Hive Show Current roles problem

Source: Internet
Author: User

On the hive user maillist today, someone asked the show current roles command question:

i am trying to run  ' Show current  Roles '  on Apache hive 0.13.1 but getting following error,hive>  SHOW CURRENT ROLES; error in role operation show_current_role on role name null,  error message unkown role operation show_current_rolefailed: execution  Error, return code 1 from org.apache.hadoop.hive.ql.exec.ddltaskcan someone  tell me whether this command is supported on apache hive  0.13.1 or not. if it is supported the what could be  the issue. Any pointer would be really helpful. 

in my impression, this command should not exist. manually run a bit, sure enough error, look closely at the log, you can see the command can complete the parse and analyzer stage, run the error,
as I understand it, if SQL does not support it, it should go wrong in the parse phase.

14/11/20 11:22:55 info ql. Driver: starting command: show current roles14/11/20 11:22:55 info log . perflogger: </perflog method=timetosubmit start=1416453775411 end=1416453775795  Duration=384 from=org.apache.hadoop.hive.ql.driver>14/11/20 11:22:55 info log. perflogger: <perflog method=runtasks from=org.apache.hadoop.hive.ql.driver>14/11/20  11:22:55 info log. Perflogger: <perflog method=task. Ddl. Stage-0 from=org.apache.hadoop.hive.ql.driver>error in role operation show_current _role on role name null, error message unkown role operation  show_current_role14/11/20 11:22:55 error exec. Task: error in role operation show_current_role on role name null ,  error message unkown role operation show_current_rolefailed: execution error, return code 1 from  Org.apache.hadoop.hive.ql.exec.ddltask14/11/20 11:22:55 error ql. driver: failed: execution error, return code 1 from  Org.apache.hadoop.hive.ql.exec.ddltask14/11/20 11:22:55 debug ql. Driver: shutting down query show current roles


  private int roleddl (ROLEDDLDESC&NBSP;ROLEDDLDESC)  throws hiveexception, ioexception {    if (SessionState.get (). IsAuthorizationModeV2 ()) {      return roleddlv2 (ROLEDDLDESC);   // If it is V2 authentication method, call roleddlv2    } .... 


    private int roleddlv2 (RoleDDLDesc &NBSP;ROLEDDLDESC)  throws HiveException, IOException {     Hiveauthorizer authorizer = sessionstate.get (). GetAuthorizerV2 ();     Roleddldesc.roleoperation operation = roleddldesc.getoperation ();     //call  the appropriate hive authorizer function    switch (operation) { ...    case show_current_role:      list<string>  rolenames = authorizer.getcurrentrolenames ();       Writelisttofileaftersort (Rolenames, roleddldesc.getresfile ());      break; ...

that is, show current role this syntax in V2 support, then when Sessionstate.get (). IsAuthorizationModeV2 () is true? Take a look at the sessionstate class, isAuthorizationModeV2 call Getauthorizationmode,getauthorizationmode call Setupauth:

public authorizationmode getauthorizationmode () {     setupauth ();    //calls Setupauth class settings Authorizer and Authorizerv2    if ( Authorizer != null) {      return authorizationmode.v1;     }else if (authorizerv2 != null) {      return  authorizationmode.v2;    }    //should not happen  - this should not get called before this.start ()  is called     throw new assertionerror ("authorization plugins not  Initialized! ");   }  public boolean isauthorizationmodev2 () {    return  Getauthorizationmode ()  == authorizationmode.v2;  } 

If you want Authorizationmode.v2 to be set up, you need to make Authorizer null,authorizerv2 not NULL, set

Authorizer and AuthorizerV2 are implemented in the Setupauth method:  private hiveauthorizationprovider authorizer;   private hiveauthorizer authorizerv2;...  private void setupauth ()  {    if  (authenticator != null)  {       // auth has been initialized      return;     }    try {...      authorizer =  Hiveutils.getauthorizeprovidermanager (conf,           Hiveconf.confvars.hive_authorization_manager, authenticator, true);   // hive.security.authorization.manager  Default is org.apache.hadoop.hive.ql.security.authorization.defaulthiveauthorizationprovider                if  (authorizer == null)   {&nbsIf the value of P;//authorizer is null, there is a chance to return V2        // if it was  null, the new authorization plugin must be specified in         // config         Hiveauthorizerfactory authorizerfactory = hiveutils.getauthorizerfactory (conf,             hiveconf.confvars.hive_authorization_manager);         authorizerV2 =  Authorizerfactory.createhiveauthorizer (New hivemetastoreclientfactoryimpl (),             conf, authenticator);         authorizerv2.applyauthorizationconfigpolicy (conf);          create the create table grants with new config        createtablegrants =  Createtableautomaticgrant.create (conf);       }.

because Hive.security.authorization.manager defaults to Org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProv Ider, so for Authorizer for V1, you need to let Hiveutils.getauthorizeprovidermanager return NULL if you want to set to V2
The specific implementation class of the authorizer that can be obtained in Hiveutils.getauthorizeprovidermanager

  public static hiveauthorizationprovider getauthorizeprovidermanager (       configuration conf, hiveconf.confvars authorizationproviderconfkey,       HiveAuthenticationProvider authenticator, boolean  Nullifotherclass)  throws HiveException {    String clsStr =  Hiveconf.getvar (Conf, authorizationproviderconfkey);  //gets the class name from the settings of the Hive.security.authorization.manager     hiveauthorizationprovider ret = null;    try {       class<? extends hiveauthorizationprovider> cls =  null;      if  (clsstr == null | |  clsstr.trim (). Equals (""))  { //if NULL or set to NULL, the implementation class is defaulthiveauthorizationprovider         cls = D efaulthiveauthorizationprovider.class;      } else {         class<?> configclass = class.forname (clsStr,  True, javautils.getclassloader ());  //Otherwise for the specific implementation of the class         if ( nullifotherclass && ! HiveAuthorizationProvider.class.isAssignableFrom (Configclass)  ) { // When the configured class does not have a relationship with the Hiveauthorizationprovider class, it returns Null          return  null;        }         cls =  (class<? extends hiveauthorizationprovider>) configclass;       }      if  (cls != null)  {         ret = reflectionutils.newinstance (cls, conf);       }    } catch  (exception e)  {      throw  new hiveexception (e);     }    ret.setauthenticator ( authenticator);     return ret;  }

if you want to return to V2, you need to make the authorize related class of the setting must implement Hiveauthorizerfactory interface, and cannot implement Hiveauthorizationprovider interface
The feedback is as follows:

refer to the org.apache.hadoop.hive.ql.exec.ddltask.roleddl function,  AUTHORIZATIONMODE&NBSP;DOESN ' t support  show current roles statementbut  Authorizationmodev2 supports this:private int roleddlv2 (ROLEDDLDESC&NBSP;ROLEDDLDESC)  throws hiveexception, ioexception {.......    case show_current_role :      list<string> rolenames =  Authorizer.getcurrentrolenames ();       writelisttofileaftersort (roleNames,  Roleddldesc.getresfile ());      break; but by default,hive uses authorizationmode  (Because the default value  of hive.security.authorization.manager  isorg.apache.hadoop.hive.ql.security.authorization.defaulthiveauthorizationprovider,which means  authorizationmode ) if you want tO use authorizationmodev2,you must use another authorization classwhich  implements theorg.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory  Interfacebut not the org.apache.hadoop.hive.ql.security.authorization.hiveauthorizationprovider  interface

This article is from the "Food and Light Blog" blog, please make sure to keep this source http://caiguangguang.blog.51cto.com/1652935/1587259

Hive Show Current roles problem

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.