Examples with PrestoPrincipal com.facebook.presto.spi.security.PrestoPrincipal used on opensource projects

Example 6 with PrestoPrincipal

use of com.facebook.presto.spi.security.PrestoPrincipal in project presto by prestodb.

the class FileHiveMetastore method grantRoles.

@Override
public synchronized void grantRoles(MetastoreContext metastoreContext, Set<String> roles, Set<PrestoPrincipal> grantees, boolean withAdminOption, PrestoPrincipal grantor) {
    Set<String> existingRoles = listRoles(metastoreContext);
    Set<RoleGrant> existingGrants = listRoleGrantsSanitized(metastoreContext);
    Set<RoleGrant> modifiedGrants = new HashSet<>(existingGrants);
    for (PrestoPrincipal grantee : grantees) {
        for (String role : roles) {
            checkArgument(existingRoles.contains(role), "Role does not exist: %s", role);
            if (grantee.getType() == ROLE) {
                checkArgument(existingRoles.contains(grantee.getName()), "Role does not exist: %s", grantee.getName());
            }
            RoleGrant grantWithAdminOption = new RoleGrant(grantee, role, true);
            RoleGrant grantWithoutAdminOption = new RoleGrant(grantee, role, false);
            if (withAdminOption) {
                modifiedGrants.remove(grantWithoutAdminOption);
                modifiedGrants.add(grantWithAdminOption);
            } else {
                modifiedGrants.remove(grantWithAdminOption);
                modifiedGrants.add(grantWithoutAdminOption);
            }
        }
    }
    modifiedGrants = removeDuplicatedEntries(modifiedGrants);
    if (!existingGrants.equals(modifiedGrants)) {
        writeRoleGrantsFile(modifiedGrants);
    }
}

Example 7 with PrestoPrincipal

use of com.facebook.presto.spi.security.PrestoPrincipal in project presto by prestodb.

the class FileHiveMetastore method replaceTable.

@Override
public synchronized void replaceTable(MetastoreContext metastoreContext, String databaseName, String tableName, Table newTable, PrincipalPrivileges principalPrivileges) {
    checkArgument(!newTable.getTableType().equals(TEMPORARY_TABLE), "temporary tables must never be stored in the metastore");
    Table table = getRequiredTable(metastoreContext, databaseName, tableName);
    if ((!table.getTableType().equals(VIRTUAL_VIEW) || !newTable.getTableType().equals(VIRTUAL_VIEW)) && !isIcebergTable(table.getParameters())) {
        throw new PrestoException(HIVE_METASTORE_ERROR, "Only views can be updated with replaceTable");
    }
    if (!table.getDatabaseName().equals(databaseName) || !table.getTableName().equals(tableName)) {
        throw new PrestoException(HIVE_METASTORE_ERROR, "Replacement table must have same name");
    }
    Path tableMetadataDirectory = getTableMetadataDirectory(table);
    writeSchemaFile("table", tableMetadataDirectory, tableCodec, new TableMetadata(newTable), true);
    // replace existing permissions
    deleteTablePrivileges(table);
    for (Entry<String, Collection<HivePrivilegeInfo>> entry : principalPrivileges.getUserPrivileges().asMap().entrySet()) {
        setTablePrivileges(metastoreContext, new PrestoPrincipal(USER, entry.getKey()), table.getDatabaseName(), table.getTableName(), entry.getValue());
    }
    for (Entry<String, Collection<HivePrivilegeInfo>> entry : principalPrivileges.getRolePrivileges().asMap().entrySet()) {
        setTablePrivileges(metastoreContext, new PrestoPrincipal(ROLE, entry.getKey()), table.getDatabaseName(), table.getTableName(), entry.getValue());
    }
}

Example 8 with PrestoPrincipal

use of com.facebook.presto.spi.security.PrestoPrincipal in project presto by prestodb.

the class HiveTableOperations method commit.

@Override
public void commit(@Nullable TableMetadata base, TableMetadata metadata) {
    requireNonNull(metadata, "metadata is null");
    // if the metadata is already out of date, reject it
    if (!Objects.equals(base, current())) {
        throw new CommitFailedException("Cannot commit: stale table metadata for %s", getSchemaTableName());
    }
    // if the metadata is not changed, return early
    if (Objects.equals(base, metadata)) {
        return;
    }
    String newMetadataLocation = writeNewMetadata(metadata, version + 1);
    Table table;
    // getting a process-level lock per table to avoid concurrent commit attempts to the same table from the same
    // JVM process, which would result in unnecessary and costly HMS lock acquisition requests
    Optional<Long> lockId = Optional.empty();
    ReentrantLock tableLevelMutex = commitLockCache.getUnchecked(database + "." + tableName);
    tableLevelMutex.lock();
    try {
        try {
            lockId = Optional.of(metastore.lock(metastoreContext, database, tableName));
            if (base == null) {
                String tableComment = metadata.properties().get(TABLE_COMMENT);
                Map<String, String> parameters = new HashMap<>();
                parameters.put("EXTERNAL", "TRUE");
                parameters.put(TABLE_TYPE_PROP, ICEBERG_TABLE_TYPE_VALUE);
                parameters.put(METADATA_LOCATION, newMetadataLocation);
                if (tableComment != null) {
                    parameters.put(TABLE_COMMENT, tableComment);
                }
                Table.Builder builder = Table.builder().setDatabaseName(database).setTableName(tableName).setOwner(owner.orElseThrow(() -> new IllegalStateException("Owner not set"))).setTableType(PrestoTableType.EXTERNAL_TABLE).setDataColumns(toHiveColumns(metadata.schema().columns())).withStorage(storage -> storage.setLocation(metadata.location())).withStorage(storage -> storage.setStorageFormat(STORAGE_FORMAT)).setParameters(parameters);
                table = builder.build();
            } else {
                Table currentTable = getTable();
                checkState(currentMetadataLocation != null, "No current metadata location for existing table");
                String metadataLocation = currentTable.getParameters().get(METADATA_LOCATION);
                if (!currentMetadataLocation.equals(metadataLocation)) {
                    throw new CommitFailedException("Metadata location [%s] is not same as table metadata location [%s] for %s", currentMetadataLocation, metadataLocation, getSchemaTableName());
                }
                table = Table.builder(currentTable).setDataColumns(toHiveColumns(metadata.schema().columns())).withStorage(storage -> storage.setLocation(metadata.location())).setParameter(METADATA_LOCATION, newMetadataLocation).setParameter(PREVIOUS_METADATA_LOCATION, currentMetadataLocation).build();
            }
        } catch (RuntimeException e) {
            try {
                io().deleteFile(newMetadataLocation);
            } catch (RuntimeException exception) {
                e.addSuppressed(exception);
            }
            throw e;
        }
        PrestoPrincipal owner = new PrestoPrincipal(USER, table.getOwner());
        PrincipalPrivileges privileges = new PrincipalPrivileges(ImmutableMultimap.<String, HivePrivilegeInfo>builder().put(table.getOwner(), new HivePrivilegeInfo(SELECT, true, owner, owner)).put(table.getOwner(), new HivePrivilegeInfo(INSERT, true, owner, owner)).put(table.getOwner(), new HivePrivilegeInfo(UPDATE, true, owner, owner)).put(table.getOwner(), new HivePrivilegeInfo(DELETE, true, owner, owner)).build(), ImmutableMultimap.of());
        if (base == null) {
            metastore.createTable(metastoreContext, table, privileges);
        } else {
            metastore.replaceTable(metastoreContext, database, tableName, table, privileges);
        }
    } finally {
        shouldRefresh = true;
        try {
            lockId.ifPresent(id -> metastore.unlock(metastoreContext, id));
        } catch (Exception e) {
            log.error(e, "Failed to unlock: %s", lockId.orElse(null));
        } finally {
            tableLevelMutex.unlock();
        }
    }
}

Example 9 with PrestoPrincipal

use of com.facebook.presto.spi.security.PrestoPrincipal in project presto by prestodb.

the class HiveMetadata method listTablePrivileges.

@Override
public List<GrantInfo> listTablePrivileges(ConnectorSession session, SchemaTablePrefix schemaTablePrefix) {
    MetastoreContext metastoreContext = getMetastoreContext(session);
    Set<PrestoPrincipal> principals = listEnabledPrincipals(metastore, session.getIdentity(), metastoreContext).collect(toImmutableSet());
    boolean isAdminRoleSet = hasAdminRole(principals);
    ImmutableList.Builder<GrantInfo> result = ImmutableList.builder();
    for (SchemaTableName tableName : listTables(session, schemaTablePrefix)) {
        if (isAdminRoleSet) {
            result.addAll(buildGrants(session, tableName, null));
        } else {
            for (PrestoPrincipal grantee : principals) {
                result.addAll(buildGrants(session, tableName, grantee));
            }
        }
    }
    return result.build();
}

Example 10 with PrestoPrincipal

use of com.facebook.presto.spi.security.PrestoPrincipal in project presto by prestodb.

the class HiveMetadata method revokeTablePrivileges.

@Override
public void revokeTablePrivileges(ConnectorSession session, SchemaTableName schemaTableName, Set<Privilege> privileges, PrestoPrincipal grantee, boolean grantOption) {
    String schemaName = schemaTableName.getSchemaName();
    String tableName = schemaTableName.getTableName();
    Set<HivePrivilegeInfo> hivePrivilegeInfos = privileges.stream().map(privilege -> new HivePrivilegeInfo(toHivePrivilege(privilege), grantOption, new PrestoPrincipal(USER, session.getUser()), new PrestoPrincipal(USER, session.getUser()))).collect(toSet());
    MetastoreContext metastoreContext = getMetastoreContext(session);
    metastore.revokeTablePrivileges(metastoreContext, schemaName, tableName, grantee, hivePrivilegeInfos);
}