Examples with PrestoPrincipal com.facebook.presto.spi.security.PrestoPrincipal used on opensource projects

Search in sources :

Example 11 with PrestoPrincipal

use of com.facebook.presto.spi.security.PrestoPrincipal in project presto by prestodb.

the class TestFileBasedSystemAccessControl method testViewOperationsReadOnly.

@Test
public void testViewOperationsReadOnly() {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = newAccessControlManager(transactionManager, "catalog_read_only.json");
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanSelectFromColumns(transactionId, alice, context, aliceView, ImmutableSet.of());
        accessControlManager.checkCanSetCatalogSessionProperty(transactionId, alice, context, "alice-catalog", "property");
    });
    assertThrows(AccessDeniedException.class, () -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateView(transactionId, alice, context, aliceView);
    }));
    assertThrows(AccessDeniedException.class, () -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanDropView(transactionId, alice, context, aliceView);
    }));
    assertThrows(AccessDeniedException.class, () -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateViewWithSelectFromColumns(transactionId, alice, context, aliceTable, ImmutableSet.of());
    }));
    assertThrows(AccessDeniedException.class, () -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateViewWithSelectFromColumns(transactionId, alice, context, aliceView, ImmutableSet.of());
    }));
    assertThrows(AccessDeniedException.class, () -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanGrantTablePrivilege(transactionId, alice, context, SELECT, aliceTable, new PrestoPrincipal(USER, "grantee"), true);
    }));
    assertThrows(AccessDeniedException.class, () -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanRevokeTablePrivilege(transactionId, alice, context, SELECT, aliceTable, new PrestoPrincipal(USER, "revokee"), true);
    }));
    assertThrows(AccessDeniedException.class, () -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateView(transactionId, bob, context, aliceView);
    }));
}
Also used : SystemAccessControl(com.facebook.presto.spi.security.SystemAccessControl) InterfaceTestUtils.assertAllMethodsOverridden(com.facebook.presto.spi.testing.InterfaceTestUtils.assertAllMethodsOverridden) PrestoPrincipal(com.facebook.presto.spi.security.PrestoPrincipal) Assert.assertEquals(org.testng.Assert.assertEquals) Test(org.testng.annotations.Test) SECURITY_CONFIG_FILE(com.facebook.presto.plugin.base.security.FileBasedAccessControlConfig.SECURITY_CONFIG_FILE) AccessDeniedException(com.facebook.presto.spi.security.AccessDeniedException) SchemaTableName(com.facebook.presto.spi.SchemaTableName) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) Assert.assertThrows(org.testng.Assert.assertThrows) Identity(com.facebook.presto.spi.security.Identity) TransactionBuilder.transaction(com.facebook.presto.transaction.TransactionBuilder.transaction) QualifiedObjectName(com.facebook.presto.common.QualifiedObjectName) Thread.sleep(java.lang.Thread.sleep) TransactionManager(com.facebook.presto.transaction.TransactionManager) Files.newTemporaryFile(org.assertj.core.util.Files.newTemporaryFile) SECURITY_REFRESH_PERIOD(com.facebook.presto.plugin.base.security.FileBasedAccessControlConfig.SECURITY_REFRESH_PERIOD) USER(com.facebook.presto.spi.security.PrincipalType.USER) SELECT(com.facebook.presto.spi.security.Privilege.SELECT) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) InMemoryTransactionManager.createTestTransactionManager(com.facebook.presto.transaction.InMemoryTransactionManager.createTestTransactionManager) AccessControlContext(com.facebook.presto.spi.security.AccessControlContext) Set(java.util.Set) File(java.io.File) QueryId(com.facebook.presto.spi.QueryId) Files.copy(com.google.common.io.Files.copy) Optional(java.util.Optional) CatalogSchemaName(com.facebook.presto.common.CatalogSchemaName) TransactionManager(com.facebook.presto.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(com.facebook.presto.transaction.InMemoryTransactionManager.createTestTransactionManager) PrestoPrincipal(com.facebook.presto.spi.security.PrestoPrincipal) Test(org.testng.annotations.Test)

Example 12 with PrestoPrincipal

use of com.facebook.presto.spi.security.PrestoPrincipal in project presto by prestodb.

the class SqlStandardAccessControl method checkCanSetRole.

@Override
public void checkCanSetRole(ConnectorTransactionHandle transaction, ConnectorIdentity identity, AccessControlContext context, String role, String catalogName) {
    SemiTransactionalHiveMetastore metastore = getMetastore(transaction);
    MetastoreContext metastoreContext = new MetastoreContext(identity, context.getQueryId().getId(), context.getClientInfo(), context.getSource(), Optional.empty(), false, HiveColumnConverterProvider.DEFAULT_COLUMN_CONVERTER_PROVIDER);
    if (!isRoleApplicable(metastore, identity, new PrestoPrincipal(USER, identity.getUser()), metastoreContext, role)) {
        denySetRole(role);
    }
}
Also used : SemiTransactionalHiveMetastore(com.facebook.presto.hive.metastore.SemiTransactionalHiveMetastore) MetastoreContext(com.facebook.presto.hive.metastore.MetastoreContext) PrestoPrincipal(com.facebook.presto.spi.security.PrestoPrincipal)

Example 13 with PrestoPrincipal

use of com.facebook.presto.spi.security.PrestoPrincipal in project presto by prestodb.

the class SqlStandardAccessControl method isDatabaseOwner.

private boolean isDatabaseOwner(ConnectorTransactionHandle transaction, ConnectorIdentity identity, MetastoreContext metastoreContext, String databaseName) {
    // all users are "owners" of the default database
    if (DEFAULT_DATABASE_NAME.equalsIgnoreCase(databaseName)) {
        return true;
    }
    if (isAdmin(transaction, identity, metastoreContext)) {
        return true;
    }
    SemiTransactionalHiveMetastore metastore = getMetastore(transaction);
    Optional<Database> databaseMetadata = metastore.getDatabase(metastoreContext, databaseName);
    if (!databaseMetadata.isPresent()) {
        return false;
    }
    Database database = databaseMetadata.get();
    // a database can be owned by a user or role
    if (database.getOwnerType() == USER && identity.getUser().equals(database.getOwnerName())) {
        return true;
    }
    if (database.getOwnerType() == ROLE && isRoleEnabled(identity, (PrestoPrincipal p) -> metastore.listRoleGrants(metastoreContext, p), database.getOwnerName())) {
        return true;
    }
    return false;
}
Also used : SemiTransactionalHiveMetastore(com.facebook.presto.hive.metastore.SemiTransactionalHiveMetastore) Database(com.facebook.presto.hive.metastore.Database) PrestoPrincipal(com.facebook.presto.spi.security.PrestoPrincipal)

Example 14 with PrestoPrincipal

use of com.facebook.presto.spi.security.PrestoPrincipal in project presto by prestodb.

the class SqlStandardAccessControl method hasAdminOptionForRoles.

private boolean hasAdminOptionForRoles(ConnectorTransactionHandle transaction, ConnectorIdentity identity, MetastoreContext metastoreContext, Set<String> roles) {
    if (isAdmin(transaction, identity, metastoreContext)) {
        return true;
    }
    SemiTransactionalHiveMetastore metastore = getMetastore(transaction);
    Set<String> rolesWithGrantOption = listApplicableRoles(new PrestoPrincipal(USER, identity.getUser()), (PrestoPrincipal p) -> metastore.listRoleGrants(metastoreContext, p)).filter(RoleGrant::isGrantable).map(RoleGrant::getRoleName).collect(toSet());
    return rolesWithGrantOption.containsAll(roles);
}
Also used : RoleGrant(com.facebook.presto.spi.security.RoleGrant) SemiTransactionalHiveMetastore(com.facebook.presto.hive.metastore.SemiTransactionalHiveMetastore) PrestoPrincipal(com.facebook.presto.spi.security.PrestoPrincipal)

Example 15 with PrestoPrincipal

use of com.facebook.presto.spi.security.PrestoPrincipal in project presto by prestodb.

the class ThriftMetastoreUtil method listApplicableTablePrivileges.

public static Stream<HivePrivilegeInfo> listApplicableTablePrivileges(SemiTransactionalHiveMetastore metastore, ConnectorIdentity identity, MetastoreContext metastoreContext, String databaseName, String tableName, String user) {
    PrestoPrincipal userPrincipal = new PrestoPrincipal(USER, user);
    Stream<PrestoPrincipal> principals = Stream.concat(Stream.of(userPrincipal), listApplicableRoles(metastore, identity, userPrincipal, metastoreContext).map(role -> new PrestoPrincipal(ROLE, role)));
    return listTablePrivileges(identity, metastoreContext, metastore, databaseName, tableName, principals);
}
Also used : Arrays(java.util.Arrays) PartitionWithStatistics(com.facebook.presto.hive.metastore.PartitionWithStatistics) PrestoPrincipal(com.facebook.presto.spi.security.PrestoPrincipal) MetastoreContext(com.facebook.presto.hive.metastore.MetastoreContext) MetastoreUtil.fromMetastoreDistinctValuesCount(com.facebook.presto.hive.metastore.MetastoreUtil.fromMetastoreDistinctValuesCount) SerDeInfo(org.apache.hadoop.hive.metastore.api.SerDeInfo) EXTERNAL_TABLE(com.facebook.presto.hive.metastore.PrestoTableType.EXTERNAL_TABLE) MATERIALIZED_VIEW(com.facebook.presto.hive.metastore.PrestoTableType.MATERIALIZED_VIEW) HiveColumnStatistics.createDoubleColumnStatistics(com.facebook.presto.hive.metastore.HiveColumnStatistics.createDoubleColumnStatistics) BigDecimal(java.math.BigDecimal) BooleanColumnStatsData(org.apache.hadoop.hive.metastore.api.BooleanColumnStatsData) Math.round(java.lang.Math.round) Map(java.util.Map) DoubleColumnStatsData(org.apache.hadoop.hive.metastore.api.DoubleColumnStatsData) BigInteger(java.math.BigInteger) ENGLISH(java.util.Locale.ENGLISH) EnumSet(java.util.EnumSet) DecimalColumnStatsData(org.apache.hadoop.hive.metastore.api.DecimalColumnStatsData) PartitionMutator(com.facebook.presto.hive.PartitionMutator) StorageFormat(com.facebook.presto.hive.metastore.StorageFormat) HIVE_INVALID_METADATA(com.facebook.presto.hive.HiveErrorCode.HIVE_INVALID_METADATA) ColumnStatisticsData.decimalStats(org.apache.hadoop.hive.metastore.api.ColumnStatisticsData.decimalStats) PrincipalPrivileges(com.facebook.presto.hive.metastore.PrincipalPrivileges) Set(java.util.Set) SemiTransactionalHiveMetastore(com.facebook.presto.hive.metastore.SemiTransactionalHiveMetastore) SELECT(com.facebook.presto.hive.metastore.HivePrivilegeInfo.HivePrivilege.SELECT) ColumnConverter(com.facebook.presto.hive.ColumnConverter) ROLE(com.facebook.presto.spi.security.PrincipalType.ROLE) Stream(java.util.stream.Stream) HiveColumnStatistics.createBinaryColumnStatistics(com.facebook.presto.hive.metastore.HiveColumnStatistics.createBinaryColumnStatistics) Date(org.apache.hadoop.hive.metastore.api.Date) HivePrivilegeInfo(com.facebook.presto.hive.metastore.HivePrivilegeInfo) Table(com.facebook.presto.hive.metastore.Table) Database(com.facebook.presto.hive.metastore.Database) HiveColumnStatistics(com.facebook.presto.hive.metastore.HiveColumnStatistics) OptionalLong(java.util.OptionalLong) MetastoreUtil(com.facebook.presto.hive.metastore.MetastoreUtil) CSV(com.facebook.presto.hive.HiveStorageFormat.CSV) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) DELETE(com.facebook.presto.hive.metastore.HivePrivilegeInfo.HivePrivilege.DELETE) LongColumnStatsData(org.apache.hadoop.hive.metastore.api.LongColumnStatsData) PrincipalPrivilegeSet(org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) Nullable(javax.annotation.Nullable) INSERT(com.facebook.presto.hive.metastore.HivePrivilegeInfo.HivePrivilege.INSERT) ColumnStatisticsData.binaryStats(org.apache.hadoop.hive.metastore.api.ColumnStatisticsData.binaryStats) AbstractIterator(com.google.common.collect.AbstractIterator) PrincipalType(com.facebook.presto.spi.security.PrincipalType) PRESTO_MATERIALIZED_VIEW_FLAG(com.facebook.presto.hive.metastore.MetastoreUtil.PRESTO_MATERIALIZED_VIEW_FLAG) StringColumnStatsData(org.apache.hadoop.hive.metastore.api.StringColumnStatsData) Strings.emptyToNull(com.google.common.base.Strings.emptyToNull) ColumnStatisticsData.longStats(org.apache.hadoop.hive.metastore.api.ColumnStatisticsData.longStats) DateColumnStatsData(org.apache.hadoop.hive.metastore.api.DateColumnStatsData) TableType(org.apache.hadoop.hive.metastore.TableType) HiveColumnStatistics.createDecimalColumnStatistics(com.facebook.presto.hive.metastore.HiveColumnStatistics.createDecimalColumnStatistics) ArrayDeque(java.util.ArrayDeque) HiveColumnStatistics.createDateColumnStatistics(com.facebook.presto.hive.metastore.HiveColumnStatistics.createDateColumnStatistics) ColumnStatisticsData.stringStats(org.apache.hadoop.hive.metastore.api.ColumnStatisticsData.stringStats) ColumnStatisticsData.booleanStats(org.apache.hadoop.hive.metastore.api.ColumnStatisticsData.booleanStats) RolePrincipalGrant(org.apache.hadoop.hive.metastore.api.RolePrincipalGrant) ByteBuffer(java.nio.ByteBuffer) Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument) Locale(java.util.Locale) ColumnStatisticsData.doubleStats(org.apache.hadoop.hive.metastore.api.ColumnStatisticsData.doubleStats) MANAGED_TABLE(com.facebook.presto.hive.metastore.PrestoTableType.MANAGED_TABLE) AVRO(com.facebook.presto.hive.HiveStorageFormat.AVRO) PrimitiveTypeInfo(org.apache.hadoop.hive.serde2.typeinfo.PrimitiveTypeInfo) StorageDescriptor(org.apache.hadoop.hive.metastore.api.StorageDescriptor) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) Predicate(java.util.function.Predicate) ColumnStatisticsObj(org.apache.hadoop.hive.metastore.api.ColumnStatisticsObj) Collection(java.util.Collection) Decimal(org.apache.hadoop.hive.metastore.api.Decimal) Order(org.apache.hadoop.hive.metastore.api.Order) Streams(com.google.common.collect.Streams) String.format(java.lang.String.format) Preconditions.checkState(com.google.common.base.Preconditions.checkState) List(java.util.List) PrestoTableType(com.facebook.presto.hive.metastore.PrestoTableType) RoleGrant(com.facebook.presto.spi.security.RoleGrant) LocalDate(java.time.LocalDate) Optional(java.util.Optional) HiveColumnStatistics.createBooleanColumnStatistics(com.facebook.presto.hive.metastore.HiveColumnStatistics.createBooleanColumnStatistics) OTHER(com.facebook.presto.hive.metastore.PrestoTableType.OTHER) Queue(java.util.Queue) HiveColumnStatistics.createIntegerColumnStatistics(com.facebook.presto.hive.metastore.HiveColumnStatistics.createIntegerColumnStatistics) Strings.nullToEmpty(com.google.common.base.Strings.nullToEmpty) Column(com.facebook.presto.hive.metastore.Column) HiveType(com.facebook.presto.hive.HiveType) OptionalDouble(java.util.OptionalDouble) Shorts(com.google.common.primitives.Shorts) PrestoException(com.facebook.presto.spi.PrestoException) Function(java.util.function.Function) Partition(com.facebook.presto.hive.metastore.Partition) OWNERSHIP(com.facebook.presto.hive.metastore.HivePrivilegeInfo.HivePrivilege.OWNERSHIP) HashSet(java.util.HashSet) ColumnStatisticsData.dateStats(org.apache.hadoop.hive.metastore.api.ColumnStatisticsData.dateStats) BinaryColumnStatsData(org.apache.hadoop.hive.metastore.api.BinaryColumnStatsData) Objects.requireNonNull(java.util.Objects.requireNonNull) USER(com.facebook.presto.spi.security.PrincipalType.USER) SelectedRole(com.facebook.presto.spi.security.SelectedRole) Storage(com.facebook.presto.hive.metastore.Storage) HiveColumnStatistics.createStringColumnStatistics(com.facebook.presto.hive.metastore.HiveColumnStatistics.createStringColumnStatistics) UPDATE(com.facebook.presto.hive.metastore.HivePrivilegeInfo.HivePrivilege.UPDATE) PRIMITIVE(org.apache.hadoop.hive.serde2.objectinspector.ObjectInspector.Category.PRIMITIVE) VIRTUAL_VIEW(com.facebook.presto.hive.metastore.PrestoTableType.VIRTUAL_VIEW) ConnectorIdentity(com.facebook.presto.spi.security.ConnectorIdentity) TypeInfo(org.apache.hadoop.hive.serde2.typeinfo.TypeInfo) FieldSchema(org.apache.hadoop.hive.metastore.api.FieldSchema) Collectors.toList(java.util.stream.Collectors.toList) AVRO_SCHEMA_URL_KEY(com.facebook.presto.hive.metastore.MetastoreUtil.AVRO_SCHEMA_URL_KEY) HiveBucketProperty(com.facebook.presto.hive.HiveBucketProperty) PrestoPrincipal(com.facebook.presto.spi.security.PrestoPrincipal)

Aggregations

PrestoPrincipal (com.facebook.presto.spi.security.PrestoPrincipal)23 RoleGrant (com.facebook.presto.spi.security.RoleGrant)11 MetastoreContext (com.facebook.presto.hive.metastore.MetastoreContext)10 PrestoException (com.facebook.presto.spi.PrestoException)9 ImmutableSet (com.google.common.collect.ImmutableSet)9 USER (com.facebook.presto.spi.security.PrincipalType.USER)8 Optional (java.util.Optional)8 HivePrivilegeInfo (com.facebook.presto.hive.metastore.HivePrivilegeInfo)7 ImmutableMap (com.google.common.collect.ImmutableMap)7 Collection (java.util.Collection)7 Set (java.util.Set)7 Column (com.facebook.presto.hive.metastore.Column)6 SchemaTableName (com.facebook.presto.spi.SchemaTableName)6 Database (com.facebook.presto.hive.metastore.Database)5 HiveColumnStatistics (com.facebook.presto.hive.metastore.HiveColumnStatistics)5 SemiTransactionalHiveMetastore (com.facebook.presto.hive.metastore.SemiTransactionalHiveMetastore)5 ImmutableList.toImmutableList (com.google.common.collect.ImmutableList.toImmutableList)5 HashSet (java.util.HashSet)5 Table (com.facebook.presto.hive.metastore.Table)4 TableNotFoundException (com.facebook.presto.spi.TableNotFoundException)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial