use of com.facebook.presto.spi.security.Identity in project presto by prestodb.
the class TestAccessControlManager method testNoCatalogAccessControl.
@Test
public void testNoCatalogAccessControl() {
TransactionManager transactionManager = createTestTransactionManager();
AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
accessControlManager.addSystemAccessControlFactory(accessControlFactory);
accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanSelectFromColumns(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), new QualifiedObjectName("catalog", "schema", "table"), ImmutableSet.of("column"));
});
}
use of com.facebook.presto.spi.security.Identity in project presto by prestodb.
the class TestAccessControlManager method testNoneSystemAccessControl.
@Test
public void testNoneSystemAccessControl() {
AccessControlManager accessControlManager = new AccessControlManager(createTestTransactionManager());
accessControlManager.setSystemAccessControl(AllowAllSystemAccessControl.NAME, ImmutableMap.of());
accessControlManager.checkCanSetUser(new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), Optional.empty(), USER_NAME);
}
use of com.facebook.presto.spi.security.Identity in project presto by prestodb.
the class TestAccessControlManager method testSetAccessControl.
@Test
public void testSetAccessControl() {
AccessControlManager accessControlManager = new AccessControlManager(createTestTransactionManager());
TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
accessControlManager.addSystemAccessControlFactory(accessControlFactory);
accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
accessControlManager.checkCanSetUser(new Identity(USER_NAME, Optional.of(PRINCIPAL)), new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty()), Optional.of(PRINCIPAL), USER_NAME);
assertEquals(accessControlFactory.getCheckedUserName(), USER_NAME);
assertEquals(accessControlFactory.getCheckedPrincipal(), Optional.of(PRINCIPAL));
}
use of com.facebook.presto.spi.security.Identity in project presto by prestodb.
the class TestAccessControlManager method testReadOnlySystemAccessControl.
@Test
public void testReadOnlySystemAccessControl() {
Identity identity = new Identity(USER_NAME, Optional.of(PRINCIPAL));
QualifiedObjectName tableName = new QualifiedObjectName("catalog", "schema", "table");
TransactionManager transactionManager = createTestTransactionManager();
AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
AccessControlContext context = new AccessControlContext(new QueryId(QUERY_ID), Optional.empty(), Optional.empty());
accessControlManager.setSystemAccessControl(ReadOnlySystemAccessControl.NAME, ImmutableMap.of());
accessControlManager.checkCanSetUser(identity, context, Optional.of(PRINCIPAL), USER_NAME);
accessControlManager.checkCanSetSystemSessionProperty(identity, context, "property");
transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanSetCatalogSessionProperty(transactionId, identity, context, "catalog", "property");
accessControlManager.checkCanShowSchemas(transactionId, identity, context, "catalog");
accessControlManager.checkCanShowTablesMetadata(transactionId, identity, context, new CatalogSchemaName("catalog", "schema"));
accessControlManager.checkCanSelectFromColumns(transactionId, identity, context, tableName, ImmutableSet.of("column"));
accessControlManager.checkCanCreateViewWithSelectFromColumns(transactionId, identity, context, tableName, ImmutableSet.of("column"));
Set<String> catalogs = ImmutableSet.of("catalog");
assertEquals(accessControlManager.filterCatalogs(identity, context, catalogs), catalogs);
Set<String> schemas = ImmutableSet.of("schema");
assertEquals(accessControlManager.filterSchemas(transactionId, identity, context, "catalog", schemas), schemas);
Set<SchemaTableName> tableNames = ImmutableSet.of(new SchemaTableName("schema", "table"));
assertEquals(accessControlManager.filterTables(transactionId, identity, context, "catalog", tableNames), tableNames);
});
try {
transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanInsertIntoTable(transactionId, identity, context, tableName);
});
fail();
} catch (AccessDeniedException expected) {
}
}
use of com.facebook.presto.spi.security.Identity in project presto by prestodb.
the class TestHiveIntegrationSmokeTest method testSchemaOperations.
@Test
public void testSchemaOperations() {
Session admin = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("hive", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("admin"))), ImmutableMap.of(), ImmutableMap.of())).build();
assertUpdate(admin, "CREATE SCHEMA new_schema");
assertUpdate(admin, "CREATE TABLE new_schema.test (x bigint)");
assertQueryFails(admin, "DROP SCHEMA new_schema", "Schema not empty: new_schema");
assertUpdate(admin, "DROP TABLE new_schema.test");
assertUpdate(admin, "DROP SCHEMA new_schema");
}
Aggregations