use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestColumnMask method testView.
@Test
public void testView() {
// mask on the underlying table for view owner when running query as different user
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "nation"), "name", VIEW_OWNER, new ViewExpression(VIEW_OWNER, Optional.empty(), Optional.empty(), "reverse(name)"));
Session session = Session.builder(SESSION).setIdentity(new Identity(RUN_AS_USER, Optional.empty())).build();
assertions.assertQuery(session, "SELECT name FROM mock.default.nation_view WHERE nationkey = 1", "VALUES CAST('ANITNEGRA' AS VARCHAR(25))");
});
// mask on the underlying table for view owner when running as themselves
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "nation"), "name", VIEW_OWNER, new ViewExpression(VIEW_OWNER, Optional.of(CATALOG), Optional.of("tiny"), "reverse(name)"));
Session session = Session.builder(SESSION).setIdentity(new Identity(VIEW_OWNER, Optional.empty())).build();
assertions.assertQuery(session, "SELECT name FROM mock.default.nation_view WHERE nationkey = 1", "VALUES CAST('ANITNEGRA' AS VARCHAR(25))");
});
// mask on the underlying table for user running the query (different from view owner) should not be applied
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.columnMask(new QualifiedObjectName(CATALOG, "tiny", "nation"), "name", RUN_AS_USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "reverse(name)"));
Session session = Session.builder(SESSION).setIdentity(new Identity(RUN_AS_USER, Optional.empty())).build();
assertions.assertQuery(session, "SELECT name FROM mock.default.nation_view WHERE nationkey = 1", "VALUES CAST('ARGENTINA' AS VARCHAR(25))");
});
}
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestRowFilter method testView.
@Test
public void testView() {
// filter on the underlying table for view owner when running query as different user
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.rowFilter(new QualifiedObjectName(CATALOG, "tiny", "nation"), VIEW_OWNER, new ViewExpression(VIEW_OWNER, Optional.empty(), Optional.empty(), "nationkey = 1"));
Session session = Session.builder(SESSION).setIdentity(new Identity(RUN_AS_USER, Optional.empty())).build();
assertions.assertQuery(session, "SELECT name FROM mock.default.nation_view", "VALUES CAST('ARGENTINA' AS VARCHAR(25))");
});
// filter on the underlying table for view owner when running as themselves
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.rowFilter(new QualifiedObjectName(CATALOG, "tiny", "nation"), VIEW_OWNER, new ViewExpression(VIEW_OWNER, Optional.of(CATALOG), Optional.of("tiny"), "nationkey = 1"));
Session session = Session.builder(SESSION).setIdentity(new Identity(VIEW_OWNER, Optional.empty())).build();
assertions.assertQuery(session, "SELECT name FROM mock.default.nation_view", "VALUES CAST('ARGENTINA' AS VARCHAR(25))");
});
// filter on the underlying table for user running the query (different from view owner) should not be applied
assertions.executeExclusively(() -> {
accessControl.reset();
accessControl.rowFilter(new QualifiedObjectName(CATALOG, "tiny", "nation"), RUN_AS_USER, new ViewExpression(RUN_AS_USER, Optional.of(CATALOG), Optional.of("tiny"), "nationkey = 1"));
Session session = Session.builder(SESSION).setIdentity(new Identity(RUN_AS_USER, Optional.empty())).build();
assertions.assertQuery(session, "SELECT count(*) FROM mock.default.nation_view", "VALUES BIGINT '25'");
});
}
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestHiveRoles method testSetRole.
@Test
public void testSetRole() {
executeFromAdmin("CREATE ROLE set_role_1");
executeFromAdmin("CREATE ROLE set_role_2");
executeFromAdmin("CREATE ROLE set_role_3");
executeFromAdmin("CREATE ROLE set_role_4");
executeFromAdmin("GRANT set_role_1 TO USER set_user_1");
executeFromAdmin("GRANT set_role_2 TO ROLE set_role_1");
executeFromAdmin("GRANT set_role_3 TO ROLE set_role_2");
Session unsetRole = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty())).build();
Session setRoleAll = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ALL, Optional.empty())))).build();
Session setRoleNone = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.NONE, Optional.empty())))).build();
Session setRole1 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_1"))))).build();
Session setRole2 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_2"))))).build();
Session setRole3 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_3"))))).build();
Session setRole4 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_4"))))).build();
MaterializedResult actual = getQueryRunner().execute(unsetRole, "SELECT * FROM hive.information_schema.applicable_roles");
MaterializedResult expected = MaterializedResult.resultBuilder(unsetRole, createUnboundedVarcharType(), createUnboundedVarcharType(), createUnboundedVarcharType(), createUnboundedVarcharType()).row("set_user_1", "USER", "public", "NO").row("set_user_1", "USER", "set_role_1", "NO").row("set_role_1", "ROLE", "set_role_2", "NO").row("set_role_2", "ROLE", "set_role_3", "NO").build();
assertEqualsIgnoreOrder(actual, expected);
actual = getQueryRunner().execute(unsetRole, "SELECT * FROM hive.information_schema.enabled_roles");
expected = MaterializedResult.resultBuilder(unsetRole, createUnboundedVarcharType()).row("public").row("set_role_1").row("set_role_2").row("set_role_3").build();
assertEqualsIgnoreOrder(actual, expected);
actual = getQueryRunner().execute(setRoleAll, "SELECT * FROM hive.information_schema.enabled_roles");
expected = MaterializedResult.resultBuilder(setRoleAll, createUnboundedVarcharType()).row("public").row("set_role_1").row("set_role_2").row("set_role_3").build();
assertEqualsIgnoreOrder(actual, expected);
actual = getQueryRunner().execute(setRoleNone, "SELECT * FROM hive.information_schema.enabled_roles");
expected = MaterializedResult.resultBuilder(setRoleNone, createUnboundedVarcharType()).row("public").build();
assertEqualsIgnoreOrder(actual, expected);
actual = getQueryRunner().execute(setRole1, "SELECT * FROM hive.information_schema.enabled_roles");
expected = MaterializedResult.resultBuilder(setRole1, createUnboundedVarcharType()).row("public").row("set_role_1").row("set_role_2").row("set_role_3").build();
assertEqualsIgnoreOrder(actual, expected);
actual = getQueryRunner().execute(setRole2, "SELECT * FROM hive.information_schema.enabled_roles");
expected = MaterializedResult.resultBuilder(setRole2, createUnboundedVarcharType()).row("public").row("set_role_2").row("set_role_3").build();
assertEqualsIgnoreOrder(actual, expected);
actual = getQueryRunner().execute(setRole3, "SELECT * FROM hive.information_schema.enabled_roles");
expected = MaterializedResult.resultBuilder(setRole3, createUnboundedVarcharType()).row("public").row("set_role_3").build();
assertEqualsIgnoreOrder(actual, expected);
assertQueryFails(setRole4, "SELECT * FROM hive.information_schema.enabled_roles", ".*?Cannot set role set_role_4");
executeFromAdmin("DROP ROLE set_role_1");
executeFromAdmin("DROP ROLE set_role_2");
executeFromAdmin("DROP ROLE set_role_3");
executeFromAdmin("DROP ROLE set_role_4");
}
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestHttpRequestSessionContext method testSessionContext.
@Test
public void testSessionContext() {
HttpServletRequest request = new MockHttpServletRequest(ImmutableListMultimap.<String, String>builder().put(PRESTO_USER, "testUser").put(PRESTO_SOURCE, "testSource").put(PRESTO_CATALOG, "testCatalog").put(PRESTO_SCHEMA, "testSchema").put(PRESTO_PATH, "testPath").put(PRESTO_LANGUAGE, "zh-TW").put(PRESTO_TIME_ZONE, "Asia/Taipei").put(PRESTO_CLIENT_INFO, "client-info").put(PRESTO_SESSION, QUERY_MAX_MEMORY + "=1GB").put(PRESTO_SESSION, JOIN_DISTRIBUTION_TYPE + "=partitioned," + HASH_PARTITION_COUNT + " = 43").put(PRESTO_SESSION, "some_session_property=some value with %2C comma").put(PRESTO_PREPARED_STATEMENT, "query1=select * from foo,query2=select * from bar").put(PRESTO_ROLE, "foo_connector=ALL").put(PRESTO_ROLE, "bar_connector=NONE").put(PRESTO_ROLE, "foobar_connector=ROLE{role}").put(PRESTO_EXTRA_CREDENTIAL, "test.token.foo=bar").put(PRESTO_EXTRA_CREDENTIAL, "test.token.abc=xyz").build(), "testRemote");
HttpRequestSessionContext context = new HttpRequestSessionContext(request, user -> ImmutableSet.of(user));
assertEquals(context.getSource(), "testSource");
assertEquals(context.getCatalog(), "testCatalog");
assertEquals(context.getSchema(), "testSchema");
assertEquals(context.getPath(), "testPath");
assertEquals(context.getIdentity(), new Identity("testUser", Optional.empty()));
assertEquals(context.getClientInfo(), "client-info");
assertEquals(context.getLanguage(), "zh-TW");
assertEquals(context.getTimeZoneId(), "Asia/Taipei");
assertEquals(context.getSystemProperties(), ImmutableMap.of(QUERY_MAX_MEMORY, "1GB", JOIN_DISTRIBUTION_TYPE, "partitioned", HASH_PARTITION_COUNT, "43", "some_session_property", "some value with , comma"));
assertEquals(context.getPreparedStatements(), ImmutableMap.of("query1", "select * from foo", "query2", "select * from bar"));
assertEquals(context.getIdentity().getRoles(), ImmutableMap.of("foo_connector", new SelectedRole(SelectedRole.Type.ALL, Optional.empty()), "bar_connector", new SelectedRole(SelectedRole.Type.NONE, Optional.empty()), "foobar_connector", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("role"))));
assertEquals(context.getIdentity().getExtraCredentials(), ImmutableMap.of("test.token.foo", "bar", "test.token.abc", "xyz"));
assertEquals(context.getIdentity().getGroups(), ImmutableSet.of("testUser"));
}
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class AutoVacuumScanner method startVacuum.
private void startVacuum(Catalog catalog, String vacuumTable, boolean isFull) {
String catalogNameVacuumTable = catalog.getCatalogName() + "." + vacuumTable;
if (vacuumInProgressMap.containsKey(catalogNameVacuumTable)) {
log.debug("return Present in vacuumInProgressMap %s ", catalogNameVacuumTable);
return;
}
long attempts = 0;
QueryId queryId = dispatchManager.createQueryId();
String slug = "x" + randomUUID().toString().toLowerCase(ENGLISH).replace("-", "");
String vacuumQuery;
if (isFull) {
vacuumQuery = "vacuum table " + catalogNameVacuumTable + " full";
} else {
vacuumQuery = "vacuum table " + catalogNameVacuumTable;
}
Session.SessionBuilder sessionBuilder = Session.builder(sessionPropertyManager).setQueryId(queryId).setIdentity(new Identity("openLooKeng", Optional.empty())).setSource("auto-vacuum");
Session session = sessionBuilder.build();
AutoVacuumSessionContext sessionContext = new AutoVacuumSessionContext(session);
vacuumInProgressMap.put(catalogNameVacuumTable, System.currentTimeMillis());
log.debug("Query.create queryId %s catalogNameVacuumTable: %s ", queryId.toString(), catalogNameVacuumTable);
ListenableFuture<?> lf = waitForDispatched(queryId, slug, sessionContext, vacuumQuery);
Futures.addCallback(lf, new FutureCallback<Object>() {
@Override
public void onSuccess(@Nullable Object result) {
try {
DispatchQuery dispatchQuery = dispatchManager.getQuery(queryId);
dispatchQuery.addStateChangeListener((state) -> {
Query query = getQuery(queryId, slug);
if ((null != query) && (!dispatchManager.getQueryInfo(queryId).getState().isDone())) {
query.waitForResults(attempts, Duration.valueOf("1s"), DataSize.valueOf("1MB"));
}
if (state.isDone()) {
log.debug("STATUS %s QueryID %s Query %s", state.name(), queryId.toString(), vacuumQuery);
vacuumInProgressMap.remove(catalogNameVacuumTable);
}
});
} catch (Throwable e) {
vacuumInProgressMap.remove(catalogNameVacuumTable);
log.error("Filed to execute vacuum for table %s QueryID %s", catalogNameVacuumTable, queryId.toString(), e.getMessage());
}
}
@Override
public void onFailure(Throwable t) {
vacuumInProgressMap.remove(catalogNameVacuumTable);
log.error("Query %s request to start vacuum scan failed at queryId[%s]: %s ", vacuumQuery, queryId, t.getMessage());
}
}, directExecutor());
}
Aggregations