Search in sources :

Example 1 with RoleGrant

use of io.prestosql.spi.security.RoleGrant in project hetu-core by openlookeng.

the class SqlStandardAccessControl method hasAdminOptionForRoles.

private boolean hasAdminOptionForRoles(ConnectorTransactionHandle transaction, ConnectorIdentity identity, Set<String> roles) {
    if (isAdmin(transaction, identity)) {
        return true;
    }
    SemiTransactionalHiveMetastore metastore = metastoreProvider.apply(((HiveTransactionHandle) transaction));
    Set<String> rolesWithGrantOption = listApplicableRoles(new HivePrincipal(USER, identity.getUser()), metastore::listRoleGrants).filter(RoleGrant::isGrantable).map(RoleGrant::getRoleName).collect(toSet());
    return rolesWithGrantOption.containsAll(roles);
}
Also used : RoleGrant(io.prestosql.spi.security.RoleGrant) SemiTransactionalHiveMetastore(io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal) HiveTransactionHandle(io.prestosql.plugin.hive.HiveTransactionHandle)

Example 2 with RoleGrant

use of io.prestosql.spi.security.RoleGrant in project hetu-core by openlookeng.

the class FileHiveMetastore method removeNonExistingRoles.

private static Set<RoleGrant> removeNonExistingRoles(Set<RoleGrant> grants, Set<String> existingRoles) {
    ImmutableSet.Builder<RoleGrant> result = ImmutableSet.builder();
    for (RoleGrant grant : grants) {
        if (!existingRoles.contains(grant.getRoleName())) {
            continue;
        }
        HivePrincipal grantee = HivePrincipal.from(grant.getGrantee());
        if (grantee.getType() == ROLE && !existingRoles.contains(grantee.getName())) {
            continue;
        }
        result.add(grant);
    }
    return result.build();
}
Also used : RoleGrant(io.prestosql.spi.security.RoleGrant) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal)

Example 3 with RoleGrant

use of io.prestosql.spi.security.RoleGrant in project hetu-core by openlookeng.

the class FileHiveMetastore method grantRoles.

@Override
public synchronized void grantRoles(Set<String> roles, Set<HivePrincipal> grantees, boolean withAdminOption, HivePrincipal grantor) {
    Set<String> existingRoles = listRoles();
    Set<RoleGrant> existingGrants = listRoleGrantsSanitized();
    Set<RoleGrant> modifiedGrants = new HashSet<>(existingGrants);
    for (HivePrincipal grantee : grantees) {
        for (String role : roles) {
            checkArgument(existingRoles.contains(role), "Role does not exist: %s", role);
            if (grantee.getType() == ROLE) {
                checkArgument(existingRoles.contains(grantee.getName()), "Role does not exist: %s", grantee.getName());
            }
            RoleGrant grantWithAdminOption = new RoleGrant(grantee.toPrestoPrincipal(), role, true);
            RoleGrant grantWithoutAdminOption = new RoleGrant(grantee.toPrestoPrincipal(), role, false);
            if (withAdminOption) {
                modifiedGrants.remove(grantWithoutAdminOption);
                modifiedGrants.add(grantWithAdminOption);
            } else {
                modifiedGrants.remove(grantWithAdminOption);
                modifiedGrants.add(grantWithoutAdminOption);
            }
        }
    }
    modifiedGrants = removeDuplicatedEntries(modifiedGrants);
    if (!existingGrants.equals(modifiedGrants)) {
        writeRoleGrantsFile(modifiedGrants);
    }
}
Also used : RoleGrant(io.prestosql.spi.security.RoleGrant) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet)

Example 4 with RoleGrant

use of io.prestosql.spi.security.RoleGrant in project hetu-core by openlookeng.

the class FileHiveMetastore method listRoleGrants.

@Override
public synchronized Set<RoleGrant> listRoleGrants(HivePrincipal principal) {
    ImmutableSet.Builder<RoleGrant> result = ImmutableSet.builder();
    if (principal.getType() == USER) {
        result.add(new RoleGrant(principal.toPrestoPrincipal(), PUBLIC_ROLE_NAME, false));
        if (ADMIN_USERS.contains(principal.getName())) {
            result.add(new RoleGrant(principal.toPrestoPrincipal(), ADMIN_ROLE_NAME, true));
        }
    }
    result.addAll(listRoleGrantsSanitized().stream().filter(grant -> HivePrincipal.from(grant.getGrantee()).equals(principal)).collect(toSet()));
    return result.build();
}
Also used : RoleGrant(io.prestosql.spi.security.RoleGrant) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet)

Example 5 with RoleGrant

use of io.prestosql.spi.security.RoleGrant in project hetu-core by openlookeng.

the class InformationSchemaPageSourceProvider method buildApplicableRoles.

private InternalTable buildApplicableRoles(Session session, String catalog) {
    InternalTable.Builder table = InternalTable.builder(informationSchemaTableColumns(TABLE_APPLICABLE_ROLES));
    for (RoleGrant grant : metadata.listApplicableRoles(session, new PrestoPrincipal(USER, session.getUser()), catalog)) {
        PrestoPrincipal grantee = grant.getGrantee();
        table.add(grantee.getName(), grantee.getType().toString(), grant.getRoleName(), grant.isGrantable() ? "YES" : "NO");
    }
    return table.build();
}
Also used : RoleGrant(io.prestosql.spi.security.RoleGrant) InternalTable(io.prestosql.metadata.InternalTable) PrestoPrincipal(io.prestosql.spi.security.PrestoPrincipal)

Aggregations

RoleGrant (io.prestosql.spi.security.RoleGrant)8 HivePrincipal (io.prestosql.plugin.hive.metastore.HivePrincipal)5 ImmutableSet (com.google.common.collect.ImmutableSet)2 ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)2 HashSet (java.util.HashSet)2 LinkedHashSet (java.util.LinkedHashSet)2 InternalTable (io.prestosql.metadata.InternalTable)1 HiveTransactionHandle (io.prestosql.plugin.hive.HiveTransactionHandle)1 SemiTransactionalHiveMetastore (io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore)1 PrestoPrincipal (io.prestosql.spi.security.PrestoPrincipal)1 SelectedRole (io.prestosql.spi.security.SelectedRole)1 HashMap (java.util.HashMap)1 LinkedHashMap (java.util.LinkedHashMap)1