Search in sources :

Example 1 with MetadataUtil

use of io.trino.metadata.MetadataUtil in project trino by trinodb.

the class RevokeRolesTask method execute.

@Override
public ListenableFuture<Void> execute(RevokeRoles statement, QueryStateMachine stateMachine, List<Expression> parameters, WarningCollector warningCollector) {
    Session session = stateMachine.getSession();
    Set<String> roles = statement.getRoles().stream().map(role -> role.getValue().toLowerCase(Locale.ENGLISH)).collect(toImmutableSet());
    Set<TrinoPrincipal> grantees = statement.getGrantees().stream().map(MetadataUtil::createPrincipal).collect(toImmutableSet());
    boolean adminOption = statement.isAdminOption();
    Optional<TrinoPrincipal> grantor = statement.getGrantor().map(specification -> createPrincipal(session, specification));
    Optional<String> catalog = processRoleCommandCatalog(metadata, session, statement, statement.getCatalog().map(Identifier::getValue));
    Set<String> specifiedRoles = new LinkedHashSet<>();
    specifiedRoles.addAll(roles);
    grantees.stream().filter(principal -> principal.getType() == ROLE).map(TrinoPrincipal::getName).forEach(specifiedRoles::add);
    if (grantor.isPresent() && grantor.get().getType() == ROLE) {
        specifiedRoles.add(grantor.get().getName());
    }
    for (String role : specifiedRoles) {
        checkRoleExists(session, statement, metadata, role, catalog);
    }
    accessControl.checkCanRevokeRoles(session.toSecurityContext(), roles, grantees, adminOption, grantor, catalog);
    metadata.revokeRoles(session, roles, grantees, adminOption, grantor, catalog);
    return immediateVoidFuture();
}
Also used : Futures.immediateVoidFuture(com.google.common.util.concurrent.Futures.immediateVoidFuture) ListenableFuture(com.google.common.util.concurrent.ListenableFuture) MetadataUtil.checkRoleExists(io.trino.metadata.MetadataUtil.checkRoleExists) MetadataUtil(io.trino.metadata.MetadataUtil) RevokeRoles(io.trino.sql.tree.RevokeRoles) Set(java.util.Set) ROLE(io.trino.spi.security.PrincipalType.ROLE) Inject(javax.inject.Inject) List(java.util.List) AccessControl(io.trino.security.AccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) MetadataUtil.createPrincipal(io.trino.metadata.MetadataUtil.createPrincipal) Locale(java.util.Locale) Objects.requireNonNull(java.util.Objects.requireNonNull) WarningCollector(io.trino.execution.warnings.WarningCollector) Metadata(io.trino.metadata.Metadata) Optional(java.util.Optional) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) Expression(io.trino.sql.tree.Expression) MetadataUtil.processRoleCommandCatalog(io.trino.metadata.MetadataUtil.processRoleCommandCatalog) Identifier(io.trino.sql.tree.Identifier) LinkedHashSet(java.util.LinkedHashSet) Session(io.trino.Session) LinkedHashSet(java.util.LinkedHashSet) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Session(io.trino.Session)

Example 2 with MetadataUtil

use of io.trino.metadata.MetadataUtil in project trino by trinodb.

the class GrantRolesTask method execute.

@Override
public ListenableFuture<Void> execute(GrantRoles statement, QueryStateMachine stateMachine, List<Expression> parameters, WarningCollector warningCollector) {
    Session session = stateMachine.getSession();
    Set<String> roles = statement.getRoles().stream().map(role -> role.getValue().toLowerCase(Locale.ENGLISH)).collect(toImmutableSet());
    Set<TrinoPrincipal> grantees = statement.getGrantees().stream().map(MetadataUtil::createPrincipal).collect(toImmutableSet());
    boolean adminOption = statement.isAdminOption();
    Optional<TrinoPrincipal> grantor = statement.getGrantor().map(specification -> createPrincipal(session, specification));
    Optional<String> catalog = processRoleCommandCatalog(metadata, session, statement, statement.getCatalog().map(Identifier::getValue));
    Set<String> specifiedRoles = new LinkedHashSet<>();
    specifiedRoles.addAll(roles);
    grantees.stream().filter(principal -> principal.getType() == ROLE).map(TrinoPrincipal::getName).forEach(specifiedRoles::add);
    if (grantor.isPresent() && grantor.get().getType() == ROLE) {
        specifiedRoles.add(grantor.get().getName());
    }
    for (String role : specifiedRoles) {
        checkRoleExists(session, statement, metadata, role, catalog);
    }
    accessControl.checkCanGrantRoles(session.toSecurityContext(), roles, grantees, adminOption, grantor, catalog);
    metadata.grantRoles(session, roles, grantees, adminOption, grantor, catalog);
    return immediateVoidFuture();
}
Also used : Futures.immediateVoidFuture(com.google.common.util.concurrent.Futures.immediateVoidFuture) ListenableFuture(com.google.common.util.concurrent.ListenableFuture) MetadataUtil.checkRoleExists(io.trino.metadata.MetadataUtil.checkRoleExists) MetadataUtil(io.trino.metadata.MetadataUtil) Set(java.util.Set) ROLE(io.trino.spi.security.PrincipalType.ROLE) GrantRoles(io.trino.sql.tree.GrantRoles) Inject(javax.inject.Inject) List(java.util.List) AccessControl(io.trino.security.AccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) MetadataUtil.createPrincipal(io.trino.metadata.MetadataUtil.createPrincipal) Locale(java.util.Locale) Objects.requireNonNull(java.util.Objects.requireNonNull) WarningCollector(io.trino.execution.warnings.WarningCollector) Metadata(io.trino.metadata.Metadata) Optional(java.util.Optional) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) Expression(io.trino.sql.tree.Expression) MetadataUtil.processRoleCommandCatalog(io.trino.metadata.MetadataUtil.processRoleCommandCatalog) Identifier(io.trino.sql.tree.Identifier) LinkedHashSet(java.util.LinkedHashSet) Session(io.trino.Session) LinkedHashSet(java.util.LinkedHashSet) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Session(io.trino.Session)

Aggregations

ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)2 Futures.immediateVoidFuture (com.google.common.util.concurrent.Futures.immediateVoidFuture)2 ListenableFuture (com.google.common.util.concurrent.ListenableFuture)2 Session (io.trino.Session)2 WarningCollector (io.trino.execution.warnings.WarningCollector)2 Metadata (io.trino.metadata.Metadata)2 MetadataUtil (io.trino.metadata.MetadataUtil)2 MetadataUtil.checkRoleExists (io.trino.metadata.MetadataUtil.checkRoleExists)2 MetadataUtil.createPrincipal (io.trino.metadata.MetadataUtil.createPrincipal)2 MetadataUtil.processRoleCommandCatalog (io.trino.metadata.MetadataUtil.processRoleCommandCatalog)2 AccessControl (io.trino.security.AccessControl)2 ROLE (io.trino.spi.security.PrincipalType.ROLE)2 TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)2 Expression (io.trino.sql.tree.Expression)2 Identifier (io.trino.sql.tree.Identifier)2 LinkedHashSet (java.util.LinkedHashSet)2 List (java.util.List)2 Locale (java.util.Locale)2 Objects.requireNonNull (java.util.Objects.requireNonNull)2 Optional (java.util.Optional)2