Search in sources :

Example 1 with ConnectorIdentity

use of io.prestosql.spi.security.ConnectorIdentity in project boostkit-bigdata by kunpengcompute.

the class VacuumEligibleTableCollector method createInstance.

public static synchronized void createInstance(SemiTransactionalHiveMetastore metastore, HdfsEnvironment hdfsEnvironment, int vacuumDeltaNumThreshold, double vacuumDeltaPercentThreshold, ScheduledExecutorService executorService, long vacuumCollectorInterval) {
    if (instance == null) {
        instance = new VacuumEligibleTableCollector(metastore, hdfsEnvironment, vacuumDeltaNumThreshold, vacuumDeltaPercentThreshold, executorService);
        // Initialize the file systems
        HdfsEnvironment.HdfsContext context = new HdfsEnvironment.HdfsContext(new ConnectorIdentity("openLooKeng", Optional.empty(), Optional.empty()));
        try {
            hdfsEnvironment.getFileSystem(context, new Path("/"));
        } catch (IOException e) {
            log.warn("Get file system error(schema=%s tableName=%s)", context.getSchemaName(), context.getTableName());
        }
        // Also start preparing vacuumTableList
        instance.executorService.scheduleAtFixedRate(instance.task, 0, vacuumCollectorInterval, TimeUnit.MILLISECONDS);
    }
}
Also used : Path(org.apache.hadoop.fs.Path) ConnectorIdentity(io.prestosql.spi.security.ConnectorIdentity) IOException(java.io.IOException)

Example 2 with ConnectorIdentity

use of io.prestosql.spi.security.ConnectorIdentity in project incubator-pulsar by apache.

the class TestPulsarAuth method testPulsarSqlAuth.

@Test
public void testPulsarSqlAuth() throws PulsarAdminException {
    String passRole = RandomStringUtils.randomAlphabetic(4) + "-pass";
    String deniedRole = RandomStringUtils.randomAlphabetic(4) + "-denied";
    String topic = "persistent://p1/c1/ns1/" + RandomStringUtils.randomAlphabetic(4);
    String otherTopic = "persistent://p1/c1/ns1/" + RandomStringUtils.randomAlphabetic(4) + "-other";
    String partitionedTopic = "persistent://p1/c1/ns1/" + RandomStringUtils.randomAlphabetic(4);
    String passToken = AuthTokenUtils.createToken(secretKey, passRole, Optional.empty());
    String deniedToken = AuthTokenUtils.createToken(secretKey, deniedRole, Optional.empty());
    admin.topics().grantPermission(topic, passRole, EnumSet.of(AuthAction.consume));
    admin.topics().createPartitionedTopic(partitionedTopic, 2);
    admin.topics().grantPermission(partitionedTopic, passRole, EnumSet.of(AuthAction.consume));
    waitForChange();
    ConnectorSession session = mock(ConnectorSession.class);
    ConnectorIdentity identity = mock(ConnectorIdentity.class);
    PulsarConnectorConfig pulsarConnectorConfig = mock(PulsarConnectorConfig.class);
    doReturn(true).when(pulsarConnectorConfig).getAuthorizationEnabled();
    doReturn(pulsar.getBrokerServiceUrl()).when(pulsarConnectorConfig).getBrokerBinaryServiceUrl();
    doReturn("query-1").when(session).getQueryId();
    doReturn(identity).when(session).getIdentity();
    doReturn(new HashMap<String, String>() {

        {
            put("auth-plugin", "org.apache.pulsar.client.impl.auth.AuthenticationToken");
            put("auth-params", passToken);
        }
    }).when(identity).getExtraCredentials();
    PulsarAuth pulsarAuth = new PulsarAuth(pulsarConnectorConfig);
    // should pass
    pulsarAuth.checkTopicAuth(session, topic);
    // authorizedQueryTopicPairs should contain the authorized query and topic.
    Assert.assertTrue(pulsarAuth.authorizedQueryTopicsMap.containsKey(session.getQueryId()));
    Assert.assertTrue(pulsarAuth.authorizedQueryTopicsMap.get(session.getQueryId()).contains(topic));
    // have permission.
    try {
        pulsarAuth.checkTopicAuth(session, otherTopic);
        // should fail
        Assert.fail();
    } catch (PrestoException e) {
        Assert.assertEquals(PERMISSION_DENIED.toErrorCode(), e.getErrorCode());
        Assert.assertTrue(e.getMessage().contains("not authorized"));
    }
    // test clean session
    pulsarAuth.cleanSession(session);
    Assert.assertFalse(pulsarAuth.authorizedQueryTopicsMap.containsKey(session.getQueryId()));
    doReturn("test-fail").when(session).getQueryId();
    doReturn("query-2").when(session).getQueryId();
    try {
        doReturn(new HashMap<String, String>() {

            {
                put("auth-plugin", "org.apache.pulsar.client.impl.auth.AuthenticationToken");
                put("auth-params", "invalid-token");
            }
        }).when(identity).getExtraCredentials();
        pulsarAuth.checkTopicAuth(session, topic);
        // should fail
        Assert.fail();
    } catch (PrestoException e) {
        Assert.assertEquals(PERMISSION_DENIED.toErrorCode(), e.getErrorCode());
        Assert.assertTrue(e.getMessage().contains("Unable to authenticate"));
    }
    pulsarAuth.cleanSession(session);
    Assert.assertTrue(pulsarAuth.authorizedQueryTopicsMap.isEmpty());
    doReturn("query-3").when(session).getQueryId();
    try {
        doReturn(new HashMap<String, String>() {

            {
                put("auth-plugin", "org.apache.pulsar.client.impl.auth.AuthenticationToken");
                put("auth-params", deniedToken);
            }
        }).when(identity).getExtraCredentials();
        pulsarAuth.checkTopicAuth(session, topic);
        // should fail
        Assert.fail();
    } catch (PrestoException e) {
        Assert.assertEquals(PERMISSION_DENIED.toErrorCode(), e.getErrorCode());
        Assert.assertTrue(e.getMessage().contains("not authorized"));
    }
    pulsarAuth.cleanSession(session);
    doReturn(new HashMap<String, String>() {

        {
            put("auth-plugin", "org.apache.pulsar.client.impl.auth.AuthenticationToken");
            put("auth-params", passToken);
        }
    }).when(identity).getExtraCredentials();
    // should pass for the partitioned topic case
    pulsarAuth.checkTopicAuth(session, topic);
    pulsarAuth.cleanSession(session);
    Assert.assertTrue(pulsarAuth.authorizedQueryTopicsMap.isEmpty());
}
Also used : ConnectorIdentity(io.prestosql.spi.security.ConnectorIdentity) ConnectorSession(io.prestosql.spi.connector.ConnectorSession) PrestoException(io.prestosql.spi.PrestoException) Test(org.testng.annotations.Test) MockedPulsarServiceBaseTest(org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest)

Example 3 with ConnectorIdentity

use of io.prestosql.spi.security.ConnectorIdentity in project incubator-pulsar by apache.

the class TestPulsarAuth method testEmptyExtraCredentials.

@Test
public void testEmptyExtraCredentials() {
    PulsarConnectorConfig pulsarConnectorConfig = mock(PulsarConnectorConfig.class);
    doReturn(true).when(pulsarConnectorConfig).getAuthorizationEnabled();
    doReturn(pulsar.getBrokerServiceUrl()).when(pulsarConnectorConfig).getBrokerBinaryServiceUrl();
    PulsarAuth pulsarAuth = new PulsarAuth(pulsarConnectorConfig);
    ConnectorSession session = mock(ConnectorSession.class);
    ConnectorIdentity identity = mock(ConnectorIdentity.class);
    doReturn("query-1").when(session).getQueryId();
    doReturn(identity).when(session).getIdentity();
    // Test empty extra credentials map
    doReturn(new HashMap<String, String>()).when(identity).getExtraCredentials();
    try {
        pulsarAuth.checkTopicAuth(session, "test");
        // should fail
        Assert.fail();
    } catch (PrestoException e) {
        Assert.assertEquals(QUERY_REJECTED.toErrorCode(), e.getErrorCode());
        Assert.assertTrue(e.getMessage().contains("The credential information is empty"));
    }
    // Test empty extra credentials parameters
    doReturn(new HashMap<String, String>() {

        {
            put("auth-plugin", "org.apache.pulsar.client.impl.auth.AuthenticationToken");
        }
    }).when(identity).getExtraCredentials();
    try {
        pulsarAuth.checkTopicAuth(session, "test");
        // should fail
        Assert.fail();
    } catch (PrestoException e) {
        Assert.assertEquals(QUERY_REJECTED.toErrorCode(), e.getErrorCode());
        Assert.assertTrue(e.getMessage().contains("Please specify the auth-method and auth-params"));
    }
    doReturn(new HashMap<String, String>() {

        {
            put("auth-params", "test-token");
        }
    }).when(identity).getExtraCredentials();
    try {
        pulsarAuth.checkTopicAuth(session, "test");
        // should fail
        Assert.fail();
    } catch (PrestoException e) {
        Assert.assertEquals(QUERY_REJECTED.toErrorCode(), e.getErrorCode());
        Assert.assertTrue(e.getMessage().contains("Please specify the auth-method and auth-params"));
    }
}
Also used : ConnectorIdentity(io.prestosql.spi.security.ConnectorIdentity) ConnectorSession(io.prestosql.spi.connector.ConnectorSession) PrestoException(io.prestosql.spi.PrestoException) Test(org.testng.annotations.Test) MockedPulsarServiceBaseTest(org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest)

Example 4 with ConnectorIdentity

use of io.prestosql.spi.security.ConnectorIdentity in project hetu-core by openlookeng.

the class VacuumEligibleTableCollector method createInstance.

public static synchronized void createInstance(SemiTransactionalHiveMetastore metastore, HdfsEnvironment hdfsEnvironment, int vacuumDeltaNumThreshold, double vacuumDeltaPercentThreshold, ScheduledExecutorService executorService, long vacuumCollectorInterval) {
    if (instance == null) {
        instance = new VacuumEligibleTableCollector(metastore, hdfsEnvironment, vacuumDeltaNumThreshold, vacuumDeltaPercentThreshold, executorService);
        // Initialize the file systems
        HdfsEnvironment.HdfsContext context = new HdfsEnvironment.HdfsContext(new ConnectorIdentity("openLooKeng", Optional.empty(), Optional.empty()));
        try {
            hdfsEnvironment.getFileSystem(context, new Path("/"));
        } catch (IOException e) {
            log.warn("Get file system error(schema=%s tableName=%s)", context.getSchemaName(), context.getTableName());
        }
        // Also start preparing vacuumTableList
        instance.executorService.scheduleAtFixedRate(instance.task, 0, vacuumCollectorInterval, TimeUnit.MILLISECONDS);
    }
}
Also used : Path(org.apache.hadoop.fs.Path) ConnectorIdentity(io.prestosql.spi.security.ConnectorIdentity) IOException(java.io.IOException)

Example 5 with ConnectorIdentity

use of io.prestosql.spi.security.ConnectorIdentity in project hetu-core by openlookeng.

the class SystemConnectorSessionUtil method toSession.

// this does not preserve any connector properties (for the system connector)
public static Session toSession(ConnectorTransactionHandle transactionHandle, ConnectorSession session) {
    TransactionId transactionId = ((GlobalSystemTransactionHandle) transactionHandle).getTransactionId();
    ConnectorIdentity connectorIdentity = session.getIdentity();
    Identity identity = new Identity(connectorIdentity.getUser(), connectorIdentity.getPrincipal());
    return Session.builder(new SessionPropertyManager(SYSTEM_SESSION_PROPERTIES)).setQueryId(new QueryId(session.getQueryId())).setTransactionId(transactionId).setCatalog("catalog").setSchema("schema").setPath(new SqlPath(Optional.of("path"))).setIdentity(identity).setTimeZoneKey(session.getTimeZoneKey()).setLocale(session.getLocale()).setStartTime(session.getStartTime()).build();
}
Also used : SqlPath(io.prestosql.sql.SqlPath) QueryId(io.prestosql.spi.QueryId) SessionPropertyManager(io.prestosql.metadata.SessionPropertyManager) ConnectorIdentity(io.prestosql.spi.security.ConnectorIdentity) ConnectorIdentity(io.prestosql.spi.security.ConnectorIdentity) Identity(io.prestosql.spi.security.Identity) TransactionId(io.prestosql.transaction.TransactionId)

Aggregations

ConnectorIdentity (io.prestosql.spi.security.ConnectorIdentity)5 PrestoException (io.prestosql.spi.PrestoException)2 ConnectorSession (io.prestosql.spi.connector.ConnectorSession)2 IOException (java.io.IOException)2 Path (org.apache.hadoop.fs.Path)2 MockedPulsarServiceBaseTest (org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest)2 Test (org.testng.annotations.Test)2 SessionPropertyManager (io.prestosql.metadata.SessionPropertyManager)1 QueryId (io.prestosql.spi.QueryId)1 Identity (io.prestosql.spi.security.Identity)1 SqlPath (io.prestosql.sql.SqlPath)1 TransactionId (io.prestosql.transaction.TransactionId)1