Search in sources :

Example 1 with ConnectorAccessControl

use of com.facebook.presto.spi.connector.ConnectorAccessControl in project presto by prestodb.

the class TestFileBasedAccessControl method testSessionPropertyRules.

@Test
public void testSessionPropertyRules() throws IOException {
    ConnectorAccessControl accessControl = createAccessControl("session_property.json");
    accessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("admin"), CONTEXT, "dangerous");
    accessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("alice"), CONTEXT, "safe");
    accessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("alice"), CONTEXT, "unsafe");
    accessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("bob"), CONTEXT, "safe");
    assertDenied(() -> accessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("bob"), CONTEXT, "unsafe"));
    assertDenied(() -> accessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("alice"), CONTEXT, "dangerous"));
    assertDenied(() -> accessControl.checkCanSetCatalogSessionProperty(TRANSACTION_HANDLE, user("charlie"), CONTEXT, "safe"));
}
Also used : ConnectorAccessControl(com.facebook.presto.spi.connector.ConnectorAccessControl) Test(org.testng.annotations.Test)

Example 2 with ConnectorAccessControl

use of com.facebook.presto.spi.connector.ConnectorAccessControl in project presto by prestodb.

the class HiveConnectorFactory method create.

@Override
public Connector create(String catalogName, Map<String, String> config, ConnectorContext context) {
    requireNonNull(config, "config is null");
    try (ThreadContextClassLoader ignored = new ThreadContextClassLoader(classLoader)) {
        Bootstrap app = new Bootstrap(new EventModule(), new MBeanModule(), new JsonModule(), new SmileModule(), new HiveClientModule(catalogName), new HiveS3Module(catalogName), new HiveGcsModule(), new HiveMetastoreModule(catalogName, metastore), new HiveSecurityModule(), new HiveAuthenticationModule(), new HiveProcedureModule(), new CachingModule(), binder -> {
            MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
            binder.bind(MBeanServer.class).toInstance(new RebindSafeMBeanServer(platformMBeanServer));
            binder.bind(NodeVersion.class).toInstance(new NodeVersion(context.getNodeManager().getCurrentNode().getVersion()));
            binder.bind(NodeManager.class).toInstance(context.getNodeManager());
            binder.bind(TypeManager.class).toInstance(context.getTypeManager());
            binder.bind(PageIndexerFactory.class).toInstance(context.getPageIndexerFactory());
            binder.bind(PageSorter.class).toInstance(context.getPageSorter());
            binder.bind(StandardFunctionResolution.class).toInstance(context.getStandardFunctionResolution());
            binder.bind(FunctionMetadataManager.class).toInstance(context.getFunctionMetadataManager());
            binder.bind(RowExpressionService.class).toInstance(context.getRowExpressionService());
            binder.bind(FilterStatsCalculatorService.class).toInstance(context.getFilterStatsCalculatorService());
            binder.bind(BlockEncodingSerde.class).toInstance(context.getBlockEncodingSerde());
        });
        Injector injector = app.doNotInitializeLogging().setRequiredConfigurationProperties(config).quiet().initialize();
        LifeCycleManager lifeCycleManager = injector.getInstance(LifeCycleManager.class);
        HiveMetadataFactory metadataFactory = injector.getInstance(HiveMetadataFactory.class);
        HiveTransactionManager transactionManager = injector.getInstance(HiveTransactionManager.class);
        ConnectorSplitManager splitManager = injector.getInstance(ConnectorSplitManager.class);
        ConnectorPageSourceProvider connectorPageSource = injector.getInstance(ConnectorPageSourceProvider.class);
        ConnectorPageSinkProvider pageSinkProvider = injector.getInstance(ConnectorPageSinkProvider.class);
        ConnectorNodePartitioningProvider connectorDistributionProvider = injector.getInstance(ConnectorNodePartitioningProvider.class);
        HiveSessionProperties hiveSessionProperties = injector.getInstance(HiveSessionProperties.class);
        HiveTableProperties hiveTableProperties = injector.getInstance(HiveTableProperties.class);
        HiveAnalyzeProperties hiveAnalyzeProperties = injector.getInstance(HiveAnalyzeProperties.class);
        ConnectorAccessControl accessControl = new SystemTableAwareAccessControl(injector.getInstance(ConnectorAccessControl.class));
        Set<Procedure> procedures = injector.getInstance(Key.get(new TypeLiteral<Set<Procedure>>() {
        }));
        ConnectorPlanOptimizerProvider planOptimizerProvider = injector.getInstance(ConnectorPlanOptimizerProvider.class);
        ConnectorMetadataUpdaterProvider metadataUpdaterProvider = injector.getInstance(ConnectorMetadataUpdaterProvider.class);
        return new HiveConnector(lifeCycleManager, metadataFactory, transactionManager, new ClassLoaderSafeConnectorSplitManager(splitManager, classLoader), new ClassLoaderSafeConnectorPageSourceProvider(connectorPageSource, classLoader), new ClassLoaderSafeConnectorPageSinkProvider(pageSinkProvider, classLoader), new ClassLoaderSafeNodePartitioningProvider(connectorDistributionProvider, classLoader), ImmutableSet.of(), procedures, hiveSessionProperties.getSessionProperties(), HiveSchemaProperties.SCHEMA_PROPERTIES, hiveTableProperties.getTableProperties(), hiveAnalyzeProperties.getAnalyzeProperties(), accessControl, planOptimizerProvider, metadataUpdaterProvider, classLoader);
    } catch (Exception e) {
        throwIfUnchecked(e);
        throw new RuntimeException(e);
    }
}
Also used : FilterStatsCalculatorService(com.facebook.presto.spi.plan.FilterStatsCalculatorService) ClassLoaderSafeConnectorPageSourceProvider(com.facebook.presto.spi.connector.classloader.ClassLoaderSafeConnectorPageSourceProvider) Injector(com.google.inject.Injector) PageSorter(com.facebook.presto.spi.PageSorter) Procedure(com.facebook.presto.spi.procedure.Procedure) HiveMetastoreModule(com.facebook.presto.hive.metastore.HiveMetastoreModule) ClassLoaderSafeNodePartitioningProvider(com.facebook.presto.spi.connector.classloader.ClassLoaderSafeNodePartitioningProvider) MBeanServer(javax.management.MBeanServer) ConnectorAccessControl(com.facebook.presto.spi.connector.ConnectorAccessControl) ClassLoaderSafeConnectorPageSinkProvider(com.facebook.presto.spi.connector.classloader.ClassLoaderSafeConnectorPageSinkProvider) JsonModule(com.facebook.airlift.json.JsonModule) PageIndexerFactory(com.facebook.presto.spi.PageIndexerFactory) NodeManager(com.facebook.presto.spi.NodeManager) LifeCycleManager(com.facebook.airlift.bootstrap.LifeCycleManager) ConnectorSplitManager(com.facebook.presto.spi.connector.ConnectorSplitManager) ClassLoaderSafeConnectorSplitManager(com.facebook.presto.spi.connector.classloader.ClassLoaderSafeConnectorSplitManager) SystemTableAwareAccessControl(com.facebook.presto.hive.security.SystemTableAwareAccessControl) MBeanModule(org.weakref.jmx.guice.MBeanModule) ConnectorPlanOptimizerProvider(com.facebook.presto.spi.connector.ConnectorPlanOptimizerProvider) EventModule(com.facebook.airlift.event.client.EventModule) TypeLiteral(com.google.inject.TypeLiteral) RowExpressionService(com.facebook.presto.spi.relation.RowExpressionService) HiveSecurityModule(com.facebook.presto.hive.security.HiveSecurityModule) Bootstrap(com.facebook.airlift.bootstrap.Bootstrap) ThreadContextClassLoader(com.facebook.presto.spi.classloader.ThreadContextClassLoader) ConnectorMetadataUpdaterProvider(com.facebook.presto.spi.connector.ConnectorMetadataUpdaterProvider) HiveAuthenticationModule(com.facebook.presto.hive.authentication.HiveAuthenticationModule) BlockEncodingSerde(com.facebook.presto.common.block.BlockEncodingSerde) CachingModule(com.facebook.presto.cache.CachingModule) FunctionMetadataManager(com.facebook.presto.spi.function.FunctionMetadataManager) HiveS3Module(com.facebook.presto.hive.s3.HiveS3Module) ClassLoaderSafeConnectorPageSinkProvider(com.facebook.presto.spi.connector.classloader.ClassLoaderSafeConnectorPageSinkProvider) ConnectorPageSinkProvider(com.facebook.presto.spi.connector.ConnectorPageSinkProvider) HiveGcsModule(com.facebook.presto.hive.gcs.HiveGcsModule) ConnectorPageSourceProvider(com.facebook.presto.spi.connector.ConnectorPageSourceProvider) ClassLoaderSafeConnectorPageSourceProvider(com.facebook.presto.spi.connector.classloader.ClassLoaderSafeConnectorPageSourceProvider) SmileModule(com.facebook.airlift.json.smile.SmileModule) ConnectorNodePartitioningProvider(com.facebook.presto.spi.connector.ConnectorNodePartitioningProvider) ClassLoaderSafeConnectorSplitManager(com.facebook.presto.spi.connector.classloader.ClassLoaderSafeConnectorSplitManager) TypeManager(com.facebook.presto.common.type.TypeManager) StandardFunctionResolution(com.facebook.presto.spi.function.StandardFunctionResolution)

Example 3 with ConnectorAccessControl

use of com.facebook.presto.spi.connector.ConnectorAccessControl in project presto by prestodb.

the class TestFileBasedAccessControl method testSchemaRules.

@Test
public void testSchemaRules() throws IOException {
    ConnectorAccessControl accessControl = createAccessControl("schema.json");
    accessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("admin"), CONTEXT, new SchemaTableName("test", "test"));
    accessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("bob", "test"));
    assertDenied(() -> accessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("test", "test")));
    assertDenied(() -> accessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("admin"), CONTEXT, new SchemaTableName("secret", "test")));
}
Also used : ConnectorAccessControl(com.facebook.presto.spi.connector.ConnectorAccessControl) SchemaTableName(com.facebook.presto.spi.SchemaTableName) Test(org.testng.annotations.Test)

Example 4 with ConnectorAccessControl

use of com.facebook.presto.spi.connector.ConnectorAccessControl in project presto by prestodb.

the class TestFileBasedAccessControl method testTableRules.

@Test
public void testTableRules() throws IOException {
    ConnectorAccessControl accessControl = createAccessControl("table.json");
    accessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("alice"), CONTEXT, new SchemaTableName("test", "test"), ImmutableSet.of());
    accessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("alice"), CONTEXT, new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of());
    accessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("alice"), CONTEXT, new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of("bobcolumn"));
    accessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of());
    accessControl.checkCanInsertIntoTable(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("bobschema", "bobtable"));
    accessControl.checkCanDeleteFromTable(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("bobschema", "bobtable"));
    accessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("joe"), CONTEXT, new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of());
    accessControl.checkCanCreateViewWithSelectFromColumns(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of());
    accessControl.checkCanDropTable(TRANSACTION_HANDLE, user("admin"), CONTEXT, new SchemaTableName("bobschema", "bobtable"));
    assertDenied(() -> accessControl.checkCanInsertIntoTable(TRANSACTION_HANDLE, user("alice"), CONTEXT, new SchemaTableName("bobschema", "bobtable")));
    assertDenied(() -> accessControl.checkCanDropTable(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("bobschema", "bobtable")));
    assertDenied(() -> accessControl.checkCanInsertIntoTable(TRANSACTION_HANDLE, user("bob"), CONTEXT, new SchemaTableName("test", "test")));
    assertDenied(() -> accessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("admin"), CONTEXT, new SchemaTableName("secret", "secret"), ImmutableSet.of()));
    assertDenied(() -> accessControl.checkCanSelectFromColumns(TRANSACTION_HANDLE, user("joe"), CONTEXT, new SchemaTableName("secret", "secret"), ImmutableSet.of()));
    assertDenied(() -> accessControl.checkCanCreateViewWithSelectFromColumns(TRANSACTION_HANDLE, user("joe"), CONTEXT, new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of()));
}
Also used : ConnectorAccessControl(com.facebook.presto.spi.connector.ConnectorAccessControl) SchemaTableName(com.facebook.presto.spi.SchemaTableName) Test(org.testng.annotations.Test)

Aggregations

ConnectorAccessControl (com.facebook.presto.spi.connector.ConnectorAccessControl)4 Test (org.testng.annotations.Test)3 SchemaTableName (com.facebook.presto.spi.SchemaTableName)2 Bootstrap (com.facebook.airlift.bootstrap.Bootstrap)1 LifeCycleManager (com.facebook.airlift.bootstrap.LifeCycleManager)1 EventModule (com.facebook.airlift.event.client.EventModule)1 JsonModule (com.facebook.airlift.json.JsonModule)1 SmileModule (com.facebook.airlift.json.smile.SmileModule)1 CachingModule (com.facebook.presto.cache.CachingModule)1 BlockEncodingSerde (com.facebook.presto.common.block.BlockEncodingSerde)1 TypeManager (com.facebook.presto.common.type.TypeManager)1 HiveAuthenticationModule (com.facebook.presto.hive.authentication.HiveAuthenticationModule)1 HiveGcsModule (com.facebook.presto.hive.gcs.HiveGcsModule)1 HiveMetastoreModule (com.facebook.presto.hive.metastore.HiveMetastoreModule)1 HiveS3Module (com.facebook.presto.hive.s3.HiveS3Module)1 HiveSecurityModule (com.facebook.presto.hive.security.HiveSecurityModule)1 SystemTableAwareAccessControl (com.facebook.presto.hive.security.SystemTableAwareAccessControl)1 NodeManager (com.facebook.presto.spi.NodeManager)1 PageIndexerFactory (com.facebook.presto.spi.PageIndexerFactory)1 PageSorter (com.facebook.presto.spi.PageSorter)1