Examples with Identity com.facebook.presto.spi.security.Identity used on opensource projects

Search in sources :

Example 6 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class QuerySessionSupplier method createSession.

@Override
public Session createSession(QueryId queryId, SessionContext context) {
    Identity identity = context.getIdentity();
    accessControl.checkCanSetUser(identity, new AccessControlContext(queryId, Optional.ofNullable(context.getClientInfo()), Optional.ofNullable(context.getSource())), identity.getPrincipal(), identity.getUser());
    SessionBuilder sessionBuilder = Session.builder(sessionPropertyManager).setQueryId(queryId).setIdentity(identity).setSource(context.getSource()).setCatalog(context.getCatalog()).setSchema(context.getSchema()).setRemoteUserAddress(context.getRemoteUserAddress()).setUserAgent(context.getUserAgent()).setClientInfo(context.getClientInfo()).setClientTags(context.getClientTags()).setTraceToken(context.getTraceToken()).setResourceEstimates(context.getResourceEstimates()).setTracer(context.getTracer());
    if (forcedSessionTimeZone.isPresent()) {
        sessionBuilder.setTimeZoneKey(forcedSessionTimeZone.get());
    } else if (context.getTimeZoneId() != null) {
        sessionBuilder.setTimeZoneKey(getTimeZoneKey(context.getTimeZoneId()));
    }
    if (context.getLanguage() != null) {
        sessionBuilder.setLocale(Locale.forLanguageTag(context.getLanguage()));
    }
    for (Entry<String, String> entry : context.getSystemProperties().entrySet()) {
        sessionBuilder.setSystemProperty(entry.getKey(), entry.getValue());
    }
    for (Entry<String, Map<String, String>> catalogProperties : context.getCatalogSessionProperties().entrySet()) {
        String catalog = catalogProperties.getKey();
        for (Entry<String, String> entry : catalogProperties.getValue().entrySet()) {
            sessionBuilder.setCatalogSessionProperty(catalog, entry.getKey(), entry.getValue());
        }
    }
    for (Entry<String, String> preparedStatement : context.getPreparedStatements().entrySet()) {
        sessionBuilder.addPreparedStatement(preparedStatement.getKey(), preparedStatement.getValue());
    }
    if (context.supportClientTransaction()) {
        sessionBuilder.setClientTransactionSupport();
    }
    for (Entry<SqlFunctionId, SqlInvokedFunction> entry : context.getSessionFunctions().entrySet()) {
        sessionBuilder.addSessionFunction(entry.getKey(), entry.getValue());
    }
    Session session = sessionBuilder.build();
    if (context.getTransactionId().isPresent()) {
        session = session.beginTransactionId(context.getTransactionId().get(), transactionManager, accessControl);
    }
    return session;
}
Also used : AccessControlContext(com.facebook.presto.spi.security.AccessControlContext) SqlFunctionId(com.facebook.presto.spi.function.SqlFunctionId) SqlInvokedFunction(com.facebook.presto.spi.function.SqlInvokedFunction) SessionBuilder(com.facebook.presto.Session.SessionBuilder) Identity(com.facebook.presto.spi.security.Identity) Map(java.util.Map) Session(com.facebook.presto.Session)

Example 7 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestSessionPropertyDefaults method testApplyDefaultProperties.

@Test
public void testApplyDefaultProperties() {
    SessionPropertyDefaults sessionPropertyDefaults = new SessionPropertyDefaults(TEST_NODE_INFO);
    SessionPropertyConfigurationManagerFactory factory = new TestingSessionPropertyConfigurationManagerFactory(new SystemSessionPropertyConfiguration(ImmutableMap.<String, String>builder().put(QUERY_MAX_MEMORY, "override").put("system_default", "system_default").build(), ImmutableMap.of("override", "overridden")), ImmutableMap.of("testCatalog", ImmutableMap.<String, String>builder().put("explicit_set", "override").put("catalog_default", "catalog_default").build()));
    sessionPropertyDefaults.addConfigurationManagerFactory(factory);
    sessionPropertyDefaults.setConfigurationManager(factory.getName(), ImmutableMap.of());
    Session session = Session.builder(new SessionPropertyManager()).setQueryId(new QueryId("test_query_id")).setIdentity(new Identity("testUser", Optional.empty())).setSystemProperty(QUERY_MAX_MEMORY, "1GB").setSystemProperty(JOIN_DISTRIBUTION_TYPE, "partitioned").setSystemProperty(HASH_PARTITION_COUNT, "43").setSystemProperty("override", "should be overridden").setCatalogSessionProperty("testCatalog", "explicit_set", "explicit_set").build();
    assertEquals(session.getSystemProperties(), ImmutableMap.<String, String>builder().put(QUERY_MAX_MEMORY, "1GB").put(JOIN_DISTRIBUTION_TYPE, "partitioned").put(HASH_PARTITION_COUNT, "43").put("override", "should be overridden").build());
    assertEquals(session.getUnprocessedCatalogProperties(), ImmutableMap.of("testCatalog", ImmutableMap.<String, String>builder().put("explicit_set", "explicit_set").build()));
    session = sessionPropertyDefaults.newSessionWithDefaultProperties(session, Optional.empty(), Optional.of(TEST_RESOURCE_GROUP_ID));
    assertEquals(session.getSystemProperties(), ImmutableMap.<String, String>builder().put(QUERY_MAX_MEMORY, "1GB").put(JOIN_DISTRIBUTION_TYPE, "partitioned").put(HASH_PARTITION_COUNT, "43").put("system_default", "system_default").put("override", "overridden").build());
    assertEquals(session.getUnprocessedCatalogProperties(), ImmutableMap.of("testCatalog", ImmutableMap.<String, String>builder().put("explicit_set", "explicit_set").put("catalog_default", "catalog_default").build()));
}
Also used : SystemSessionPropertyConfiguration(com.facebook.presto.spi.session.SessionPropertyConfigurationManager.SystemSessionPropertyConfiguration) QueryId(com.facebook.presto.spi.QueryId) TestingSessionPropertyConfigurationManagerFactory(com.facebook.presto.spi.session.TestingSessionPropertyConfigurationManagerFactory) SessionPropertyManager(com.facebook.presto.metadata.SessionPropertyManager) SessionPropertyConfigurationManagerFactory(com.facebook.presto.spi.session.SessionPropertyConfigurationManagerFactory) TestingSessionPropertyConfigurationManagerFactory(com.facebook.presto.spi.session.TestingSessionPropertyConfigurationManagerFactory) Identity(com.facebook.presto.spi.security.Identity) Session(com.facebook.presto.Session) Test(org.testng.annotations.Test)

Example 8 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestHiveRoles method testSetRole.

@Test
public void testSetRole() throws Exception {
    executeFromAdmin("CREATE ROLE set_role_1");
    executeFromAdmin("CREATE ROLE set_role_2");
    executeFromAdmin("CREATE ROLE set_role_3");
    executeFromAdmin("CREATE ROLE set_role_4");
    executeFromAdmin("GRANT set_role_1 TO USER set_user_1");
    executeFromAdmin("GRANT set_role_2 TO ROLE set_role_1");
    executeFromAdmin("GRANT set_role_3 TO ROLE set_role_2");
    Session unsetRole = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty())).build();
    Session setRoleAll = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ALL, Optional.empty())), ImmutableMap.of(), ImmutableMap.of())).build();
    Session setRoleNone = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.NONE, Optional.empty())), ImmutableMap.of(), ImmutableMap.of())).build();
    Session setRole1 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_1"))), ImmutableMap.of(), ImmutableMap.of())).build();
    Session setRole2 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_2"))), ImmutableMap.of(), ImmutableMap.of())).build();
    Session setRole3 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_3"))), ImmutableMap.of(), ImmutableMap.of())).build();
    Session setRole4 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_4"))), ImmutableMap.of(), ImmutableMap.of())).build();
    MaterializedResult actual = getQueryRunner().execute(unsetRole, "SELECT * FROM hive.information_schema.applicable_roles");
    MaterializedResult expected = MaterializedResult.resultBuilder(unsetRole, createUnboundedVarcharType(), createUnboundedVarcharType(), createUnboundedVarcharType(), createUnboundedVarcharType()).row("set_user_1", "USER", "public", "NO").row("set_user_1", "USER", "set_role_1", "NO").row("set_role_1", "ROLE", "set_role_2", "NO").row("set_role_2", "ROLE", "set_role_3", "NO").build();
    assertEqualsIgnoreOrder(actual, expected);
    actual = getQueryRunner().execute(unsetRole, "SELECT * FROM hive.information_schema.enabled_roles");
    expected = MaterializedResult.resultBuilder(unsetRole, createUnboundedVarcharType()).row("public").row("set_role_1").row("set_role_2").row("set_role_3").build();
    assertEqualsIgnoreOrder(actual, expected);
    actual = getQueryRunner().execute(setRoleAll, "SELECT * FROM hive.information_schema.enabled_roles");
    expected = MaterializedResult.resultBuilder(setRoleAll, createUnboundedVarcharType()).row("public").row("set_role_1").row("set_role_2").row("set_role_3").build();
    assertEqualsIgnoreOrder(actual, expected);
    actual = getQueryRunner().execute(setRoleNone, "SELECT * FROM hive.information_schema.enabled_roles");
    expected = MaterializedResult.resultBuilder(setRoleNone, createUnboundedVarcharType()).row("public").build();
    assertEqualsIgnoreOrder(actual, expected);
    actual = getQueryRunner().execute(setRole1, "SELECT * FROM hive.information_schema.enabled_roles");
    expected = MaterializedResult.resultBuilder(setRole1, createUnboundedVarcharType()).row("public").row("set_role_1").row("set_role_2").row("set_role_3").build();
    assertEqualsIgnoreOrder(actual, expected);
    actual = getQueryRunner().execute(setRole2, "SELECT * FROM hive.information_schema.enabled_roles");
    expected = MaterializedResult.resultBuilder(setRole2, createUnboundedVarcharType()).row("public").row("set_role_2").row("set_role_3").build();
    assertEqualsIgnoreOrder(actual, expected);
    actual = getQueryRunner().execute(setRole3, "SELECT * FROM hive.information_schema.enabled_roles");
    expected = MaterializedResult.resultBuilder(setRole3, createUnboundedVarcharType()).row("public").row("set_role_3").build();
    assertEqualsIgnoreOrder(actual, expected);
    assertQueryFails(setRole4, "SELECT * FROM hive.information_schema.enabled_roles", ".*?Cannot set role set_role_4");
    executeFromAdmin("DROP ROLE set_role_1");
    executeFromAdmin("DROP ROLE set_role_2");
    executeFromAdmin("DROP ROLE set_role_3");
    executeFromAdmin("DROP ROLE set_role_4");
}
Also used : SelectedRole(com.facebook.presto.spi.security.SelectedRole) Identity(com.facebook.presto.spi.security.Identity) MaterializedResult(com.facebook.presto.testing.MaterializedResult) Session(com.facebook.presto.Session) Test(org.testng.annotations.Test)

Example 9 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestHttpRequestSessionContext method testSessionContext.

@Test
public void testSessionContext() {
    HttpServletRequest request = new MockHttpServletRequest(ImmutableListMultimap.<String, String>builder().put(PRESTO_USER, "testUser").put(PRESTO_SOURCE, "testSource").put(PRESTO_CATALOG, "testCatalog").put(PRESTO_SCHEMA, "testSchema").put(PRESTO_LANGUAGE, "zh-TW").put(PRESTO_TIME_ZONE, "Asia/Taipei").put(PRESTO_CLIENT_INFO, "client-info").put(PRESTO_SESSION, QUERY_MAX_MEMORY + "=1GB").put(PRESTO_SESSION, JOIN_DISTRIBUTION_TYPE + "=partitioned," + HASH_PARTITION_COUNT + " = 43").put(PRESTO_PREPARED_STATEMENT, "query1=select * from foo,query2=select * from bar").put(PRESTO_ROLE, "foo_connector=ALL").put(PRESTO_ROLE, "bar_connector=NONE").put(PRESTO_ROLE, "foobar_connector=ROLE{role}").put(PRESTO_EXTRA_CREDENTIAL, "test.token.foo=bar").put(PRESTO_EXTRA_CREDENTIAL, "test.token.abc=xyz").put(PRESTO_SESSION_FUNCTION, format("%s=%s,%s=%s", urlEncode(SERIALIZED_SQL_FUNCTION_ID_ADD), urlEncode(SERIALIZED_SQL_FUNCTION_ADD), urlEncode(SERIALIZED_SQL_FUNCTION_ID_ADD_1_TO_INT_ARRAY), urlEncode(SERIALIZED_SQL_FUNCTION_ADD_1_to_INT_ARRAY))).build(), "testRemote");
    HttpRequestSessionContext context = new HttpRequestSessionContext(request, new SqlParserOptions());
    assertEquals(context.getSource(), "testSource");
    assertEquals(context.getCatalog(), "testCatalog");
    assertEquals(context.getSchema(), "testSchema");
    assertEquals(context.getIdentity(), new Identity("testUser", Optional.empty()));
    assertEquals(context.getClientInfo(), "client-info");
    assertEquals(context.getLanguage(), "zh-TW");
    assertEquals(context.getTimeZoneId(), "Asia/Taipei");
    assertEquals(context.getSystemProperties(), ImmutableMap.of(QUERY_MAX_MEMORY, "1GB", JOIN_DISTRIBUTION_TYPE, "partitioned", HASH_PARTITION_COUNT, "43"));
    assertEquals(context.getPreparedStatements(), ImmutableMap.of("query1", "select * from foo", "query2", "select * from bar"));
    assertEquals(context.getIdentity().getRoles(), ImmutableMap.of("foo_connector", new SelectedRole(SelectedRole.Type.ALL, Optional.empty()), "bar_connector", new SelectedRole(SelectedRole.Type.NONE, Optional.empty()), "foobar_connector", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("role"))));
    assertEquals(context.getIdentity().getExtraCredentials(), ImmutableMap.of("test.token.foo", "bar", "test.token.abc", "xyz"));
    assertEquals(context.getSessionFunctions(), ImmutableMap.of(SQL_FUNCTION_ID_ADD, SQL_FUNCTION_ADD, SQL_FUNCTION_ID_ADD1_TO_INT_ARRAY, SQL_FUNCTION_ADD_1_TO_INT_ARRAY));
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SqlParserOptions(com.facebook.presto.sql.parser.SqlParserOptions) SelectedRole(com.facebook.presto.spi.security.SelectedRole) Identity(com.facebook.presto.spi.security.Identity) Test(org.testng.annotations.Test)

Example 10 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestAccessControlManager method testDenyCatalogAccessControl.

@Test(expectedExceptions = PrestoException.class, expectedExceptionsMessageRegExp = "Access Denied: Cannot select from columns \\[column\\] in table or view schema.table")
public void testDenyCatalogAccessControl() {
    CatalogManager catalogManager = new CatalogManager();
    TransactionManager transactionManager = createTestTransactionManager(catalogManager);
    AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
    TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
    accessControlManager.addSystemAccessControlFactory(accessControlFactory);
    accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
    ConnectorId connectorId = registerBogusConnector(catalogManager, transactionManager, accessControlManager, "catalog");
    accessControlManager.addCatalogAccessControl(connectorId, new DenyConnectorAccessControl());
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanSelectFromColumns(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), new QualifiedObjectName("catalog", "schema", "table"), ImmutableSet.of("column"));
    });
}
Also used : AccessControlContext(com.facebook.presto.spi.security.AccessControlContext) TransactionManager(com.facebook.presto.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(com.facebook.presto.transaction.InMemoryTransactionManager.createTestTransactionManager) QueryId(com.facebook.presto.spi.QueryId) Identity(com.facebook.presto.spi.security.Identity) ConnectorIdentity(com.facebook.presto.spi.security.ConnectorIdentity) CatalogManager(com.facebook.presto.metadata.CatalogManager) QualifiedObjectName(com.facebook.presto.common.QualifiedObjectName) ConnectorId.createSystemTablesConnectorId(com.facebook.presto.spi.ConnectorId.createSystemTablesConnectorId) ConnectorId.createInformationSchemaConnectorId(com.facebook.presto.spi.ConnectorId.createInformationSchemaConnectorId) ConnectorId(com.facebook.presto.spi.ConnectorId) Test(org.testng.annotations.Test)

Aggregations

Identity (com.facebook.presto.spi.security.Identity)23 Test (org.testng.annotations.Test)18 QueryId (com.facebook.presto.spi.QueryId)11 Session (com.facebook.presto.Session)10 AccessControlContext (com.facebook.presto.spi.security.AccessControlContext)9 ConnectorIdentity (com.facebook.presto.spi.security.ConnectorIdentity)9 SelectedRole (com.facebook.presto.spi.security.SelectedRole)5 QualifiedObjectName (com.facebook.presto.common.QualifiedObjectName)4 InMemoryTransactionManager.createTestTransactionManager (com.facebook.presto.transaction.InMemoryTransactionManager.createTestTransactionManager)4 TransactionManager (com.facebook.presto.transaction.TransactionManager)4 ConnectorId (com.facebook.presto.spi.ConnectorId)3 ConnectorId.createInformationSchemaConnectorId (com.facebook.presto.spi.ConnectorId.createInformationSchemaConnectorId)3 ConnectorId.createSystemTablesConnectorId (com.facebook.presto.spi.ConnectorId.createSystemTablesConnectorId)3 DistributedQueryRunner (com.facebook.presto.tests.DistributedQueryRunner)3 Map (java.util.Map)3 CatalogManager (com.facebook.presto.metadata.CatalogManager)2 SessionPropertyManager (com.facebook.presto.metadata.SessionPropertyManager)2 ConnectorSession (com.facebook.presto.spi.ConnectorSession)2 MaterializedResult (com.facebook.presto.testing.MaterializedResult)2 QueryRunner (com.facebook.presto.testing.QueryRunner)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial