Example 1 with SecurityContext
use of io.trino.security.SecurityContext in project trino by trinodb.
the class Session method beginTransactionId.
public Session beginTransactionId(TransactionId transactionId, TransactionManager transactionManager, AccessControl accessControl) {
requireNonNull(transactionId, "transactionId is null");
checkArgument(this.transactionId.isEmpty(), "Session already has an active transaction");
requireNonNull(transactionManager, "transactionManager is null");
requireNonNull(accessControl, "accessControl is null");
validateSystemProperties(accessControl, this.systemProperties);
// Now that there is a transaction, the catalog name can be resolved to a connector, and the catalog properties can be validated
ImmutableMap.Builder<String, Map<String, String>> connectorProperties = ImmutableMap.builder();
for (Entry<String, Map<String, String>> catalogEntry : this.catalogProperties.entrySet()) {
String catalogName = catalogEntry.getKey();
Map<String, String> catalogProperties = catalogEntry.getValue();
if (catalogProperties.isEmpty()) {
continue;
}
CatalogName catalog = transactionManager.getCatalogName(transactionId, catalogName).orElseThrow(() -> new TrinoException(NOT_FOUND, "Session property catalog does not exist: " + catalogName));
validateCatalogProperties(Optional.of(transactionId), accessControl, catalog, catalogProperties);
connectorProperties.put(catalogName, catalogProperties);
}
ImmutableMap.Builder<String, SelectedRole> connectorRoles = ImmutableMap.builder();
for (Entry<String, SelectedRole> entry : identity.getCatalogRoles().entrySet()) {
String catalogName = entry.getKey();
SelectedRole role = entry.getValue();
if (transactionManager.getCatalogName(transactionId, catalogName).isEmpty()) {
throw new TrinoException(NOT_FOUND, "Catalog for role does not exist: " + catalogName);
}
if (role.getType() == SelectedRole.Type.ROLE) {
accessControl.checkCanSetCatalogRole(new SecurityContext(transactionId, identity, queryId), role.getRole().orElseThrow(), catalogName);
}
connectorRoles.put(catalogName, role);
}
return new Session(queryId, Optional.of(transactionId), clientTransactionSupport, Identity.from(identity).withConnectorRoles(connectorRoles.buildOrThrow()).build(), source, catalog, schema, path, traceToken, timeZoneKey, locale, remoteUserAddress, userAgent, clientInfo, clientTags, clientCapabilities, resourceEstimates, start, systemProperties, connectorProperties.buildOrThrow(), sessionPropertyManager, preparedStatements, protocolHeaders);
}
Also used :
SelectedRole(io.trino.spi.security.SelectedRole)
ImmutableMap(com.google.common.collect.ImmutableMap)
SecurityContext(io.trino.security.SecurityContext)
TrinoException(io.trino.spi.TrinoException)
CatalogName(io.trino.connector.CatalogName)
HashMap(java.util.HashMap)
Map(java.util.Map)
ImmutableMap(com.google.common.collect.ImmutableMap)
ConnectorSession(io.trino.spi.connector.ConnectorSession)
Aggregations
ImmutableMap (com.google.common.collect.ImmutableMap)1
CatalogName (io.trino.connector.CatalogName)1
SecurityContext (io.trino.security.SecurityContext)1
TrinoException (io.trino.spi.TrinoException)1
ConnectorSession (io.trino.spi.connector.ConnectorSession)1
SelectedRole (io.trino.spi.security.SelectedRole)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
