityConfig is null");
+        allowDropTable = securityConfig.getAllowDropTable();
+        allowRenameTable = securityConfig.getAllowRenameTable();
+        allowAddColumn = securityConfig.getAllowAddColumn();
+        allowRenameColumn = securityConfig.getAllowRenameColumn();
     }
 
     @Override

presto-hive/src/main/java/com/facebook/presto/hive/security/LegacySecurityConfig.java

@@ -0,0 +1,77 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.facebook.presto.hive.security;
+
+import io.airlift.configuration.Config;
+import io.airlift.configuration.ConfigDescription;
+
+public class LegacySecurityConfig
+{
+    private boolean allowAddColumn;
+    private boolean allowDropTable;
+    private boolean allowRenameTable;
+    private boolean allowRenameColumn;
+
+    public boolean getAllowAddColumn()
+    {
+        return this.allowAddColumn;
+    }
+
+    @Config("hive.allow-add-column")
+    @ConfigDescription("Allow Hive connector to add column")
+    public LegacySecurityConfig setAllowAddColumn(boolean allowAddColumn)
+    {
+        this.allowAddColumn = allowAddColumn;
+        return this;
+    }
+
+    public boolean getAllowDropTable()
+    {
+        return this.allowDropTable;
+    }
+
+    @Config("hive.allow-drop-table")
+    @ConfigDescription("Allow Hive connector to drop table")
+    public LegacySecurityConfig setAllowDropTable(boolean allowDropTable)
+    {
+        this.allowDropTable = allowDropTable;
+        return this;
+    }
+
+    public boolean getAllowRenameTable()
+    {
+        return this.allowRenameTable;
+    }
+
+    @Config("hive.allow-rename-table")
+    @ConfigDescription("Allow Hive connector to rename table")
+    public LegacySecurityConfig setAllowRenameTable(boolean allowRenameTable)
+    {
+        this.allowRenameTable = allowRenameTable;
+        return this;
+    }
+
+    public boolean getAllowRenameColumn()
+    {
+        return this.allowRenameColumn;
+    }
+
+    @Config("hive.allow-rename-column")
+    @ConfigDescription("Allow Hive connector to rename column")
+    public LegacySecurityConfig setAllowRenameColumn(boolean allowRenameColumn)
+    {
+        this.allowRenameColumn = allowRenameColumn;
+        return this;
+    }
+}

presto-hive/src/main/java/com/facebook/presto/hive/security/LegacySecurityModule.java

@@ -18,12 +18,15 @@
 import com.google.inject.Module;
 import com.google.inject.Scopes;
 
+import static io.airlift.configuration.ConfigBinder.configBinder;
+
 public class LegacySecurityModule
         implements Module
 {
     @Override
     public void configure(Binder binder)
     {
+        configBinder(binder).bindConfig(LegacySecurityConfig.class);
         binder.bind(ConnectorAccessControl.class).to(LegacyAccessControl.class).in(Scopes.SINGLETON);
     }
 }

presto-hive/src/test/java/com/facebook/presto/hive/HiveQueryRunner.java

@@ -101,10 +101,6 @@ public static DistributedQueryRunner createQueryRunner(Iterable<TpchTable<?>> ta
             Map<String, String> hiveProperties = ImmutableMap.<String, String>builder()
                     .putAll(extraHiveProperties)
                     .put("hive.metastore.uri", "thrift://localhost:8080")
-                    .put("hive.allow-add-column", "true")
-                    .put("hive.allow-drop-table", "true")
-                    .put("hive.allow-rename-table", "true")
-                    .put("hive.allow-rename-column", "true")
                     .put("hive.time-zone", TIME_ZONE.getID())
                     .put("hive.security", security)
                     .build();

presto-hive/src/test/java/com/facebook/presto/hive/TestHiveClientConfig.java

@@ -40,10 +40,6 @@ public void testDefaults()
                 .setMaxSplitSize(new DataSize(64, Unit.MEGABYTE))
                 .setMaxOutstandingSplits(1_000)
                 .setMaxSplitIteratorThreads(1_000)
-                .setAllowAddColumn(false)
-                .setAllowDropTable(false)
-                .setAllowRenameTable(false)
-                .setAllowRenameColumn(false)
                 .setAllowCorruptWritesForTesting(false)
                 .setMetastoreCacheTtl(new Duration(1, TimeUnit.HOURS))
                 .setMetastoreRefreshInterval(new Duration(1, TimeUnit.SECONDS))
@@ -117,10 +113,6 @@ public void testExplicitPropertyMappings()
                 .put("hive.max-split-size", "256MB")
                 .put("hive.max-outstanding-splits", "10")
                 .put("hive.max-split-iterator-threads", "10")
-                .put("hive.allow-add-column", "true")
-                .put("hive.allow-drop-table", "true")
-                .put("hive.allow-rename-table", "true")
-                .put("hive.allow-rename-column", "true")
                 .put("hive.allow-corrupt-writes-for-testing", "true")
                 .put("hive.metastore-cache-ttl", "2h")
                 .put("hive.metastore-refresh-interval", "30m")
@@ -191,10 +183,6 @@ public void testExplicitPropertyMappings()
                 .setMaxSplitSize(new DataSize(256, Unit.MEGABYTE))
                 .setMaxOutstandingSplits(10)
                 .setMaxSplitIteratorThreads(10)
-                .setAllowAddColumn(true)
-                .setAllowDropTable(true)
-                .setAllowRenameTable(true)
-                .setAllowRenameColumn(true)
                 .setAllowCorruptWritesForTesting(true)
                 .setMetastoreCacheTtl(new Duration(2, TimeUnit.HOURS))
                 .setMetastoreRefreshInterval(new Duration(30, TimeUnit.MINUTES))

presto-hive/src/test/java/com/facebook/presto/hive/security/TestLegacySecurityConfig.java

@@ -0,0 +1,55 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.facebook.presto.hive.security;
+
+import com.google.common.collect.ImmutableMap;
+import org.testng.annotations.Test;
+
+import java.util.Map;
+
+import static io.airlift.configuration.testing.ConfigAssertions.assertFullMapping;
+import static io.airlift.configuration.testing.ConfigAssertions.assertRecordedDefaults;
+import static io.airlift.configuration.testing.ConfigAssertions.recordDefaults;
+
+public class TestLegacySecurityConfig
+{
+    @Test
+    public void testDefaults()
+    {
+        assertRecordedDefaults(recordDefaults(LegacySecurityConfig.class)
+                .setAllowAddColumn(false)
+                .setAllowDropTable(false)
+                .setAllowRenameTable(false)
+                .setAllowRenameColumn(false));
+    }
+
+    @Test
+    public void testExplicitPropertyMappings()
+    {
+        Map<String, String> properties = new ImmutableMap.Builder<String, String>()
+                .put("hive.allow-add-column", "true")
+                .put("hive.allow-drop-table", "true")
+                .put("hive.allow-rename-table", "true")
+                .put("hive.allow-rename-column", "true")
+                .build();
+
+        LegacySecurityConfig expected = new LegacySecurityConfig()
+                .setAllowAddColumn(true)
+                .setAllowDropTable(true)
+                .setAllowRenameTable(true)
+                .setAllowRenameColumn(true);
+
+        assertFullMapping(properties, expected);
+    }
+}

presto-product-tests/conf/presto/etc/environment-specific-catalogs/singlenode-kerberos-hdfs-impersonation/hive.properties

@@ -8,11 +8,7 @@
 connector.name=hive-cdh5
 hive.metastore.uri=thrift://hadoop-master:9083
 hive.metastore.thrift.client.socks-proxy=hadoop-master:1080
-hive.allow-drop-table=true
-hive.allow-rename-table=true
 hive.metastore-cache-ttl=0s
-hive.allow-add-column=true
-hive.allow-rename-column=true
 
 hive.metastore.authentication.type=KERBEROS
 hive.metastore.service.principal=hive/hadoop-master@LABS.TERADATA.COM