Example 1 with ConnectorAccessControl
use of com.facebook.presto.spi.connector.ConnectorAccessControl in project presto by prestodb.
the class TestFileBasedAccessControl method testSessionPropertyRules.
@Test
public void testSessionPropertyRules() throws IOException {
ConnectorAccessControl accessControl = createAccessControl("session_property.json");
accessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("admin"), CONTEXT, "dangerous");
accessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("alice"), CONTEXT, "safe");
accessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("alice"), CONTEXT, "unsafe");
accessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("bob"), CONTEXT, "safe");
assertDenied(() -> accessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("bob"), CONTEXT, "unsafe"));
assertDenied(() -> accessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("alice"), CONTEXT, "dangerous"));
assertDenied(() -> accessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("charlie"), CONTEXT, "safe"));
}
Also used :
ConnectorAccessControl(com.facebook.presto.spi.connector.ConnectorAccessControl)
Test(org.testng.annotations.Test)
Example 2 with ConnectorAccessControl
use of com.facebook.presto.spi.connector.ConnectorAccessControl in project presto by prestodb.
the class HiveConnectorFactory method create.
@Override
public Connector create(String catalogName, Map<String, String> config, ConnectorContext context) {
requireNonNull(config, "config is null");
try (ThreadContextClassLoader ignored = new ThreadContextClassLoader(classLoader)) {
Bootstrap app = new Bootstrap(new EventModule(), new MBeanModule(), new JsonModule(), new SmileModule(), new HiveClientModule(catalogName), new HiveS3Module(catalogName), new HiveGcsModule(), new HiveMetastoreModule(catalogName, metastore), new HiveSecurityModule(), new HiveAuthenticationModule(), new HiveProcedureModule(), new CachingModule(), binder -> {
MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
binder.bind(MBeanServer.class).toInstance(new RebindSafeMBeanServer(platformMBeanServer));
binder.bind(NodeVersion.class).toInstance(new NodeVersion(context.getNodeManager().getCurrentNode().getVersion()));
binder.bind(NodeManager.class).toInstance(context.getNodeManager());
binder.bind(TypeManager.class).toInstance(context.getTypeManager());
binder.bind(PageIndexerFactory.class).toInstance(context.getPageIndexerFactory());
binder.bind(PageSorter.class).toInstance(context.getPageSorter());
binder.bind(StandardFunctionResolution.class).toInstance(context.getStandardFunctionResolution());
binder.bind(FunctionMetadataManager.class).toInstance(context.getFunctionMetadataManager());
binder.bind(RowExpressionService.class).toInstance(context.getRowExpressionService());
binder.bind(FilterStatsCalculatorService.class).toInstance(context.getFilterStatsCalculatorService());
binder.bind(BlockEncodingSerde.class).toInstance(context.getBlockEncodingSerde());
});
Injector injector = app.doNotInitializeLogging().setRequiredConfigurationProperties(config).quiet().initialize();
LifeCycleManager lifeCycleManager = injector.getInstance(LifeCycleManager.class);
HiveMetadataFactory metadataFactory = injector.getInstance(HiveMetadataFactory.class);
HiveTransactionManager transactionManager = injector.getInstance(HiveTransactionManager.class);
ConnectorSplitManager splitManager = injector.getInstance(ConnectorSplitManager.class);
ConnectorPageSourceProvider connectorPageSource = injector.getInstance(ConnectorPageSourceProvider.class);
ConnectorPageSinkProvider pageSinkProvider = injector.getInstance(ConnectorPageSinkProvider.class);
ConnectorNodePartitioningProvider connectorDistributionProvider = injector.getInstance(ConnectorNodePartitioningProvider.class);
HiveSessionProperties hiveSessionProperties = injector.getInstance(HiveSessionProperties.class);
HiveTableProperties hiveTableProperties = injector.getInstance(HiveTableProperties.class);
HiveAnalyzeProperties hiveAnalyzeProperties = injector.getInstance(HiveAnalyzeProperties.class);
ConnectorAccessControl accessControl = new SystemTableAwareAccessControl(injector.getInstance(ConnectorAccessControl.class));
Set<Procedure> procedures = injector.getInstance(Key.get(new TypeLiteral<Set<Procedure>>() {
}));
ConnectorPlanOptimizerProvider planOptimizerProvider = injector.getInstance(ConnectorPlanOptimizerProvider.class);
ConnectorMetadataUpdaterProvider metadataUpdaterProvider = injector.getInstance(ConnectorMetadataUpdaterProvider.class);
return new HiveConnector(lifeCycleManager, metadataFactory, transactionManager, new ClassLoaderSafeConnectorSplitManager(splitManager, classLoader), new ClassLoaderSafeConnectorPageSourceProvider(connectorPageSource, classLoader), new ClassLoaderSafeConnectorPageSinkProvider(pageSinkProvider, classLoader), new ClassLoaderSafeNodePartitioningProvider(connectorDistributionProvider, classLoader), ImmutableSet.of(), procedures, hiveSessionProperties.getSessionProperties(), HiveSchemaProperties.SCHEMA_PROPERTIES, hiveTableProperties.getTableProperties(), hiveAnalyzeProperties.getAnalyzeProperties(), accessControl, planOptimizerProvider, metadataUpdaterProvider, classLoader);
} catch (Exception e) {
throwIfUnchecked(e);
throw new RuntimeException(e);
}
}
Also used :
FilterStatsCalculatorService(com.facebook.presto.spi.plan.FilterStatsCalculatorService)
ClassLoaderSafeConnectorPageSourceProvider(com.facebook.presto.spi.connector.classloader.ClassLoaderSafeConnectorPageSourceProvider)
Injector(com.google.inject.Injector)
PageSorter(com.facebook.presto.spi.PageSorter)
Procedure(com.facebook.presto.spi.procedure.Procedure)
HiveMetastoreModule(com.facebook.presto.hive.metastore.HiveMetastoreModule)
ClassLoaderSafeNodePartitioningProvider(com.facebook.presto.spi.connector.classloader.ClassLoaderSafeNodePartitioningProvider)
MBeanServer(javax.management.MBeanServer)
ConnectorAccessControl(com.facebook.presto.spi.connector.ConnectorAccessControl)
ClassLoaderSafeConnectorPageSinkProvider(com.facebook.presto.spi.connector.classloader.ClassLoaderSafeConnectorPageSinkProvider)
JsonModule(com.facebook.airlift.json.JsonModule)
PageIndexerFactory(com.facebook.presto.spi.PageIndexerFactory)
NodeManager(com.facebook.presto.spi.NodeManager)
LifeCycleManager(com.facebook.airlift.bootstrap.LifeCycleManager)
ConnectorSplitManager(com.facebook.presto.spi.connector.ConnectorSplitManager)
ClassLoaderSafeConnectorSplitManager(com.facebook.presto.spi.connector.classloader.ClassLoaderSafeConnectorSplitManager)
SystemTableAwareAccessControl(com.facebook.presto.hive.security.SystemTableAwareAccessControl)
MBeanModule(org.weakref.jmx.guice.MBeanModule)
ConnectorPlanOptimizerProvider(com.facebook.presto.spi.connector.ConnectorPlanOptimizerProvider)
EventModule(com.facebook.airlift.event.client.EventModule)
TypeLiteral(com.google.inject.TypeLiteral)
RowExpressionService(com.facebook.presto.spi.relation.RowExpressionService)
HiveSecurityModule(com.facebook.presto.hive.security.HiveSecurityModule)
Bootstrap(com.facebook.airlift.bootstrap.Bootstrap)
ThreadContextClassLoader(com.facebook.presto.spi.classloader.ThreadContextClassLoader)
ConnectorMetadataUpdaterProvider(com.facebook.presto.spi.connector.ConnectorMetadataUpdaterProvider)
HiveAuthenticationModule(com.facebook.presto.hive.authentication.HiveAuthenticationModule)
BlockEncodingSerde(com.facebook.presto.common.block.BlockEncodingSerde)
CachingModule(com.facebook.presto.cache.CachingModule)
FunctionMetadataManager(com.facebook.presto.spi.function.FunctionMetadataManager)
HiveS3Module(com.facebook.presto.hive.s3.HiveS3Module)
ClassLoaderSafeConnectorPageSinkProvider(com.facebook.presto.spi.connector.classloader.ClassLoaderSafeConnectorPageSinkProvider)
ConnectorPageSinkProvider(com.facebook.presto.spi.connector.ConnectorPageSinkProvider)
HiveGcsModule(com.facebook.presto.hive.gcs.HiveGcsModule)
ConnectorPageSourceProvider(com.facebook.presto.spi.connector.ConnectorPageSourceProvider)
ClassLoaderSafeConnectorPageSourceProvider(com.facebook.presto.spi.connector.classloader.ClassLoaderSafeConnectorPageSourceProvider)
SmileModule(com.facebook.airlift.json.smile.SmileModule)
ConnectorNodePartitioningProvider(com.facebook.presto.spi.connector.ConnectorNodePartitioningProvider)
ClassLoaderSafeConnectorSplitManager(com.facebook.presto.spi.connector.classloader.ClassLoaderSafeConnectorSplitManager)
TypeManager(com.facebook.presto.common.type.TypeManager)
StandardFunctionResolution(com.facebook.presto.spi.function.StandardFunctionResolution)
Example 3 with ConnectorAccessControl
use of com.facebook.presto.spi.connector.ConnectorAccessControl in project presto by prestodb.
the class TestFileBasedAccessControl method testSchemaRules.
@Test
public void testSchemaRules() throws IOException {
ConnectorAccessControl accessControl = createAccessControl("schema.json");
accessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("admin"), CONTEXT, new SchemaTableName("test", "test"));
accessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("bob", "test"));
assertDenied(() -> accessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("test", "test")));
assertDenied(() -> accessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("admin"), CONTEXT, new SchemaTableName("secret", "test")));
}
Also used :
ConnectorAccessControl(com.facebook.presto.spi.connector.ConnectorAccessControl)
SchemaTableName(com.facebook.presto.spi.SchemaTableName)
Test(org.testng.annotations.Test)
Example 4 with ConnectorAccessControl
use of com.facebook.presto.spi.connector.ConnectorAccessControl in project presto by prestodb.
the class TestFileBasedAccessControl method testTableRules.
@Test
public void testTableRules() throws IOException {
ConnectorAccessControl accessControl = createAccessControl("table.json");
accessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("alice"), CONTEXT, new SchemaTableName("test", "test"), ImmutableSet.of());
accessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("alice"), CONTEXT, new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of());
accessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("alice"), CONTEXT, new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of("bobcolumn"));
accessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of());
accessControl.checkCanInsertIntoTable(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("bobschema", "bobtable"));
accessControl.checkCanDeleteFromTable(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("bobschema", "bobtable"));
accessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("joe"), CONTEXT, new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of());
accessControl.checkCanCreateViewWithSelectFromColumns(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of());
accessControl.checkCanDropTable(TRANSACTION_HANDLE, user("admin"), CONTEXT, new SchemaTableName("bobschema", "bobtable"));
assertDenied(() -> accessControl.checkCanInsertIntoTable(TRANSACTION_HANDLE, user("alice"), CONTEXT, new SchemaTableName("bobschema", "bobtable")));
assertDenied(() -> accessControl.checkCanDropTable(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("bobschema", "bobtable")));
assertDenied(() -> accessControl.checkCanInsertIntoTable(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("test", "test")));
assertDenied(() -> accessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("admin"), CONTEXT, new SchemaTableName("secret", "secret"), ImmutableSet.of()));
assertDenied(() -> accessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("joe"), CONTEXT, new SchemaTableName("secret", "secret"), ImmutableSet.of()));
assertDenied(() -> accessControl.checkCanCreateViewWithSelectFromColumns(TRANSACTION_HANDLE, user("joe"), CONTEXT, new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of()));
}
Also used :
ConnectorAccessControl(com.facebook.presto.spi.connector.ConnectorAccessControl)
SchemaTableName(com.facebook.presto.spi.SchemaTableName)
Test(org.testng.annotations.Test)
Aggregations
ConnectorAccessControl (com.facebook.presto.spi.connector.ConnectorAccessControl)4
Test (org.testng.annotations.Test)3
SchemaTableName (com.facebook.presto.spi.SchemaTableName)2
Bootstrap (com.facebook.airlift.bootstrap.Bootstrap)1
LifeCycleManager (com.facebook.airlift.bootstrap.LifeCycleManager)1
EventModule (com.facebook.airlift.event.client.EventModule)1
JsonModule (com.facebook.airlift.json.JsonModule)1
SmileModule (com.facebook.airlift.json.smile.SmileModule)1
CachingModule (com.facebook.presto.cache.CachingModule)1
BlockEncodingSerde (com.facebook.presto.common.block.BlockEncodingSerde)1
TypeManager (com.facebook.presto.common.type.TypeManager)1
HiveAuthenticationModule (com.facebook.presto.hive.authentication.HiveAuthenticationModule)1
HiveGcsModule (com.facebook.presto.hive.gcs.HiveGcsModule)1
HiveMetastoreModule (com.facebook.presto.hive.metastore.HiveMetastoreModule)1
HiveS3Module (com.facebook.presto.hive.s3.HiveS3Module)1
HiveSecurityModule (com.facebook.presto.hive.security.HiveSecurityModule)1
SystemTableAwareAccessControl (com.facebook.presto.hive.security.SystemTableAwareAccessControl)1
NodeManager (com.facebook.presto.spi.NodeManager)1
PageIndexerFactory (com.facebook.presto.spi.PageIndexerFactory)1
PageSorter (com.facebook.presto.spi.PageSorter)1
