Search in sources :

Example 1 with SystemAccessControl

use of io.prestosql.spi.security.SystemAccessControl in project hetu-core by openlookeng.

the class TestAccessControlManager method testColumnMaskOrdering.

@Test
public void testColumnMaskOrdering() {
    CatalogManager catalogManager = new CatalogManager();
    TransactionManager transactionManager = createTestTransactionManager(catalogManager);
    AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
    accessControlManager.addSystemAccessControlFactory(new SystemAccessControlFactory() {

        @Override
        public String getName() {
            return "test";
        }

        @Override
        public SystemAccessControl create(Map<String, String> config) {
            return new SystemAccessControl() {

                @Override
                public void checkCanSetUser(Optional<Principal> principal, String userName) {
                }

                @Override
                public void checkCanImpersonateUser(Identity identity, String propertyName) {
                }

                @Override
                public void checkCanSetSystemSessionProperty(Identity identity, String propertyName) {
                }

                @Override
                public Optional<ViewExpression> getColumnMask(Identity identity, CatalogSchemaTableName tableName, String columnName, Type type) {
                    return Optional.of(new ViewExpression("user", Optional.empty(), Optional.empty(), "system mask"));
                }
            };
        }
    });
    accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
    CatalogName catalogName = registerBogusConnector(catalogManager, transactionManager, accessControlManager, "catalog");
    accessControlManager.addCatalogAccessControl(catalogName, new ConnectorAccessControl() {

        @Override
        public Optional<ViewExpression> getColumnMask(ConnectorTransactionHandle transactionHandle, Identity identity, SchemaTableName tableName, String columnName, Type type) {
            return Optional.of(new ViewExpression("user", Optional.empty(), Optional.empty(), "connector mask"));
        }
    });
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        List<ViewExpression> masks = accessControlManager.getColumnMasks(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new QualifiedObjectName("catalog", "schema", "table"), "column", BIGINT);
        assertEquals(masks.get(0).getExpression(), "connector mask");
        assertEquals(masks.get(1).getExpression(), "system mask");
    });
}
Also used : Optional(java.util.Optional) ConnectorAccessControl(io.prestosql.spi.connector.ConnectorAccessControl) SystemAccessControl(io.prestosql.spi.security.SystemAccessControl) ConnectorTransactionHandle(io.prestosql.spi.connector.ConnectorTransactionHandle) SchemaTableName(io.prestosql.spi.connector.SchemaTableName) CatalogSchemaTableName(io.prestosql.spi.connector.CatalogSchemaTableName) CatalogManager(io.prestosql.metadata.CatalogManager) CatalogSchemaTableName(io.prestosql.spi.connector.CatalogSchemaTableName) QualifiedObjectName(io.prestosql.spi.connector.QualifiedObjectName) ViewExpression(io.prestosql.spi.security.ViewExpression) SystemAccessControlFactory(io.prestosql.spi.security.SystemAccessControlFactory) Type(io.prestosql.spi.type.Type) TransactionManager(io.prestosql.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.prestosql.transaction.InMemoryTransactionManager.createTestTransactionManager) CatalogName.createSystemTablesCatalogName(io.prestosql.spi.connector.CatalogName.createSystemTablesCatalogName) CatalogName.createInformationSchemaCatalogName(io.prestosql.spi.connector.CatalogName.createInformationSchemaCatalogName) CatalogName(io.prestosql.spi.connector.CatalogName) ConnectorIdentity(io.prestosql.spi.security.ConnectorIdentity) Identity(io.prestosql.spi.security.Identity) BasicPrincipal(io.prestosql.spi.security.BasicPrincipal) Principal(java.security.Principal) PrestoPrincipal(io.prestosql.spi.security.PrestoPrincipal) Test(org.testng.annotations.Test)

Example 2 with SystemAccessControl

use of io.prestosql.spi.security.SystemAccessControl in project hetu-core by openlookeng.

the class AccessControlManager method setSystemAccessControl.

@VisibleForTesting
protected void setSystemAccessControl(String name, Map<String, String> properties) {
    requireNonNull(name, "name is null");
    requireNonNull(properties, "properties is null");
    checkState(systemAccessControlLoading.compareAndSet(false, true), "System access control already initialized");
    log.info("-- Loading system access control --");
    SystemAccessControlFactory systemAccessControlFactory = systemAccessControlFactories.get(name);
    checkState(systemAccessControlFactory != null, "Access control %s is not registered", name);
    SystemAccessControl tmpSystemAccessControl = systemAccessControlFactory.create(ImmutableMap.copyOf(properties));
    this.systemAccessControl.set(tmpSystemAccessControl);
    log.info("-- Loaded system access control %s --", name);
}
Also used : SystemAccessControlFactory(io.prestosql.spi.security.SystemAccessControlFactory) SystemAccessControl(io.prestosql.spi.security.SystemAccessControl) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Aggregations

SystemAccessControl (io.prestosql.spi.security.SystemAccessControl)2 SystemAccessControlFactory (io.prestosql.spi.security.SystemAccessControlFactory)2 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 CatalogManager (io.prestosql.metadata.CatalogManager)1 CatalogName (io.prestosql.spi.connector.CatalogName)1 CatalogName.createInformationSchemaCatalogName (io.prestosql.spi.connector.CatalogName.createInformationSchemaCatalogName)1 CatalogName.createSystemTablesCatalogName (io.prestosql.spi.connector.CatalogName.createSystemTablesCatalogName)1 CatalogSchemaTableName (io.prestosql.spi.connector.CatalogSchemaTableName)1 ConnectorAccessControl (io.prestosql.spi.connector.ConnectorAccessControl)1 ConnectorTransactionHandle (io.prestosql.spi.connector.ConnectorTransactionHandle)1 QualifiedObjectName (io.prestosql.spi.connector.QualifiedObjectName)1 SchemaTableName (io.prestosql.spi.connector.SchemaTableName)1 BasicPrincipal (io.prestosql.spi.security.BasicPrincipal)1 ConnectorIdentity (io.prestosql.spi.security.ConnectorIdentity)1 Identity (io.prestosql.spi.security.Identity)1 PrestoPrincipal (io.prestosql.spi.security.PrestoPrincipal)1 ViewExpression (io.prestosql.spi.security.ViewExpression)1 Type (io.prestosql.spi.type.Type)1 InMemoryTransactionManager.createTestTransactionManager (io.prestosql.transaction.InMemoryTransactionManager.createTestTransactionManager)1 TransactionManager (io.prestosql.transaction.TransactionManager)1