Examples with Identity io.prestosql.spi.security.Identity used on opensource projects

Search in sources :

Example 11 with Identity

use of io.prestosql.spi.security.Identity in project boostkit-bigdata by kunpengcompute.

the class TestHiveRoles method testSetRole.

@Test
public void testSetRole() {
    executeFromAdmin("CREATE ROLE set_role_1");
    executeFromAdmin("CREATE ROLE set_role_2");
    executeFromAdmin("CREATE ROLE set_role_3");
    executeFromAdmin("CREATE ROLE set_role_4");
    executeFromAdmin("GRANT set_role_1 TO USER set_user_1");
    executeFromAdmin("GRANT set_role_2 TO ROLE set_role_1");
    executeFromAdmin("GRANT set_role_3 TO ROLE set_role_2");
    Session unsetRole = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty())).build();
    Session setRoleAll = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ALL, Optional.empty())))).build();
    Session setRoleNone = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.NONE, Optional.empty())))).build();
    Session setRole1 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_1"))))).build();
    Session setRole2 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_2"))))).build();
    Session setRole3 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_3"))))).build();
    Session setRole4 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of("hive", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_4"))))).build();
    MaterializedResult actual = getQueryRunner().execute(unsetRole, "SELECT * FROM hive.information_schema.applicable_roles");
    MaterializedResult expected = MaterializedResult.resultBuilder(unsetRole, createUnboundedVarcharType(), createUnboundedVarcharType(), createUnboundedVarcharType(), createUnboundedVarcharType()).row("set_user_1", "USER", "public", "NO").row("set_user_1", "USER", "set_role_1", "NO").row("set_role_1", "ROLE", "set_role_2", "NO").row("set_role_2", "ROLE", "set_role_3", "NO").build();
    assertEqualsIgnoreOrder(actual, expected);
    actual = getQueryRunner().execute(unsetRole, "SELECT * FROM hive.information_schema.enabled_roles");
    expected = MaterializedResult.resultBuilder(unsetRole, createUnboundedVarcharType()).row("public").row("set_role_1").row("set_role_2").row("set_role_3").build();
    assertEqualsIgnoreOrder(actual, expected);
    actual = getQueryRunner().execute(setRoleAll, "SELECT * FROM hive.information_schema.enabled_roles");
    expected = MaterializedResult.resultBuilder(setRoleAll, createUnboundedVarcharType()).row("public").row("set_role_1").row("set_role_2").row("set_role_3").build();
    assertEqualsIgnoreOrder(actual, expected);
    actual = getQueryRunner().execute(setRoleNone, "SELECT * FROM hive.information_schema.enabled_roles");
    expected = MaterializedResult.resultBuilder(setRoleNone, createUnboundedVarcharType()).row("public").build();
    assertEqualsIgnoreOrder(actual, expected);
    actual = getQueryRunner().execute(setRole1, "SELECT * FROM hive.information_schema.enabled_roles");
    expected = MaterializedResult.resultBuilder(setRole1, createUnboundedVarcharType()).row("public").row("set_role_1").row("set_role_2").row("set_role_3").build();
    assertEqualsIgnoreOrder(actual, expected);
    actual = getQueryRunner().execute(setRole2, "SELECT * FROM hive.information_schema.enabled_roles");
    expected = MaterializedResult.resultBuilder(setRole2, createUnboundedVarcharType()).row("public").row("set_role_2").row("set_role_3").build();
    assertEqualsIgnoreOrder(actual, expected);
    actual = getQueryRunner().execute(setRole3, "SELECT * FROM hive.information_schema.enabled_roles");
    expected = MaterializedResult.resultBuilder(setRole3, createUnboundedVarcharType()).row("public").row("set_role_3").build();
    assertEqualsIgnoreOrder(actual, expected);
    assertQueryFails(setRole4, "SELECT * FROM hive.information_schema.enabled_roles", ".*?Cannot set role set_role_4");
    executeFromAdmin("DROP ROLE set_role_1");
    executeFromAdmin("DROP ROLE set_role_2");
    executeFromAdmin("DROP ROLE set_role_3");
    executeFromAdmin("DROP ROLE set_role_4");
}
Also used : SelectedRole(io.prestosql.spi.security.SelectedRole) Identity(io.prestosql.spi.security.Identity) MaterializedResult(io.prestosql.testing.MaterializedResult) Session(io.prestosql.Session) Test(org.testng.annotations.Test)

Example 12 with Identity

use of io.prestosql.spi.security.Identity in project boostkit-bigdata by kunpengcompute.

the class TestHiveIntegrationSmokeTest method testCurrentUserInView.

@Test
public void testCurrentUserInView() {
    checkState(getSession().getCatalog().isPresent(), "catalog is not set");
    checkState(getSession().getSchema().isPresent(), "schema is not set");
    String testAccountsUnqualifiedName = "test_accounts";
    String testAccountsViewUnqualifiedName = "test_accounts_view";
    String testAccountsViewFullyQualifiedName = format("%s.%s.%s", getSession().getCatalog().get(), getSession().getSchema().get(), testAccountsViewUnqualifiedName);
    assertUpdate(format("CREATE TABLE %s AS SELECT user_name, account_name" + "  FROM (VALUES ('user1', 'account1'), ('user2', 'account2'))" + "  t (user_name, account_name)", testAccountsUnqualifiedName), 2);
    assertUpdate(format("CREATE VIEW %s AS SELECT account_name FROM test_accounts WHERE user_name = CURRENT_USER", testAccountsViewUnqualifiedName));
    assertUpdate(format("GRANT SELECT ON %s TO user1", testAccountsViewFullyQualifiedName));
    assertUpdate(format("GRANT SELECT ON %s TO user2", testAccountsViewFullyQualifiedName));
    Session user1 = testSessionBuilder().setCatalog(getSession().getCatalog().get()).setSchema(getSession().getSchema().get()).setIdentity(new Identity("user1", getSession().getIdentity().getPrincipal())).build();
    Session user2 = testSessionBuilder().setCatalog(getSession().getCatalog().get()).setSchema(getSession().getSchema().get()).setIdentity(new Identity("user2", getSession().getIdentity().getPrincipal())).build();
    assertQuery(user1, "SELECT account_name FROM test_accounts_view", "VALUES 'account1'");
    assertQuery(user2, "SELECT account_name FROM test_accounts_view", "VALUES 'account2'");
    assertUpdate("DROP VIEW test_accounts_view");
    assertUpdate("DROP TABLE test_accounts");
}
Also used : Identity(io.prestosql.spi.security.Identity) Session(io.prestosql.Session) ConnectorSession(io.prestosql.spi.connector.ConnectorSession) Test(org.testng.annotations.Test) AbstractTestIntegrationSmokeTest(io.prestosql.tests.AbstractTestIntegrationSmokeTest)

Example 13 with Identity

use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.

the class AccessControlUtil method checkCanImpersonateUser.

public static void checkCanImpersonateUser(AccessControl accessControl, SessionContext sessionContext) {
    Identity identity = sessionContext.getIdentity();
    // authenticated identity is not present for HTTP or authentication is not setup
    sessionContext.getAuthenticatedIdentity().ifPresent(authenticatedIdentity -> {
        // only check impersonation is authenticated user is not the same as the explicitly set user
        if (!authenticatedIdentity.getUser().equals(identity.getUser())) {
            accessControl.checkCanImpersonateUser(authenticatedIdentity, identity.getUser());
        }
    });
}
Also used : Identity(io.prestosql.spi.security.Identity)

Example 14 with Identity

use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.

the class TestHiveIntegrationSmokeTest method testShowColumnMetadata.

@Test
public void testShowColumnMetadata() {
    String tableName = "test_show_column_table";
    @Language("SQL") String createTable = "CREATE TABLE " + tableName + " (a bigint, b varchar, c double)";
    Session testSession = testSessionBuilder().setIdentity(new Identity("test_access_owner", Optional.empty())).setCatalog(getSession().getCatalog().get()).setSchema(getSession().getSchema().get()).build();
    assertUpdate(createTable);
    // verify showing columns over a table requires SELECT privileges for the table
    assertAccessAllowed("SHOW COLUMNS FROM " + tableName);
    assertAccessDenied(testSession, "SHOW COLUMNS FROM " + tableName, "Cannot show columns of table .*." + tableName + ".*", privilege(tableName, SELECT_COLUMN));
    @Language("SQL") String getColumnsSql = "" + "SELECT lower(column_name) " + "FROM information_schema.columns " + "WHERE table_name = '" + tableName + "'";
    assertEquals(computeActual(getColumnsSql).getOnlyColumnAsSet(), ImmutableSet.of("a", "b", "c"));
    // verify with no SELECT privileges on table, querying information_schema will return empty columns
    executeExclusively(() -> {
        try {
            getQueryRunner().getAccessControl().deny(privilege(tableName, SELECT_COLUMN));
            assertQueryReturnsEmptyResult(testSession, getColumnsSql);
        } finally {
            getQueryRunner().getAccessControl().reset();
        }
    });
    assertUpdate("DROP TABLE " + tableName);
}
Also used : Language(org.intellij.lang.annotations.Language) Identity(io.prestosql.spi.security.Identity) Session(io.prestosql.Session) ConnectorSession(io.prestosql.spi.connector.ConnectorSession) Test(org.testng.annotations.Test) AbstractTestIntegrationSmokeTest(io.prestosql.tests.AbstractTestIntegrationSmokeTest)

Example 15 with Identity

use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.

the class Session method beginTransactionId.

public Session beginTransactionId(TransactionId transactionId, TransactionManager transactionManager, AccessControl accessControl) {
    requireNonNull(transactionId, "transactionId is null");
    checkArgument(!this.transactionId.isPresent(), "Session already has an active transaction");
    requireNonNull(transactionManager, "transactionManager is null");
    requireNonNull(accessControl, "accessControl is null");
    for (Entry<String, String> property : systemProperties.entrySet()) {
        // verify permissions
        accessControl.checkCanSetSystemSessionProperty(identity, property.getKey());
        // validate session property value
        sessionPropertyManager.validateSystemSessionProperty(property.getKey(), property.getValue());
    }
    // Now that there is a transaction, the catalog name can be resolved to a connector, and the catalog properties can be validated
    ImmutableMap.Builder<CatalogName, Map<String, String>> connProperties = ImmutableMap.builder();
    for (Entry<String, Map<String, String>> catalogEntry : unprocessedCatalogProperties.entrySet()) {
        String catalogName = catalogEntry.getKey();
        Map<String, String> catalogProperties = catalogEntry.getValue();
        if (catalogProperties.isEmpty()) {
            continue;
        }
        CatalogName tmpCatalog = transactionManager.getOptionalCatalogMetadata(transactionId, catalogName).orElseThrow(() -> new PrestoException(NOT_FOUND, "Session property catalog does not exist: " + catalogName)).getCatalogName();
        for (Entry<String, String> property : catalogProperties.entrySet()) {
            // verify permissions
            accessControl.checkCanSetCatalogSessionProperty(transactionId, identity, catalogName, property.getKey());
            // validate session property value
            sessionPropertyManager.validateCatalogSessionProperty(tmpCatalog, catalogName, property.getKey(), property.getValue());
        }
        connProperties.put(tmpCatalog, catalogProperties);
    }
    ImmutableMap.Builder<String, SelectedRole> roles = ImmutableMap.builder();
    for (Entry<String, SelectedRole> entry : identity.getRoles().entrySet()) {
        String catalogName = entry.getKey();
        SelectedRole role = entry.getValue();
        CatalogName tmpCatalog = transactionManager.getOptionalCatalogMetadata(transactionId, catalogName).orElseThrow(() -> new PrestoException(NOT_FOUND, "Catalog does not exist: " + catalogName)).getCatalogName();
        if (role.getType() == SelectedRole.Type.ROLE) {
            accessControl.checkCanSetRole(transactionId, identity, role.getRole().get(), catalogName);
        }
        roles.put(tmpCatalog.getCatalogName(), role);
        String informationSchemaCatalogName = createInformationSchemaCatalogName(tmpCatalog).getCatalogName();
        if (transactionManager.getCatalogNames(transactionId).containsKey(informationSchemaCatalogName)) {
            roles.put(informationSchemaCatalogName, role);
        }
        String systemTablesCatalogName = createSystemTablesCatalogName(tmpCatalog).getCatalogName();
        if (transactionManager.getCatalogNames(transactionId).containsKey(systemTablesCatalogName)) {
            roles.put(systemTablesCatalogName, role);
        }
    }
    return new Session(queryId, Optional.of(transactionId), clientTransactionSupport, new Identity(identity.getUser(), identity.getGroups(), identity.getPrincipal(), roles.build(), identity.getExtraCredentials()), source, catalog, schema, path, traceToken, timeZoneKey, locale, remoteUserAddress, userAgent, clientInfo, clientTags, clientCapabilities, resourceEstimates, startTime, systemProperties, connProperties.build(), ImmutableMap.of(), sessionPropertyManager, preparedStatements, pageMetadataEnabled);
}
Also used : SelectedRole(io.prestosql.spi.security.SelectedRole) PrestoException(io.prestosql.spi.PrestoException) ImmutableMap(com.google.common.collect.ImmutableMap) CatalogName.createSystemTablesCatalogName(io.prestosql.spi.connector.CatalogName.createSystemTablesCatalogName) CatalogName.createInformationSchemaCatalogName(io.prestosql.spi.connector.CatalogName.createInformationSchemaCatalogName) CatalogName(io.prestosql.spi.connector.CatalogName) Identity(io.prestosql.spi.security.Identity) HashMap(java.util.HashMap) Map(java.util.Map) ImmutableMap(com.google.common.collect.ImmutableMap) ConnectorSession(io.prestosql.spi.connector.ConnectorSession)

Aggregations

Identity (io.prestosql.spi.security.Identity)24 Test (org.testng.annotations.Test)19 Session (io.prestosql.Session)14 ConnectorSession (io.prestosql.spi.connector.ConnectorSession)7 QualifiedObjectName (io.prestosql.spi.connector.QualifiedObjectName)7 ConnectorIdentity (io.prestosql.spi.security.ConnectorIdentity)6 SelectedRole (io.prestosql.spi.security.SelectedRole)6 AbstractTestIntegrationSmokeTest (io.prestosql.tests.AbstractTestIntegrationSmokeTest)6 InMemoryTransactionManager.createTestTransactionManager (io.prestosql.transaction.InMemoryTransactionManager.createTestTransactionManager)6 TransactionManager (io.prestosql.transaction.TransactionManager)6 CatalogManager (io.prestosql.metadata.CatalogManager)4 CatalogName (io.prestosql.spi.connector.CatalogName)4 CatalogName.createInformationSchemaCatalogName (io.prestosql.spi.connector.CatalogName.createInformationSchemaCatalogName)4 CatalogName.createSystemTablesCatalogName (io.prestosql.spi.connector.CatalogName.createSystemTablesCatalogName)4 SessionPropertyManager (io.prestosql.metadata.SessionPropertyManager)3 ViewExpression (io.prestosql.spi.security.ViewExpression)3 QueryId (io.prestosql.spi.QueryId)2 CatalogSchemaTableName (io.prestosql.spi.connector.CatalogSchemaTableName)2 SchemaTableName (io.prestosql.spi.connector.SchemaTableName)2 SqlPath (io.prestosql.sql.SqlPath)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial