Examples with AccessControl io.prestosql.security.AccessControl used on opensource projects

Search in sources :

Example 6 with AccessControl

use of io.prestosql.security.AccessControl in project hetu-core by openlookeng.

the class RevokeRolesTask method execute.

@Override
public ListenableFuture<?> execute(RevokeRoles statement, TransactionManager transactionManager, Metadata metadata, AccessControl accessControl, QueryStateMachine stateMachine, List<Expression> parameters, HeuristicIndexerManager heuristicIndexerManager) {
    Session session = stateMachine.getSession();
    Set<String> roles = statement.getRoles().stream().map(role -> role.getValue().toLowerCase(Locale.ENGLISH)).collect(toImmutableSet());
    Set<PrestoPrincipal> grantees = statement.getGrantees().stream().map(MetadataUtil::createPrincipal).collect(toImmutableSet());
    boolean adminOptionFor = statement.isAdminOptionFor();
    Optional<PrestoPrincipal> grantor = statement.getGrantor().map(specification -> createPrincipal(session, specification));
    String catalog = createCatalogName(session, statement);
    Set<String> availableRoles = metadata.listRoles(session, catalog);
    Set<String> specifiedRoles = new LinkedHashSet<>();
    specifiedRoles.addAll(roles);
    grantees.stream().filter(principal -> principal.getType() == ROLE).map(PrestoPrincipal::getName).forEach(specifiedRoles::add);
    if (grantor.isPresent() && grantor.get().getType() == ROLE) {
        specifiedRoles.add(grantor.get().getName());
    }
    for (String role : specifiedRoles) {
        if (!availableRoles.contains(role)) {
            throw new SemanticException(MISSING_ROLE, statement, "Role '%s' does not exist", role);
        }
    }
    accessControl.checkCanRevokeRoles(session.getRequiredTransactionId(), session.getIdentity(), roles, grantees, adminOptionFor, grantor, catalog);
    metadata.revokeRoles(session, roles, grantees, adminOptionFor, grantor, catalog);
    return immediateFuture(null);
}
Also used : HeuristicIndexerManager(io.prestosql.heuristicindex.HeuristicIndexerManager) Futures.immediateFuture(com.google.common.util.concurrent.Futures.immediateFuture) AccessControl(io.prestosql.security.AccessControl) ListenableFuture(com.google.common.util.concurrent.ListenableFuture) MetadataUtil.createPrincipal(io.prestosql.metadata.MetadataUtil.createPrincipal) TransactionManager(io.prestosql.transaction.TransactionManager) Set(java.util.Set) Metadata(io.prestosql.metadata.Metadata) SemanticException(io.prestosql.sql.analyzer.SemanticException) List(java.util.List) ROLE(io.prestosql.spi.security.PrincipalType.ROLE) MetadataUtil.createCatalogName(io.prestosql.metadata.MetadataUtil.createCatalogName) Locale(java.util.Locale) MetadataUtil(io.prestosql.metadata.MetadataUtil) MISSING_ROLE(io.prestosql.sql.analyzer.SemanticErrorCode.MISSING_ROLE) Session(io.prestosql.Session) Optional(java.util.Optional) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) RevokeRoles(io.prestosql.sql.tree.RevokeRoles) PrestoPrincipal(io.prestosql.spi.security.PrestoPrincipal) Expression(io.prestosql.sql.tree.Expression) LinkedHashSet(java.util.LinkedHashSet) LinkedHashSet(java.util.LinkedHashSet) PrestoPrincipal(io.prestosql.spi.security.PrestoPrincipal) Session(io.prestosql.Session) SemanticException(io.prestosql.sql.analyzer.SemanticException)

Example 7 with AccessControl

use of io.prestosql.security.AccessControl in project hetu-core by openlookeng.

the class GrantRolesTask method execute.

@Override
public ListenableFuture<?> execute(GrantRoles statement, TransactionManager transactionManager, Metadata metadata, AccessControl accessControl, QueryStateMachine stateMachine, List<Expression> parameters, HeuristicIndexerManager heuristicIndexerManager) {
    Session session = stateMachine.getSession();
    Set<String> roles = statement.getRoles().stream().map(role -> role.getValue().toLowerCase(Locale.ENGLISH)).collect(toImmutableSet());
    Set<PrestoPrincipal> grantees = statement.getGrantees().stream().map(MetadataUtil::createPrincipal).collect(toImmutableSet());
    boolean withAdminOption = statement.isWithAdminOption();
    Optional<PrestoPrincipal> grantor = statement.getGrantor().map(specification -> createPrincipal(session, specification));
    String catalog = createCatalogName(session, statement);
    Set<String> availableRoles = metadata.listRoles(session, catalog);
    Set<String> specifiedRoles = new LinkedHashSet<>();
    specifiedRoles.addAll(roles);
    grantees.stream().filter(principal -> principal.getType() == ROLE).map(PrestoPrincipal::getName).forEach(specifiedRoles::add);
    if (grantor.isPresent() && grantor.get().getType() == ROLE) {
        specifiedRoles.add(grantor.get().getName());
    }
    for (String role : specifiedRoles) {
        if (!availableRoles.contains(role)) {
            throw new SemanticException(MISSING_ROLE, statement, "Role '%s' does not exist", role);
        }
    }
    accessControl.checkCanGrantRoles(session.getRequiredTransactionId(), session.getIdentity(), roles, grantees, withAdminOption, grantor, catalog);
    metadata.grantRoles(session, roles, grantees, withAdminOption, grantor, catalog);
    return immediateFuture(null);
}
Also used : HeuristicIndexerManager(io.prestosql.heuristicindex.HeuristicIndexerManager) GrantRoles(io.prestosql.sql.tree.GrantRoles) Futures.immediateFuture(com.google.common.util.concurrent.Futures.immediateFuture) AccessControl(io.prestosql.security.AccessControl) ListenableFuture(com.google.common.util.concurrent.ListenableFuture) MetadataUtil.createPrincipal(io.prestosql.metadata.MetadataUtil.createPrincipal) TransactionManager(io.prestosql.transaction.TransactionManager) Set(java.util.Set) Metadata(io.prestosql.metadata.Metadata) SemanticException(io.prestosql.sql.analyzer.SemanticException) List(java.util.List) ROLE(io.prestosql.spi.security.PrincipalType.ROLE) MetadataUtil.createCatalogName(io.prestosql.metadata.MetadataUtil.createCatalogName) Locale(java.util.Locale) MetadataUtil(io.prestosql.metadata.MetadataUtil) MISSING_ROLE(io.prestosql.sql.analyzer.SemanticErrorCode.MISSING_ROLE) Session(io.prestosql.Session) Optional(java.util.Optional) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) PrestoPrincipal(io.prestosql.spi.security.PrestoPrincipal) Expression(io.prestosql.sql.tree.Expression) LinkedHashSet(java.util.LinkedHashSet) LinkedHashSet(java.util.LinkedHashSet) PrestoPrincipal(io.prestosql.spi.security.PrestoPrincipal) Session(io.prestosql.Session) SemanticException(io.prestosql.sql.analyzer.SemanticException)

Example 8 with AccessControl

use of io.prestosql.security.AccessControl in project hetu-core by openlookeng.

the class CallTask method execute.

@Override
public ListenableFuture<?> execute(Call call, TransactionManager transactionManager, Metadata metadata, AccessControl accessControl, QueryStateMachine stateMachine, List<Expression> parameters, HeuristicIndexerManager heuristicIndexerManager) {
    if (!transactionManager.isAutoCommit(stateMachine.getSession().getRequiredTransactionId())) {
        throw new PrestoException(NOT_SUPPORTED, "Procedures cannot be called within a transaction (use autocommit mode)");
    }
    Session session = stateMachine.getSession();
    QualifiedObjectName procedureName = createQualifiedObjectName(session, call, call.getName());
    CatalogName catalogName = metadata.getCatalogHandle(stateMachine.getSession(), procedureName.getCatalogName()).orElseThrow(() -> new SemanticException(MISSING_CATALOG, call, "Catalog %s does not exist", procedureName.getCatalogName()));
    Procedure procedure = metadata.getProcedureRegistry().resolve(catalogName, toSchemaTableName(procedureName));
    // map declared argument names to positions
    Map<String, Integer> positions = new HashMap<>();
    for (int i = 0; i < procedure.getArguments().size(); i++) {
        positions.put(procedure.getArguments().get(i).getName(), i);
    }
    // per specification, do not allow mixing argument types
    Predicate<CallArgument> hasName = argument -> argument.getName().isPresent();
    boolean anyNamed = call.getArguments().stream().anyMatch(hasName);
    boolean allNamed = call.getArguments().stream().allMatch(hasName);
    if (anyNamed && !allNamed) {
        throw new SemanticException(INVALID_PROCEDURE_ARGUMENTS, call, "Named and positional arguments cannot be mixed");
    }
    // get the argument names in call order
    Map<String, CallArgument> names = new LinkedHashMap<>();
    for (int i = 0; i < call.getArguments().size(); i++) {
        CallArgument argument = call.getArguments().get(i);
        if (argument.getName().isPresent()) {
            String name = argument.getName().get();
            if (names.put(name, argument) != null) {
                throw new SemanticException(INVALID_PROCEDURE_ARGUMENTS, argument, "Duplicate procedure argument: %s", name);
            }
            if (!positions.containsKey(name)) {
                throw new SemanticException(INVALID_PROCEDURE_ARGUMENTS, argument, "Unknown argument name: %s", name);
            }
        } else if (i < procedure.getArguments().size()) {
            names.put(procedure.getArguments().get(i).getName(), argument);
        } else {
            throw new SemanticException(INVALID_PROCEDURE_ARGUMENTS, call, "Too many arguments for procedure");
        }
    }
    // verify argument count
    if (names.size() < positions.size()) {
        throw new SemanticException(INVALID_PROCEDURE_ARGUMENTS, call, "Too few arguments for procedure");
    }
    // get argument values
    Object[] values = new Object[procedure.getArguments().size()];
    for (Entry<String, CallArgument> entry : names.entrySet()) {
        CallArgument callArgument = entry.getValue();
        int index = positions.get(entry.getKey());
        Argument argument = procedure.getArguments().get(index);
        Expression expression = ExpressionTreeRewriter.rewriteWith(new ParameterRewriter(parameters), callArgument.getValue());
        Type type;
        try {
            type = metadata.getType(argument.getType());
        } catch (TypeNotFoundException e) {
            throw new PrestoException(INVALID_PROCEDURE_DEFINITION, "Unknown procedure argument type: " + argument.getType());
        }
        Object value = evaluateConstantExpression(expression, type, metadata, session, parameters);
        values[index] = toTypeObjectValue(session, type, value);
    }
    // validate arguments
    MethodType methodType = procedure.getMethodHandle().type();
    for (int i = 0; i < procedure.getArguments().size(); i++) {
        if ((values[i] == null) && methodType.parameterType(i).isPrimitive()) {
            String name = procedure.getArguments().get(i).getName();
            throw new PrestoException(INVALID_PROCEDURE_ARGUMENT, "Procedure argument cannot be null: " + name);
        }
    }
    // insert session argument
    List<Object> arguments = new ArrayList<>();
    Iterator<Object> valuesIterator = asList(values).iterator();
    for (Class<?> type : methodType.parameterList()) {
        if (ConnectorSession.class.isAssignableFrom(type)) {
            arguments.add(session.toConnectorSession(catalogName));
        } else {
            arguments.add(valuesIterator.next());
        }
    }
    try {
        procedure.getMethodHandle().invokeWithArguments(arguments);
    } catch (Throwable t) {
        if (t instanceof InterruptedException) {
            Thread.currentThread().interrupt();
        }
        throwIfInstanceOf(t, PrestoException.class);
        throw new PrestoException(PROCEDURE_CALL_FAILED, t);
    }
    return immediateFuture(null);
}
Also used : INVALID_PROCEDURE_DEFINITION(io.prestosql.spi.StandardErrorCode.INVALID_PROCEDURE_DEFINITION) ListenableFuture(com.google.common.util.concurrent.ListenableFuture) Argument(io.prestosql.spi.procedure.Procedure.Argument) TransactionManager(io.prestosql.transaction.TransactionManager) HashMap(java.util.HashMap) TypeNotFoundException(io.prestosql.spi.type.TypeNotFoundException) CallArgument(io.prestosql.sql.tree.CallArgument) ExpressionTreeRewriter(io.prestosql.sql.tree.ExpressionTreeRewriter) QualifiedObjectName(io.prestosql.spi.connector.QualifiedObjectName) ArrayList(java.util.ArrayList) LinkedHashMap(java.util.LinkedHashMap) SemanticException(io.prestosql.sql.analyzer.SemanticException) PROCEDURE_CALL_FAILED(io.prestosql.spi.StandardErrorCode.PROCEDURE_CALL_FAILED) Procedure(io.prestosql.spi.procedure.Procedure) ExpressionInterpreter.evaluateConstantExpression(io.prestosql.sql.planner.ExpressionInterpreter.evaluateConstantExpression) ConnectorSession(io.prestosql.spi.connector.ConnectorSession) INVALID_PROCEDURE_ARGUMENTS(io.prestosql.sql.analyzer.SemanticErrorCode.INVALID_PROCEDURE_ARGUMENTS) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) Session(io.prestosql.Session) INVALID_PROCEDURE_ARGUMENT(io.prestosql.spi.StandardErrorCode.INVALID_PROCEDURE_ARGUMENT) Type(io.prestosql.spi.type.Type) ParameterRewriter(io.prestosql.sql.planner.ParameterRewriter) HeuristicIndexerManager(io.prestosql.heuristicindex.HeuristicIndexerManager) PrestoException(io.prestosql.spi.PrestoException) Futures.immediateFuture(com.google.common.util.concurrent.Futures.immediateFuture) AccessControl(io.prestosql.security.AccessControl) Iterator(java.util.Iterator) BlockBuilder(io.prestosql.spi.block.BlockBuilder) Predicate(java.util.function.Predicate) CatalogName(io.prestosql.spi.connector.CatalogName) Throwables.throwIfInstanceOf(com.google.common.base.Throwables.throwIfInstanceOf) Metadata(io.prestosql.metadata.Metadata) MetadataUtil.toSchemaTableName(io.prestosql.metadata.MetadataUtil.toSchemaTableName) List(java.util.List) MethodType(java.lang.invoke.MethodType) Call(io.prestosql.sql.tree.Call) Entry(java.util.Map.Entry) NOT_SUPPORTED(io.prestosql.spi.StandardErrorCode.NOT_SUPPORTED) MetadataUtil.createQualifiedObjectName(io.prestosql.metadata.MetadataUtil.createQualifiedObjectName) Expression(io.prestosql.sql.tree.Expression) TypeUtils.writeNativeValue(io.prestosql.spi.type.TypeUtils.writeNativeValue) MISSING_CATALOG(io.prestosql.sql.analyzer.SemanticErrorCode.MISSING_CATALOG) CallArgument(io.prestosql.sql.tree.CallArgument) Argument(io.prestosql.spi.procedure.Procedure.Argument) CallArgument(io.prestosql.sql.tree.CallArgument) ParameterRewriter(io.prestosql.sql.planner.ParameterRewriter) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) ArrayList(java.util.ArrayList) PrestoException(io.prestosql.spi.PrestoException) LinkedHashMap(java.util.LinkedHashMap) Procedure(io.prestosql.spi.procedure.Procedure) SemanticException(io.prestosql.sql.analyzer.SemanticException) MethodType(java.lang.invoke.MethodType) QualifiedObjectName(io.prestosql.spi.connector.QualifiedObjectName) MetadataUtil.createQualifiedObjectName(io.prestosql.metadata.MetadataUtil.createQualifiedObjectName) Type(io.prestosql.spi.type.Type) MethodType(java.lang.invoke.MethodType) ExpressionInterpreter.evaluateConstantExpression(io.prestosql.sql.planner.ExpressionInterpreter.evaluateConstantExpression) Expression(io.prestosql.sql.tree.Expression) TypeNotFoundException(io.prestosql.spi.type.TypeNotFoundException) CatalogName(io.prestosql.spi.connector.CatalogName) ConnectorSession(io.prestosql.spi.connector.ConnectorSession) Session(io.prestosql.Session)

Example 9 with AccessControl

use of io.prestosql.security.AccessControl in project hetu-core by openlookeng.

the class Analyzer method analyze.

public Analysis analyze(Statement statement, boolean isDescribe) {
    Statement rewrittenStatement = StatementRewrite.rewrite(session, metadata, cubeManager, sqlParser, queryExplainer, statement, parameters, accessControl, warningCollector, heuristicIndexerManager);
    Analysis analysis = new Analysis(rewrittenStatement, parameters, isDescribe);
    analysis.setOriginalStatement(statement);
    StatementAnalyzer analyzer = new StatementAnalyzer(analysis, metadata, sqlParser, accessControl, session, warningCollector, heuristicIndexerManager, cubeManager);
    analyzer.analyze(rewrittenStatement, Optional.empty());
    // check column access permissions for each table
    analysis.getTableColumnReferences().forEach((accessControlInfo, tableColumnReferences) -> tableColumnReferences.forEach((tableName, columns) -> accessControlInfo.getAccessControl().checkCanSelectFromColumns(session.getRequiredTransactionId(), accessControlInfo.getIdentity(), tableName, columns)));
    return analysis;
}
Also used : Iterables(com.google.common.collect.Iterables) SqlParser(io.prestosql.sql.parser.SqlParser) NOT_SUPPORTED(io.prestosql.sql.analyzer.SemanticErrorCode.NOT_SUPPORTED) Statement(io.prestosql.sql.tree.Statement) WarningCollector(io.prestosql.execution.warnings.WarningCollector) ExpressionTreeUtils.extractWindowFunctions(io.prestosql.sql.analyzer.ExpressionTreeUtils.extractWindowFunctions) ImmutableList(com.google.common.collect.ImmutableList) FunctionCall(io.prestosql.sql.tree.FunctionCall) Map(java.util.Map) Objects.requireNonNull(java.util.Objects.requireNonNull) Session(io.prestosql.Session) ExpressionTreeUtils.extractExpressions(io.prestosql.sql.analyzer.ExpressionTreeUtils.extractExpressions) StatementRewrite(io.prestosql.sql.rewrite.StatementRewrite) HeuristicIndexerManager(io.prestosql.heuristicindex.HeuristicIndexerManager) AccessControl(io.prestosql.security.AccessControl) GroupingOperation(io.prestosql.sql.tree.GroupingOperation) Metadata(io.prestosql.metadata.Metadata) NodeRef(io.prestosql.sql.tree.NodeRef) FunctionHandle(io.prestosql.spi.function.FunctionHandle) CubeManager(io.prestosql.cube.CubeManager) List(java.util.List) CANNOT_HAVE_AGGREGATIONS_WINDOWS_OR_GROUPING(io.prestosql.sql.analyzer.SemanticErrorCode.CANNOT_HAVE_AGGREGATIONS_WINDOWS_OR_GROUPING) ExpressionTreeUtils.extractExternalFunctions(io.prestosql.sql.analyzer.ExpressionTreeUtils.extractExternalFunctions) ExpressionTreeUtils.extractAggregateFunctions(io.prestosql.sql.analyzer.ExpressionTreeUtils.extractAggregateFunctions) Optional(java.util.Optional) FunctionAndTypeManager(io.prestosql.metadata.FunctionAndTypeManager) Expression(io.prestosql.sql.tree.Expression) Statement(io.prestosql.sql.tree.Statement)

Example 10 with AccessControl

use of io.prestosql.security.AccessControl in project hetu-core by openlookeng.

the class TestDeallocateTask method executeDeallocate.

private Set<String> executeDeallocate(String statementName, String sqlString, Session session) {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControl accessControl = new AccessControlManager(transactionManager);
    QueryStateMachine stateMachine = QueryStateMachine.begin(sqlString, Optional.empty(), session, URI.create("fake://uri"), new ResourceGroupId("test"), new NoOpResourceGroupManager(), false, transactionManager, accessControl, executor, metadata, WarningCollector.NOOP);
    Deallocate deallocate = new Deallocate(new Identifier(statementName));
    new DeallocateTask().execute(deallocate, transactionManager, metadata, new AllowAllAccessControl(), stateMachine, emptyList(), new HeuristicIndexerManager(new FileSystemClientManager(), new HetuMetaStoreManager()));
    return stateMachine.getDeallocatedPreparedStatements();
}
Also used : AccessControlManager(io.prestosql.security.AccessControlManager) ResourceGroupId(io.prestosql.spi.resourcegroups.ResourceGroupId) HeuristicIndexerManager(io.prestosql.heuristicindex.HeuristicIndexerManager) AllowAllAccessControl(io.prestosql.security.AllowAllAccessControl) AccessControl(io.prestosql.security.AccessControl) FileSystemClientManager(io.prestosql.filesystem.FileSystemClientManager) Identifier(io.prestosql.sql.tree.Identifier) Deallocate(io.prestosql.sql.tree.Deallocate) TransactionManager(io.prestosql.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.prestosql.transaction.InMemoryTransactionManager.createTestTransactionManager) AllowAllAccessControl(io.prestosql.security.AllowAllAccessControl) HetuMetaStoreManager(io.prestosql.metastore.HetuMetaStoreManager) NoOpResourceGroupManager(io.prestosql.execution.resourcegroups.NoOpResourceGroupManager)

Aggregations

AccessControl (io.prestosql.security.AccessControl)11 Metadata (io.prestosql.metadata.Metadata)10 Session (io.prestosql.Session)9 TransactionManager (io.prestosql.transaction.TransactionManager)9 HeuristicIndexerManager (io.prestosql.heuristicindex.HeuristicIndexerManager)8 List (java.util.List)8 Optional (java.util.Optional)8 Expression (io.prestosql.sql.tree.Expression)7 Futures.immediateFuture (com.google.common.util.concurrent.Futures.immediateFuture)6 ListenableFuture (com.google.common.util.concurrent.ListenableFuture)6 QualifiedObjectName (io.prestosql.spi.connector.QualifiedObjectName)5 ImmutableList (com.google.common.collect.ImmutableList)4 CubeManager (io.prestosql.cube.CubeManager)4 WarningCollector (io.prestosql.execution.warnings.WarningCollector)4 MetadataUtil.createQualifiedObjectName (io.prestosql.metadata.MetadataUtil.createQualifiedObjectName)4 PrestoException (io.prestosql.spi.PrestoException)4 ConnectorTableMetadata (io.prestosql.spi.connector.ConnectorTableMetadata)4 CatalogName (io.prestosql.spi.connector.CatalogName)3 ColumnMetadata (io.prestosql.spi.connector.ColumnMetadata)3 MISSING_TABLE (io.prestosql.sql.analyzer.SemanticErrorCode.MISSING_TABLE)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial