Hive Privilege 分析

Hive Privilege 分析

Hive Privilege 是 Hive 权限系统的基础。

PrivilegeType 权限类型

权限类型的枚举，以及根据 token 和名称返回 PrivilegeType 的静态方法。

public enum PrivilegeType {

  ALL(HiveParser.TOK_PRIV_ALL, "All"),
  ALTER_DATA(HiveParser.TOK_PRIV_ALTER_DATA, "Update"),
  ALTER_metaDATA(HiveParser.TOK_PRIV_ALTER_metaDATA, "Alter"),
  CREATE(HiveParser.TOK_PRIV_CREATE, "Create"),
  DROP(HiveParser.TOK_PRIV_DROP, "Drop"),
  LOCK(HiveParser.TOK_PRIV_LOCK, "Lock"),
  SELECT(HiveParser.TOK_PRIV_SELECT, "Select"),
  SHOW_DATAbase(HiveParser.TOK_PRIV_SHOW_DATAbase, "Show_Database"),
  INSERT(HiveParser.TOK_PRIV_INSERT, "Insert"),
  DELETE(HiveParser.TOK_PRIV_DELETE, "Delete"),
  UNKNOWN(null, null);

  private final String name;
  private final Integer token;

  PrivilegeType(Integer token, String name){
    this.name = name;
    this.token = token;
  }

  @Override
  public String toString(){
    return name == null ? "unkown" : name;
  }

  public Integer getToken() {
    return token;
  }

  private static Map token2Type;
  private static Map name2Type;

  // 根据 token 返回权限类型
  public static PrivilegeType getPrivTypeByToken(int token) {
    // omit implements.
  }

  // 根据名称返回权限类型
  public static PrivilegeType getPrivTypeByName(String privilegeName) {
    // omit implements.
  }
}

PrivilegeScope 权限的作用范围

定义了 4 种范围：用户级别，数据库级别，表级别和字段级别。定义了两个枚举集合：ALLSCOPE 是所有范围，ALLSCOPE_EXCEPT_COLUMN 是除字段外的其他范围。

public enum PrivilegeScope {
  // 用户级别
  USER_LEVEL_SCOPE((short) 0x01), 
  // 数据库级别
  DB_LEVEL_SCOPE((short) 0x02), 
  // 表级别
  TABLE_LEVEL_SCOPE((short) 0x04), 
  // 字段级别
  COLUMN_LEVEL_SCOPE((short) 0x08);

  private short mode;

  private PrivilegeScope(short mode) {
    this.mode = mode;
  }

  public short getMode() {
    return mode;
  }

  public void setMode(short mode) {
    this.mode = mode;
  }
  
  public static EnumSet ALLSCOPE = EnumSet.of(
      PrivilegeScope.USER_LEVEL_SCOPE, PrivilegeScope.DB_LEVEL_SCOPE,
      PrivilegeScope.TABLE_LEVEL_SCOPE, PrivilegeScope.COLUMN_LEVEL_SCOPE);

  public static EnumSet ALLSCOPE_EXCEPT_COLUMN = EnumSet.of(
      PrivilegeScope.USER_LEVEL_SCOPE, PrivilegeScope.DB_LEVEL_SCOPE,
      PrivilegeScope.TABLE_LEVEL_SCOPE);

}

Privilege 权限

每个权限有权限类型和权限支持的范围两个变量。Privilege 不是枚举，但是定义了若干个静态变量。

public class Privilege {

  private PrivilegeType priv;

  private EnumSet supportedScopeSet;

  private Privilege(PrivilegeType priv, EnumSet scopeSet) {
    super();
    this.priv = priv;
    this.supportedScopeSet = scopeSet;
  }

  public Privilege(PrivilegeType priv) {
    super();
    this.priv = priv;

  }

  public PrivilegeType getPriv() {
    return priv;
  }

  public void setPriv(PrivilegeType priv) {
    this.priv = priv;
  }

  public boolean supportColumnLevel() {
    return supportedScopeSet != null
        && supportedScopeSet.contains(PrivilegeScope.COLUMN_LEVEL_SCOPE);
  }

  public boolean supportDBLevel() {
    return supportedScopeSet != null
        && supportedScopeSet.contains(PrivilegeScope.DB_LEVEL_SCOPE);
  }

  public boolean supportTableLevel() {
    return supportedScopeSet != null
        && supportedScopeSet.contains(PrivilegeScope.TABLE_LEVEL_SCOPE);
  }

  public List getScopeList() {
    if (supportedScopeSet == null) {
      return null;
    }
    List scopes = new ArrayList();
    for (PrivilegeScope scope : supportedScopeSet) {
      scopes.add(scope.name());
    }
    return scopes;
  }

  @Override
  public String toString() {
    return this.getPriv().toString();
  }

  public Privilege() {
  }

  public static Privilege ALL = new Privilege(PrivilegeType.ALL,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege ALTER_metaDATA = new Privilege(PrivilegeType.ALTER_metaDATA,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege ALTER_DATA = new Privilege(PrivilegeType.ALTER_DATA,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege CREATE = new Privilege(PrivilegeType.CREATE,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege DROP = new Privilege(PrivilegeType.DROP,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege LOCK = new Privilege(PrivilegeType.LOCK,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege SELECT = new Privilege(PrivilegeType.SELECT,
      PrivilegeScope.ALLSCOPE);

  public static Privilege INSERT = new Privilege(PrivilegeType.INSERT,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege DELETE = new Privilege(PrivilegeType.DELETE,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege SHOW_DATAbase = new Privilege(PrivilegeType.SHOW_DATAbase,
      EnumSet.of(PrivilegeScope.USER_LEVEL_SCOPE));

}

HiveOperation

HiveOperation 定义了所有的 Hive *** 作。每个 *** 作有 *** 作名，需要的输入权限和输出权限，是否允许在事务中，需要开启事务。
如 COMMIT，ROLLBACK 允许在事务中，并且需要开启事务。
SHOWTABLES，SHOWCOLUMNS，SHOW_TABLESTATUS，SHOW_TBLPROPERTIES，SHOWVIEWS，SHOWLOCKS，SHOW_GRANT，SHOW_ROLES，SET_AUTOCOMMIT 允许在事务中，但是不需要开启事务。

  
enum HiveOperation {
  private String operationName;

  private Privilege[] inputRequiredPrivileges;

  private Privilege[] outputRequiredPrivileges;

  private final boolean allowedInTransaction;
  private final boolean requiresOpenTransaction;
}