Examples with HivePrincipal io.trino.plugin.hive.metastore.HivePrincipal used on opensource projects

Search in sources :

Example 11 with HivePrincipal

use of io.trino.plugin.hive.metastore.HivePrincipal in project trino by trinodb.

the class TestThriftMetastoreUtil method testListApplicableRoles.

@Test
public void testListApplicableRoles() {
    TrinoPrincipal admin = new TrinoPrincipal(USER, "admin");
    Multimap<String, String> inheritance = ImmutableMultimap.<String, String>builder().put("a", "b1").put("a", "b2").put("b1", "d").put("b1", "e").put("b2", "d").put("b2", "e").put("d", "u").put("e", "w").build();
    assertThat(ThriftMetastoreUtil.listApplicableRoles(new HivePrincipal(ROLE, "a"), principal -> inheritance.get(principal.getName()).stream().map(name -> new RoleGrant(admin, name, false)).collect(toImmutableSet()))).containsOnly(new RoleGrant(admin, "b1", false), new RoleGrant(admin, "b2", false), new RoleGrant(admin, "d", false), new RoleGrant(admin, "e", false), new RoleGrant(admin, "u", false), new RoleGrant(admin, "w", false));
}
Also used : RoleGrant(io.trino.spi.security.RoleGrant) HivePrincipal(io.trino.plugin.hive.metastore.HivePrincipal) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Test(org.testng.annotations.Test)

Example 12 with HivePrincipal

use of io.trino.plugin.hive.metastore.HivePrincipal in project trino by trinodb.

the class SqlStandardAccessControl method listApplicableTablePrivileges.

private Stream<HivePrivilegeInfo> listApplicableTablePrivileges(ConnectorSecurityContext context, String databaseName, String tableName, ConnectorIdentity identity) {
    String user = identity.getUser();
    HivePrincipal userPrincipal = new HivePrincipal(USER, user);
    Stream<HivePrincipal> principals = Stream.concat(Stream.of(userPrincipal), listApplicableRoles(userPrincipal, hivePrincipal -> metastore.listRoleGrants(context, hivePrincipal)).map(role -> new HivePrincipal(ROLE, role.getRoleName())));
    return listTablePrivileges(context, databaseName, tableName, principals);
}
Also used : AccessDeniedException.denyAddColumn(io.trino.spi.security.AccessDeniedException.denyAddColumn) DEFAULT_DATABASE_NAME(io.trino.plugin.hive.metastore.Database.DEFAULT_DATABASE_NAME) SchemaRoutineName(io.trino.spi.connector.SchemaRoutineName) AccessDeniedException.denySetCatalogSessionProperty(io.trino.spi.security.AccessDeniedException.denySetCatalogSessionProperty) AccessDeniedException.denyDropTable(io.trino.spi.security.AccessDeniedException.denyDropTable) AccessDeniedException.denySetTableProperties(io.trino.spi.security.AccessDeniedException.denySetTableProperties) USER(io.trino.spi.security.PrincipalType.USER) AccessDeniedException.denySetMaterializedViewProperties(io.trino.spi.security.AccessDeniedException.denySetMaterializedViewProperties) Database(io.trino.plugin.hive.metastore.Database) AccessDeniedException.denyInsertTable(io.trino.spi.security.AccessDeniedException.denyInsertTable) ThriftMetastoreUtil.listEnabledPrincipals(io.trino.plugin.hive.metastore.thrift.ThriftMetastoreUtil.listEnabledPrincipals) AccessDeniedException.denyExecuteTableProcedure(io.trino.spi.security.AccessDeniedException.denyExecuteTableProcedure) AccessDeniedException.denyShowCreateTable(io.trino.spi.security.AccessDeniedException.denyShowCreateTable) AccessDeniedException.denyRevokeTablePrivilege(io.trino.spi.security.AccessDeniedException.denyRevokeTablePrivilege) NOT_SUPPORTED(io.trino.spi.StandardErrorCode.NOT_SUPPORTED) AccessDeniedException.denyUpdateTableColumns(io.trino.spi.security.AccessDeniedException.denyUpdateTableColumns) Map(java.util.Map) AccessDeniedException.denyCreateSchema(io.trino.spi.security.AccessDeniedException.denyCreateSchema) AccessDeniedException.denyCreateMaterializedView(io.trino.spi.security.AccessDeniedException.denyCreateMaterializedView) AccessDeniedException.denyCreateTable(io.trino.spi.security.AccessDeniedException.denyCreateTable) AccessDeniedException.denyDeleteTable(io.trino.spi.security.AccessDeniedException.denyDeleteTable) AccessDeniedException.denyDropView(io.trino.spi.security.AccessDeniedException.denyDropView) AccessDeniedException.denyRenameSchema(io.trino.spi.security.AccessDeniedException.denyRenameSchema) AccessDeniedException.denyShowRoles(io.trino.spi.security.AccessDeniedException.denyShowRoles) Collectors.toSet(java.util.stream.Collectors.toSet) AccessDeniedException.denyShowColumns(io.trino.spi.security.AccessDeniedException.denyShowColumns) UPDATE(io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.UPDATE) INSERT(io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.INSERT) AccessDeniedException.denyRenameMaterializedView(io.trino.spi.security.AccessDeniedException.denyRenameMaterializedView) ImmutableSet(com.google.common.collect.ImmutableSet) ConnectorIdentity(io.trino.spi.security.ConnectorIdentity) AccessDeniedException.denySetTableAuthorization(io.trino.spi.security.AccessDeniedException.denySetTableAuthorization) AccessDeniedException.denyDropSchema(io.trino.spi.security.AccessDeniedException.denyDropSchema) AccessDeniedException.denyTruncateTable(io.trino.spi.security.AccessDeniedException.denyTruncateTable) ViewExpression(io.trino.spi.security.ViewExpression) ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) Set(java.util.Set) TrinoException(io.trino.spi.TrinoException) SchemaTableName(io.trino.spi.connector.SchemaTableName) AccessDeniedException.denySetRole(io.trino.spi.security.AccessDeniedException.denySetRole) AccessDeniedException.denyShowCreateSchema(io.trino.spi.security.AccessDeniedException.denyShowCreateSchema) Stream(java.util.stream.Stream) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) OWNERSHIP(io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.OWNERSHIP) AccessDeniedException.denyRefreshMaterializedView(io.trino.spi.security.AccessDeniedException.denyRefreshMaterializedView) AccessDeniedException.denyCreateRole(io.trino.spi.security.AccessDeniedException.denyCreateRole) Optional(java.util.Optional) HivePrivilegeInfo(io.trino.plugin.hive.metastore.HivePrivilegeInfo) HivePrincipal(io.trino.plugin.hive.metastore.HivePrincipal) AccessDeniedException(io.trino.spi.security.AccessDeniedException) HivePrivilegeInfo.toHivePrivilege(io.trino.plugin.hive.metastore.HivePrivilegeInfo.toHivePrivilege) AccessDeniedException.denyDropColumn(io.trino.spi.security.AccessDeniedException.denyDropColumn) Type(io.trino.spi.type.Type) ThriftMetastoreUtil.isRoleApplicable(io.trino.plugin.hive.metastore.thrift.ThriftMetastoreUtil.isRoleApplicable) AccessDeniedException.denyDropRole(io.trino.spi.security.AccessDeniedException.denyDropRole) AccessDeniedException.denySetViewAuthorization(io.trino.spi.security.AccessDeniedException.denySetViewAuthorization) Inject(javax.inject.Inject) AccessDeniedException.denyCommentColumn(io.trino.spi.security.AccessDeniedException.denyCommentColumn) AccessDeniedException.denySetSchemaAuthorization(io.trino.spi.security.AccessDeniedException.denySetSchemaAuthorization) AccessDeniedException.denyCreateViewWithSelect(io.trino.spi.security.AccessDeniedException.denyCreateViewWithSelect) AccessDeniedException.denyDropMaterializedView(io.trino.spi.security.AccessDeniedException.denyDropMaterializedView) Objects.requireNonNull(java.util.Objects.requireNonNull) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) AccessDeniedException.denyRevokeRoles(io.trino.spi.security.AccessDeniedException.denyRevokeRoles) Privilege(io.trino.spi.security.Privilege) AccessDeniedException.denyRenameTable(io.trino.spi.security.AccessDeniedException.denyRenameTable) AccessDeniedException.denyShowRoleAuthorizationDescriptors(io.trino.spi.security.AccessDeniedException.denyShowRoleAuthorizationDescriptors) ConnectorSecurityContext(io.trino.spi.connector.ConnectorSecurityContext) AccessDeniedException.denySelectTable(io.trino.spi.security.AccessDeniedException.denySelectTable) AccessDeniedException.denyCreateView(io.trino.spi.security.AccessDeniedException.denyCreateView) DELETE(io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.DELETE) AccessDeniedException.denyCommentTable(io.trino.spi.security.AccessDeniedException.denyCommentTable) CatalogName(io.trino.plugin.base.CatalogName) ROLE(io.trino.spi.security.PrincipalType.ROLE) RoleGrant(io.trino.spi.security.RoleGrant) SELECT(io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.SELECT) AccessDeniedException.denyRenameColumn(io.trino.spi.security.AccessDeniedException.denyRenameColumn) AccessDeniedException.denyGrantRoles(io.trino.spi.security.AccessDeniedException.denyGrantRoles) ThriftMetastoreUtil.listApplicableRoles(io.trino.plugin.hive.metastore.thrift.ThriftMetastoreUtil.listApplicableRoles) ThriftMetastoreUtil.isRoleEnabled(io.trino.plugin.hive.metastore.thrift.ThriftMetastoreUtil.isRoleEnabled) AccessDeniedException.denyRenameView(io.trino.spi.security.AccessDeniedException.denyRenameView) AccessDeniedException.denyGrantTablePrivilege(io.trino.spi.security.AccessDeniedException.denyGrantTablePrivilege) HivePrivilege(io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege) HivePrincipal(io.trino.plugin.hive.metastore.HivePrincipal)

Example 13 with HivePrincipal

use of io.trino.plugin.hive.metastore.HivePrincipal in project trino by trinodb.

the class SqlStandardAccessControlMetadata method revokeTablePrivileges.

@Override
public void revokeTablePrivileges(ConnectorSession session, SchemaTableName schemaTableName, Set<Privilege> privileges, HivePrincipal grantee, boolean grantOption) {
    String schemaName = schemaTableName.getSchemaName();
    String tableName = schemaTableName.getTableName();
    // Hive does not support the CREATE privilege, so ignore. Normally we would throw
    // an error for this, but when the Trino engine sees ALL_PRIVILEGES, it sends the
    // enumerated list of privileges instead of an Optional.empty
    privileges = privileges.stream().filter(not(Privilege.CREATE::equals)).collect(toImmutableSet());
    metastore.revokeTablePrivileges(schemaName, tableName, grantee, new HivePrincipal(USER, session.getUser()), privileges.stream().map(HivePrivilegeInfo::toHivePrivilege).collect(toSet()), grantOption);
}
Also used : HivePrivilegeInfo(io.trino.plugin.hive.metastore.HivePrivilegeInfo) HivePrincipal(io.trino.plugin.hive.metastore.HivePrincipal) Privilege(io.trino.spi.security.Privilege)

Example 14 with HivePrincipal

use of io.trino.plugin.hive.metastore.HivePrincipal in project trino by trinodb.

the class SqlStandardAccessControlMetadata method grantTablePrivileges.

@Override
public void grantTablePrivileges(ConnectorSession session, SchemaTableName schemaTableName, Set<Privilege> privileges, HivePrincipal grantee, boolean grantOption) {
    String schemaName = schemaTableName.getSchemaName();
    String tableName = schemaTableName.getTableName();
    // Hive does not support the CREATE privilege, so ignore. Normally we would throw
    // an error for this, but when the Trino engine sees ALL_PRIVILEGES, it sends the
    // enumerated list of privileges instead of an Optional.empty
    privileges = privileges.stream().filter(not(Privilege.CREATE::equals)).collect(toImmutableSet());
    metastore.grantTablePrivileges(schemaName, tableName, grantee, new HivePrincipal(USER, session.getUser()), privileges.stream().map(HivePrivilegeInfo::toHivePrivilege).collect(toSet()), grantOption);
}
Also used : HivePrivilegeInfo(io.trino.plugin.hive.metastore.HivePrivilegeInfo) HivePrincipal(io.trino.plugin.hive.metastore.HivePrincipal) Privilege(io.trino.spi.security.Privilege)

Example 15 with HivePrincipal

use of io.trino.plugin.hive.metastore.HivePrincipal in project trino by trinodb.

the class SqlStandardAccessControlMetadata method getRoleGrantsByGrantees.

private Set<RoleGrant> getRoleGrantsByGrantees(Set<String> grantees, OptionalLong limit) {
    ImmutableSet.Builder<RoleGrant> roleGrants = ImmutableSet.builder();
    int count = 0;
    for (String grantee : grantees) {
        for (PrincipalType type : new PrincipalType[] { USER, ROLE }) {
            if (limit.isPresent() && count >= limit.getAsLong()) {
                return roleGrants.build();
            }
            for (RoleGrant grant : metastore.listRoleGrants(new HivePrincipal(type, grantee))) {
                // Filter out the "public" role since it is not explicitly granted in Hive.
                if (PUBLIC_ROLE_NAME.equals(grant.getRoleName())) {
                    continue;
                }
                count++;
                roleGrants.add(grant);
            }
        }
    }
    return roleGrants.build();
}
Also used : RoleGrant(io.trino.spi.security.RoleGrant) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) ImmutableSet(com.google.common.collect.ImmutableSet) HivePrincipal(io.trino.plugin.hive.metastore.HivePrincipal) PrincipalType(io.trino.spi.security.PrincipalType)

Aggregations

HivePrincipal (io.trino.plugin.hive.metastore.HivePrincipal)18 RoleGrant (io.trino.spi.security.RoleGrant)9 ImmutableSet (com.google.common.collect.ImmutableSet)7 ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)7 HivePrivilegeInfo (io.trino.plugin.hive.metastore.HivePrivilegeInfo)7 TrinoException (io.trino.spi.TrinoException)6 Database (io.trino.plugin.hive.metastore.Database)4 OWNERSHIP (io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.OWNERSHIP)4 Table (io.trino.plugin.hive.metastore.Table)4 SchemaTableName (io.trino.spi.connector.SchemaTableName)4 HashSet (java.util.HashSet)4 HivePrivilege (io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege)3 DELETE (io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.DELETE)3 INSERT (io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.INSERT)3 SELECT (io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.SELECT)3 UPDATE (io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.UPDATE)3 HiveUtil.isIcebergTable (io.trino.plugin.hive.util.HiveUtil.isIcebergTable)3 NOT_SUPPORTED (io.trino.spi.StandardErrorCode.NOT_SUPPORTED)3 ConnectorIdentity (io.trino.spi.security.ConnectorIdentity)3 ROLE (io.trino.spi.security.PrincipalType.ROLE)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial