use of com.facebook.presto.spi.security.Identity in project presto by prestodb.
the class TestAccessControlManager method testCheckQueryIntegrity.
@Test
public void testCheckQueryIntegrity() {
AccessControlManager accessControlManager = new AccessControlManager(createTestTransactionManager());
AccessControlContext context = new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty());
TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
accessControlManager.addSystemAccessControlFactory(accessControlFactory);
accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
String testQuery = "test_query";
accessControlManager.checkQueryIntegrity(new Identity(USER_NAME, Optional.of(PRINCIPAL), ImmutableMap.of(), ImmutableMap.of(QUERY_TOKEN_FIELD, testQuery), ImmutableMap.of()), context, testQuery);
assertEquals(accessControlFactory.getCheckedUserName(), USER_NAME);
assertEquals(accessControlFactory.getCheckedPrincipal(), Optional.of(PRINCIPAL));
assertEquals(accessControlFactory.getCheckedQuery(), testQuery);
assertThrows(AccessDeniedException.class, () -> accessControlManager.checkQueryIntegrity(new Identity(USER_NAME, Optional.of(PRINCIPAL), ImmutableMap.of(), ImmutableMap.of(QUERY_TOKEN_FIELD, testQuery + " modified"), ImmutableMap.of()), context, testQuery));
}
use of com.facebook.presto.spi.security.Identity in project presto by prestodb.
the class TestAccessControlManager method testDenySystemAccessControl.
@Test(expectedExceptions = PrestoException.class, expectedExceptionsMessageRegExp = "Access Denied: Cannot select from table secured_catalog.schema.table")
public void testDenySystemAccessControl() {
CatalogManager catalogManager = new CatalogManager();
TransactionManager transactionManager = createTestTransactionManager(catalogManager);
AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
accessControlManager.addSystemAccessControlFactory(accessControlFactory);
accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
registerBogusConnector(catalogManager, transactionManager, accessControlManager, "connector");
accessControlManager.addCatalogAccessControl(new ConnectorId("connector"), new DenyConnectorAccessControl());
transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanSelectFromColumns(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), new QualifiedObjectName("secured_catalog", "schema", "table"), ImmutableSet.of("column"));
});
}
use of com.facebook.presto.spi.security.Identity in project presto by prestodb.
the class SystemConnectorSessionUtil method toSession.
// this does not preserve any connector properties (for the system connector)
public static Session toSession(ConnectorTransactionHandle transactionHandle, ConnectorSession session) {
TransactionId transactionId = ((GlobalSystemTransactionHandle) transactionHandle).getTransactionId();
ConnectorIdentity connectorIdentity = session.getIdentity();
Identity identity = new Identity(connectorIdentity.getUser(), connectorIdentity.getPrincipal());
return Session.builder(new SessionPropertyManager(SYSTEM_SESSION_PROPERTIES)).setQueryId(new QueryId(session.getQueryId())).setTransactionId(transactionId).setCatalog("catalog").setSchema("schema").setIdentity(identity).setTimeZoneKey(session.getSqlFunctionProperties().getTimeZoneKey()).setLocale(session.getLocale()).setStartTime(session.getStartTime()).build();
}
use of com.facebook.presto.spi.security.Identity in project presto by prestodb.
the class TestIcebergMetadataListing method createQueryRunner.
@Override
protected QueryRunner createQueryRunner() throws Exception {
Session session = testSessionBuilder().setIdentity(new Identity("hive", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(ROLE, Optional.of("admin"))), ImmutableMap.of(), ImmutableMap.of())).build();
DistributedQueryRunner queryRunner = DistributedQueryRunner.builder(session).build();
Path catalogDir = queryRunner.getCoordinator().getBaseDataDir().resolve("iceberg_data").resolve("catalog");
queryRunner.installPlugin(new IcebergPlugin());
Map<String, String> icebergProperties = ImmutableMap.<String, String>builder().put("hive.metastore", "file").put("hive.metastore.catalog.dir", catalogDir.toFile().toURI().toString()).build();
queryRunner.createCatalog(ICEBERG_CATALOG, "iceberg", icebergProperties);
queryRunner.installPlugin(new HivePlugin("hive"));
Map<String, String> hiveProperties = ImmutableMap.<String, String>builder().put("hive.metastore", "file").put("hive.metastore.catalog.dir", catalogDir.toFile().toURI().toString()).put("hive.security", "sql-standard").build();
queryRunner.createCatalog("hive", "hive", hiveProperties);
return queryRunner;
}
use of com.facebook.presto.spi.security.Identity in project presto by prestodb.
the class TestAccessControlManager method testInitializing.
@Test(expectedExceptions = PrestoException.class, expectedExceptionsMessageRegExp = "Presto server is still initializing")
public void testInitializing() {
AccessControlManager accessControlManager = new AccessControlManager(createTestTransactionManager());
accessControlManager.checkCanSetUser(new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), Optional.empty(), "foo");
}
Aggregations