Examples with SelectedRole - com.facebook.presto.spi.security.SelectedRole

Example 11 with SelectedRole

use of com.facebook.presto.spi.security.SelectedRole in project presto by prestodb.

the class TestHiveIntegrationSmokeTest method testSchemaOperations.

@Test
public void testSchemaOperations() {
    Session admin = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("hive", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("admin"))), ImmutableMap.of(), ImmutableMap.of())).build();
    assertUpdate(admin, "CREATE SCHEMA new_schema");
    assertUpdate(admin, "CREATE TABLE new_schema.test (x bigint)");
    assertQueryFails(admin, "DROP SCHEMA new_schema", "Schema not empty: new_schema");
    assertUpdate(admin, "DROP TABLE new_schema.test");
    assertUpdate(admin, "DROP SCHEMA new_schema");
}

Also used : SelectedRole(com.facebook.presto.spi.security.SelectedRole) Identity(com.facebook.presto.spi.security.Identity) ConnectorSession(com.facebook.presto.spi.ConnectorSession) HiveQueryRunner.createBucketedSession(com.facebook.presto.hive.HiveQueryRunner.createBucketedSession) Session(com.facebook.presto.Session) HiveQueryRunner.createMaterializeExchangesSession(com.facebook.presto.hive.HiveQueryRunner.createMaterializeExchangesSession) Test(org.testng.annotations.Test) AbstractTestIntegrationSmokeTest(com.facebook.presto.tests.AbstractTestIntegrationSmokeTest)

Example 12 with SelectedRole

use of com.facebook.presto.spi.security.SelectedRole in project presto by prestodb.

the class Session method beginTransactionId.

public Session beginTransactionId(TransactionId transactionId, TransactionManager transactionManager, AccessControl accessControl) {
    requireNonNull(transactionId, "transactionId is null");
    checkArgument(!this.transactionId.isPresent(), "Session already has an active transaction");
    requireNonNull(transactionManager, "transactionManager is null");
    requireNonNull(accessControl, "accessControl is null");
    for (Entry<String, String> property : systemProperties.entrySet()) {
        // verify permissions
        accessControl.checkCanSetSystemSessionProperty(identity, context, property.getKey());
        // validate session property value
        sessionPropertyManager.validateSystemSessionProperty(property.getKey(), property.getValue());
    }
    // Now that there is a transaction, the catalog name can be resolved to a connector, and the catalog properties can be validated
    ImmutableMap.Builder<ConnectorId, Map<String, String>> connectorProperties = ImmutableMap.builder();
    for (Entry<String, Map<String, String>> catalogEntry : unprocessedCatalogProperties.entrySet()) {
        String catalogName = catalogEntry.getKey();
        Map<String, String> catalogProperties = catalogEntry.getValue();
        if (catalogProperties.isEmpty()) {
            continue;
        }
        ConnectorId connectorId = transactionManager.getOptionalCatalogMetadata(transactionId, catalogName).orElseThrow(() -> new PrestoException(NOT_FOUND, "Session property catalog does not exist: " + catalogName)).getConnectorId();
        for (Entry<String, String> property : catalogProperties.entrySet()) {
            // verify permissions
            accessControl.checkCanSetCatalogSessionProperty(transactionId, identity, context, catalogName, property.getKey());
            // validate session property value
            sessionPropertyManager.validateCatalogSessionProperty(connectorId, catalogName, property.getKey(), property.getValue());
        }
        connectorProperties.put(connectorId, catalogProperties);
    }
    ImmutableMap.Builder<String, SelectedRole> roles = ImmutableMap.builder();
    for (Entry<String, SelectedRole> entry : identity.getRoles().entrySet()) {
        String catalogName = entry.getKey();
        SelectedRole role = entry.getValue();
        ConnectorId connectorId = transactionManager.getOptionalCatalogMetadata(transactionId, catalogName).orElseThrow(() -> new PrestoException(NOT_FOUND, "Catalog does not exist: " + catalogName)).getConnectorId();
        if (role.getType() == SelectedRole.Type.ROLE) {
            accessControl.checkCanSetRole(transactionId, identity, context, role.getRole().get(), catalogName);
        }
        roles.put(connectorId.getCatalogName(), role);
        String informationSchemaCatalogName = createInformationSchemaConnectorId(connectorId).getCatalogName();
        if (transactionManager.getCatalogNames(transactionId).containsKey(informationSchemaCatalogName)) {
            roles.put(createInformationSchemaConnectorId(connectorId).getCatalogName(), role);
        }
        String systemTablesCatalogName = createSystemTablesConnectorId(connectorId).getCatalogName();
        if (transactionManager.getCatalogNames(transactionId).containsKey(systemTablesCatalogName)) {
            roles.put(createSystemTablesConnectorId(connectorId).getCatalogName(), role);
        }
    }
    return new Session(queryId, Optional.of(transactionId), clientTransactionSupport, new Identity(identity.getUser(), identity.getPrincipal(), roles.build(), identity.getExtraCredentials(), identity.getExtraAuthenticators()), source, catalog, schema, traceToken, timeZoneKey, locale, remoteUserAddress, userAgent, clientInfo, clientTags, resourceEstimates, startTime, systemProperties, connectorProperties.build(), ImmutableMap.of(), sessionPropertyManager, preparedStatements, sessionFunctions, tracer);
}

Also used : SelectedRole(com.facebook.presto.spi.security.SelectedRole) PrestoException(com.facebook.presto.spi.PrestoException) ImmutableMap(com.google.common.collect.ImmutableMap) Identity(com.facebook.presto.spi.security.Identity) HashMap(java.util.HashMap) Map(java.util.Map) ImmutableMap(com.google.common.collect.ImmutableMap) ConnectorId.createSystemTablesConnectorId(com.facebook.presto.spi.ConnectorId.createSystemTablesConnectorId) ConnectorId.createInformationSchemaConnectorId(com.facebook.presto.spi.ConnectorId.createInformationSchemaConnectorId) ConnectorId(com.facebook.presto.spi.ConnectorId) ConnectorSession(com.facebook.presto.spi.ConnectorSession)

Aggregations

SelectedRole (com.facebook.presto.spi.security.SelectedRole)12 Identity (com.facebook.presto.spi.security.Identity)5 Session (com.facebook.presto.Session)4 Test (org.testng.annotations.Test)4 ConnectorSession (com.facebook.presto.spi.ConnectorSession)2 DistributedQueryRunner (com.facebook.presto.tests.DistributedQueryRunner)2 ImmutableMap (com.google.common.collect.ImmutableMap)2 HashMap (java.util.HashMap)2 Map (java.util.Map)2 QueryPreprocessor.preprocessQuery (com.facebook.presto.cli.QueryPreprocessor.preprocessQuery)1 ClientException (com.facebook.presto.client.ClientException)1 ClientSession (com.facebook.presto.client.ClientSession)1 QueryStatusInfo (com.facebook.presto.client.QueryStatusInfo)1 StatementClient (com.facebook.presto.client.StatementClient)1 HivePlugin (com.facebook.presto.hive.HivePlugin)1 HiveQueryRunner.createBucketedSession (com.facebook.presto.hive.HiveQueryRunner.createBucketedSession)1 HiveQueryRunner.createMaterializeExchangesSession (com.facebook.presto.hive.HiveQueryRunner.createMaterializeExchangesSession)1 TestingHiveEventListenerPlugin (com.facebook.presto.hive.TestHiveEventListenerPlugin.TestingHiveEventListenerPlugin)1 NoHdfsAuthentication (com.facebook.presto.hive.authentication.NoHdfsAuthentication)1 FileHiveMetastore (com.facebook.presto.hive.metastore.file.FileHiveMetastore)1