Impala
Impalaistheopensource,nativeanalyticdatabaseforApacheHadoop.
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros
PrivilegeSpec.java
Go to the documentation of this file.
1 // Copyright 2014 Cloudera Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 package com.cloudera.impala.analysis;
16 
17 import com.cloudera.impala.authorization.Privilege;
18 import com.cloudera.impala.catalog.RolePrivilege;
19 import com.cloudera.impala.common.AnalysisException;
20 import com.cloudera.impala.thrift.TPrivilege;
21 import com.cloudera.impala.thrift.TPrivilegeLevel;
22 import com.cloudera.impala.thrift.TPrivilegeScope;
23 import com.google.common.base.Preconditions;
24 import com.google.common.base.Strings;
25 
29 public class PrivilegeSpec implements ParseNode {
30  private final TPrivilegeScope scope_;
31  private final TPrivilegeLevel privilegeLevel_;
32  private final TableName tableName_;
33  private final HdfsUri uri_;
34 
35  // Set/modified during analysis
36  private String dbName_;
37  private String serverName_;
38 
39  private PrivilegeSpec(TPrivilegeLevel privilegeLevel, TPrivilegeScope scope,
40  String dbName, TableName tableName, HdfsUri uri) {
41  Preconditions.checkNotNull(scope);
42  Preconditions.checkNotNull(privilegeLevel);
43  privilegeLevel_ = privilegeLevel;
44  scope_ = scope;
45  tableName_ = tableName;
46  dbName_ = (tableName_ != null ? tableName_.getDb() : dbName);
47  uri_ = uri;
48  }
49 
50  public static PrivilegeSpec createServerScopedPriv(TPrivilegeLevel privilegeLevel) {
51  return new PrivilegeSpec(privilegeLevel, TPrivilegeScope.SERVER, null, null, null);
52  }
53 
54  public static PrivilegeSpec createDbScopedPriv(TPrivilegeLevel privilegeLevel,
55  String dbName) {
56  Preconditions.checkNotNull(dbName);
57  return new PrivilegeSpec(privilegeLevel, TPrivilegeScope.DATABASE, dbName, null,
58  null);
59  }
60 
61  public static PrivilegeSpec createTableScopedPriv(TPrivilegeLevel privilegeLevel,
62  TableName tableName) {
63  Preconditions.checkNotNull(tableName);
64  return new PrivilegeSpec(privilegeLevel, TPrivilegeScope.TABLE, null, tableName,
65  null);
66  }
67 
68  public static PrivilegeSpec createUriScopedPriv(TPrivilegeLevel privilegeLevel,
69  HdfsUri uri) {
70  Preconditions.checkNotNull(uri);
71  return new PrivilegeSpec(privilegeLevel, TPrivilegeScope.URI, null, null, uri);
72  }
73 
74  public TPrivilege toThrift() {
75  TPrivilege privilege = new TPrivilege();
76  privilege.setScope(scope_);
77  privilege.setServer_name(serverName_);
78  // We don't currently filter on privilege level, so set it to an arbitrary value.
79  privilege.setPrivilege_level(privilegeLevel_);
80  if (dbName_ != null) privilege.setDb_name(dbName_);
81  if (tableName_ != null) privilege.setTable_name(tableName_.getTbl());
82  if (uri_ != null) privilege.setUri(uri_.toString());
83  privilege.setPrivilege_name(
84  RolePrivilege.buildRolePrivilegeName(privilege));
85  privilege.setCreate_time_ms(-1);
86  return privilege;
87  }
88 
89  @Override
90  public String toSql() {
91  StringBuilder sb = new StringBuilder(privilegeLevel_.toString());
92  sb.append(" ON ");
93  sb.append(scope_.toString());
94  if (scope_ == TPrivilegeScope.DATABASE) {
95  sb.append(" " + dbName_);
96  } else if (scope_ == TPrivilegeScope.TABLE) {
97  sb.append(" " + tableName_.toString());
98  } else if (scope_ == TPrivilegeScope.URI) {
99  sb.append(" '" + uri_.getLocation() + "'");
100  }
101  return sb.toString();
102  }
103 
104  @Override
105  public void analyze(Analyzer analyzer) throws AnalysisException {
106  serverName_ = analyzer.getAuthzConfig().getServerName();
107  Preconditions.checkState(!Strings.isNullOrEmpty(serverName_));
108 
109  if (scope_ != null) {
110  switch (scope_) {
111  case SERVER:
112  if (privilegeLevel_ != TPrivilegeLevel.ALL) {
113  throw new AnalysisException("Only 'ALL' privilege may be applied at " +
114  "SERVER scope in privilege spec.");
115  }
116  break;
117  case DATABASE:
118  if (Strings.isNullOrEmpty(dbName_)) {
119  throw new AnalysisException("Database name in privilege spec cannot " +
120  "be empty");
121  }
122  break;
123  case URI:
124  if (privilegeLevel_ != TPrivilegeLevel.ALL) {
125  throw new AnalysisException("Only 'ALL' privilege may be applied at " +
126  "URI scope in privilege spec.");
127  }
128  uri_.analyze(analyzer, Privilege.ALL, false);
129  break;
130  case TABLE:
131  if (Strings.isNullOrEmpty(tableName_.getTbl())) {
132  throw new AnalysisException("Table name in privilege spec cannot be " +
133  "empty");
134  }
135  dbName_ = analyzer.getTargetDbName(tableName_);
136  Preconditions.checkNotNull(dbName_);
137  break;
138  default:
139  throw new IllegalStateException("Unknown TPrivilegeScope in privilege spec: " +
140  scope_.toString());
141  }
142  }
143  }
144 }
com.cloudera.impala.analysis.PrivilegeSpec.PrivilegeSpec
PrivilegeSpec(TPrivilegeLevel privilegeLevel, TPrivilegeScope scope, String dbName, TableName tableName, HdfsUri uri)
Definition: PrivilegeSpec.java:39
com.cloudera.impala.analysis.PrivilegeSpec.createTableScopedPriv
static PrivilegeSpec createTableScopedPriv(TPrivilegeLevel privilegeLevel, TableName tableName)
Definition: PrivilegeSpec.java:61
com.cloudera.impala.analysis.PrivilegeSpec.createDbScopedPriv
static PrivilegeSpec createDbScopedPriv(TPrivilegeLevel privilegeLevel, String dbName)
Definition: PrivilegeSpec.java:54
com.cloudera.impala.analysis.PrivilegeSpec.createServerScopedPriv
static PrivilegeSpec createServerScopedPriv(TPrivilegeLevel privilegeLevel)
Definition: PrivilegeSpec.java:50
com.cloudera.impala.analysis.PrivilegeSpec.createUriScopedPriv
static PrivilegeSpec createUriScopedPriv(TPrivilegeLevel privilegeLevel, HdfsUri uri)
Definition: PrivilegeSpec.java:68