Search in sources :

Example 11 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestAccessControlManager method testCheckQueryIntegrity.

@Test
public void testCheckQueryIntegrity() {
    AccessControlManager accessControlManager = new AccessControlManager(createTestTransactionManager());
    AccessControlContext context = new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty());
    TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
    accessControlManager.addSystemAccessControlFactory(accessControlFactory);
    accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
    String testQuery = "test_query";
    accessControlManager.checkQueryIntegrity(new Identity(USER_NAME, Optional.of(PRINCIPAL), ImmutableMap.of(), ImmutableMap.of(QUERY_TOKEN_FIELD, testQuery), ImmutableMap.of()), context, testQuery);
    assertEquals(accessControlFactory.getCheckedUserName(), USER_NAME);
    assertEquals(accessControlFactory.getCheckedPrincipal(), Optional.of(PRINCIPAL));
    assertEquals(accessControlFactory.getCheckedQuery(), testQuery);
    assertThrows(AccessDeniedException.class, () -> accessControlManager.checkQueryIntegrity(new Identity(USER_NAME, Optional.of(PRINCIPAL), ImmutableMap.of(), ImmutableMap.of(QUERY_TOKEN_FIELD, testQuery + " modified"), ImmutableMap.of()), context, testQuery));
}
Also used : AccessControlContext(com.facebook.presto.spi.security.AccessControlContext) QueryId(com.facebook.presto.spi.QueryId) Identity(com.facebook.presto.spi.security.Identity) ConnectorIdentity(com.facebook.presto.spi.security.ConnectorIdentity) Test(org.testng.annotations.Test)

Example 12 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestAccessControlManager method testDenySystemAccessControl.

@Test(expectedExceptions = PrestoException.class, expectedExceptionsMessageRegExp = "Access Denied: Cannot select from table secured_catalog.schema.table")
public void testDenySystemAccessControl() {
    CatalogManager catalogManager = new CatalogManager();
    TransactionManager transactionManager = createTestTransactionManager(catalogManager);
    AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
    TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
    accessControlManager.addSystemAccessControlFactory(accessControlFactory);
    accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
    registerBogusConnector(catalogManager, transactionManager, accessControlManager, "connector");
    accessControlManager.addCatalogAccessControl(new ConnectorId("connector"), new DenyConnectorAccessControl());
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanSelectFromColumns(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), new QualifiedObjectName("secured_catalog", "schema", "table"), ImmutableSet.of("column"));
    });
}
Also used : AccessControlContext(com.facebook.presto.spi.security.AccessControlContext) TransactionManager(com.facebook.presto.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(com.facebook.presto.transaction.InMemoryTransactionManager.createTestTransactionManager) QueryId(com.facebook.presto.spi.QueryId) Identity(com.facebook.presto.spi.security.Identity) ConnectorIdentity(com.facebook.presto.spi.security.ConnectorIdentity) CatalogManager(com.facebook.presto.metadata.CatalogManager) QualifiedObjectName(com.facebook.presto.common.QualifiedObjectName) ConnectorId.createSystemTablesConnectorId(com.facebook.presto.spi.ConnectorId.createSystemTablesConnectorId) ConnectorId.createInformationSchemaConnectorId(com.facebook.presto.spi.ConnectorId.createInformationSchemaConnectorId) ConnectorId(com.facebook.presto.spi.ConnectorId) Test(org.testng.annotations.Test)

Example 13 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class SystemConnectorSessionUtil method toSession.

// this does not preserve any connector properties (for the system connector)
public static Session toSession(ConnectorTransactionHandle transactionHandle, ConnectorSession session) {
    TransactionId transactionId = ((GlobalSystemTransactionHandle) transactionHandle).getTransactionId();
    ConnectorIdentity connectorIdentity = session.getIdentity();
    Identity identity = new Identity(connectorIdentity.getUser(), connectorIdentity.getPrincipal());
    return Session.builder(new SessionPropertyManager(SYSTEM_SESSION_PROPERTIES)).setQueryId(new QueryId(session.getQueryId())).setTransactionId(transactionId).setCatalog("catalog").setSchema("schema").setIdentity(identity).setTimeZoneKey(session.getSqlFunctionProperties().getTimeZoneKey()).setLocale(session.getLocale()).setStartTime(session.getStartTime()).build();
}
Also used : QueryId(com.facebook.presto.spi.QueryId) SessionPropertyManager(com.facebook.presto.metadata.SessionPropertyManager) ConnectorIdentity(com.facebook.presto.spi.security.ConnectorIdentity) ConnectorIdentity(com.facebook.presto.spi.security.ConnectorIdentity) Identity(com.facebook.presto.spi.security.Identity) TransactionId(com.facebook.presto.transaction.TransactionId)

Example 14 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestIcebergMetadataListing method createQueryRunner.

@Override
protected QueryRunner createQueryRunner() throws Exception {
    Session session = testSessionBuilder().setIdentity(new Identity("hive", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(ROLE, Optional.of("admin"))), ImmutableMap.of(), ImmutableMap.of())).build();
    DistributedQueryRunner queryRunner = DistributedQueryRunner.builder(session).build();
    Path catalogDir = queryRunner.getCoordinator().getBaseDataDir().resolve("iceberg_data").resolve("catalog");
    queryRunner.installPlugin(new IcebergPlugin());
    Map<String, String> icebergProperties = ImmutableMap.<String, String>builder().put("hive.metastore", "file").put("hive.metastore.catalog.dir", catalogDir.toFile().toURI().toString()).build();
    queryRunner.createCatalog(ICEBERG_CATALOG, "iceberg", icebergProperties);
    queryRunner.installPlugin(new HivePlugin("hive"));
    Map<String, String> hiveProperties = ImmutableMap.<String, String>builder().put("hive.metastore", "file").put("hive.metastore.catalog.dir", catalogDir.toFile().toURI().toString()).put("hive.security", "sql-standard").build();
    queryRunner.createCatalog("hive", "hive", hiveProperties);
    return queryRunner;
}
Also used : Path(java.nio.file.Path) DistributedQueryRunner(com.facebook.presto.tests.DistributedQueryRunner) SelectedRole(com.facebook.presto.spi.security.SelectedRole) HivePlugin(com.facebook.presto.hive.HivePlugin) Identity(com.facebook.presto.spi.security.Identity) Session(com.facebook.presto.Session)

Example 15 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestAccessControlManager method testInitializing.

@Test(expectedExceptions = PrestoException.class, expectedExceptionsMessageRegExp = "Presto server is still initializing")
public void testInitializing() {
    AccessControlManager accessControlManager = new AccessControlManager(createTestTransactionManager());
    accessControlManager.checkCanSetUser(new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), Optional.empty(), "foo");
}
Also used : AccessControlContext(com.facebook.presto.spi.security.AccessControlContext) QueryId(com.facebook.presto.spi.QueryId) Identity(com.facebook.presto.spi.security.Identity) ConnectorIdentity(com.facebook.presto.spi.security.ConnectorIdentity) Test(org.testng.annotations.Test)

Aggregations

Identity (com.facebook.presto.spi.security.Identity)23 Test (org.testng.annotations.Test)18 QueryId (com.facebook.presto.spi.QueryId)11 Session (com.facebook.presto.Session)10 AccessControlContext (com.facebook.presto.spi.security.AccessControlContext)9 ConnectorIdentity (com.facebook.presto.spi.security.ConnectorIdentity)9 SelectedRole (com.facebook.presto.spi.security.SelectedRole)5 QualifiedObjectName (com.facebook.presto.common.QualifiedObjectName)4 InMemoryTransactionManager.createTestTransactionManager (com.facebook.presto.transaction.InMemoryTransactionManager.createTestTransactionManager)4 TransactionManager (com.facebook.presto.transaction.TransactionManager)4 ConnectorId (com.facebook.presto.spi.ConnectorId)3 ConnectorId.createInformationSchemaConnectorId (com.facebook.presto.spi.ConnectorId.createInformationSchemaConnectorId)3 ConnectorId.createSystemTablesConnectorId (com.facebook.presto.spi.ConnectorId.createSystemTablesConnectorId)3 DistributedQueryRunner (com.facebook.presto.tests.DistributedQueryRunner)3 Map (java.util.Map)3 CatalogManager (com.facebook.presto.metadata.CatalogManager)2 SessionPropertyManager (com.facebook.presto.metadata.SessionPropertyManager)2 ConnectorSession (com.facebook.presto.spi.ConnectorSession)2 MaterializedResult (com.facebook.presto.testing.MaterializedResult)2 QueryRunner (com.facebook.presto.testing.QueryRunner)2