use of io.prestosql.spi.security.ConnectorIdentity in project boostkit-bigdata by kunpengcompute.
the class VacuumEligibleTableCollector method createInstance.
public static synchronized void createInstance(SemiTransactionalHiveMetastore metastore, HdfsEnvironment hdfsEnvironment, int vacuumDeltaNumThreshold, double vacuumDeltaPercentThreshold, ScheduledExecutorService executorService, long vacuumCollectorInterval) {
if (instance == null) {
instance = new VacuumEligibleTableCollector(metastore, hdfsEnvironment, vacuumDeltaNumThreshold, vacuumDeltaPercentThreshold, executorService);
// Initialize the file systems
HdfsEnvironment.HdfsContext context = new HdfsEnvironment.HdfsContext(new ConnectorIdentity("openLooKeng", Optional.empty(), Optional.empty()));
try {
hdfsEnvironment.getFileSystem(context, new Path("/"));
} catch (IOException e) {
log.warn("Get file system error(schema=%s tableName=%s)", context.getSchemaName(), context.getTableName());
}
// Also start preparing vacuumTableList
instance.executorService.scheduleAtFixedRate(instance.task, 0, vacuumCollectorInterval, TimeUnit.MILLISECONDS);
}
}
use of io.prestosql.spi.security.ConnectorIdentity in project incubator-pulsar by apache.
the class TestPulsarAuth method testPulsarSqlAuth.
@Test
public void testPulsarSqlAuth() throws PulsarAdminException {
String passRole = RandomStringUtils.randomAlphabetic(4) + "-pass";
String deniedRole = RandomStringUtils.randomAlphabetic(4) + "-denied";
String topic = "persistent://p1/c1/ns1/" + RandomStringUtils.randomAlphabetic(4);
String otherTopic = "persistent://p1/c1/ns1/" + RandomStringUtils.randomAlphabetic(4) + "-other";
String partitionedTopic = "persistent://p1/c1/ns1/" + RandomStringUtils.randomAlphabetic(4);
String passToken = AuthTokenUtils.createToken(secretKey, passRole, Optional.empty());
String deniedToken = AuthTokenUtils.createToken(secretKey, deniedRole, Optional.empty());
admin.topics().grantPermission(topic, passRole, EnumSet.of(AuthAction.consume));
admin.topics().createPartitionedTopic(partitionedTopic, 2);
admin.topics().grantPermission(partitionedTopic, passRole, EnumSet.of(AuthAction.consume));
waitForChange();
ConnectorSession session = mock(ConnectorSession.class);
ConnectorIdentity identity = mock(ConnectorIdentity.class);
PulsarConnectorConfig pulsarConnectorConfig = mock(PulsarConnectorConfig.class);
doReturn(true).when(pulsarConnectorConfig).getAuthorizationEnabled();
doReturn(pulsar.getBrokerServiceUrl()).when(pulsarConnectorConfig).getBrokerBinaryServiceUrl();
doReturn("query-1").when(session).getQueryId();
doReturn(identity).when(session).getIdentity();
doReturn(new HashMap<String, String>() {
{
put("auth-plugin", "org.apache.pulsar.client.impl.auth.AuthenticationToken");
put("auth-params", passToken);
}
}).when(identity).getExtraCredentials();
PulsarAuth pulsarAuth = new PulsarAuth(pulsarConnectorConfig);
// should pass
pulsarAuth.checkTopicAuth(session, topic);
// authorizedQueryTopicPairs should contain the authorized query and topic.
Assert.assertTrue(pulsarAuth.authorizedQueryTopicsMap.containsKey(session.getQueryId()));
Assert.assertTrue(pulsarAuth.authorizedQueryTopicsMap.get(session.getQueryId()).contains(topic));
// have permission.
try {
pulsarAuth.checkTopicAuth(session, otherTopic);
// should fail
Assert.fail();
} catch (PrestoException e) {
Assert.assertEquals(PERMISSION_DENIED.toErrorCode(), e.getErrorCode());
Assert.assertTrue(e.getMessage().contains("not authorized"));
}
// test clean session
pulsarAuth.cleanSession(session);
Assert.assertFalse(pulsarAuth.authorizedQueryTopicsMap.containsKey(session.getQueryId()));
doReturn("test-fail").when(session).getQueryId();
doReturn("query-2").when(session).getQueryId();
try {
doReturn(new HashMap<String, String>() {
{
put("auth-plugin", "org.apache.pulsar.client.impl.auth.AuthenticationToken");
put("auth-params", "invalid-token");
}
}).when(identity).getExtraCredentials();
pulsarAuth.checkTopicAuth(session, topic);
// should fail
Assert.fail();
} catch (PrestoException e) {
Assert.assertEquals(PERMISSION_DENIED.toErrorCode(), e.getErrorCode());
Assert.assertTrue(e.getMessage().contains("Unable to authenticate"));
}
pulsarAuth.cleanSession(session);
Assert.assertTrue(pulsarAuth.authorizedQueryTopicsMap.isEmpty());
doReturn("query-3").when(session).getQueryId();
try {
doReturn(new HashMap<String, String>() {
{
put("auth-plugin", "org.apache.pulsar.client.impl.auth.AuthenticationToken");
put("auth-params", deniedToken);
}
}).when(identity).getExtraCredentials();
pulsarAuth.checkTopicAuth(session, topic);
// should fail
Assert.fail();
} catch (PrestoException e) {
Assert.assertEquals(PERMISSION_DENIED.toErrorCode(), e.getErrorCode());
Assert.assertTrue(e.getMessage().contains("not authorized"));
}
pulsarAuth.cleanSession(session);
doReturn(new HashMap<String, String>() {
{
put("auth-plugin", "org.apache.pulsar.client.impl.auth.AuthenticationToken");
put("auth-params", passToken);
}
}).when(identity).getExtraCredentials();
// should pass for the partitioned topic case
pulsarAuth.checkTopicAuth(session, topic);
pulsarAuth.cleanSession(session);
Assert.assertTrue(pulsarAuth.authorizedQueryTopicsMap.isEmpty());
}
use of io.prestosql.spi.security.ConnectorIdentity in project incubator-pulsar by apache.
the class TestPulsarAuth method testEmptyExtraCredentials.
@Test
public void testEmptyExtraCredentials() {
PulsarConnectorConfig pulsarConnectorConfig = mock(PulsarConnectorConfig.class);
doReturn(true).when(pulsarConnectorConfig).getAuthorizationEnabled();
doReturn(pulsar.getBrokerServiceUrl()).when(pulsarConnectorConfig).getBrokerBinaryServiceUrl();
PulsarAuth pulsarAuth = new PulsarAuth(pulsarConnectorConfig);
ConnectorSession session = mock(ConnectorSession.class);
ConnectorIdentity identity = mock(ConnectorIdentity.class);
doReturn("query-1").when(session).getQueryId();
doReturn(identity).when(session).getIdentity();
// Test empty extra credentials map
doReturn(new HashMap<String, String>()).when(identity).getExtraCredentials();
try {
pulsarAuth.checkTopicAuth(session, "test");
// should fail
Assert.fail();
} catch (PrestoException e) {
Assert.assertEquals(QUERY_REJECTED.toErrorCode(), e.getErrorCode());
Assert.assertTrue(e.getMessage().contains("The credential information is empty"));
}
// Test empty extra credentials parameters
doReturn(new HashMap<String, String>() {
{
put("auth-plugin", "org.apache.pulsar.client.impl.auth.AuthenticationToken");
}
}).when(identity).getExtraCredentials();
try {
pulsarAuth.checkTopicAuth(session, "test");
// should fail
Assert.fail();
} catch (PrestoException e) {
Assert.assertEquals(QUERY_REJECTED.toErrorCode(), e.getErrorCode());
Assert.assertTrue(e.getMessage().contains("Please specify the auth-method and auth-params"));
}
doReturn(new HashMap<String, String>() {
{
put("auth-params", "test-token");
}
}).when(identity).getExtraCredentials();
try {
pulsarAuth.checkTopicAuth(session, "test");
// should fail
Assert.fail();
} catch (PrestoException e) {
Assert.assertEquals(QUERY_REJECTED.toErrorCode(), e.getErrorCode());
Assert.assertTrue(e.getMessage().contains("Please specify the auth-method and auth-params"));
}
}
use of io.prestosql.spi.security.ConnectorIdentity in project hetu-core by openlookeng.
the class VacuumEligibleTableCollector method createInstance.
public static synchronized void createInstance(SemiTransactionalHiveMetastore metastore, HdfsEnvironment hdfsEnvironment, int vacuumDeltaNumThreshold, double vacuumDeltaPercentThreshold, ScheduledExecutorService executorService, long vacuumCollectorInterval) {
if (instance == null) {
instance = new VacuumEligibleTableCollector(metastore, hdfsEnvironment, vacuumDeltaNumThreshold, vacuumDeltaPercentThreshold, executorService);
// Initialize the file systems
HdfsEnvironment.HdfsContext context = new HdfsEnvironment.HdfsContext(new ConnectorIdentity("openLooKeng", Optional.empty(), Optional.empty()));
try {
hdfsEnvironment.getFileSystem(context, new Path("/"));
} catch (IOException e) {
log.warn("Get file system error(schema=%s tableName=%s)", context.getSchemaName(), context.getTableName());
}
// Also start preparing vacuumTableList
instance.executorService.scheduleAtFixedRate(instance.task, 0, vacuumCollectorInterval, TimeUnit.MILLISECONDS);
}
}
use of io.prestosql.spi.security.ConnectorIdentity in project hetu-core by openlookeng.
the class SystemConnectorSessionUtil method toSession.
// this does not preserve any connector properties (for the system connector)
public static Session toSession(ConnectorTransactionHandle transactionHandle, ConnectorSession session) {
TransactionId transactionId = ((GlobalSystemTransactionHandle) transactionHandle).getTransactionId();
ConnectorIdentity connectorIdentity = session.getIdentity();
Identity identity = new Identity(connectorIdentity.getUser(), connectorIdentity.getPrincipal());
return Session.builder(new SessionPropertyManager(SYSTEM_SESSION_PROPERTIES)).setQueryId(new QueryId(session.getQueryId())).setTransactionId(transactionId).setCatalog("catalog").setSchema("schema").setPath(new SqlPath(Optional.of("path"))).setIdentity(identity).setTimeZoneKey(session.getTimeZoneKey()).setLocale(session.getLocale()).setStartTime(session.getStartTime()).build();
}
Aggregations