Examples with SelectedRole com.facebook.presto.spi.security.SelectedRole used on opensource projects

Example 6 with SelectedRole

use of com.facebook.presto.spi.security.SelectedRole in project presto by prestodb.

the class SetRoleTask method execute.

@Override
public ListenableFuture<?> execute(SetRole statement, TransactionManager transactionManager, Metadata metadata, AccessControl accessControl, QueryStateMachine stateMachine, List<Expression> parameters) {
    Session session = stateMachine.getSession();
    String catalog = createCatalogName(session, statement);
    if (statement.getType() == SetRole.Type.ROLE) {
        accessControl.checkCanSetRole(session.getRequiredTransactionId(), session.getIdentity(), session.getAccessControlContext(), statement.getRole().map(c -> c.getValue().toLowerCase(ENGLISH)).get(), catalog);
    }
    SelectedRole.Type type;
    switch(statement.getType()) {
        case ROLE:
            type = SelectedRole.Type.ROLE;
            break;
        case ALL:
            type = SelectedRole.Type.ALL;
            break;
        case NONE:
            type = SelectedRole.Type.NONE;
            break;
        default:
            throw new IllegalArgumentException("Unsupported type: " + statement.getType());
    }
    stateMachine.addSetRole(catalog, new SelectedRole(type, statement.getRole().map(c -> c.getValue().toLowerCase(ENGLISH))));
    return immediateFuture(null);
}

Example 7 with SelectedRole

use of com.facebook.presto.spi.security.SelectedRole in project presto by prestodb.

the class ThriftMetastoreUtil method listEnabledRoles.

public static Stream<String> listEnabledRoles(ConnectorIdentity identity, Function<PrestoPrincipal, Set<RoleGrant>> listRoleGrants) {
    Optional<SelectedRole> role = identity.getRole();
    if (role.isPresent() && role.get().getType() == SelectedRole.Type.NONE) {
        return Stream.of(PUBLIC_ROLE_NAME);
    }
    PrestoPrincipal principal;
    if (!role.isPresent() || role.get().getType() == SelectedRole.Type.ALL) {
        principal = new PrestoPrincipal(USER, identity.getUser());
    } else {
        principal = new PrestoPrincipal(ROLE, role.get().getRole().get());
    }
    Stream<String> roles = Stream.of(PUBLIC_ROLE_NAME);
    if (principal.getType() == ROLE) {
        roles = Stream.concat(roles, Stream.of(principal.getName()));
    }
    return Stream.concat(roles, listApplicableRoles(principal, listRoleGrants).map(RoleGrant::getRoleName).filter(Predicate.isEqual(ADMIN_ROLE_NAME).negate()));
}

Example 8 with SelectedRole

use of com.facebook.presto.spi.security.SelectedRole in project presto by prestodb.

the class Console method process.

private static boolean process(QueryRunner queryRunner, String sql, OutputFormat outputFormat, Runnable schemaChanged, boolean interactive) {
    String finalSql;
    try {
        finalSql = preprocessQuery(Optional.ofNullable(queryRunner.getSession().getCatalog()), Optional.ofNullable(queryRunner.getSession().getSchema()), sql);
    } catch (QueryPreprocessorException e) {
        System.err.println(e.getMessage());
        if (queryRunner.isDebug()) {
            e.printStackTrace();
        }
        return false;
    }
    try (Query query = queryRunner.startQuery(finalSql)) {
        boolean success = query.renderOutput(System.out, outputFormat, interactive);
        ClientSession session = queryRunner.getSession();
        // update catalog and schema if present
        if (query.getSetCatalog().isPresent() || query.getSetSchema().isPresent()) {
            session = ClientSession.builder(session).withCatalog(query.getSetCatalog().orElse(session.getCatalog())).withSchema(query.getSetSchema().orElse(session.getSchema())).build();
            schemaChanged.run();
        }
        // update transaction ID if necessary
        if (query.isClearTransactionId()) {
            session = stripTransactionId(session);
        }
        ClientSession.Builder builder = ClientSession.builder(session);
        if (query.getStartedTransactionId() != null) {
            builder = builder.withTransactionId(query.getStartedTransactionId());
        }
        // update session properties if present
        if (!query.getSetSessionProperties().isEmpty() || !query.getResetSessionProperties().isEmpty()) {
            Map<String, String> sessionProperties = new HashMap<>(session.getProperties());
            sessionProperties.putAll(query.getSetSessionProperties());
            sessionProperties.keySet().removeAll(query.getResetSessionProperties());
            builder = builder.withProperties(sessionProperties);
        }
        // update session roles
        if (!query.getSetRoles().isEmpty()) {
            Map<String, SelectedRole> roles = new HashMap<>(session.getRoles());
            roles.putAll(query.getSetRoles());
            builder = builder.withRoles(roles);
        }
        // update prepared statements if present
        if (!query.getAddedPreparedStatements().isEmpty() || !query.getDeallocatedPreparedStatements().isEmpty()) {
            Map<String, String> preparedStatements = new HashMap<>(session.getPreparedStatements());
            preparedStatements.putAll(query.getAddedPreparedStatements());
            preparedStatements.keySet().removeAll(query.getDeallocatedPreparedStatements());
            builder = builder.withPreparedStatements(preparedStatements);
        }
        // update session functions if present
        if (!query.getAddedSessionFunctions().isEmpty() || !query.getRemovedSessionFunctions().isEmpty()) {
            Map<String, String> sessionFunctions = new HashMap<>(session.getSessionFunctions());
            sessionFunctions.putAll(query.getAddedSessionFunctions());
            sessionFunctions.keySet().removeAll(query.getRemovedSessionFunctions());
            builder = builder.withSessionFunctions(sessionFunctions);
        }
        session = builder.build();
        queryRunner.setSession(session);
        return success;
    } catch (RuntimeException e) {
        System.err.println("Error running command: " + e.getMessage());
        if (queryRunner.isDebug()) {
            e.printStackTrace();
        }
        return false;
    }
}

Example 9 with SelectedRole

use of com.facebook.presto.spi.security.SelectedRole in project presto by prestodb.

the class StatementClientV1 method buildQueryRequest.

private Request buildQueryRequest(ClientSession session, String query) {
    HttpUrl url = HttpUrl.get(session.getServer());
    if (url == null) {
        throw new ClientException("Invalid server URL: " + session.getServer());
    }
    url = url.newBuilder().encodedPath("/v1/statement").build();
    Request.Builder builder = prepareRequest(url).post(RequestBody.create(MEDIA_TYPE_TEXT, query));
    Map<String, String> customHeaders = session.getCustomHeaders();
    for (Entry<String, String> entry : customHeaders.entrySet()) {
        builder.addHeader(entry.getKey(), entry.getValue());
    }
    if (session.getSource() != null) {
        builder.addHeader(PRESTO_SOURCE, session.getSource());
    }
    session.getTraceToken().ifPresent(token -> builder.addHeader(PRESTO_TRACE_TOKEN, token));
    if (session.getClientTags() != null && !session.getClientTags().isEmpty()) {
        builder.addHeader(PRESTO_CLIENT_TAGS, Joiner.on(",").join(session.getClientTags()));
    }
    if (session.getClientInfo() != null) {
        builder.addHeader(PRESTO_CLIENT_INFO, session.getClientInfo());
    }
    if (session.getCatalog() != null) {
        builder.addHeader(PRESTO_CATALOG, session.getCatalog());
    }
    if (session.getSchema() != null) {
        builder.addHeader(PRESTO_SCHEMA, session.getSchema());
    }
    builder.addHeader(PRESTO_TIME_ZONE, session.getTimeZone().getId());
    if (session.getLocale() != null) {
        builder.addHeader(PRESTO_LANGUAGE, session.getLocale().toLanguageTag());
    }
    Map<String, String> property = session.getProperties();
    for (Entry<String, String> entry : property.entrySet()) {
        builder.addHeader(PRESTO_SESSION, entry.getKey() + "=" + urlEncode(entry.getValue()));
    }
    Map<String, String> resourceEstimates = session.getResourceEstimates();
    for (Entry<String, String> entry : resourceEstimates.entrySet()) {
        builder.addHeader(PRESTO_RESOURCE_ESTIMATE, entry.getKey() + "=" + entry.getValue());
    }
    Map<String, SelectedRole> roles = session.getRoles();
    for (Entry<String, SelectedRole> entry : roles.entrySet()) {
        builder.addHeader(PrestoHeaders.PRESTO_ROLE, entry.getKey() + '=' + urlEncode(entry.getValue().toString()));
    }
    Map<String, String> extraCredentials = session.getExtraCredentials();
    for (Entry<String, String> entry : extraCredentials.entrySet()) {
        builder.addHeader(PRESTO_EXTRA_CREDENTIAL, entry.getKey() + "=" + entry.getValue());
    }
    Map<String, String> statements = session.getPreparedStatements();
    for (Entry<String, String> entry : statements.entrySet()) {
        builder.addHeader(PRESTO_PREPARED_STATEMENT, urlEncode(entry.getKey()) + "=" + urlEncode(entry.getValue()));
    }
    builder.addHeader(PRESTO_TRANSACTION_ID, session.getTransactionId() == null ? "NONE" : session.getTransactionId());
    Map<String, String> sessionFunctions = session.getSessionFunctions();
    for (Entry<String, String> entry : sessionFunctions.entrySet()) {
        builder.addHeader(PRESTO_SESSION_FUNCTION, urlEncode(entry.getKey()) + "=" + urlEncode(entry.getValue()));
    }
    return builder.build();
}

Example 10 with SelectedRole

use of com.facebook.presto.spi.security.SelectedRole in project presto by prestodb.

the class HiveQueryRunner method createQueryRunner.

public static DistributedQueryRunner createQueryRunner(Iterable<TpchTable<?>> tables, Map<String, String> extraProperties, Map<String, String> extraCoordinatorProperties, String security, Map<String, String> extraHiveProperties, Optional<Integer> workerCount, Optional<Path> baseDataDir, Optional<BiFunction<Integer, URI, Process>> externalWorkerLauncher) throws Exception {
    assertEquals(DateTimeZone.getDefault(), TIME_ZONE, "Timezone not configured correctly. Add -Duser.timezone=America/Bahia_Banderas to your JVM arguments");
    setupLogging();
    Map<String, String> systemProperties = ImmutableMap.<String, String>builder().put("task.writer-count", "2").put("task.partitioned-writer-count", "4").put("tracing.tracer-type", "simple").put("tracing.enable-distributed-tracing", "simple").putAll(extraProperties).build();
    DistributedQueryRunner queryRunner = DistributedQueryRunner.builder(createSession(Optional.of(new SelectedRole(ROLE, Optional.of("admin"))))).setNodeCount(workerCount.orElse(4)).setExtraProperties(systemProperties).setCoordinatorProperties(extraCoordinatorProperties).setBaseDataDir(baseDataDir).setExternalWorkerLauncher(externalWorkerLauncher).build();
    try {
        queryRunner.installPlugin(new TpchPlugin());
        queryRunner.installPlugin(new TestingHiveEventListenerPlugin());
        queryRunner.createCatalog("tpch", "tpch");
        File baseDir = queryRunner.getCoordinator().getBaseDataDir().resolve("hive_data").toFile();
        HiveClientConfig hiveClientConfig = new HiveClientConfig();
        MetastoreClientConfig metastoreClientConfig = new MetastoreClientConfig();
        HdfsConfiguration hdfsConfiguration = new HiveHdfsConfiguration(new HdfsConfigurationInitializer(hiveClientConfig, metastoreClientConfig), ImmutableSet.of());
        HdfsEnvironment hdfsEnvironment = new HdfsEnvironment(hdfsConfiguration, metastoreClientConfig, new NoHdfsAuthentication());
        FileHiveMetastore metastore = new FileHiveMetastore(hdfsEnvironment, baseDir.toURI().toString(), "test");
        queryRunner.installPlugin(new HivePlugin(HIVE_CATALOG, Optional.of(metastore)));
        Map<String, String> hiveProperties = ImmutableMap.<String, String>builder().putAll(extraHiveProperties).put("hive.time-zone", TIME_ZONE.getID()).put("hive.security", security).put("hive.max-partitions-per-scan", "1000").put("hive.assume-canonical-partition-keys", "true").put("hive.collect-column-statistics-on-write", "true").put("hive.temporary-table-schema", TEMPORARY_TABLE_SCHEMA).build();
        Map<String, String> storageProperties = extraHiveProperties.containsKey("hive.storage-format") ? ImmutableMap.copyOf(hiveProperties) : ImmutableMap.<String, String>builder().putAll(hiveProperties).put("hive.storage-format", "TEXTFILE").put("hive.compression-codec", "NONE").build();
        Map<String, String> hiveBucketedProperties = ImmutableMap.<String, String>builder().putAll(storageProperties).put("hive.max-initial-split-size", // so that each bucket has multiple splits
        "10kB").put("hive.max-split-size", // so that each bucket has multiple splits
        "10kB").build();
        queryRunner.createCatalog(HIVE_CATALOG, HIVE_CATALOG, hiveProperties);
        queryRunner.createCatalog(HIVE_BUCKETED_CATALOG, HIVE_CATALOG, hiveBucketedProperties);
        if (!metastore.getDatabase(METASTORE_CONTEXT, TPCH_SCHEMA).isPresent()) {
            metastore.createDatabase(METASTORE_CONTEXT, createDatabaseMetastoreObject(TPCH_SCHEMA));
            copyTpchTables(queryRunner, "tpch", TINY_SCHEMA_NAME, createSession(Optional.empty()), tables);
        }
        if (!metastore.getDatabase(METASTORE_CONTEXT, TPCH_BUCKETED_SCHEMA).isPresent()) {
            metastore.createDatabase(METASTORE_CONTEXT, createDatabaseMetastoreObject(TPCH_BUCKETED_SCHEMA));
            copyTpchTablesBucketed(queryRunner, "tpch", TINY_SCHEMA_NAME, createBucketedSession(Optional.empty()), tables);
        }
        if (!metastore.getDatabase(METASTORE_CONTEXT, TEMPORARY_TABLE_SCHEMA).isPresent()) {
            metastore.createDatabase(METASTORE_CONTEXT, createDatabaseMetastoreObject(TEMPORARY_TABLE_SCHEMA));
        }
        return queryRunner;
    } catch (Exception e) {
        queryRunner.close();
        throw e;
    }
}