use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestSessionPropertyDefaults method testApplyDefaultProperties.
@Test
public void testApplyDefaultProperties() {
SessionPropertyDefaults sessionPropertyDefaults = new SessionPropertyDefaults(TEST_NODE_INFO);
SessionPropertyConfigurationManagerFactory factory = new TestingSessionPropertyConfigurationManagerFactory(ImmutableMap.<String, String>builder().put(QUERY_MAX_MEMORY, "override").put("system_default", "system_default").build(), ImmutableMap.of("testCatalog", ImmutableMap.<String, String>builder().put("explicit_set", "override").put("catalog_default", "catalog_default").build()));
sessionPropertyDefaults.addConfigurationManagerFactory(factory);
sessionPropertyDefaults.setConfigurationManager(factory.getName(), ImmutableMap.of());
Session session = Session.builder(new SessionPropertyManager()).setQueryId(new QueryId("test_query_id")).setIdentity(new Identity("testUser", Optional.empty())).setSystemProperty(QUERY_MAX_MEMORY, "1GB").setSystemProperty(JOIN_DISTRIBUTION_TYPE, "partitioned").setSystemProperty(HASH_PARTITION_COUNT, "43").setCatalogSessionProperty("testCatalog", "explicit_set", "explicit_set").build();
assertEquals(session.getSystemProperties(), ImmutableMap.<String, String>builder().put(QUERY_MAX_MEMORY, "1GB").put(JOIN_DISTRIBUTION_TYPE, "partitioned").put(HASH_PARTITION_COUNT, "43").build());
assertEquals(session.getUnprocessedCatalogProperties(), ImmutableMap.of("testCatalog", ImmutableMap.<String, String>builder().put("explicit_set", "explicit_set").build()));
session = sessionPropertyDefaults.newSessionWithDefaultProperties(session, Optional.empty(), TEST_RESOURCE_GROUP_ID);
assertEquals(session.getSystemProperties(), ImmutableMap.<String, String>builder().put(QUERY_MAX_MEMORY, "1GB").put(JOIN_DISTRIBUTION_TYPE, "partitioned").put(HASH_PARTITION_COUNT, "43").put("system_default", "system_default").build());
assertEquals(session.getUnprocessedCatalogProperties(), ImmutableMap.of("testCatalog", ImmutableMap.<String, String>builder().put("explicit_set", "explicit_set").put("catalog_default", "catalog_default").build()));
}
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestAccessControlManager method testNoCatalogAccessControl.
@Test
public void testNoCatalogAccessControl() {
TransactionManager transactionManager = createTestTransactionManager();
AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
accessControlManager.addSystemAccessControlFactory(accessControlFactory);
accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanSelectFromColumns(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new QualifiedObjectName("catalog", "schema", "table"), ImmutableSet.of("column"));
});
}
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestAccessControlManager method testDenySystemAccessControl.
@Test(expectedExceptions = PrestoException.class, expectedExceptionsMessageRegExp = "Access Denied: Cannot select from table secured_catalog.schema.table")
public void testDenySystemAccessControl() {
CatalogManager catalogManager = new CatalogManager();
TransactionManager transactionManager = createTestTransactionManager(catalogManager);
AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
accessControlManager.addSystemAccessControlFactory(accessControlFactory);
accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
registerBogusConnector(catalogManager, transactionManager, accessControlManager, "connector");
accessControlManager.addCatalogAccessControl(new CatalogName("connector"), new DenyConnectorAccessControl());
transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanSelectFromColumns(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new QualifiedObjectName("secured_catalog", "schema", "table"), ImmutableSet.of("column"));
});
}
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class TestFileBasedSystemAccessControl method testCanImpersonateUserOperations.
@Test
public void testCanImpersonateUserOperations() {
TransactionManager transactionManager = createTestTransactionManager();
AccessControlManager accessControlManager = newAccessControlManager(transactionManager, "catalog_impersonation.json");
accessControlManager.checkCanImpersonateUser(new Identity("alice", Optional.empty()), "bob");
accessControlManager.checkCanImpersonateUser(new Identity("alice", Optional.empty()), "charlie");
try {
accessControlManager.checkCanImpersonateUser(new Identity("alice", Optional.empty()), "admin");
throw new AssertionError("expected AccessDeniedException");
} catch (AccessDeniedException expected) {
}
accessControlManager.checkCanImpersonateUser(new Identity("admin", Optional.empty()), "alice");
accessControlManager.checkCanImpersonateUser(new Identity("admin", Optional.empty()), "bob");
accessControlManager.checkCanImpersonateUser(new Identity("admin", Optional.empty()), "anything");
accessControlManager.checkCanImpersonateUser(new Identity("admin-other", Optional.empty()), "anything");
try {
accessControlManager.checkCanImpersonateUser(new Identity("admin-test", Optional.empty()), "alice");
throw new AssertionError("expected AccessDeniedException");
} catch (AccessDeniedException expected) {
}
try {
accessControlManager.checkCanImpersonateUser(new Identity("invalid", Optional.empty()), "alice");
throw new AssertionError("expected AccessDeniedException");
} catch (AccessDeniedException expected) {
}
accessControlManager.checkCanImpersonateUser(new Identity("anything", Optional.empty()), "test");
try {
accessControlManager.checkCanImpersonateUser(new Identity("invalid-other", Optional.empty()), "test");
throw new AssertionError("expected AccessDeniedException");
} catch (AccessDeniedException expected) {
}
accessControlManager = newAccessControlManager(transactionManager, "catalog_principal.json");
accessControlManager.checkCanImpersonateUser(new Identity("anything", Optional.empty()), "anythingElse");
}
use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.
the class SystemConnectorSessionUtil method toSession.
// this does not preserve any connector properties (for the system connector)
public static Session toSession(ConnectorTransactionHandle transactionHandle, ConnectorSession session) {
TransactionId transactionId = ((GlobalSystemTransactionHandle) transactionHandle).getTransactionId();
ConnectorIdentity connectorIdentity = session.getIdentity();
Identity identity = new Identity(connectorIdentity.getUser(), connectorIdentity.getPrincipal());
return Session.builder(new SessionPropertyManager(SYSTEM_SESSION_PROPERTIES)).setQueryId(new QueryId(session.getQueryId())).setTransactionId(transactionId).setCatalog("catalog").setSchema("schema").setPath(new SqlPath(Optional.of("path"))).setIdentity(identity).setTimeZoneKey(session.getTimeZoneKey()).setLocale(session.getLocale()).setStartTime(session.getStartTime()).build();
}
Aggregations