Search in sources :

Example 1 with Privilege

use of io.prestosql.spi.security.Privilege in project hetu-core by openlookeng.

the class RevokeTask method execute.

@Override
public ListenableFuture<?> execute(Revoke statement, TransactionManager transactionManager, Metadata metadata, AccessControl accessControl, QueryStateMachine stateMachine, List<Expression> parameters, HeuristicIndexerManager heuristicIndexerManager) {
    Session session = stateMachine.getSession();
    QualifiedObjectName tableName = createQualifiedObjectName(session, statement, statement.getTableName());
    Optional<TableHandle> tableHandle = metadata.getTableHandle(session, tableName);
    if (!tableHandle.isPresent()) {
        throw new SemanticException(MISSING_TABLE, statement, "Table '%s' does not exist", tableName);
    }
    Set<Privilege> privileges;
    if (statement.getPrivileges().isPresent()) {
        privileges = statement.getPrivileges().get().stream().map(privilege -> parsePrivilege(statement, privilege)).collect(toImmutableSet());
    } else {
        // All privileges
        privileges = EnumSet.allOf(Privilege.class);
    }
    // verify current identity has permissions to revoke permissions
    for (Privilege privilege : privileges) {
        accessControl.checkCanRevokeTablePrivilege(session.getRequiredTransactionId(), session.getIdentity(), privilege, tableName, createPrincipal(statement.getGrantee()), statement.isGrantOptionFor());
    }
    metadata.revokeTablePrivileges(session, tableName, privileges, createPrincipal(statement.getGrantee()), statement.isGrantOptionFor());
    return immediateFuture(null);
}
Also used : TableHandle(io.prestosql.spi.metadata.TableHandle) Privilege(io.prestosql.spi.security.Privilege) QualifiedObjectName(io.prestosql.spi.connector.QualifiedObjectName) MetadataUtil.createQualifiedObjectName(io.prestosql.metadata.MetadataUtil.createQualifiedObjectName) Session(io.prestosql.Session) SemanticException(io.prestosql.sql.analyzer.SemanticException)

Example 2 with Privilege

use of io.prestosql.spi.security.Privilege in project hetu-core by openlookeng.

the class GrantTask method execute.

@Override
public ListenableFuture<?> execute(Grant statement, TransactionManager transactionManager, Metadata metadata, AccessControl accessControl, QueryStateMachine stateMachine, List<Expression> parameters, HeuristicIndexerManager heuristicIndexerManager) {
    Session session = stateMachine.getSession();
    QualifiedObjectName tableName = createQualifiedObjectName(session, statement, statement.getTableName());
    Optional<TableHandle> tableHandle = metadata.getTableHandle(session, tableName);
    if (!tableHandle.isPresent()) {
        throw new SemanticException(MISSING_TABLE, statement, "Table '%s' does not exist", tableName);
    }
    Set<Privilege> privileges;
    if (statement.getPrivileges().isPresent()) {
        privileges = statement.getPrivileges().get().stream().map(privilege -> parsePrivilege(statement, privilege)).collect(toImmutableSet());
    } else {
        // All privileges
        privileges = EnumSet.allOf(Privilege.class);
    }
    // verify current identity has permissions to grant permissions
    for (Privilege privilege : privileges) {
        accessControl.checkCanGrantTablePrivilege(session.getRequiredTransactionId(), session.getIdentity(), privilege, tableName, createPrincipal(statement.getGrantee()), statement.isWithGrantOption());
    }
    metadata.grantTablePrivileges(session, tableName, privileges, createPrincipal(statement.getGrantee()), statement.isWithGrantOption());
    return immediateFuture(null);
}
Also used : TableHandle(io.prestosql.spi.metadata.TableHandle) Privilege(io.prestosql.spi.security.Privilege) QualifiedObjectName(io.prestosql.spi.connector.QualifiedObjectName) MetadataUtil.createQualifiedObjectName(io.prestosql.metadata.MetadataUtil.createQualifiedObjectName) Session(io.prestosql.Session) SemanticException(io.prestosql.sql.analyzer.SemanticException)

Example 3 with Privilege

use of io.prestosql.spi.security.Privilege in project hetu-core by openlookeng.

the class SqlStandardAccessControlMetadata method revokeTablePrivileges.

@Override
public void revokeTablePrivileges(ConnectorSession session, SchemaTableName schemaTableName, Set<Privilege> privileges, HivePrincipal grantee, boolean grantOption) {
    String schemaName = schemaTableName.getSchemaName();
    String tableName = schemaTableName.getTableName();
    Set<HivePrivilegeInfo> hivePrivilegeInfos = privileges.stream().map(privilege -> new HivePrivilegeInfo(toHivePrivilege(privilege), grantOption, new HivePrincipal(USER, session.getUser()), new HivePrincipal(USER, session.getUser()))).collect(toSet());
    metastore.revokeTablePrivileges(schemaName, tableName, grantee, hivePrivilegeInfos);
}
Also used : ALREADY_EXISTS(io.prestosql.spi.StandardErrorCode.ALREADY_EXISTS) PrestoException(io.prestosql.spi.PrestoException) ImmutableSet(com.google.common.collect.ImmutableSet) HivePrivilegeInfo.toHivePrivilege(io.prestosql.plugin.hive.metastore.HivePrivilegeInfo.toHivePrivilege) ThriftMetastoreUtil.listEnabledPrincipals(io.prestosql.plugin.hive.metastore.thrift.ThriftMetastoreUtil.listEnabledPrincipals) GrantInfo(io.prestosql.spi.security.GrantInfo) Set(java.util.Set) RoleGrant(io.prestosql.spi.security.RoleGrant) PrivilegeInfo(io.prestosql.spi.security.PrivilegeInfo) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal) USER(io.prestosql.spi.security.PrincipalType.USER) SchemaTableName(io.prestosql.spi.connector.SchemaTableName) List(java.util.List) ImmutableList(com.google.common.collect.ImmutableList) ConnectorSession(io.prestosql.spi.connector.ConnectorSession) Privilege(io.prestosql.spi.security.Privilege) HivePrivilegeInfo(io.prestosql.plugin.hive.metastore.HivePrivilegeInfo) Objects.requireNonNull(java.util.Objects.requireNonNull) ThriftMetastoreUtil(io.prestosql.plugin.hive.metastore.thrift.ThriftMetastoreUtil) Optional(java.util.Optional) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) SemiTransactionalHiveMetastore(io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore) ENGLISH(java.util.Locale.ENGLISH) Collectors.toSet(java.util.stream.Collectors.toSet) HivePrivilegeInfo(io.prestosql.plugin.hive.metastore.HivePrivilegeInfo) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal)

Example 4 with Privilege

use of io.prestosql.spi.security.Privilege in project hetu-core by openlookeng.

the class SqlStandardAccessControlMetadata method grantTablePrivileges.

@Override
public void grantTablePrivileges(ConnectorSession session, SchemaTableName schemaTableName, Set<Privilege> privileges, HivePrincipal grantee, boolean grantOption) {
    String schemaName = schemaTableName.getSchemaName();
    String tableName = schemaTableName.getTableName();
    Set<HivePrivilegeInfo> hivePrivilegeInfos = privileges.stream().map(privilege -> new HivePrivilegeInfo(toHivePrivilege(privilege), grantOption, new HivePrincipal(USER, session.getUser()), new HivePrincipal(USER, session.getUser()))).collect(toSet());
    metastore.grantTablePrivileges(schemaName, tableName, grantee, hivePrivilegeInfos);
}
Also used : ALREADY_EXISTS(io.prestosql.spi.StandardErrorCode.ALREADY_EXISTS) PrestoException(io.prestosql.spi.PrestoException) ImmutableSet(com.google.common.collect.ImmutableSet) HivePrivilegeInfo.toHivePrivilege(io.prestosql.plugin.hive.metastore.HivePrivilegeInfo.toHivePrivilege) ThriftMetastoreUtil.listEnabledPrincipals(io.prestosql.plugin.hive.metastore.thrift.ThriftMetastoreUtil.listEnabledPrincipals) GrantInfo(io.prestosql.spi.security.GrantInfo) Set(java.util.Set) RoleGrant(io.prestosql.spi.security.RoleGrant) PrivilegeInfo(io.prestosql.spi.security.PrivilegeInfo) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal) USER(io.prestosql.spi.security.PrincipalType.USER) SchemaTableName(io.prestosql.spi.connector.SchemaTableName) List(java.util.List) ImmutableList(com.google.common.collect.ImmutableList) ConnectorSession(io.prestosql.spi.connector.ConnectorSession) Privilege(io.prestosql.spi.security.Privilege) HivePrivilegeInfo(io.prestosql.plugin.hive.metastore.HivePrivilegeInfo) Objects.requireNonNull(java.util.Objects.requireNonNull) ThriftMetastoreUtil(io.prestosql.plugin.hive.metastore.thrift.ThriftMetastoreUtil) Optional(java.util.Optional) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) SemiTransactionalHiveMetastore(io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore) ENGLISH(java.util.Locale.ENGLISH) Collectors.toSet(java.util.stream.Collectors.toSet) HivePrivilegeInfo(io.prestosql.plugin.hive.metastore.HivePrivilegeInfo) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal)

Example 5 with Privilege

use of io.prestosql.spi.security.Privilege in project boostkit-bigdata by kunpengcompute.

the class SqlStandardAccessControlMetadata method revokeTablePrivileges.

@Override
public void revokeTablePrivileges(ConnectorSession session, SchemaTableName schemaTableName, Set<Privilege> privileges, HivePrincipal grantee, boolean grantOption) {
    String schemaName = schemaTableName.getSchemaName();
    String tableName = schemaTableName.getTableName();
    Set<HivePrivilegeInfo> hivePrivilegeInfos = privileges.stream().map(privilege -> new HivePrivilegeInfo(toHivePrivilege(privilege), grantOption, new HivePrincipal(USER, session.getUser()), new HivePrincipal(USER, session.getUser()))).collect(toSet());
    metastore.revokeTablePrivileges(schemaName, tableName, grantee, hivePrivilegeInfos);
}
Also used : ALREADY_EXISTS(io.prestosql.spi.StandardErrorCode.ALREADY_EXISTS) PrestoException(io.prestosql.spi.PrestoException) ImmutableSet(com.google.common.collect.ImmutableSet) HivePrivilegeInfo.toHivePrivilege(io.prestosql.plugin.hive.metastore.HivePrivilegeInfo.toHivePrivilege) ThriftMetastoreUtil.listEnabledPrincipals(io.prestosql.plugin.hive.metastore.thrift.ThriftMetastoreUtil.listEnabledPrincipals) GrantInfo(io.prestosql.spi.security.GrantInfo) Set(java.util.Set) RoleGrant(io.prestosql.spi.security.RoleGrant) PrivilegeInfo(io.prestosql.spi.security.PrivilegeInfo) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal) USER(io.prestosql.spi.security.PrincipalType.USER) SchemaTableName(io.prestosql.spi.connector.SchemaTableName) List(java.util.List) ImmutableList(com.google.common.collect.ImmutableList) ConnectorSession(io.prestosql.spi.connector.ConnectorSession) Privilege(io.prestosql.spi.security.Privilege) HivePrivilegeInfo(io.prestosql.plugin.hive.metastore.HivePrivilegeInfo) Objects.requireNonNull(java.util.Objects.requireNonNull) ThriftMetastoreUtil(io.prestosql.plugin.hive.metastore.thrift.ThriftMetastoreUtil) Optional(java.util.Optional) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) SemiTransactionalHiveMetastore(io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore) ENGLISH(java.util.Locale.ENGLISH) Collectors.toSet(java.util.stream.Collectors.toSet) HivePrivilegeInfo(io.prestosql.plugin.hive.metastore.HivePrivilegeInfo) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal)

Aggregations

Privilege (io.prestosql.spi.security.Privilege)6 ImmutableList (com.google.common.collect.ImmutableList)4 ImmutableSet (com.google.common.collect.ImmutableSet)4 ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)4 HivePrincipal (io.prestosql.plugin.hive.metastore.HivePrincipal)4 HivePrivilegeInfo (io.prestosql.plugin.hive.metastore.HivePrivilegeInfo)4 HivePrivilegeInfo.toHivePrivilege (io.prestosql.plugin.hive.metastore.HivePrivilegeInfo.toHivePrivilege)4 SemiTransactionalHiveMetastore (io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore)4 ThriftMetastoreUtil (io.prestosql.plugin.hive.metastore.thrift.ThriftMetastoreUtil)4 ThriftMetastoreUtil.listEnabledPrincipals (io.prestosql.plugin.hive.metastore.thrift.ThriftMetastoreUtil.listEnabledPrincipals)4 PrestoException (io.prestosql.spi.PrestoException)4 ALREADY_EXISTS (io.prestosql.spi.StandardErrorCode.ALREADY_EXISTS)4 ConnectorSession (io.prestosql.spi.connector.ConnectorSession)4 SchemaTableName (io.prestosql.spi.connector.SchemaTableName)4 GrantInfo (io.prestosql.spi.security.GrantInfo)4 USER (io.prestosql.spi.security.PrincipalType.USER)4 PrivilegeInfo (io.prestosql.spi.security.PrivilegeInfo)4 RoleGrant (io.prestosql.spi.security.RoleGrant)4 List (java.util.List)4 ENGLISH (java.util.Locale.ENGLISH)4