Search in sources :

Example 16 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestAccessControlManager method testNoCatalogAccessControl.

@Test
public void testNoCatalogAccessControl() {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
    TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
    accessControlManager.addSystemAccessControlFactory(accessControlFactory);
    accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanSelectFromColumns(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), new QualifiedObjectName("catalog", "schema", "table"), ImmutableSet.of("column"));
    });
}
Also used : AccessControlContext(com.facebook.presto.spi.security.AccessControlContext) TransactionManager(com.facebook.presto.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(com.facebook.presto.transaction.InMemoryTransactionManager.createTestTransactionManager) QueryId(com.facebook.presto.spi.QueryId) Identity(com.facebook.presto.spi.security.Identity) ConnectorIdentity(com.facebook.presto.spi.security.ConnectorIdentity) QualifiedObjectName(com.facebook.presto.common.QualifiedObjectName) Test(org.testng.annotations.Test)

Example 17 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestAccessControlManager method testNoneSystemAccessControl.

@Test
public void testNoneSystemAccessControl() {
    AccessControlManager accessControlManager = new AccessControlManager(createTestTransactionManager());
    accessControlManager.setSystemAccessControl(AllowAllSystemAccessControl.NAME, ImmutableMap.of());
    accessControlManager.checkCanSetUser(new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), Optional.empty(), USER_NAME);
}
Also used : AccessControlContext(com.facebook.presto.spi.security.AccessControlContext) QueryId(com.facebook.presto.spi.QueryId) Identity(com.facebook.presto.spi.security.Identity) ConnectorIdentity(com.facebook.presto.spi.security.ConnectorIdentity) Test(org.testng.annotations.Test)

Example 18 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestAccessControlManager method testSetAccessControl.

@Test
public void testSetAccessControl() {
    AccessControlManager accessControlManager = new AccessControlManager(createTestTransactionManager());
    TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
    accessControlManager.addSystemAccessControlFactory(accessControlFactory);
    accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
    accessControlManager.checkCanSetUser(new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), Optional.of(PRINCIPAL), USER_NAME);
    assertEquals(accessControlFactory.getCheckedUserName(), USER_NAME);
    assertEquals(accessControlFactory.getCheckedPrincipal(), Optional.of(PRINCIPAL));
}
Also used : AccessControlContext(com.facebook.presto.spi.security.AccessControlContext) QueryId(com.facebook.presto.spi.QueryId) Identity(com.facebook.presto.spi.security.Identity) ConnectorIdentity(com.facebook.presto.spi.security.ConnectorIdentity) Test(org.testng.annotations.Test)

Example 19 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestAccessControlManager method testReadOnlySystemAccessControl.

@Test
public void testReadOnlySystemAccessControl() {
    Identity identity = new Identity(USER_NAME, Optional.of(PRINCIPAL));
    QualifiedObjectName tableName = new QualifiedObjectName("catalog", "schema", "table");
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
    AccessControlContext context = new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty());
    accessControlManager.setSystemAccessControl(ReadOnlySystemAccessControl.NAME, ImmutableMap.of());
    accessControlManager.checkCanSetUser(identity, context, Optional.of(PRINCIPAL), USER_NAME);
    accessControlManager.checkCanSetSystemSessionProperty(identity, context, "property");
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanSetCatalogSessionProperty(transactionId, identity, context, "catalog", "property");
        accessControlManager.checkCanShowSchemas(transactionId, identity, context, "catalog");
        accessControlManager.checkCanShowTablesMetadata(transactionId, identity, context, new CatalogSchemaName("catalog", "schema"));
        accessControlManager.checkCanSelectFromColumns(transactionId, identity, context, tableName, ImmutableSet.of("column"));
        accessControlManager.checkCanCreateViewWithSelectFromColumns(transactionId, identity, context, tableName, ImmutableSet.of("column"));
        Set<String> catalogs = ImmutableSet.of("catalog");
        assertEquals(accessControlManager.filterCatalogs(identity, context, catalogs), catalogs);
        Set<String> schemas = ImmutableSet.of("schema");
        assertEquals(accessControlManager.filterSchemas(transactionId, identity, context, "catalog", schemas), schemas);
        Set<SchemaTableName> tableNames = ImmutableSet.of(new SchemaTableName("schema", "table"));
        assertEquals(accessControlManager.filterTables(transactionId, identity, context, "catalog", tableNames), tableNames);
    });
    try {
        transaction(transactionManager, accessControlManager).execute(transactionId -> {
            accessControlManager.checkCanInsertIntoTable(transactionId, identity, context, tableName);
        });
        fail();
    } catch (AccessDeniedException expected) {
    }
}
Also used : AccessDeniedException(com.facebook.presto.spi.security.AccessDeniedException) AccessControlContext(com.facebook.presto.spi.security.AccessControlContext) TransactionManager(com.facebook.presto.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(com.facebook.presto.transaction.InMemoryTransactionManager.createTestTransactionManager) CatalogSchemaName(com.facebook.presto.common.CatalogSchemaName) QueryId(com.facebook.presto.spi.QueryId) Identity(com.facebook.presto.spi.security.Identity) ConnectorIdentity(com.facebook.presto.spi.security.ConnectorIdentity) SchemaTableName(com.facebook.presto.spi.SchemaTableName) CatalogSchemaTableName(com.facebook.presto.spi.CatalogSchemaTableName) QualifiedObjectName(com.facebook.presto.common.QualifiedObjectName) Test(org.testng.annotations.Test)

Example 20 with Identity

use of com.facebook.presto.spi.security.Identity in project presto by prestodb.

the class TestHiveIntegrationSmokeTest method testSchemaOperations.

@Test
public void testSchemaOperations() {
    Session admin = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("hive", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("admin"))), ImmutableMap.of(), ImmutableMap.of())).build();
    assertUpdate(admin, "CREATE SCHEMA new_schema");
    assertUpdate(admin, "CREATE TABLE new_schema.test (x bigint)");
    assertQueryFails(admin, "DROP SCHEMA new_schema", "Schema not empty: new_schema");
    assertUpdate(admin, "DROP TABLE new_schema.test");
    assertUpdate(admin, "DROP SCHEMA new_schema");
}
Also used : SelectedRole(com.facebook.presto.spi.security.SelectedRole) Identity(com.facebook.presto.spi.security.Identity) ConnectorSession(com.facebook.presto.spi.ConnectorSession) HiveQueryRunner.createBucketedSession(com.facebook.presto.hive.HiveQueryRunner.createBucketedSession) Session(com.facebook.presto.Session) HiveQueryRunner.createMaterializeExchangesSession(com.facebook.presto.hive.HiveQueryRunner.createMaterializeExchangesSession) Test(org.testng.annotations.Test) AbstractTestIntegrationSmokeTest(com.facebook.presto.tests.AbstractTestIntegrationSmokeTest)

Aggregations

Identity (com.facebook.presto.spi.security.Identity)23 Test (org.testng.annotations.Test)18 QueryId (com.facebook.presto.spi.QueryId)11 Session (com.facebook.presto.Session)10 AccessControlContext (com.facebook.presto.spi.security.AccessControlContext)9 ConnectorIdentity (com.facebook.presto.spi.security.ConnectorIdentity)9 SelectedRole (com.facebook.presto.spi.security.SelectedRole)5 QualifiedObjectName (com.facebook.presto.common.QualifiedObjectName)4 InMemoryTransactionManager.createTestTransactionManager (com.facebook.presto.transaction.InMemoryTransactionManager.createTestTransactionManager)4 TransactionManager (com.facebook.presto.transaction.TransactionManager)4 ConnectorId (com.facebook.presto.spi.ConnectorId)3 ConnectorId.createInformationSchemaConnectorId (com.facebook.presto.spi.ConnectorId.createInformationSchemaConnectorId)3 ConnectorId.createSystemTablesConnectorId (com.facebook.presto.spi.ConnectorId.createSystemTablesConnectorId)3 DistributedQueryRunner (com.facebook.presto.tests.DistributedQueryRunner)3 Map (java.util.Map)3 CatalogManager (com.facebook.presto.metadata.CatalogManager)2 SessionPropertyManager (com.facebook.presto.metadata.SessionPropertyManager)2 ConnectorSession (com.facebook.presto.spi.ConnectorSession)2 MaterializedResult (com.facebook.presto.testing.MaterializedResult)2 QueryRunner (com.facebook.presto.testing.QueryRunner)2