Search in sources :

Example 16 with Identity

use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.

the class TestSessionPropertyDefaults method testApplyDefaultProperties.

@Test
public void testApplyDefaultProperties() {
    SessionPropertyDefaults sessionPropertyDefaults = new SessionPropertyDefaults(TEST_NODE_INFO);
    SessionPropertyConfigurationManagerFactory factory = new TestingSessionPropertyConfigurationManagerFactory(ImmutableMap.<String, String>builder().put(QUERY_MAX_MEMORY, "override").put("system_default", "system_default").build(), ImmutableMap.of("testCatalog", ImmutableMap.<String, String>builder().put("explicit_set", "override").put("catalog_default", "catalog_default").build()));
    sessionPropertyDefaults.addConfigurationManagerFactory(factory);
    sessionPropertyDefaults.setConfigurationManager(factory.getName(), ImmutableMap.of());
    Session session = Session.builder(new SessionPropertyManager()).setQueryId(new QueryId("test_query_id")).setIdentity(new Identity("testUser", Optional.empty())).setSystemProperty(QUERY_MAX_MEMORY, "1GB").setSystemProperty(JOIN_DISTRIBUTION_TYPE, "partitioned").setSystemProperty(HASH_PARTITION_COUNT, "43").setCatalogSessionProperty("testCatalog", "explicit_set", "explicit_set").build();
    assertEquals(session.getSystemProperties(), ImmutableMap.<String, String>builder().put(QUERY_MAX_MEMORY, "1GB").put(JOIN_DISTRIBUTION_TYPE, "partitioned").put(HASH_PARTITION_COUNT, "43").build());
    assertEquals(session.getUnprocessedCatalogProperties(), ImmutableMap.of("testCatalog", ImmutableMap.<String, String>builder().put("explicit_set", "explicit_set").build()));
    session = sessionPropertyDefaults.newSessionWithDefaultProperties(session, Optional.empty(), TEST_RESOURCE_GROUP_ID);
    assertEquals(session.getSystemProperties(), ImmutableMap.<String, String>builder().put(QUERY_MAX_MEMORY, "1GB").put(JOIN_DISTRIBUTION_TYPE, "partitioned").put(HASH_PARTITION_COUNT, "43").put("system_default", "system_default").build());
    assertEquals(session.getUnprocessedCatalogProperties(), ImmutableMap.of("testCatalog", ImmutableMap.<String, String>builder().put("explicit_set", "explicit_set").put("catalog_default", "catalog_default").build()));
}
Also used : QueryId(io.prestosql.spi.QueryId) TestingSessionPropertyConfigurationManagerFactory(io.prestosql.spi.session.TestingSessionPropertyConfigurationManagerFactory) SessionPropertyManager(io.prestosql.metadata.SessionPropertyManager) SessionPropertyConfigurationManagerFactory(io.prestosql.spi.session.SessionPropertyConfigurationManagerFactory) TestingSessionPropertyConfigurationManagerFactory(io.prestosql.spi.session.TestingSessionPropertyConfigurationManagerFactory) Identity(io.prestosql.spi.security.Identity) Session(io.prestosql.Session) Test(org.testng.annotations.Test)

Example 17 with Identity

use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.

the class TestAccessControlManager method testNoCatalogAccessControl.

@Test
public void testNoCatalogAccessControl() {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
    TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
    accessControlManager.addSystemAccessControlFactory(accessControlFactory);
    accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanSelectFromColumns(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new QualifiedObjectName("catalog", "schema", "table"), ImmutableSet.of("column"));
    });
}
Also used : TransactionManager(io.prestosql.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.prestosql.transaction.InMemoryTransactionManager.createTestTransactionManager) ConnectorIdentity(io.prestosql.spi.security.ConnectorIdentity) Identity(io.prestosql.spi.security.Identity) QualifiedObjectName(io.prestosql.spi.connector.QualifiedObjectName) Test(org.testng.annotations.Test)

Example 18 with Identity

use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.

the class TestAccessControlManager method testDenySystemAccessControl.

@Test(expectedExceptions = PrestoException.class, expectedExceptionsMessageRegExp = "Access Denied: Cannot select from table secured_catalog.schema.table")
public void testDenySystemAccessControl() {
    CatalogManager catalogManager = new CatalogManager();
    TransactionManager transactionManager = createTestTransactionManager(catalogManager);
    AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
    TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
    accessControlManager.addSystemAccessControlFactory(accessControlFactory);
    accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
    registerBogusConnector(catalogManager, transactionManager, accessControlManager, "connector");
    accessControlManager.addCatalogAccessControl(new CatalogName("connector"), new DenyConnectorAccessControl());
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanSelectFromColumns(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new QualifiedObjectName("secured_catalog", "schema", "table"), ImmutableSet.of("column"));
    });
}
Also used : TransactionManager(io.prestosql.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.prestosql.transaction.InMemoryTransactionManager.createTestTransactionManager) CatalogName.createSystemTablesCatalogName(io.prestosql.spi.connector.CatalogName.createSystemTablesCatalogName) CatalogName.createInformationSchemaCatalogName(io.prestosql.spi.connector.CatalogName.createInformationSchemaCatalogName) CatalogName(io.prestosql.spi.connector.CatalogName) ConnectorIdentity(io.prestosql.spi.security.ConnectorIdentity) Identity(io.prestosql.spi.security.Identity) CatalogManager(io.prestosql.metadata.CatalogManager) QualifiedObjectName(io.prestosql.spi.connector.QualifiedObjectName) Test(org.testng.annotations.Test)

Example 19 with Identity

use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.

the class TestFileBasedSystemAccessControl method testCanImpersonateUserOperations.

@Test
public void testCanImpersonateUserOperations() {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = newAccessControlManager(transactionManager, "catalog_impersonation.json");
    accessControlManager.checkCanImpersonateUser(new Identity("alice", Optional.empty()), "bob");
    accessControlManager.checkCanImpersonateUser(new Identity("alice", Optional.empty()), "charlie");
    try {
        accessControlManager.checkCanImpersonateUser(new Identity("alice", Optional.empty()), "admin");
        throw new AssertionError("expected AccessDeniedException");
    } catch (AccessDeniedException expected) {
    }
    accessControlManager.checkCanImpersonateUser(new Identity("admin", Optional.empty()), "alice");
    accessControlManager.checkCanImpersonateUser(new Identity("admin", Optional.empty()), "bob");
    accessControlManager.checkCanImpersonateUser(new Identity("admin", Optional.empty()), "anything");
    accessControlManager.checkCanImpersonateUser(new Identity("admin-other", Optional.empty()), "anything");
    try {
        accessControlManager.checkCanImpersonateUser(new Identity("admin-test", Optional.empty()), "alice");
        throw new AssertionError("expected AccessDeniedException");
    } catch (AccessDeniedException expected) {
    }
    try {
        accessControlManager.checkCanImpersonateUser(new Identity("invalid", Optional.empty()), "alice");
        throw new AssertionError("expected AccessDeniedException");
    } catch (AccessDeniedException expected) {
    }
    accessControlManager.checkCanImpersonateUser(new Identity("anything", Optional.empty()), "test");
    try {
        accessControlManager.checkCanImpersonateUser(new Identity("invalid-other", Optional.empty()), "test");
        throw new AssertionError("expected AccessDeniedException");
    } catch (AccessDeniedException expected) {
    }
    accessControlManager = newAccessControlManager(transactionManager, "catalog_principal.json");
    accessControlManager.checkCanImpersonateUser(new Identity("anything", Optional.empty()), "anythingElse");
}
Also used : AccessDeniedException(io.prestosql.spi.security.AccessDeniedException) TransactionManager(io.prestosql.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.prestosql.transaction.InMemoryTransactionManager.createTestTransactionManager) Identity(io.prestosql.spi.security.Identity) Test(org.testng.annotations.Test)

Example 20 with Identity

use of io.prestosql.spi.security.Identity in project hetu-core by openlookeng.

the class SystemConnectorSessionUtil method toSession.

// this does not preserve any connector properties (for the system connector)
public static Session toSession(ConnectorTransactionHandle transactionHandle, ConnectorSession session) {
    TransactionId transactionId = ((GlobalSystemTransactionHandle) transactionHandle).getTransactionId();
    ConnectorIdentity connectorIdentity = session.getIdentity();
    Identity identity = new Identity(connectorIdentity.getUser(), connectorIdentity.getPrincipal());
    return Session.builder(new SessionPropertyManager(SYSTEM_SESSION_PROPERTIES)).setQueryId(new QueryId(session.getQueryId())).setTransactionId(transactionId).setCatalog("catalog").setSchema("schema").setPath(new SqlPath(Optional.of("path"))).setIdentity(identity).setTimeZoneKey(session.getTimeZoneKey()).setLocale(session.getLocale()).setStartTime(session.getStartTime()).build();
}
Also used : SqlPath(io.prestosql.sql.SqlPath) QueryId(io.prestosql.spi.QueryId) SessionPropertyManager(io.prestosql.metadata.SessionPropertyManager) ConnectorIdentity(io.prestosql.spi.security.ConnectorIdentity) ConnectorIdentity(io.prestosql.spi.security.ConnectorIdentity) Identity(io.prestosql.spi.security.Identity) TransactionId(io.prestosql.transaction.TransactionId)

Aggregations

Identity (io.prestosql.spi.security.Identity)24 Test (org.testng.annotations.Test)19 Session (io.prestosql.Session)14 ConnectorSession (io.prestosql.spi.connector.ConnectorSession)7 QualifiedObjectName (io.prestosql.spi.connector.QualifiedObjectName)7 ConnectorIdentity (io.prestosql.spi.security.ConnectorIdentity)6 SelectedRole (io.prestosql.spi.security.SelectedRole)6 AbstractTestIntegrationSmokeTest (io.prestosql.tests.AbstractTestIntegrationSmokeTest)6 InMemoryTransactionManager.createTestTransactionManager (io.prestosql.transaction.InMemoryTransactionManager.createTestTransactionManager)6 TransactionManager (io.prestosql.transaction.TransactionManager)6 CatalogManager (io.prestosql.metadata.CatalogManager)4 CatalogName (io.prestosql.spi.connector.CatalogName)4 CatalogName.createInformationSchemaCatalogName (io.prestosql.spi.connector.CatalogName.createInformationSchemaCatalogName)4 CatalogName.createSystemTablesCatalogName (io.prestosql.spi.connector.CatalogName.createSystemTablesCatalogName)4 SessionPropertyManager (io.prestosql.metadata.SessionPropertyManager)3 ViewExpression (io.prestosql.spi.security.ViewExpression)3 QueryId (io.prestosql.spi.QueryId)2 CatalogSchemaTableName (io.prestosql.spi.connector.CatalogSchemaTableName)2 SchemaTableName (io.prestosql.spi.connector.SchemaTableName)2 SqlPath (io.prestosql.sql.SqlPath)2