Example 1 with Identity
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestColumnMask method testView.
@Test
public void testView() {
// mask on the underlying table for view owner when running query as different user
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "nation"), "name", VIEW_OWNER, new ViewExpression(VIEW_OWNER, Optional.empty(), Optional.empty(), "reverse(name)"));
Session session = Session.builder(SESSION).setIdentity(new Identity(RUN_AS_USER, Optional.empty())).build();
assertions.assertQuery(session, "SELECT name FROM mock.default.nation_view WHERE nationkey = 1", "VALUES CAST('ANITNEGRA' AS VARCHAR(25))");
});
// mask on the underlying table for view owner when running as themselves
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "nation"), "name", VIEW_OWNER, new ViewExpression(VIEW_OWNER, Optional.of(CATALOG), Optional.of("tiny"), "reverse(name)"));
Session session = Session.builder(SESSION).setIdentity(new Identity(VIEW_OWNER, Optional.empty())).build();
assertions.assertQuery(session, "SELECT name FROM mock.default.nation_view WHERE nationkey = 1", "VALUES CAST('ANITNEGRA' AS VARCHAR(25))");
});
// mask on the underlying table for user running the query (different from view owner) should not be applied
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "nation"), "name", RUN_AS_USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "reverse(name)"));
Session session = Session.builder(SESSION).setIdentity(new Identity(RUN_AS_USER, Optional.empty())).build();
assertions.assertQuery(session, "SELECT name FROM mock.default.nation_view WHERE nationkey = 1", "VALUES CAST('ARGENTINA' AS VARCHAR(25))");
});
}
Also used :
Identity(io.prestosql.spi.security.Identity)
QualifiedObjectName(io.prestosql.spi.connector.QualifiedObjectName)
ViewExpression(io.prestosql.spi.security.ViewExpression)
Session(io.prestosql.Session)
Test(org.testng.annotations.Test)
Example 2 with Identity
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestRowFilter method testView.
@Test
public void testView() {
// filter on the underlying table for view owner when running query as different user
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.rowFilter(new QualifiedObjectName(CATALOG, "tiny", "nation"), VIEW_OWNER, new ViewExpression(VIEW_OWNER, Optional.empty(), Optional.empty(), "nationkey = 1"));
Session session = Session.builder(SESSION).setIdentity(new Identity(RUN_AS_USER, Optional.empty())).build();
assertions.assertQuery(session, "SELECT name FROM mock.default.nation_view", "VALUES CAST('ARGENTINA' AS VARCHAR(25))");
});
// filter on the underlying table for view owner when running as themselves
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.rowFilter(new QualifiedObjectName(CATALOG, "tiny", "nation"), VIEW_OWNER, new ViewExpression(VIEW_OWNER, Optional.of(CATALOG), Optional.of("tiny"), "nationkey = 1"));
Session session = Session.builder(SESSION).setIdentity(new Identity(VIEW_OWNER, Optional.empty())).build();
assertions.assertQuery(session, "SELECT name FROM mock.default.nation_view", "VALUES CAST('ARGENTINA' AS VARCHAR(25))");
});
// filter on the underlying table for user running the query (different from view owner) should not be applied
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.rowFilter(new QualifiedObjectName(CATALOG, "tiny", "nation"), RUN_AS_USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "nationkey = 1"));
Session session = Session.builder(SESSION).setIdentity(new Identity(RUN_AS_USER, Optional.empty())).build();
assertions.assertQuery(session, "SELECT count(*) FROM mock.default.nation_view", "VALUES BIGINT '25'");
});
}
Also used :
Identity(io.prestosql.spi.security.Identity)
QualifiedObjectName(io.prestosql.spi.connector.QualifiedObjectName)
ViewExpression(io.prestosql.spi.security.ViewExpression)
Session(io.prestosql.Session)
Test(org.testng.annotations.Test)
Example 3 with Identity
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestHiveRoles method testSetRole.
@Test
public void testSetRole() {
executeFromAdmin("CREATE ROLE set_role_1");
executeFromAdmin("CREATE ROLE set_role_2");
executeFromAdmin("CREATE ROLE set_role_3");
executeFromAdmin("CREATE ROLE set_role_4");
executeFromAdmin("GRANT set_role_1 TO USER set_user_1");
executeFromAdmin("GRANT set_role_2 TO ROLE set_role_1");
executeFromAdmin("GRANT set_role_3 TO ROLE set_role_2");
Session unsetRole = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty())).build();
Session setRoleAll = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ALL, Optional.empty())))).build();
Session setRoleNone = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.NONE, Optional.empty())))).build();
Session setRole1 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_1"))))).build();
Session setRole2 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_2"))))).build();
Session setRole3 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_3"))))).build();
Session setRole4 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_4"))))).build();
MaterializedResult actual = getQueryRunner().execute(unsetRole, "SELECT * FROM hive.information_schema.applicable_roles");
MaterializedResult expected = MaterializedResult.resultBuilder(unsetRole, createUnboundedVarcharType(), createUnboundedVarcharType(), createUnboundedVarcharType(), createUnboundedVarcharType()).row("set_user_1", "USER", "public", "NO").row("set_user_1", "USER", "set_role_1", "NO").row("set_role_1", "ROLE", "set_role_2", "NO").row("set_role_2", "ROLE", "set_role_3", "NO").build();
assertEqualsIgnoreOrder(actual, expected);
actual = getQueryRunner().execute(unsetRole, "SELECT * FROM hive.information_schema.enabled_roles");
expected = MaterializedResult.resultBuilder(unsetRole, createUnboundedVarcharType()).row("public").row("set_role_1").row("set_role_2").row("set_role_3").build();
assertEqualsIgnoreOrder(actual, expected);
actual = getQueryRunner().execute(setRoleAll, "SELECT * FROM hive.information_schema.enabled_roles");
expected = MaterializedResult.resultBuilder(setRoleAll, createUnboundedVarcharType()).row("public").row("set_role_1").row("set_role_2").row("set_role_3").build();
assertEqualsIgnoreOrder(actual, expected);
actual = getQueryRunner().execute(setRoleNone, "SELECT * FROM hive.information_schema.enabled_roles");
expected = MaterializedResult.resultBuilder(setRoleNone, createUnboundedVarcharType()).row("public").build();
assertEqualsIgnoreOrder(actual, expected);
actual = getQueryRunner().execute(setRole1, "SELECT * FROM hive.information_schema.enabled_roles");
expected = MaterializedResult.resultBuilder(setRole1, createUnboundedVarcharType()).row("public").row("set_role_1").row("set_role_2").row("set_role_3").build();
assertEqualsIgnoreOrder(actual, expected);
actual = getQueryRunner().execute(setRole2, "SELECT * FROM hive.information_schema.enabled_roles");
expected = MaterializedResult.resultBuilder(setRole2, createUnboundedVarcharType()).row("public").row("set_role_2").row("set_role_3").build();
assertEqualsIgnoreOrder(actual, expected);
actual = getQueryRunner().execute(setRole3, "SELECT * FROM hive.information_schema.enabled_roles");
expected = MaterializedResult.resultBuilder(setRole3, createUnboundedVarcharType()).row("public").row("set_role_3").build();
assertEqualsIgnoreOrder(actual, expected);
assertQueryFails(setRole4, "SELECT * FROM hive.information_schema.enabled_roles", ".*?Cannot set role set_role_4");
executeFromAdmin("DROP ROLE set_role_1");
executeFromAdmin("DROP ROLE set_role_2");
executeFromAdmin("DROP ROLE set_role_3");
executeFromAdmin("DROP ROLE set_role_4");
}
Also used :
SelectedRole(io.prestosql.spi.security.SelectedRole)
Identity(io.prestosql.spi.security.Identity)
MaterializedResult(io.prestosql.testing.MaterializedResult)
Session(io.prestosql.Session)
Test(org.testng.annotations.Test)
Example 4 with Identity
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestHttpRequestSessionContext method testSessionContext.
@Test
public void testSessionContext() {
HttpServletRequest request = new MockHttpServletRequest(ImmutableListMultimap.<String, String>builder().put(PRESTO_USER, "testUser").put(PRESTO_SOURCE, "testSource").put(PRESTO_CATALOG, "testCatalog").put(PRESTO_SCHEMA, "testSchema").put(PRESTO_PATH, "testPath").put(PRESTO_LANGUAGE, "zh-TW").put(PRESTO_TIME_ZONE, "Asia/Taipei").put(PRESTO_CLIENT_INFO, "client-info").put(PRESTO_SESSION, QUERY_MAX_MEMORY + "=1GB").put(PRESTO_SESSION, JOIN_DISTRIBUTION_TYPE + "=partitioned," + HASH_PARTITION_COUNT + " = 43").put(PRESTO_SESSION, "some_session_property=some value with %2C comma").put(PRESTO_PREPARED_STATEMENT, "query1=select * from foo,query2=select * from bar").put(PRESTO_ROLE, "foo_connector=ALL").put(PRESTO_ROLE, "bar_connector=NONE").put(PRESTO_ROLE, "foobar_connector=ROLE{role}").put(PRESTO_EXTRA_CREDENTIAL, "test.token.foo=bar").put(PRESTO_EXTRA_CREDENTIAL, "test.token.abc=xyz").build(), "testRemote");
HttpRequestSessionContext context = new HttpRequestSessionContext(request, user -> ImmutableSet.of(user));
assertEquals(context.getSource(), "testSource");
assertEquals(context.getCatalog(), "testCatalog");
assertEquals(context.getSchema(), "testSchema");
assertEquals(context.getPath(), "testPath");
assertEquals(context.getIdentity(), new Identity("testUser", Optional.empty()));
assertEquals(context.getClientInfo(), "client-info");
assertEquals(context.getLanguage(), "zh-TW");
assertEquals(context.getTimeZoneId(), "Asia/Taipei");
assertEquals(context.getSystemProperties(), ImmutableMap.of(QUERY_MAX_MEMORY, "1GB", JOIN_DISTRIBUTION_TYPE, "partitioned", HASH_PARTITION_COUNT, "43", "some_session_property", "some value with , comma"));
assertEquals(context.getPreparedStatements(), ImmutableMap.of("query1", "select * from foo", "query2", "select * from bar"));
assertEquals(context.getIdentity().getRoles(), ImmutableMap.of("foo_connector", new SelectedRole(SelectedRole.Type.ALL, Optional.empty()), "bar_connector", new SelectedRole(SelectedRole.Type.NONE, Optional.empty()), "foobar_connector", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("role"))));
assertEquals(context.getIdentity().getExtraCredentials(), ImmutableMap.of("test.token.foo", "bar", "test.token.abc", "xyz"));
assertEquals(context.getIdentity().getGroups(), ImmutableSet.of("testUser"));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SelectedRole(io.prestosql.spi.security.SelectedRole)
Identity(io.prestosql.spi.security.Identity)
Test(org.testng.annotations.Test)
Example 5 with Identity
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class AutoVacuumScanner method startVacuum.
private void startVacuum(Catalog catalog, String vacuumTable, boolean isFull) {
String catalogNameVacuumTable = catalog.getCatalogName() + "." + vacuumTable;
if (vacuumInProgressMap.containsKey(catalogNameVacuumTable)) {
log.debug("return Present in vacuumInProgressMap %s ", catalogNameVacuumTable);
return;
}
long attempts = 0;
QueryId queryId = dispatchManager.createQueryId();
String slug = "x" + randomUUID().toString().toLowerCase(ENGLISH).replace("-", "");
String vacuumQuery;
if (isFull) {
vacuumQuery = "vacuum table " + catalogNameVacuumTable + " full";
} else {
vacuumQuery = "vacuum table " + catalogNameVacuumTable;
}
Session.SessionBuilder sessionBuilder = Session.builder(sessionPropertyManager).setQueryId(queryId).setIdentity(new Identity("openLooKeng", Optional.empty())).setSource("auto-vacuum");
Session session = sessionBuilder.build();
AutoVacuumSessionContext sessionContext = new AutoVacuumSessionContext(session);
vacuumInProgressMap.put(catalogNameVacuumTable, System.currentTimeMillis());
log.debug("Query.create queryId %s catalogNameVacuumTable: %s ", queryId.toString(), catalogNameVacuumTable);
ListenableFuture<?> lf = waitForDispatched(queryId, slug, sessionContext, vacuumQuery);
Futures.addCallback(lf, new FutureCallback<Object>() {
@Override
public void onSuccess(@Nullable Object result) {
try {
DispatchQuery dispatchQuery = dispatchManager.getQuery(queryId);
dispatchQuery.addStateChangeListener((state) -> {
Query query = getQuery(queryId, slug);
if ((null != query) && (!dispatchManager.getQueryInfo(queryId).getState().isDone())) {
query.waitForResults(attempts, Duration.valueOf("1s"), DataSize.valueOf("1MB"));
}
if (state.isDone()) {
log.debug("STATUS %s QueryID %s Query %s", state.name(), queryId.toString(), vacuumQuery);
vacuumInProgressMap.remove(catalogNameVacuumTable);
}
});
} catch (Throwable e) {
vacuumInProgressMap.remove(catalogNameVacuumTable);
log.error("Filed to execute vacuum for table %s QueryID %s", catalogNameVacuumTable, queryId.toString(), e.getMessage());
}
}
@Override
public void onFailure(Throwable t) {
vacuumInProgressMap.remove(catalogNameVacuumTable);
log.error("Query %s request to start vacuum scan failed at queryId[%s]: %s ", vacuumQuery, queryId, t.getMessage());
}
}, directExecutor());
}
Also used :
ConnectorMetadata(io.prestosql.spi.connector.ConnectorMetadata)
DispatchQuery(io.prestosql.dispatcher.DispatchQuery)
Inject(com.google.inject.Inject)
DataCenterStatementResource(io.prestosql.datacenter.DataCenterStatementResource)
Duration(io.airlift.units.Duration)
QueryManager(io.prestosql.execution.QueryManager)
PreDestroy(javax.annotation.PreDestroy)
Future(java.util.concurrent.Future)
BoundedExecutor(io.airlift.concurrent.BoundedExecutor)
Map(java.util.Map)
SimpleLocalMemoryContext(io.prestosql.memory.context.SimpleLocalMemoryContext)
ENGLISH(java.util.Locale.ENGLISH)
PrestoException(io.prestosql.spi.PrestoException)
Query(io.prestosql.server.protocol.Query)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
Identity(io.prestosql.spi.security.Identity)
ThreadSafe(javax.annotation.concurrent.ThreadSafe)
MILLISECONDS(java.util.concurrent.TimeUnit.MILLISECONDS)
Executors(java.util.concurrent.Executors)
String.format(java.lang.String.format)
Preconditions.checkState(com.google.common.base.Preconditions.checkState)
MoreExecutors.directExecutor(com.google.common.util.concurrent.MoreExecutors.directExecutor)
DataSize(io.airlift.units.DataSize)
List(java.util.List)
SessionPropertyManager(io.prestosql.metadata.SessionPropertyManager)
PostConstruct(javax.annotation.PostConstruct)
Optional(java.util.Optional)
StandardErrorCode(io.prestosql.spi.StandardErrorCode)
ConnectorVacuumTableInfo(io.prestosql.spi.connector.ConnectorVacuumTableInfo)
AggregatedMemoryContext.newSimpleAggregatedMemoryContext(io.prestosql.memory.context.AggregatedMemoryContext.newSimpleAggregatedMemoryContext)
Connector(io.prestosql.spi.connector.Connector)
ListenableFuture(com.google.common.util.concurrent.ListenableFuture)
Logger(io.airlift.log.Logger)
BlockEncodingSerde(io.prestosql.spi.block.BlockEncodingSerde)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
ExchangeClient(io.prestosql.operator.ExchangeClient)
Objects.requireNonNull(java.util.Objects.requireNonNull)
Session(io.prestosql.Session)
ScheduledExecutorService(java.util.concurrent.ScheduledExecutorService)
QueryId(io.prestosql.spi.QueryId)
NoSuchElementException(java.util.NoSuchElementException)
DispatchManager(io.prestosql.dispatcher.DispatchManager)
Nullable(javax.annotation.Nullable)
ForStatementResource(io.prestosql.server.ForStatementResource)
FutureCallback(com.google.common.util.concurrent.FutureCallback)
Futures(com.google.common.util.concurrent.Futures)
UUID.randomUUID(java.util.UUID.randomUUID)
Catalog(io.prestosql.metadata.Catalog)
ExchangeClientSupplier(io.prestosql.operator.ExchangeClientSupplier)
CatalogManager(io.prestosql.metadata.CatalogManager)
DispatchQuery(io.prestosql.dispatcher.DispatchQuery)
Query(io.prestosql.server.protocol.Query)
DispatchQuery(io.prestosql.dispatcher.DispatchQuery)
QueryId(io.prestosql.spi.QueryId)
Identity(io.prestosql.spi.security.Identity)
Session(io.prestosql.Session)
Aggregations
Identity (io.prestosql.spi.security.Identity)20
Test (org.testng.annotations.Test)15
Session (io.prestosql.Session)10
QualifiedObjectName (io.prestosql.spi.connector.QualifiedObjectName)7
ConnectorIdentity (io.prestosql.spi.security.ConnectorIdentity)6
InMemoryTransactionManager.createTestTransactionManager (io.prestosql.transaction.InMemoryTransactionManager.createTestTransactionManager)6
TransactionManager (io.prestosql.transaction.TransactionManager)6
CatalogManager (io.prestosql.metadata.CatalogManager)4
CatalogName (io.prestosql.spi.connector.CatalogName)4
CatalogName.createInformationSchemaCatalogName (io.prestosql.spi.connector.CatalogName.createInformationSchemaCatalogName)4
CatalogName.createSystemTablesCatalogName (io.prestosql.spi.connector.CatalogName.createSystemTablesCatalogName)4
ConnectorSession (io.prestosql.spi.connector.ConnectorSession)4
SelectedRole (io.prestosql.spi.security.SelectedRole)4
SessionPropertyManager (io.prestosql.metadata.SessionPropertyManager)3
ViewExpression (io.prestosql.spi.security.ViewExpression)3
AbstractTestIntegrationSmokeTest (io.prestosql.tests.AbstractTestIntegrationSmokeTest)3
QueryId (io.prestosql.spi.QueryId)2
CatalogSchemaTableName (io.prestosql.spi.connector.CatalogSchemaTableName)2
SchemaTableName (io.prestosql.spi.connector.SchemaTableName)2
SqlPath (io.prestosql.sql.SqlPath)2
