Search in sources :

Example 1 with SECURITY_CONFIG_FILE

use of io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_CONFIG_FILE in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testRefreshing.

@Test
public void testRefreshing() throws Exception {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), DefaultSystemAccessControl.NAME);
    File configFile = newTemporaryFile();
    configFile.deleteOnExit();
    copy(new File(getResourcePath("catalog.json")), configFile);
    accessControlManager.setSystemAccessControl(FileBasedSystemAccessControl.NAME, ImmutableMap.of(SECURITY_CONFIG_FILE, configFile.getAbsolutePath(), SECURITY_REFRESH_PERIOD, "1ms"));
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
        accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
        accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
    });
    copy(new File(getResourcePath("security-config-file-with-unknown-rules.json")), configFile);
    sleep(2);
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
    })).isInstanceOf(IllegalArgumentException.class).hasMessageStartingWith("Invalid JSON file");
    // test if file based cached control was not cached somewhere
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
    })).isInstanceOf(IllegalArgumentException.class).hasMessageStartingWith("Invalid JSON file");
    copy(new File(getResourcePath("catalog.json")), configFile);
    sleep(2);
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
    });
}
Also used : QueryId(io.trino.spi.QueryId) AccessDeniedException(io.trino.spi.security.AccessDeniedException) TransactionBuilder.transaction(io.trino.transaction.TransactionBuilder.transaction) TransactionManager(io.trino.transaction.TransactionManager) USER(io.trino.spi.security.PrincipalType.USER) URISyntaxException(java.net.URISyntaxException) Assert.assertEquals(org.testng.Assert.assertEquals) Test(org.testng.annotations.Test) FileBasedSystemAccessControl(io.trino.plugin.base.security.FileBasedSystemAccessControl) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) SECURITY_CONFIG_FILE(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_CONFIG_FILE) Identity(io.trino.spi.security.Identity) Map(java.util.Map) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) SELECT(io.trino.spi.security.Privilege.SELECT) Thread.sleep(java.lang.Thread.sleep) Files.newTemporaryFile(org.assertj.core.util.Files.newTemporaryFile) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Set(java.util.Set) SchemaTableName(io.trino.spi.connector.SchemaTableName) File(java.io.File) TestingEventListenerManager.emptyEventListenerManager(io.trino.testing.TestingEventListenerManager.emptyEventListenerManager) Resources.getResource(com.google.common.io.Resources.getResource) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) DefaultSystemAccessControl(io.trino.plugin.base.security.DefaultSystemAccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) SECURITY_REFRESH_PERIOD(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_REFRESH_PERIOD) Files.copy(com.google.common.io.Files.copy) Optional(java.util.Optional) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Files.newTemporaryFile(org.assertj.core.util.Files.newTemporaryFile) File(java.io.File) Test(org.testng.annotations.Test)

Aggregations

ImmutableMap (com.google.common.collect.ImmutableMap)1 ImmutableSet (com.google.common.collect.ImmutableSet)1 Files.copy (com.google.common.io.Files.copy)1 Resources.getResource (com.google.common.io.Resources.getResource)1 QualifiedObjectName (io.trino.metadata.QualifiedObjectName)1 DefaultSystemAccessControl (io.trino.plugin.base.security.DefaultSystemAccessControl)1 SECURITY_CONFIG_FILE (io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_CONFIG_FILE)1 SECURITY_REFRESH_PERIOD (io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_REFRESH_PERIOD)1 FileBasedSystemAccessControl (io.trino.plugin.base.security.FileBasedSystemAccessControl)1 QueryId (io.trino.spi.QueryId)1 CatalogSchemaName (io.trino.spi.connector.CatalogSchemaName)1 SchemaTableName (io.trino.spi.connector.SchemaTableName)1 AccessDeniedException (io.trino.spi.security.AccessDeniedException)1 Identity (io.trino.spi.security.Identity)1 USER (io.trino.spi.security.PrincipalType.USER)1 SELECT (io.trino.spi.security.Privilege.SELECT)1 TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)1 TestingEventListenerManager.emptyEventListenerManager (io.trino.testing.TestingEventListenerManager.emptyEventListenerManager)1 InMemoryTransactionManager.createTestTransactionManager (io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager)1 TransactionBuilder.transaction (io.trino.transaction.TransactionBuilder.transaction)1