Examples with Identity com.facebook.presto.spi.security.Identity used on opensource projects

Example 11 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestAccessControlManager method testCheckQueryIntegrity.

@Test
public void testCheckQueryIntegrity() {
    AccessControlManager accessControlManager = new AccessControlManager(createTestTransactionManager());
    AccessControlContext context = new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty());
    TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
    accessControlManager.addSystemAccessControlFactory(accessControlFactory);
    accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
    String testQuery = "test_query";
    accessControlManager.checkQueryIntegrity(new Identity(USER_NAME, Optional.of(PRINCIPAL), ImmutableMap.of(), ImmutableMap.of(QUERY_TOKEN_FIELD, testQuery), ImmutableMap.of()), context, testQuery);
    assertEquals(accessControlFactory.getCheckedUserName(), USER_NAME);
    assertEquals(accessControlFactory.getCheckedPrincipal(), Optional.of(PRINCIPAL));
    assertEquals(accessControlFactory.getCheckedQuery(), testQuery);
    assertThrows(AccessDeniedException.class, () -> accessControlManager.checkQueryIntegrity(new Identity(USER_NAME, Optional.of(PRINCIPAL), ImmutableMap.of(), ImmutableMap.of(QUERY_TOKEN_FIELD, testQuery + " modified"), ImmutableMap.of()), context, testQuery));
}

Example 12 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestAccessControlManager method testDenySystemAccessControl.

@Test(expectedExceptions = PrestoException.class, expectedExceptionsMessageRegExp = "Access Denied: Cannot select from table secured_catalog.schema.table")
public void testDenySystemAccessControl() {
    CatalogManager catalogManager = new CatalogManager();
    TransactionManager transactionManager = createTestTransactionManager(catalogManager);
    AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
    TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
    accessControlManager.addSystemAccessControlFactory(accessControlFactory);
    accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
    registerBogusConnector(catalogManager, transactionManager, accessControlManager, "connector");
    accessControlManager.addCatalogAccessControl(new ConnectorId("connector"), new DenyConnectorAccessControl());
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanSelectFromColumns(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), new QualifiedObjectName("secured_catalog", "schema", "table"), ImmutableSet.of("column"));
    });
}

Example 13 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class SystemConnectorSessionUtil method toSession.

// this does not preserve any connector properties (for the system connector)
public static Session toSession(ConnectorTransactionHandle transactionHandle, ConnectorSession session) {
    TransactionId transactionId = ((GlobalSystemTransactionHandle) transactionHandle).getTransactionId();
    ConnectorIdentity connectorIdentity = session.getIdentity();
    Identity identity = new Identity(connectorIdentity.getUser(), connectorIdentity.getPrincipal());
    return Session.builder(new SessionPropertyManager(SYSTEM_SESSION_PROPERTIES)).setQueryId(new QueryId(session.getQueryId())).setTransactionId(transactionId).setCatalog("catalog").setSchema("schema").setIdentity(identity).setTimeZoneKey(session.getSqlFunctionProperties().getTimeZoneKey()).setLocale(session.getLocale()).setStartTime(session.getStartTime()).build();
}

Example 14 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestIcebergMetadataListing method createQueryRunner.

@Override
protected QueryRunner createQueryRunner() throws Exception {
    Session session = testSessionBuilder().setIdentity(new Identity("hive", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(ROLE, Optional.of("admin"))), ImmutableMap.of(), ImmutableMap.of())).build();
    DistributedQueryRunner queryRunner = DistributedQueryRunner.builder(session).build();
    Path catalogDir = queryRunner.getCoordinator().getBaseDataDir().resolve("iceberg_data").resolve("catalog");
    queryRunner.installPlugin(new IcebergPlugin());
    Map<String, String> icebergProperties = ImmutableMap.<String, String>builder().put("hive.metastore", "file").put("hive.metastore.catalog.dir", catalogDir.toFile().toURI().toString()).build();
    queryRunner.createCatalog(ICEBERG_CATALOG, "iceberg", icebergProperties);
    queryRunner.installPlugin(new HivePlugin("hive"));
    Map<String, String> hiveProperties = ImmutableMap.<String, String>builder().put("hive.metastore", "file").put("hive.metastore.catalog.dir", catalogDir.toFile().toURI().toString()).put("hive.security", "sql-standard").build();
    queryRunner.createCatalog("hive", "hive", hiveProperties);
    return queryRunner;
}

Example 15 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestAccessControlManager method testInitializing.

@Test(expectedExceptions = PrestoException.class, expectedExceptionsMessageRegExp = "Presto server is still initializing")
public void testInitializing() {
    AccessControlManager accessControlManager = new AccessControlManager(createTestTransactionManager());
    accessControlManager.checkCanSetUser(new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), Optional.empty(), "foo");
}