Example 1 with RoleGrant
use of io.prestosql.spi.security.RoleGrant in project hetu-core by openlookeng.
the class SqlStandardAccessControl method hasAdminOptionForRoles.
private boolean hasAdminOptionForRoles(ConnectorTransactionHandle transaction, ConnectorIdentity identity, Set<String> roles) {
if (isAdmin(transaction, identity)) {
return true;
}
SemiTransactionalHiveMetastore metastore = metastoreProvider.apply(((HiveTransactionHandle) transaction));
Set<String> rolesWithGrantOption = listApplicableRoles(new HivePrincipal(USER, identity.getUser()), metastore::listRoleGrants).filter(RoleGrant::isGrantable).map(RoleGrant::getRoleName).collect(toSet());
return rolesWithGrantOption.containsAll(roles);
}
Also used :
RoleGrant(io.prestosql.spi.security.RoleGrant)
SemiTransactionalHiveMetastore(io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore)
HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal)
HiveTransactionHandle(io.prestosql.plugin.hive.HiveTransactionHandle)
Example 2 with RoleGrant
use of io.prestosql.spi.security.RoleGrant in project hetu-core by openlookeng.
the class FileHiveMetastore method removeNonExistingRoles.
private static Set<RoleGrant> removeNonExistingRoles(Set<RoleGrant> grants, Set<String> existingRoles) {
ImmutableSet.Builder<RoleGrant> result = ImmutableSet.builder();
for (RoleGrant grant : grants) {
if (!existingRoles.contains(grant.getRoleName())) {
continue;
}
HivePrincipal grantee = HivePrincipal.from(grant.getGrantee());
if (grantee.getType() == ROLE && !existingRoles.contains(grantee.getName())) {
continue;
}
result.add(grant);
}
return result.build();
}
Also used :
RoleGrant(io.prestosql.spi.security.RoleGrant)
ImmutableSet(com.google.common.collect.ImmutableSet)
ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet)
HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal)
Example 3 with RoleGrant
use of io.prestosql.spi.security.RoleGrant in project hetu-core by openlookeng.
the class FileHiveMetastore method grantRoles.
@Override
public synchronized void grantRoles(Set<String> roles, Set<HivePrincipal> grantees, boolean withAdminOption, HivePrincipal grantor) {
Set<String> existingRoles = listRoles();
Set<RoleGrant> existingGrants = listRoleGrantsSanitized();
Set<RoleGrant> modifiedGrants = new HashSet<>(existingGrants);
for (HivePrincipal grantee : grantees) {
for (String role : roles) {
checkArgument(existingRoles.contains(role), "Role does not exist: %s", role);
if (grantee.getType() == ROLE) {
checkArgument(existingRoles.contains(grantee.getName()), "Role does not exist: %s", grantee.getName());
}
RoleGrant grantWithAdminOption = new RoleGrant(grantee.toPrestoPrincipal(), role, true);
RoleGrant grantWithoutAdminOption = new RoleGrant(grantee.toPrestoPrincipal(), role, false);
if (withAdminOption) {
modifiedGrants.remove(grantWithoutAdminOption);
modifiedGrants.add(grantWithAdminOption);
} else {
modifiedGrants.remove(grantWithAdminOption);
modifiedGrants.add(grantWithoutAdminOption);
}
}
}
modifiedGrants = removeDuplicatedEntries(modifiedGrants);
if (!existingGrants.equals(modifiedGrants)) {
writeRoleGrantsFile(modifiedGrants);
}
}
Also used :
RoleGrant(io.prestosql.spi.security.RoleGrant)
HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Example 4 with RoleGrant
use of io.prestosql.spi.security.RoleGrant in project hetu-core by openlookeng.
the class FileHiveMetastore method listRoleGrants.
@Override
public synchronized Set<RoleGrant> listRoleGrants(HivePrincipal principal) {
ImmutableSet.Builder<RoleGrant> result = ImmutableSet.builder();
if (principal.getType() == USER) {
result.add(new RoleGrant(principal.toPrestoPrincipal(), PUBLIC_ROLE_NAME, false));
if (ADMIN_USERS.contains(principal.getName())) {
result.add(new RoleGrant(principal.toPrestoPrincipal(), ADMIN_ROLE_NAME, true));
}
}
result.addAll(listRoleGrantsSanitized().stream().filter(grant -> HivePrincipal.from(grant.getGrantee()).equals(principal)).collect(toSet()));
return result.build();
}
Also used :
RoleGrant(io.prestosql.spi.security.RoleGrant)
ImmutableSet(com.google.common.collect.ImmutableSet)
ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet)
Example 5 with RoleGrant
use of io.prestosql.spi.security.RoleGrant in project hetu-core by openlookeng.
the class InformationSchemaPageSourceProvider method buildApplicableRoles.
private InternalTable buildApplicableRoles(Session session, String catalog) {
InternalTable.Builder table = InternalTable.builder(informationSchemaTableColumns(TABLE_APPLICABLE_ROLES));
for (RoleGrant grant : metadata.listApplicableRoles(session, new PrestoPrincipal(USER, session.getUser()), catalog)) {
PrestoPrincipal grantee = grant.getGrantee();
table.add(grantee.getName(), grantee.getType().toString(), grant.getRoleName(), grant.isGrantable() ? "YES" : "NO");
}
return table.build();
}
Also used :
RoleGrant(io.prestosql.spi.security.RoleGrant)
InternalTable(io.prestosql.metadata.InternalTable)
PrestoPrincipal(io.prestosql.spi.security.PrestoPrincipal)
Aggregations
RoleGrant (io.prestosql.spi.security.RoleGrant)8
HivePrincipal (io.prestosql.plugin.hive.metastore.HivePrincipal)5
ImmutableSet (com.google.common.collect.ImmutableSet)2
ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)2
HashSet (java.util.HashSet)2
LinkedHashSet (java.util.LinkedHashSet)2
InternalTable (io.prestosql.metadata.InternalTable)1
HiveTransactionHandle (io.prestosql.plugin.hive.HiveTransactionHandle)1
SemiTransactionalHiveMetastore (io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore)1
PrestoPrincipal (io.prestosql.spi.security.PrestoPrincipal)1
SelectedRole (io.prestosql.spi.security.SelectedRole)1
HashMap (java.util.HashMap)1
LinkedHashMap (java.util.LinkedHashMap)1
