Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce Hive AccessControlMetadata #972

Conversation

2 participants
@kokosing
Copy link
Member

commented Jun 12, 2019

No description provided.

@cla-bot cla-bot bot added the cla-signed label Jun 12, 2019

@kokosing kokosing changed the title \ Introduce Hive AccessControlMetadata Jun 12, 2019

@kokosing kokosing requested a review from electrum Jun 12, 2019

@kokosing

This comment has been minimized.

Copy link
Member Author

commented Jun 12, 2019

Fixes #971

@Override
public void createRole(ConnectorSession session, String role, Optional<HivePrincipal> grantor)
{
// roles are case insensitive in Hive

This comment has been minimized.

Copy link
@electrum

electrum Jun 30, 2019

Member

This comment is confusing, because the code here seems to be case sensitive.

This comment has been minimized.

Copy link
@kokosing

kokosing Jul 3, 2019

Author Member

Correct. It looks like a bug that existed before. Let me fix that in separate PR.

This comment has been minimized.

Copy link
@kokosing
@Override
public List<GrantInfo> listTablePrivileges(ConnectorSession session, List<SchemaTableName> tableNames)
{
Set<HivePrincipal> principals = listEnabledPrincipals(metastore, session.getIdentity())

This comment has been minimized.

Copy link
@electrum

electrum Jun 30, 2019

Member

Both usages collect to a set. I'd change the method to return a set.

This comment has been minimized.

Copy link
@kokosing

kokosing Jul 3, 2019

Author Member

This method listEnabledPrincipals is also used to verify if user has an access to a table. Populating whole set all the time may affect query semantic analysis time.


import io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore;

public class StaticAccessControlMetadataFactory

This comment has been minimized.

Copy link
@electrum

electrum Jun 30, 2019

Member

Let's put this inside StaticAccessControlMetadataModule so that it's consistent with SqlStandardAccessControlMetadataFactory.

This comment has been minimized.

Copy link
@kokosing

kokosing Jul 3, 2019

Author Member

I inlined that.

Introduce Hive AccessControlMetadata
Thanks to this we can modify and access security access control metadata
depending on which security model is used in Hive Connector.

@kokosing kokosing force-pushed the kokosing:origin/master/128_access_control_metadata branch 2 times, most recently from dc5cdd3 to 80368b5 Jul 3, 2019

@kokosing kokosing merged commit 294200c into prestosql:master Jul 4, 2019

2 checks passed

Travis CI - Pull Request Build Passed
Details
verification/cla-signed
Details

@kokosing kokosing deleted the kokosing:origin/master/128_access_control_metadata branch Jul 4, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.