use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestHiveIntegrationSmokeTest method testSchemaOperations.
@Test
public void testSchemaOperations() {
Session admin = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("hive", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("admin"))))).build();
assertUpdate(admin, "CREATE SCHEMA new_schema");
assertUpdate(admin, "CREATE TABLE new_schema.test (x bigint)");
assertQueryFails(admin, "DROP SCHEMA new_schema", "Schema not empty: new_schema");
assertUpdate(admin, "DROP TABLE new_schema.test");
assertUpdate(admin, "DROP SCHEMA new_schema");
}
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestHiveIntegrationSmokeTest method testCurrentUserInView.
@Test
public void testCurrentUserInView() {
checkState(getSession().getCatalog().isPresent(), "catalog is not set");
checkState(getSession().getSchema().isPresent(), "schema is not set");
String testAccountsUnqualifiedName = "test_accounts";
String testAccountsViewUnqualifiedName = "test_accounts_view";
String testAccountsViewFullyQualifiedName = format("%s.%s.%s", getSession().getCatalog().get(), getSession().getSchema().get(), testAccountsViewUnqualifiedName);
assertUpdate(format("CREATE TABLE %s AS SELECT user_name, account_name" + " FROM (VALUES ('user1', 'account1'), ('user2', 'account2'))" + " t (user_name, account_name)", testAccountsUnqualifiedName), 2);
assertUpdate(format("CREATE VIEW %s AS SELECT account_name FROM test_accounts WHERE user_name = CURRENT_USER", testAccountsViewUnqualifiedName));
assertUpdate(format("GRANT SELECT ON %s TO user1", testAccountsViewFullyQualifiedName));
assertUpdate(format("GRANT SELECT ON %s TO user2", testAccountsViewFullyQualifiedName));
Session user1 = testSessionBuilder().setCatalog(getSession().getCatalog().get()).setSchema(getSession().getSchema().get()).setIdentity(new Identity("user1", getSession().getIdentity().getPrincipal())).build();
Session user2 = testSessionBuilder().setCatalog(getSession().getCatalog().get()).setSchema(getSession().getSchema().get()).setIdentity(new Identity("user2", getSession().getIdentity().getPrincipal())).build();
assertQuery(user1, "SELECT account_name FROM test_accounts_view", "VALUES 'account1'");
assertQuery(user2, "SELECT account_name FROM test_accounts_view", "VALUES 'account2'");
assertUpdate("DROP VIEW test_accounts_view");
assertUpdate("DROP TABLE test_accounts");
}
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestAccessControlManager method testReadOnlySystemAccessControl.
@Test
public void testReadOnlySystemAccessControl() {
Identity identity = new Identity(USER_NAME, Optional.of(PRINCIPAL));
QualifiedObjectName tableName = new QualifiedObjectName("catalog", "schema", "table");
TransactionManager transactionManager = createTestTransactionManager();
AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
accessControlManager.setSystemAccessControl(ReadOnlySystemAccessControl.NAME, ImmutableMap.of());
accessControlManager.checkCanSetUser(Optional.of(PRINCIPAL), USER_NAME);
accessControlManager.checkCanSetSystemSessionProperty(identity, "property");
transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanSetCatalogSessionProperty(transactionId, identity, "catalog", "property");
accessControlManager.checkCanShowSchemas(transactionId, identity, "catalog");
accessControlManager.checkCanShowTablesMetadata(transactionId, identity, new CatalogSchemaName("catalog", "schema"));
accessControlManager.checkCanSelectFromColumns(transactionId, identity, tableName, ImmutableSet.of("column"));
accessControlManager.checkCanCreateViewWithSelectFromColumns(transactionId, identity, tableName, ImmutableSet.of("column"));
Set<String> catalogs = ImmutableSet.of("catalog");
assertEquals(accessControlManager.filterCatalogs(identity, catalogs), catalogs);
Set<String> schemas = ImmutableSet.of("schema");
assertEquals(accessControlManager.filterSchemas(transactionId, identity, "catalog", schemas), schemas);
Set<SchemaTableName> tableNames = ImmutableSet.of(new SchemaTableName("schema", "table"));
assertEquals(accessControlManager.filterTables(transactionId, identity, "catalog", tableNames), tableNames);
});
try {
transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanInsertIntoTable(transactionId, identity, tableName);
});
fail();
} catch (AccessDeniedException expected) {
}
}
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestAccessControlManager method testDenyCatalogAccessControl.
@Test(expectedExceptions = PrestoException.class, expectedExceptionsMessageRegExp = "Access Denied: Cannot select from columns \\[column\\] in table or view schema.table")
public void testDenyCatalogAccessControl() {
CatalogManager catalogManager = new CatalogManager();
TransactionManager transactionManager = createTestTransactionManager(catalogManager);
AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
accessControlManager.addSystemAccessControlFactory(accessControlFactory);
accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
CatalogName catalogName = registerBogusConnector(catalogManager, transactionManager, accessControlManager, "catalog");
accessControlManager.addCatalogAccessControl(catalogName, new DenyConnectorAccessControl());
transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanSelectFromColumns(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new QualifiedObjectName("catalog", "schema", "table"), ImmutableSet.of("column"));
});
}
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestAccessControlManager method testColumnMaskOrdering.
@Test
public void testColumnMaskOrdering() {
CatalogManager catalogManager = new CatalogManager();
TransactionManager transactionManager = createTestTransactionManager(catalogManager);
AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
accessControlManager.addSystemAccessControlFactory(new SystemAccessControlFactory() {
@Override
public String getName() {
return "test";
}
@Override
public SystemAccessControl create(Map<String, String> config) {
return new SystemAccessControl() {
@Override
public void checkCanSetUser(Optional<Principal> principal, String userName) {
}
@Override
public void checkCanImpersonateUser(Identity identity, String propertyName) {
}
@Override
public void checkCanSetSystemSessionProperty(Identity identity, String propertyName) {
}
@Override
public Optional<ViewExpression> getColumnMask(Identity identity, CatalogSchemaTableName tableName, String columnName, Type type) {
return Optional.of(new ViewExpression("user", Optional.empty(), Optional.empty(), "system mask"));
}
};
}
});
accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
CatalogName catalogName = registerBogusConnector(catalogManager, transactionManager, accessControlManager, "catalog");
accessControlManager.addCatalogAccessControl(catalogName, new ConnectorAccessControl() {
@Override
public Optional<ViewExpression> getColumnMask(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName, String columnName, Type type) {
return Optional.of(new ViewExpression("user", Optional.empty(), Optional.empty(), "connector mask"));
}
});
transaction(transactionManager, accessControlManager).execute(transactionId -> {
List<ViewExpression> masks = accessControlManager.getColumnMasks(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new QualifiedObjectName("catalog", "schema", "table"), "column", BIGINT);
assertEquals(masks.get(0).getExpression(), "connector mask");
assertEquals(masks.get(1).getExpression(), "system mask");
});
}
Aggregations