Example 21 with CatalogSchemaTableName
use of io.trino.spi.connector.CatalogSchemaTableName in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanShowColumnsWithNoAccess.
@Test
public void testTableRulesForCheckCanShowColumnsWithNoAccess() {
SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-no-access.json");
assertAccessDenied(() -> accessControl.checkCanShowColumns(BOB, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable")), SHOW_COLUMNS_ACCESS_DENIED_MESSAGE);
assertAccessDenied(() -> accessControl.checkCanShowTables(BOB, new CatalogSchemaName("some-catalog", "bobschema")), SHOWN_TABLES_ACCESS_DENIED_MESSAGE);
}
Also used :
SystemAccessControl(io.trino.spi.security.SystemAccessControl)
CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName)
CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName)
Test(org.testng.annotations.Test)
Example 22 with CatalogSchemaTableName
use of io.trino.spi.connector.CatalogSchemaTableName in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanCreateMaterializedView.
@Test
public void testTableRulesForCheckCanCreateMaterializedView() {
SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
accessControl.checkCanCreateMaterializedView(ADMIN, new CatalogSchemaTableName("some-catalog", "bobschema", "bob-materialized-view"), Map.of());
assertAccessDenied(() -> accessControl.checkCanCreateMaterializedView(BOB, new CatalogSchemaTableName("some-catalog", "bobschema", "bob-materialized-view"), Map.of()), CREATE_MATERIALIZED_VIEW_ACCESS_DENIED_MESSAGE);
}
Also used :
SystemAccessControl(io.trino.spi.security.SystemAccessControl)
CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName)
Test(org.testng.annotations.Test)
Example 23 with CatalogSchemaTableName
use of io.trino.spi.connector.CatalogSchemaTableName in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanInsertIntoTable.
@Test
public void testTableRulesForCheckCanInsertIntoTable() {
SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
accessControl.checkCanInsertIntoTable(BOB, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"));
accessControl.checkCanInsertIntoTable(CHARLIE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"));
assertAccessDenied(() -> accessControl.checkCanInsertIntoTable(ALICE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable")), INSERT_TABLE_ACCESS_DENIED_MESSAGE);
assertAccessDenied(() -> accessControl.checkCanInsertIntoTable(BOB, new CatalogSchemaTableName("some-catalog", "test", "test")), INSERT_TABLE_ACCESS_DENIED_MESSAGE);
}
Also used :
SystemAccessControl(io.trino.spi.security.SystemAccessControl)
CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName)
Test(org.testng.annotations.Test)
Example 24 with CatalogSchemaTableName
use of io.trino.spi.connector.CatalogSchemaTableName in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanDeleteFromTable.
@Test
public void testTableRulesForCheckCanDeleteFromTable() {
SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
accessControl.checkCanDeleteFromTable(ADMIN, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"));
assertAccessDenied(() -> accessControl.checkCanDeleteFromTable(CHARLIE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable")), DELETE_TABLE_ACCESS_DENIED_MESSAGE);
}
Also used :
SystemAccessControl(io.trino.spi.security.SystemAccessControl)
CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName)
Test(org.testng.annotations.Test)
Example 25 with CatalogSchemaTableName
use of io.trino.spi.connector.CatalogSchemaTableName in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testTableRulesForFilterColumns.
@Test
public void testTableRulesForFilterColumns() {
SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
assertEquals(accessControl.filterColumns(ALICE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns"), ImmutableSet.of("private", "a", "restricted", "b")), ImmutableSet.of("private", "a", "restricted", "b"));
assertEquals(accessControl.filterColumns(BOB, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns"), ImmutableSet.of("private", "a", "restricted", "b")), ImmutableSet.of("private", "a", "restricted", "b"));
assertEquals(accessControl.filterColumns(CHARLIE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns"), ImmutableSet.of("private", "a", "restricted", "b")), ImmutableSet.of("a", "b"));
}
Also used :
SystemAccessControl(io.trino.spi.security.SystemAccessControl)
CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName)
Test(org.testng.annotations.Test)
Aggregations
CatalogSchemaTableName (io.trino.spi.connector.CatalogSchemaTableName)68
Test (org.testng.annotations.Test)48
SystemAccessControl (io.trino.spi.security.SystemAccessControl)38
SchemaTableName (io.trino.spi.connector.SchemaTableName)18
Optional (java.util.Optional)13
TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)12
Type (io.trino.spi.type.Type)11
Map (java.util.Map)11
ImmutableList (com.google.common.collect.ImmutableList)9
ImmutableMap (com.google.common.collect.ImmutableMap)9
TrinoException (io.trino.spi.TrinoException)9
List (java.util.List)8
Objects.requireNonNull (java.util.Objects.requireNonNull)8
ImmutableSet (com.google.common.collect.ImmutableSet)7
Session (io.trino.Session)7
Logger (io.airlift.log.Logger)6
ViewExpression (io.trino.spi.security.ViewExpression)6
ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)5
CatalogSchemaName (io.trino.spi.connector.CatalogSchemaName)5
ConnectorMetadata (io.trino.spi.connector.ConnectorMetadata)5
