Example 21 with Identity
use of com.facebook.presto.spi.security.Identity in project presto by prestodb.
the class Session method beginTransactionId.
public Session beginTransactionId(TransactionId transactionId, TransactionManager transactionManager, AccessControl accessControl) {
requireNonNull(transactionId, "transactionId is null");
checkArgument(!this.transactionId.isPresent(), "Session already has an active transaction");
requireNonNull(transactionManager, "transactionManager is null");
requireNonNull(accessControl, "accessControl is null");
for (Entry<String, String> property : systemProperties.entrySet()) {
// verify permissions
accessControl.checkCanSetSystemSessionProperty(identity, context, property.getKey());
// validate session property value
sessionPropertyManager.validateSystemSessionProperty(property.getKey(), property.getValue());
}
// Now that there is a transaction, the catalog name can be resolved to a connector, and the catalog properties can be validated
ImmutableMap.Builder<ConnectorId, Map<String, String>> connectorProperties = ImmutableMap.builder();
for (Entry<String, Map<String, String>> catalogEntry : unprocessedCatalogProperties.entrySet()) {
String catalogName = catalogEntry.getKey();
Map<String, String> catalogProperties = catalogEntry.getValue();
if (catalogProperties.isEmpty()) {
continue;
}
ConnectorId connectorId = transactionManager.getOptionalCatalogMetadata(transactionId, catalogName).orElseThrow(() -> new PrestoException(NOT_FOUND, "Session property catalog does not exist: " + catalogName)).getConnectorId();
for (Entry<String, String> property : catalogProperties.entrySet()) {
// verify permissions
accessControl.checkCanSetCatalogSessionProperty(transactionId, identity, context, catalogName, property.getKey());
// validate session property value
sessionPropertyManager.validateCatalogSessionProperty(connectorId, catalogName, property.getKey(), property.getValue());
}
connectorProperties.put(connectorId, catalogProperties);
}
ImmutableMap.Builder<String, SelectedRole> roles = ImmutableMap.builder();
for (Entry<String, SelectedRole> entry : identity.getRoles().entrySet()) {
String catalogName = entry.getKey();
SelectedRole role = entry.getValue();
ConnectorId connectorId = transactionManager.getOptionalCatalogMetadata(transactionId, catalogName).orElseThrow(() -> new PrestoException(NOT_FOUND, "Catalog does not exist: " + catalogName)).getConnectorId();
if (role.getType() == SelectedRole.Type.ROLE) {
accessControl.checkCanSetRole(transactionId, identity, context, role.getRole().get(), catalogName);
}
roles.put(connectorId.getCatalogName(), role);
String informationSchemaCatalogName = createInformationSchemaConnectorId(connectorId).getCatalogName();
if (transactionManager.getCatalogNames(transactionId).containsKey(informationSchemaCatalogName)) {
roles.put(createInformationSchemaConnectorId(connectorId).getCatalogName(), role);
}
String systemTablesCatalogName = createSystemTablesConnectorId(connectorId).getCatalogName();
if (transactionManager.getCatalogNames(transactionId).containsKey(systemTablesCatalogName)) {
roles.put(createSystemTablesConnectorId(connectorId).getCatalogName(), role);
}
}
return new Session(queryId, Optional.of(transactionId), clientTransactionSupport, new Identity(identity.getUser(), identity.getPrincipal(), roles.build(), identity.getExtraCredentials(), identity.getExtraAuthenticators()), source, catalog, schema, traceToken, timeZoneKey, locale, remoteUserAddress, userAgent, clientInfo, clientTags, resourceEstimates, startTime, systemProperties, connectorProperties.build(), ImmutableMap.of(), sessionPropertyManager, preparedStatements, sessionFunctions, tracer);
}
Also used :
SelectedRole(com.facebook.presto.spi.security.SelectedRole)
PrestoException(com.facebook.presto.spi.PrestoException)
ImmutableMap(com.google.common.collect.ImmutableMap)
Identity(com.facebook.presto.spi.security.Identity)
HashMap(java.util.HashMap)
Map(java.util.Map)
ImmutableMap(com.google.common.collect.ImmutableMap)
ConnectorId.createSystemTablesConnectorId(com.facebook.presto.spi.ConnectorId.createSystemTablesConnectorId)
ConnectorId.createInformationSchemaConnectorId(com.facebook.presto.spi.ConnectorId.createInformationSchemaConnectorId)
ConnectorId(com.facebook.presto.spi.ConnectorId)
ConnectorSession(com.facebook.presto.spi.ConnectorSession)
Example 22 with Identity
use of com.facebook.presto.spi.security.Identity in project presto by prestodb.
the class PrestoSparkSessionContext method createFromSessionInfo.
public static PrestoSparkSessionContext createFromSessionInfo(PrestoSparkSession prestoSparkSession, Set<PrestoSparkCredentialsProvider> credentialsProviders, Set<PrestoSparkAuthenticatorProvider> authenticatorProviders) {
ImmutableMap.Builder<String, String> extraCredentials = ImmutableMap.builder();
extraCredentials.putAll(prestoSparkSession.getExtraCredentials());
credentialsProviders.forEach(provider -> extraCredentials.putAll(provider.getCredentials()));
ImmutableMap.Builder<String, TokenAuthenticator> extraTokenAuthenticators = ImmutableMap.builder();
authenticatorProviders.forEach(provider -> extraTokenAuthenticators.putAll(provider.getTokenAuthenticators()));
return new PrestoSparkSessionContext(new Identity(prestoSparkSession.getUser(), prestoSparkSession.getPrincipal(), // presto on spark does not support role management
ImmutableMap.of(), extraCredentials.build(), extraTokenAuthenticators.build()), prestoSparkSession.getCatalog().orElse(null), prestoSparkSession.getSchema().orElse(null), prestoSparkSession.getSource().orElse(null), prestoSparkSession.getUserAgent().orElse(null), prestoSparkSession.getClientInfo().orElse(null), prestoSparkSession.getClientTags(), prestoSparkSession.getTimeZoneId().orElse(null), prestoSparkSession.getLanguage().orElse(null), prestoSparkSession.getSystemProperties(), prestoSparkSession.getCatalogSessionProperties(), prestoSparkSession.getTraceToken());
}
Also used :
TokenAuthenticator(com.facebook.presto.spi.security.TokenAuthenticator)
Identity(com.facebook.presto.spi.security.Identity)
ImmutableMap(com.google.common.collect.ImmutableMap)
Example 23 with Identity
use of com.facebook.presto.spi.security.Identity in project presto by prestodb.
the class TestDistributedQueuesDb method testDistributedQueue_burstTraffic.
@Test(timeOut = 2_000)
public void testDistributedQueue_burstTraffic() throws Exception {
QueryId firstAdhocQuery = createQuery(queryRunner, 1, testSession(new Identity("user1", Optional.empty())), LONG_LASTING_QUERY);
QueryId secondAdhocQuery = createQuery(queryRunner, 0, testSession(new Identity("user2", Optional.empty())), LONG_LASTING_QUERY);
QueryId thirdAdhocQuery = createQuery(queryRunner, 1, testSession(new Identity("user3", Optional.empty())), LONG_LASTING_QUERY);
QueryId fourthAdhocQuery = createQuery(queryRunner, 0, testSession(new Identity("user4", Optional.empty())), LONG_LASTING_QUERY);
Map<ResourceGroupId, ResourceGroupRuntimeInfo> resourceGroupRuntimeInfoSnapshot;
int globalRunningQueries = 0;
int globalQueriedQueries = 0;
do {
MILLISECONDS.sleep(100);
globalRunningQueries = 0;
globalQueriedQueries = 0;
for (int coordinator = 0; coordinator < 2; coordinator++) {
resourceGroupRuntimeInfoSnapshot = queryRunner.getCoordinator(coordinator).getResourceGroupManager().get().getResourceGroupRuntimeInfosSnapshot();
ResourceGroupRuntimeInfo resourceGroupRuntimeInfo = resourceGroupRuntimeInfoSnapshot.get(new ResourceGroupId("global"));
if (resourceGroupRuntimeInfo != null) {
globalRunningQueries += resourceGroupRuntimeInfo.getDescendantRunningQueries();
globalQueriedQueries += resourceGroupRuntimeInfo.getDescendantQueuedQueries();
}
}
} while (globalRunningQueries != 3 && globalQueriedQueries != 1);
}
Also used :
ResourceGroupId(com.facebook.presto.spi.resourceGroups.ResourceGroupId)
QueryId(com.facebook.presto.spi.QueryId)
ResourceGroupRuntimeInfo(com.facebook.presto.execution.resourceGroups.ResourceGroupRuntimeInfo)
Identity(com.facebook.presto.spi.security.Identity)
Test(org.testng.annotations.Test)
Aggregations
Identity (com.facebook.presto.spi.security.Identity)23
Test (org.testng.annotations.Test)18
QueryId (com.facebook.presto.spi.QueryId)11
Session (com.facebook.presto.Session)10
AccessControlContext (com.facebook.presto.spi.security.AccessControlContext)9
ConnectorIdentity (com.facebook.presto.spi.security.ConnectorIdentity)9
SelectedRole (com.facebook.presto.spi.security.SelectedRole)5
QualifiedObjectName (com.facebook.presto.common.QualifiedObjectName)4
InMemoryTransactionManager.createTestTransactionManager (com.facebook.presto.transaction.InMemoryTransactionManager.createTestTransactionManager)4
TransactionManager (com.facebook.presto.transaction.TransactionManager)4
ConnectorId (com.facebook.presto.spi.ConnectorId)3
ConnectorId.createInformationSchemaConnectorId (com.facebook.presto.spi.ConnectorId.createInformationSchemaConnectorId)3
ConnectorId.createSystemTablesConnectorId (com.facebook.presto.spi.ConnectorId.createSystemTablesConnectorId)3
DistributedQueryRunner (com.facebook.presto.tests.DistributedQueryRunner)3
Map (java.util.Map)3
CatalogManager (com.facebook.presto.metadata.CatalogManager)2
SessionPropertyManager (com.facebook.presto.metadata.SessionPropertyManager)2
ConnectorSession (com.facebook.presto.spi.ConnectorSession)2
MaterializedResult (com.facebook.presto.testing.MaterializedResult)2
QueryRunner (com.facebook.presto.testing.QueryRunner)2
