Example 1 with QualifiedObjectName
use of io.prestosql.spi.connector.QualifiedObjectName in project hetu-core by openlookeng.
the class TestColumnMask method testInvalidMasks.
@Test
public void testInvalidMasks() {
// parse error
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "orderkey", USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "$$$"));
assertions.assertFails("SELECT orderkey FROM orders", "\\Qline 1:22: Invalid column mask for 'local.tiny.orders.orderkey': mismatched input '$'. Expecting: <expression>\\E");
});
// unknown column
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "orderkey", USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "unknown_column"));
assertions.assertFails("SELECT orderkey FROM orders", "\\Qline 1:1: Column 'unknown_column' cannot be resolved\\E");
});
// invalid type
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "orderkey", USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "'foo'"));
assertions.assertFails("SELECT orderkey FROM orders", "\\Qline 1:22: Expected column mask for 'local.tiny.orders.orderkey' to be of type bigint, but was varchar(3)\\E");
});
// aggregation
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "orderkey", USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "count(*) > 0"));
assertions.assertFails("SELECT orderkey FROM orders", "\\Qline 1:10: Column mask for 'orders.orderkey' cannot contain aggregations, window functions or grouping operations: [\"count\"(*)]\\E");
});
// window function
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "orderkey", USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "row_number() OVER () > 0"));
assertions.assertFails("SELECT orderkey FROM orders", "\\Qline 1:22: Column mask for 'orders.orderkey' cannot contain aggregations, window functions or grouping operations: [\"row_number\"() OVER ()]\\E");
});
// grouping function
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "orderkey", USER, new ViewExpression(USER, Optional.of(CATALOG), Optional.of("tiny"), "grouping(orderkey) = 0"));
assertions.assertFails("SELECT orderkey FROM orders", "\\Qline 1:20: Column mask for 'orders.orderkey' cannot contain aggregations, window functions or grouping operations: [GROUPING (orderkey)]\\E");
});
}
Also used :
QualifiedObjectName(io.prestosql.spi.connector.QualifiedObjectName)
ViewExpression(io.prestosql.spi.security.ViewExpression)
Test(org.testng.annotations.Test)
Example 2 with QualifiedObjectName
use of io.prestosql.spi.connector.QualifiedObjectName in project hetu-core by openlookeng.
the class TestColumnMask method testView.
@Test
public void testView() {
// mask on the underlying table for view owner when running query as different user
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "nation"), "name", VIEW_OWNER, new ViewExpression(VIEW_OWNER, Optional.empty(), Optional.empty(), "reverse(name)"));
Session session = Session.builder(SESSION).setIdentity(new Identity(RUN_AS_USER, Optional.empty())).build();
assertions.assertQuery(session, "SELECT name FROM mock.default.nation_view WHERE nationkey = 1", "VALUES CAST('ANITNEGRA' AS VARCHAR(25))");
});
// mask on the underlying table for view owner when running as themselves
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "nation"), "name", VIEW_OWNER, new ViewExpression(VIEW_OWNER, Optional.of(CATALOG), Optional.of("tiny"), "reverse(name)"));
Session session = Session.builder(SESSION).setIdentity(new Identity(VIEW_OWNER, Optional.empty())).build();
assertions.assertQuery(session, "SELECT name FROM mock.default.nation_view WHERE nationkey = 1", "VALUES CAST('ANITNEGRA' AS VARCHAR(25))");
});
// mask on the underlying table for user running the query (different from view owner) should not be applied
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "nation"), "name", RUN_AS_USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "reverse(name)"));
Session session = Session.builder(SESSION).setIdentity(new Identity(RUN_AS_USER, Optional.empty())).build();
assertions.assertQuery(session, "SELECT name FROM mock.default.nation_view WHERE nationkey = 1", "VALUES CAST('ARGENTINA' AS VARCHAR(25))");
});
}
Also used :
Identity(io.prestosql.spi.security.Identity)
QualifiedObjectName(io.prestosql.spi.connector.QualifiedObjectName)
ViewExpression(io.prestosql.spi.security.ViewExpression)
Session(io.prestosql.Session)
Test(org.testng.annotations.Test)
Example 3 with QualifiedObjectName
use of io.prestosql.spi.connector.QualifiedObjectName in project hetu-core by openlookeng.
the class TestColumnMask method testSimpleMask.
@Test
public void testSimpleMask() {
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "custkey", USER, new ViewExpression(USER, Optional.empty(), Optional.empty(), "-custkey"));
assertions.assertQuery("SELECT custkey FROM orders WHERE orderkey = 1", "VALUES BIGINT '-370'");
});
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "custkey", USER, new ViewExpression(USER, Optional.empty(), Optional.empty(), "NULL"));
assertions.assertQuery("SELECT custkey FROM orders WHERE orderkey = 1", "VALUES CAST(NULL AS BIGINT)");
});
}
Also used :
QualifiedObjectName(io.prestosql.spi.connector.QualifiedObjectName)
ViewExpression(io.prestosql.spi.security.ViewExpression)
Test(org.testng.annotations.Test)
Example 4 with QualifiedObjectName
use of io.prestosql.spi.connector.QualifiedObjectName in project hetu-core by openlookeng.
the class TestColumnMask method testDifferentIdentity.
@Test
public void testDifferentIdentity() {
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "orderkey", RUN_AS_USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "100"));
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "orders"), "orderkey", USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "(SELECT sum(orderkey) FROM orders)"));
assertions.assertQuery("SELECT max(orderkey) FROM orders", "VALUES BIGINT '1500000'");
});
}
Also used :
QualifiedObjectName(io.prestosql.spi.connector.QualifiedObjectName)
ViewExpression(io.prestosql.spi.security.ViewExpression)
Test(org.testng.annotations.Test)
Example 5 with QualifiedObjectName
use of io.prestosql.spi.connector.QualifiedObjectName in project hetu-core by openlookeng.
the class TestRowFilter method testInvalidFilter.
@Test
public void testInvalidFilter() {
// parse error
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.rowFilter(new QualifiedObjectName(CATALOG, "tiny", "orders"), USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "$$$"));
assertions.assertFails("SELECT count(*) FROM orders", "\\Qline 1:22: Invalid row filter for 'local.tiny.orders': mismatched input '$'. Expecting: <expression>\\E");
});
// unknown column
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.rowFilter(new QualifiedObjectName(CATALOG, "tiny", "orders"), USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "unknown_column"));
assertions.assertFails("SELECT count(*) FROM orders", "\\Qline 1:1: Column 'unknown_column' cannot be resolved\\E");
});
// invalid type
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.rowFilter(new QualifiedObjectName(CATALOG, "tiny", "orders"), USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "1"));
assertions.assertFails("SELECT count(*) FROM orders", "\\Qline 1:22: Expected row filter for 'local.tiny.orders' to be of type BOOLEAN, but was integer\\E");
});
// aggregation
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.rowFilter(new QualifiedObjectName(CATALOG, "tiny", "orders"), USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "count(*) > 0"));
assertions.assertFails("SELECT count(*) FROM orders", "\\Qline 1:10: Row filter for 'local.tiny.orders' cannot contain aggregations, window functions or grouping operations: [\"count\"(*)]\\E");
});
// window function
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.rowFilter(new QualifiedObjectName(CATALOG, "tiny", "orders"), USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "row_number() OVER () > 0"));
assertions.assertFails("SELECT count(*) FROM orders", "\\Qline 1:22: Row filter for 'local.tiny.orders' cannot contain aggregations, window functions or grouping operations: [\"row_number\"() OVER ()]\\E");
});
// window function
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.rowFilter(new QualifiedObjectName(CATALOG, "tiny", "orders"), USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "grouping(orderkey) = 0"));
assertions.assertFails("SELECT count(*) FROM orders", "\\Qline 1:20: Row filter for 'local.tiny.orders' cannot contain aggregations, window functions or grouping operations: [GROUPING (orderkey)]\\E");
});
}
Also used :
QualifiedObjectName(io.prestosql.spi.connector.QualifiedObjectName)
ViewExpression(io.prestosql.spi.security.ViewExpression)
Test(org.testng.annotations.Test)
Aggregations
QualifiedObjectName (io.prestosql.spi.connector.QualifiedObjectName)87
Test (org.testng.annotations.Test)39
Session (io.prestosql.Session)27
ViewExpression (io.prestosql.spi.security.ViewExpression)25
TableHandle (io.prestosql.spi.metadata.TableHandle)23
MetadataUtil.createQualifiedObjectName (io.prestosql.metadata.MetadataUtil.createQualifiedObjectName)17
PrestoException (io.prestosql.spi.PrestoException)17
SemanticException (io.prestosql.sql.analyzer.SemanticException)16
Metadata (io.prestosql.metadata.Metadata)15
ColumnMetadata (io.prestosql.spi.connector.ColumnMetadata)13
Map (java.util.Map)13
CatalogName (io.prestosql.spi.connector.CatalogName)12
ImmutableList (com.google.common.collect.ImmutableList)11
ColumnHandle (io.prestosql.spi.connector.ColumnHandle)11
Optional (java.util.Optional)11
SchemaTableName (io.prestosql.spi.connector.SchemaTableName)10
ConnectorSession (io.prestosql.spi.connector.ConnectorSession)9
List (java.util.List)9
ConnectorTableMetadata (io.prestosql.spi.connector.ConnectorTableMetadata)8
ImmutableMap (com.google.common.collect.ImmutableMap)7
