On the hive user maillist today, someone asked the show current roles command question:
i am trying to run ' Show current Roles ' on Apache hive 0.13.1 but getting following error,hive> SHOW CURRENT ROLES; error in role operation show_current_role on role name null, error message unkown role operation show_current_rolefailed: execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.ddltaskcan someone tell me whether this command is supported on apache hive 0.13.1 or not. if it is supported the what could be the issue. Any pointer would be really helpful.
in my impression, this command should not exist. manually run a bit, sure enough error, look closely at the log, you can see the command can complete the parse and analyzer stage, run the error,
as I understand it, if SQL does not support it, it should go wrong in the parse phase.
14/11/20 11:22:55 info ql. Driver: starting command: show current roles14/11/20 11:22:55 info log . perflogger: </perflog method=timetosubmit start=1416453775411 end=1416453775795 Duration=384 from=org.apache.hadoop.hive.ql.driver>14/11/20 11:22:55 info log. perflogger: <perflog method=runtasks from=org.apache.hadoop.hive.ql.driver>14/11/20 11:22:55 info log. Perflogger: <perflog method=task. Ddl. Stage-0 from=org.apache.hadoop.hive.ql.driver>error in role operation show_current _role on role name null, error message unkown role operation show_current_role14/11/20 11:22:55 error exec. Task: error in role operation show_current_role on role name null , error message unkown role operation show_current_rolefailed: execution error, return code 1 from Org.apache.hadoop.hive.ql.exec.ddltask14/11/20 11:22:55 error ql. driver: failed: execution error, return code 1 from Org.apache.hadoop.hive.ql.exec.ddltask14/11/20 11:22:55 debug ql. Driver: shutting down query show current roles
private int roleddl (ROLEDDLDESC&NBSP;ROLEDDLDESC) throws hiveexception, ioexception { if (SessionState.get (). IsAuthorizationModeV2 ()) { return roleddlv2 (ROLEDDLDESC); // If it is V2 authentication method, call roleddlv2 } ....
private int roleddlv2 (RoleDDLDesc &NBSP;ROLEDDLDESC) throws HiveException, IOException { Hiveauthorizer authorizer = sessionstate.get (). GetAuthorizerV2 (); Roleddldesc.roleoperation operation = roleddldesc.getoperation (); //call the appropriate hive authorizer function switch (operation) { ... case show_current_role: list<string> rolenames = authorizer.getcurrentrolenames (); Writelisttofileaftersort (Rolenames, roleddldesc.getresfile ()); break; ...
that is, show current role this syntax in V2 support, then when Sessionstate.get (). IsAuthorizationModeV2 () is true? Take a look at the sessionstate class, isAuthorizationModeV2 call Getauthorizationmode,getauthorizationmode call Setupauth:
public authorizationmode getauthorizationmode () { setupauth (); //calls Setupauth class settings Authorizer and Authorizerv2 if ( Authorizer != null) { return authorizationmode.v1; }else if (authorizerv2 != null) { return authorizationmode.v2; } //should not happen - this should not get called before this.start () is called throw new assertionerror ("authorization plugins not Initialized! "); } public boolean isauthorizationmodev2 () { return Getauthorizationmode () == authorizationmode.v2; }
If you want Authorizationmode.v2 to be set up, you need to make Authorizer null,authorizerv2 not NULL, set
Authorizer and AuthorizerV2 are implemented in the Setupauth method: private hiveauthorizationprovider authorizer; private hiveauthorizer authorizerv2;... private void setupauth () { if (authenticator != null) { // auth has been initialized return; } try {... authorizer = Hiveutils.getauthorizeprovidermanager (conf, Hiveconf.confvars.hive_authorization_manager, authenticator, true); // hive.security.authorization.manager Default is org.apache.hadoop.hive.ql.security.authorization.defaulthiveauthorizationprovider if (authorizer == null) {&nbsIf the value of P;//authorizer is null, there is a chance to return V2 // if it was null, the new authorization plugin must be specified in // config Hiveauthorizerfactory authorizerfactory = hiveutils.getauthorizerfactory (conf, hiveconf.confvars.hive_authorization_manager); authorizerV2 = Authorizerfactory.createhiveauthorizer (New hivemetastoreclientfactoryimpl (), conf, authenticator); authorizerv2.applyauthorizationconfigpolicy (conf); create the create table grants with new config createtablegrants = Createtableautomaticgrant.create (conf); }.
because Hive.security.authorization.manager defaults to Org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProv Ider, so for Authorizer for V1, you need to let Hiveutils.getauthorizeprovidermanager return NULL if you want to set to V2
The specific implementation class of the authorizer that can be obtained in Hiveutils.getauthorizeprovidermanager
public static hiveauthorizationprovider getauthorizeprovidermanager ( configuration conf, hiveconf.confvars authorizationproviderconfkey, HiveAuthenticationProvider authenticator, boolean Nullifotherclass) throws HiveException { String clsStr = Hiveconf.getvar (Conf, authorizationproviderconfkey); //gets the class name from the settings of the Hive.security.authorization.manager hiveauthorizationprovider ret = null; try { class<? extends hiveauthorizationprovider> cls = null; if (clsstr == null | | clsstr.trim (). Equals ("")) { //if NULL or set to NULL, the implementation class is defaulthiveauthorizationprovider cls = D efaulthiveauthorizationprovider.class; } else { class<?> configclass = class.forname (clsStr, True, javautils.getclassloader ()); //Otherwise for the specific implementation of the class if ( nullifotherclass && ! HiveAuthorizationProvider.class.isAssignableFrom (Configclass) ) { // When the configured class does not have a relationship with the Hiveauthorizationprovider class, it returns Null return null; } cls = (class<? extends hiveauthorizationprovider>) configclass; } if (cls != null) { ret = reflectionutils.newinstance (cls, conf); } } catch (exception e) { throw new hiveexception (e); } ret.setauthenticator ( authenticator); return ret; }
if you want to return to V2, you need to make the authorize related class of the setting must implement Hiveauthorizerfactory interface, and cannot implement Hiveauthorizationprovider interface
The feedback is as follows:
refer to the org.apache.hadoop.hive.ql.exec.ddltask.roleddl function, AUTHORIZATIONMODE&NBSP;DOESN ' t support show current roles statementbut Authorizationmodev2 supports this:private int roleddlv2 (ROLEDDLDESC&NBSP;ROLEDDLDESC) throws hiveexception, ioexception {....... case show_current_role : list<string> rolenames = Authorizer.getcurrentrolenames (); writelisttofileaftersort (roleNames, Roleddldesc.getresfile ()); break; but by default,hive uses authorizationmode (Because the default value of hive.security.authorization.manager isorg.apache.hadoop.hive.ql.security.authorization.defaulthiveauthorizationprovider,which means authorizationmode ) if you want tO use authorizationmodev2,you must use another authorization classwhich implements theorg.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory Interfacebut not the org.apache.hadoop.hive.ql.security.authorization.hiveauthorizationprovider interface
This article is from the "Food and Light Blog" blog, please make sure to keep this source http://caiguangguang.blog.51cto.com/1652935/1587259
Hive Show Current roles problem