Search in sources :

Example 1 with GrantRoles

use of io.prestosql.sql.tree.GrantRoles in project hetu-core by openlookeng.

the class GrantRolesTask method execute.

@Override
public ListenableFuture<?> execute(GrantRoles statement, TransactionManager transactionManager, Metadata metadata, AccessControl accessControl, QueryStateMachine stateMachine, List<Expression> parameters, HeuristicIndexerManager heuristicIndexerManager) {
    Session session = stateMachine.getSession();
    Set<String> roles = statement.getRoles().stream().map(role -> role.getValue().toLowerCase(Locale.ENGLISH)).collect(toImmutableSet());
    Set<PrestoPrincipal> grantees = statement.getGrantees().stream().map(MetadataUtil::createPrincipal).collect(toImmutableSet());
    boolean withAdminOption = statement.isWithAdminOption();
    Optional<PrestoPrincipal> grantor = statement.getGrantor().map(specification -> createPrincipal(session, specification));
    String catalog = createCatalogName(session, statement);
    Set<String> availableRoles = metadata.listRoles(session, catalog);
    Set<String> specifiedRoles = new LinkedHashSet<>();
    specifiedRoles.addAll(roles);
    grantees.stream().filter(principal -> principal.getType() == ROLE).map(PrestoPrincipal::getName).forEach(specifiedRoles::add);
    if (grantor.isPresent() && grantor.get().getType() == ROLE) {
        specifiedRoles.add(grantor.get().getName());
    }
    for (String role : specifiedRoles) {
        if (!availableRoles.contains(role)) {
            throw new SemanticException(MISSING_ROLE, statement, "Role '%s' does not exist", role);
        }
    }
    accessControl.checkCanGrantRoles(session.getRequiredTransactionId(), session.getIdentity(), roles, grantees, withAdminOption, grantor, catalog);
    metadata.grantRoles(session, roles, grantees, withAdminOption, grantor, catalog);
    return immediateFuture(null);
}
Also used : HeuristicIndexerManager(io.prestosql.heuristicindex.HeuristicIndexerManager) GrantRoles(io.prestosql.sql.tree.GrantRoles) Futures.immediateFuture(com.google.common.util.concurrent.Futures.immediateFuture) AccessControl(io.prestosql.security.AccessControl) ListenableFuture(com.google.common.util.concurrent.ListenableFuture) MetadataUtil.createPrincipal(io.prestosql.metadata.MetadataUtil.createPrincipal) TransactionManager(io.prestosql.transaction.TransactionManager) Set(java.util.Set) Metadata(io.prestosql.metadata.Metadata) SemanticException(io.prestosql.sql.analyzer.SemanticException) List(java.util.List) ROLE(io.prestosql.spi.security.PrincipalType.ROLE) MetadataUtil.createCatalogName(io.prestosql.metadata.MetadataUtil.createCatalogName) Locale(java.util.Locale) MetadataUtil(io.prestosql.metadata.MetadataUtil) MISSING_ROLE(io.prestosql.sql.analyzer.SemanticErrorCode.MISSING_ROLE) Session(io.prestosql.Session) Optional(java.util.Optional) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) PrestoPrincipal(io.prestosql.spi.security.PrestoPrincipal) Expression(io.prestosql.sql.tree.Expression) LinkedHashSet(java.util.LinkedHashSet) LinkedHashSet(java.util.LinkedHashSet) PrestoPrincipal(io.prestosql.spi.security.PrestoPrincipal) Session(io.prestosql.Session) SemanticException(io.prestosql.sql.analyzer.SemanticException)

Example 2 with GrantRoles

use of io.prestosql.sql.tree.GrantRoles in project hetu-core by openlookeng.

the class TestSqlParser method testGrantRoles.

@Test
public void testGrantRoles() {
    assertStatement("GRANT role1 TO user1", new GrantRoles(ImmutableSet.of(new Identifier("role1")), ImmutableSet.of(new PrincipalSpecification(PrincipalSpecification.Type.UNSPECIFIED, new Identifier("user1"))), false, Optional.empty()));
    assertStatement("GRANT role1, role2, role3 TO user1, USER user2, ROLE role4 WITH ADMIN OPTION", new GrantRoles(ImmutableSet.of(new Identifier("role1"), new Identifier("role2"), new Identifier("role3")), ImmutableSet.of(new PrincipalSpecification(PrincipalSpecification.Type.UNSPECIFIED, new Identifier("user1")), new PrincipalSpecification(PrincipalSpecification.Type.USER, new Identifier("user2")), new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier("role4"))), true, Optional.empty()));
    assertStatement("GRANT role1 TO user1 WITH ADMIN OPTION GRANTED BY admin", new GrantRoles(ImmutableSet.of(new Identifier("role1")), ImmutableSet.of(new PrincipalSpecification(PrincipalSpecification.Type.UNSPECIFIED, new Identifier("user1"))), true, Optional.of(new GrantorSpecification(GrantorSpecification.Type.PRINCIPAL, Optional.of(new PrincipalSpecification(PrincipalSpecification.Type.UNSPECIFIED, new Identifier("admin")))))));
    assertStatement("GRANT role1 TO USER user1 WITH ADMIN OPTION GRANTED BY USER admin", new GrantRoles(ImmutableSet.of(new Identifier("role1")), ImmutableSet.of(new PrincipalSpecification(PrincipalSpecification.Type.USER, new Identifier("user1"))), true, Optional.of(new GrantorSpecification(GrantorSpecification.Type.PRINCIPAL, Optional.of(new PrincipalSpecification(PrincipalSpecification.Type.USER, new Identifier("admin")))))));
    assertStatement("GRANT role1 TO ROLE role2 WITH ADMIN OPTION GRANTED BY ROLE admin", new GrantRoles(ImmutableSet.of(new Identifier("role1")), ImmutableSet.of(new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier("role2"))), true, Optional.of(new GrantorSpecification(GrantorSpecification.Type.PRINCIPAL, Optional.of(new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier("admin")))))));
    assertStatement("GRANT role1 TO ROLE role2 GRANTED BY ROLE admin", new GrantRoles(ImmutableSet.of(new Identifier("role1")), ImmutableSet.of(new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier("role2"))), false, Optional.of(new GrantorSpecification(GrantorSpecification.Type.PRINCIPAL, Optional.of(new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier("admin")))))));
    assertStatement("GRANT \"role1\" TO ROLE \"role2\" GRANTED BY ROLE \"admin\"", new GrantRoles(ImmutableSet.of(new Identifier("role1")), ImmutableSet.of(new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier("role2"))), false, Optional.of(new GrantorSpecification(GrantorSpecification.Type.PRINCIPAL, Optional.of(new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier("admin")))))));
}
Also used : GrantRoles(io.prestosql.sql.tree.GrantRoles) Identifier(io.prestosql.sql.tree.Identifier) QueryUtil.quotedIdentifier(io.prestosql.sql.QueryUtil.quotedIdentifier) PrincipalSpecification(io.prestosql.sql.tree.PrincipalSpecification) GrantorSpecification(io.prestosql.sql.tree.GrantorSpecification) Test(org.testng.annotations.Test)

Aggregations

GrantRoles (io.prestosql.sql.tree.GrantRoles)2 ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)1 Futures.immediateFuture (com.google.common.util.concurrent.Futures.immediateFuture)1 ListenableFuture (com.google.common.util.concurrent.ListenableFuture)1 Session (io.prestosql.Session)1 HeuristicIndexerManager (io.prestosql.heuristicindex.HeuristicIndexerManager)1 Metadata (io.prestosql.metadata.Metadata)1 MetadataUtil (io.prestosql.metadata.MetadataUtil)1 MetadataUtil.createCatalogName (io.prestosql.metadata.MetadataUtil.createCatalogName)1 MetadataUtil.createPrincipal (io.prestosql.metadata.MetadataUtil.createPrincipal)1 AccessControl (io.prestosql.security.AccessControl)1 PrestoPrincipal (io.prestosql.spi.security.PrestoPrincipal)1 ROLE (io.prestosql.spi.security.PrincipalType.ROLE)1 QueryUtil.quotedIdentifier (io.prestosql.sql.QueryUtil.quotedIdentifier)1 MISSING_ROLE (io.prestosql.sql.analyzer.SemanticErrorCode.MISSING_ROLE)1 SemanticException (io.prestosql.sql.analyzer.SemanticException)1 Expression (io.prestosql.sql.tree.Expression)1 GrantorSpecification (io.prestosql.sql.tree.GrantorSpecification)1 Identifier (io.prestosql.sql.tree.Identifier)1 PrincipalSpecification (io.prestosql.sql.tree.PrincipalSpecification)1