Example 16 with CatalogSchemaTableName
use of io.trino.spi.connector.CatalogSchemaTableName in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testCheckCanSetTableAuthorizationForNonOwner.
@Test
public void testCheckCanSetTableAuthorizationForNonOwner() {
SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
assertAccessDenied(() -> accessControl.checkCanSetTableAuthorization(ALICE, new CatalogSchemaTableName("some-catalog", "test", "test"), new TrinoPrincipal(PrincipalType.ROLE, "some_role")), AUTH_TABLE_ACCESS_DENIED_MESSAGE);
assertAccessDenied(() -> accessControl.checkCanSetTableAuthorization(ALICE, new CatalogSchemaTableName("some-catalog", "test", "test"), new TrinoPrincipal(PrincipalType.USER, "some_user")), AUTH_TABLE_ACCESS_DENIED_MESSAGE);
}
Also used :
SystemAccessControl(io.trino.spi.security.SystemAccessControl)
TrinoPrincipal(io.trino.spi.security.TrinoPrincipal)
CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName)
Test(org.testng.annotations.Test)
Example 17 with CatalogSchemaTableName
use of io.trino.spi.connector.CatalogSchemaTableName in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testCheckCanSetTableAuthorizationForAdmin.
@Test
public void testCheckCanSetTableAuthorizationForAdmin() {
SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
accessControl.checkCanSetTableAuthorization(ADMIN, new CatalogSchemaTableName("some-catalog", "test", "test"), new TrinoPrincipal(PrincipalType.ROLE, "some_role"));
accessControl.checkCanSetTableAuthorization(ADMIN, new CatalogSchemaTableName("some-catalog", "test", "test"), new TrinoPrincipal(PrincipalType.USER, "some_user"));
}
Also used :
SystemAccessControl(io.trino.spi.security.SystemAccessControl)
TrinoPrincipal(io.trino.spi.security.TrinoPrincipal)
CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName)
Test(org.testng.annotations.Test)
Example 18 with CatalogSchemaTableName
use of io.trino.spi.connector.CatalogSchemaTableName in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanShowCreateTable.
@Test
public void testTableRulesForCheckCanShowCreateTable() {
SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
accessControl.checkCanShowCreateTable(ADMIN, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"));
assertAccessDenied(() -> accessControl.checkCanShowCreateTable(BOB, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable")), CREATE_TABLE_ACCESS_DENIED_MESSAGE);
}
Also used :
SystemAccessControl(io.trino.spi.security.SystemAccessControl)
CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName)
Test(org.testng.annotations.Test)
Example 19 with CatalogSchemaTableName
use of io.trino.spi.connector.CatalogSchemaTableName in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testCheckCanSetTableAuthorizationForOwner.
@Test
public void testCheckCanSetTableAuthorizationForOwner() {
SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
accessControl.checkCanSetTableAuthorization(ALICE, new CatalogSchemaTableName("some-catalog", "aliceschema", "test"), new TrinoPrincipal(PrincipalType.ROLE, "some_role"));
accessControl.checkCanSetTableAuthorization(ALICE, new CatalogSchemaTableName("some-catalog", "aliceschema", "test"), new TrinoPrincipal(PrincipalType.USER, "some_user"));
}
Also used :
SystemAccessControl(io.trino.spi.security.SystemAccessControl)
TrinoPrincipal(io.trino.spi.security.TrinoPrincipal)
CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName)
Test(org.testng.annotations.Test)
Example 20 with CatalogSchemaTableName
use of io.trino.spi.connector.CatalogSchemaTableName in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testGetColumnMask.
@Test
public void testGetColumnMask() {
SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
assertEquals(accessControl.getColumnMask(ALICE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns"), "masked", VARCHAR), Optional.empty());
assertViewExpressionEquals(accessControl.getColumnMask(CHARLIE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns"), "masked", VARCHAR), new ViewExpression(CHARLIE.getIdentity().getUser(), Optional.of("some-catalog"), Optional.of("bobschema"), "'mask'"));
assertViewExpressionEquals(accessControl.getColumnMask(CHARLIE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns"), "masked_with_user", VARCHAR), new ViewExpression("mask-user", Optional.of("some-catalog"), Optional.of("bobschema"), "'mask-with-user'"));
}
Also used :
SystemAccessControl(io.trino.spi.security.SystemAccessControl)
CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName)
ViewExpression(io.trino.spi.security.ViewExpression)
Test(org.testng.annotations.Test)
Aggregations
CatalogSchemaTableName (io.trino.spi.connector.CatalogSchemaTableName)68
Test (org.testng.annotations.Test)48
SystemAccessControl (io.trino.spi.security.SystemAccessControl)38
SchemaTableName (io.trino.spi.connector.SchemaTableName)18
Optional (java.util.Optional)13
TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)12
Type (io.trino.spi.type.Type)11
Map (java.util.Map)11
ImmutableList (com.google.common.collect.ImmutableList)9
ImmutableMap (com.google.common.collect.ImmutableMap)9
TrinoException (io.trino.spi.TrinoException)9
List (java.util.List)8
Objects.requireNonNull (java.util.Objects.requireNonNull)8
ImmutableSet (com.google.common.collect.ImmutableSet)7
Session (io.trino.Session)7
Logger (io.airlift.log.Logger)6
ViewExpression (io.trino.spi.security.ViewExpression)6
ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)5
CatalogSchemaName (io.trino.spi.connector.CatalogSchemaName)5
ConnectorMetadata (io.trino.spi.connector.ConnectorMetadata)5
