Examples with RoleGrant io.prestosql.spi.security.RoleGrant used on opensource projects

Search in sources :

Example 6 with RoleGrant

use of io.prestosql.spi.security.RoleGrant in project boostkit-bigdata by kunpengcompute.

the class FileHiveMetastore method revokeRoles.

@Override
public synchronized void revokeRoles(Set<String> roles, Set<HivePrincipal> grantees, boolean adminOptionFor, HivePrincipal grantor) {
    Set<RoleGrant> existingGrants = listRoleGrantsSanitized();
    Set<RoleGrant> modifiedGrants = new HashSet<>(existingGrants);
    for (HivePrincipal grantee : grantees) {
        for (String role : roles) {
            RoleGrant grantWithAdminOption = new RoleGrant(grantee.toPrestoPrincipal(), role, true);
            RoleGrant grantWithoutAdminOption = new RoleGrant(grantee.toPrestoPrincipal(), role, false);
            if (modifiedGrants.contains(grantWithAdminOption) || modifiedGrants.contains(grantWithoutAdminOption)) {
                if (adminOptionFor) {
                    modifiedGrants.remove(grantWithAdminOption);
                    modifiedGrants.add(grantWithoutAdminOption);
                } else {
                    modifiedGrants.remove(grantWithAdminOption);
                    modifiedGrants.remove(grantWithoutAdminOption);
                }
            }
        }
    }
    modifiedGrants = removeDuplicatedEntries(modifiedGrants);
    if (!existingGrants.equals(modifiedGrants)) {
        writeRoleGrantsFile(modifiedGrants);
    }
}
Also used : RoleGrant(io.prestosql.spi.security.RoleGrant) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet)

Example 7 with RoleGrant

use of io.prestosql.spi.security.RoleGrant in project boostkit-bigdata by kunpengcompute.

the class FileHiveMetastore method removeNonExistingRoles.

private static Set<RoleGrant> removeNonExistingRoles(Set<RoleGrant> grants, Set<String> existingRoles) {
    ImmutableSet.Builder<RoleGrant> result = ImmutableSet.builder();
    for (RoleGrant grant : grants) {
        if (!existingRoles.contains(grant.getRoleName())) {
            continue;
        }
        HivePrincipal grantee = HivePrincipal.from(grant.getGrantee());
        if (grantee.getType() == ROLE && !existingRoles.contains(grantee.getName())) {
            continue;
        }
        result.add(grant);
    }
    return result.build();
}
Also used : RoleGrant(io.prestosql.spi.security.RoleGrant) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal)

Example 8 with RoleGrant

use of io.prestosql.spi.security.RoleGrant in project boostkit-bigdata by kunpengcompute.

the class FileHiveMetastore method grantRoles.

@Override
public synchronized void grantRoles(Set<String> roles, Set<HivePrincipal> grantees, boolean withAdminOption, HivePrincipal grantor) {
    Set<String> existingRoles = listRoles();
    Set<RoleGrant> existingGrants = listRoleGrantsSanitized();
    Set<RoleGrant> modifiedGrants = new HashSet<>(existingGrants);
    for (HivePrincipal grantee : grantees) {
        for (String role : roles) {
            checkArgument(existingRoles.contains(role), "Role does not exist: %s", role);
            if (grantee.getType() == ROLE) {
                checkArgument(existingRoles.contains(grantee.getName()), "Role does not exist: %s", grantee.getName());
            }
            RoleGrant grantWithAdminOption = new RoleGrant(grantee.toPrestoPrincipal(), role, true);
            RoleGrant grantWithoutAdminOption = new RoleGrant(grantee.toPrestoPrincipal(), role, false);
            if (withAdminOption) {
                modifiedGrants.remove(grantWithoutAdminOption);
                modifiedGrants.add(grantWithAdminOption);
            } else {
                modifiedGrants.remove(grantWithAdminOption);
                modifiedGrants.add(grantWithoutAdminOption);
            }
        }
    }
    modifiedGrants = removeDuplicatedEntries(modifiedGrants);
    if (!existingGrants.equals(modifiedGrants)) {
        writeRoleGrantsFile(modifiedGrants);
    }
}
Also used : RoleGrant(io.prestosql.spi.security.RoleGrant) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet)

Example 9 with RoleGrant

use of io.prestosql.spi.security.RoleGrant in project boostkit-bigdata by kunpengcompute.

the class FileHiveMetastore method removeDuplicatedEntries.

private Set<RoleGrant> removeDuplicatedEntries(Set<RoleGrant> grants) {
    Map<RoleGranteeTuple, RoleGrant> map = new HashMap<>();
    for (RoleGrant grant : grants) {
        RoleGranteeTuple tuple = new RoleGranteeTuple(grant.getRoleName(), HivePrincipal.from(grant.getGrantee()));
        map.merge(tuple, grant, (first, second) -> first.isGrantable() ? first : second);
    }
    return ImmutableSet.copyOf(map.values());
}
Also used : RoleGrant(io.prestosql.spi.security.RoleGrant) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap)

Example 10 with RoleGrant

use of io.prestosql.spi.security.RoleGrant in project boostkit-bigdata by kunpengcompute.

the class ThriftMetastoreUtil method listEnabledRoles.

public static Stream<String> listEnabledRoles(ConnectorIdentity identity, Function<HivePrincipal, Set<RoleGrant>> listRoleGrants) {
    Optional<SelectedRole> role = identity.getRole();
    if (role.isPresent() && role.get().getType() == SelectedRole.Type.NONE) {
        return Stream.of(PUBLIC_ROLE_NAME);
    }
    HivePrincipal principal;
    if (!role.isPresent() || role.get().getType() == SelectedRole.Type.ALL) {
        principal = new HivePrincipal(USER, identity.getUser());
    } else {
        principal = new HivePrincipal(ROLE, role.get().getRole().get());
    }
    Stream<String> roles = Stream.of(PUBLIC_ROLE_NAME);
    if (principal.getType() == ROLE) {
        roles = Stream.concat(roles, Stream.of(principal.getName()));
    }
    return Stream.concat(roles, listApplicableRoles(principal, listRoleGrants).map(RoleGrant::getRoleName).filter(Predicate.isEqual(ADMIN_ROLE_NAME).negate()));
}
Also used : RoleGrant(io.prestosql.spi.security.RoleGrant) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal) SelectedRole(io.prestosql.spi.security.SelectedRole)

Aggregations

RoleGrant (io.prestosql.spi.security.RoleGrant)15 HivePrincipal (io.prestosql.plugin.hive.metastore.HivePrincipal)10 ImmutableSet (com.google.common.collect.ImmutableSet)4 ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)4 HashSet (java.util.HashSet)4 LinkedHashSet (java.util.LinkedHashSet)4 HiveTransactionHandle (io.prestosql.plugin.hive.HiveTransactionHandle)2 SemiTransactionalHiveMetastore (io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore)2 SelectedRole (io.prestosql.spi.security.SelectedRole)2 HashMap (java.util.HashMap)2 LinkedHashMap (java.util.LinkedHashMap)2 InternalTable (io.prestosql.metadata.InternalTable)1 PrestoPrincipal (io.prestosql.spi.security.PrestoPrincipal)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial