Examples with CatalogSchemaTableName io.trino.spi.connector.CatalogSchemaTableName used on opensource projects

Search in sources :

Example 41 with CatalogSchemaTableName

use of io.trino.spi.connector.CatalogSchemaTableName in project trino by trinodb.

the class FileBasedSystemAccessControl method filterColumns.

@Override
public Set<String> filterColumns(SystemSecurityContext context, CatalogSchemaTableName tableName, Set<String> columns) {
    if (!checkAnyTablePermission(context, tableName)) {
        return ImmutableSet.of();
    }
    if (INFORMATION_SCHEMA_NAME.equals(tableName.getSchemaTableName().getSchemaName())) {
        return columns;
    }
    Identity identity = context.getIdentity();
    CatalogTableAccessControlRule rule = tableRules.stream().filter(tableRule -> tableRule.matches(identity.getUser(), identity.getEnabledRoles(), identity.getGroups(), tableName)).findFirst().orElse(null);
    if (rule == null || rule.getPrivileges().isEmpty()) {
        return ImmutableSet.of();
    }
    // if user has privileges other than select, show all columns
    if (rule.getPrivileges().stream().anyMatch(privilege -> SELECT != privilege && GRANT_SELECT != privilege)) {
        return columns;
    }
    Set<String> restrictedColumns = rule.getRestrictedColumns();
    return columns.stream().filter(column -> !restrictedColumns.contains(column)).collect(toImmutableSet());
}
Also used : AccessDeniedException.denyReadSystemInformationAccess(io.trino.spi.security.AccessDeniedException.denyReadSystemInformationAccess) AccessDeniedException.denyDropTable(io.trino.spi.security.AccessDeniedException.denyDropTable) AccessDeniedException.denyGrantSchemaPrivilege(io.trino.spi.security.AccessDeniedException.denyGrantSchemaPrivilege) AccessDeniedException.denySetMaterializedViewProperties(io.trino.spi.security.AccessDeniedException.denySetMaterializedViewProperties) Suppliers.memoizeWithExpiration(com.google.common.base.Suppliers.memoizeWithExpiration) AccessDeniedException.denyInsertTable(io.trino.spi.security.AccessDeniedException.denyInsertTable) AccessDeniedException.denyShowCreateTable(io.trino.spi.security.AccessDeniedException.denyShowCreateTable) SystemSecurityContext(io.trino.spi.security.SystemSecurityContext) ALL(io.trino.plugin.base.security.CatalogAccessControlRule.AccessMode.ALL) AccessDeniedException.denySetSystemSessionProperty(io.trino.spi.security.AccessDeniedException.denySetSystemSessionProperty) AccessDeniedException.denyUpdateTableColumns(io.trino.spi.security.AccessDeniedException.denyUpdateTableColumns) Map(java.util.Map) AccessDeniedException.denyCreateTable(io.trino.spi.security.AccessDeniedException.denyCreateTable) AccessDeniedException.denyDeleteTable(io.trino.spi.security.AccessDeniedException.denyDeleteTable) AccessDeniedException.denyRenameSchema(io.trino.spi.security.AccessDeniedException.denyRenameSchema) AccessDeniedException.denyShowColumns(io.trino.spi.security.AccessDeniedException.denyShowColumns) AccessDeniedException.denyRenameMaterializedView(io.trino.spi.security.AccessDeniedException.denyRenameMaterializedView) OWNERSHIP(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.OWNERSHIP) AccessDeniedException.denyDropSchema(io.trino.spi.security.AccessDeniedException.denyDropSchema) Set(java.util.Set) MILLISECONDS(java.util.concurrent.TimeUnit.MILLISECONDS) SchemaTableName(io.trino.spi.connector.SchemaTableName) AccessDeniedException.denyShowCreateSchema(io.trino.spi.security.AccessDeniedException.denyShowCreateSchema) TablePrivilege(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) AccessDeniedException.denyRefreshMaterializedView(io.trino.spi.security.AccessDeniedException.denyRefreshMaterializedView) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) AccessDeniedException.denyCreateRole(io.trino.spi.security.AccessDeniedException.denyCreateRole) Bootstrap(io.airlift.bootstrap.Bootstrap) ConfigBinder.configBinder(io.airlift.configuration.ConfigBinder.configBinder) AccessDeniedException.denyDenySchemaPrivilege(io.trino.spi.security.AccessDeniedException.denyDenySchemaPrivilege) AccessDeniedException.denySetUser(io.trino.spi.security.AccessDeniedException.denySetUser) AccessDeniedException.denyDenyTablePrivilege(io.trino.spi.security.AccessDeniedException.denyDenyTablePrivilege) AccessDeniedException.denyDropColumn(io.trino.spi.security.AccessDeniedException.denyDropColumn) SystemAccessControl(io.trino.spi.security.SystemAccessControl) AccessDeniedException.denySetViewAuthorization(io.trino.spi.security.AccessDeniedException.denySetViewAuthorization) AccessDeniedException.denySetSchemaAuthorization(io.trino.spi.security.AccessDeniedException.denySetSchemaAuthorization) AccessDeniedException.denyDropMaterializedView(io.trino.spi.security.AccessDeniedException.denyDropMaterializedView) Identity(io.trino.spi.security.Identity) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) AccessDeniedException.denyViewQuery(io.trino.spi.security.AccessDeniedException.denyViewQuery) AccessDeniedException.denySelectTable(io.trino.spi.security.AccessDeniedException.denySelectTable) AccessDeniedException.denyCreateView(io.trino.spi.security.AccessDeniedException.denyCreateView) AccessDeniedException.denyCommentTable(io.trino.spi.security.AccessDeniedException.denyCommentTable) READ_ONLY(io.trino.plugin.base.security.CatalogAccessControlRule.AccessMode.READ_ONLY) UPDATE(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.UPDATE) AccessDeniedException.denyRenameColumn(io.trino.spi.security.AccessDeniedException.denyRenameColumn) Paths(java.nio.file.Paths) AccessDeniedException.denyCatalogAccess(io.trino.spi.security.AccessDeniedException.denyCatalogAccess) AccessDeniedException.denyRenameView(io.trino.spi.security.AccessDeniedException.denyRenameView) AccessMode(io.trino.plugin.base.security.CatalogAccessControlRule.AccessMode) EventListener(io.trino.spi.eventlistener.EventListener) AccessDeniedException.denyAddColumn(io.trino.spi.security.AccessDeniedException.denyAddColumn) AccessDeniedException.denySetCatalogSessionProperty(io.trino.spi.security.AccessDeniedException.denySetCatalogSessionProperty) AccessDeniedException.denySetTableProperties(io.trino.spi.security.AccessDeniedException.denySetTableProperties) Duration(io.airlift.units.Duration) AccessDeniedException.denyRevokeTablePrivilege(io.trino.spi.security.AccessDeniedException.denyRevokeTablePrivilege) INSERT(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.INSERT) DELETE(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.DELETE) JsonUtils.parseJson(io.trino.plugin.base.util.JsonUtils.parseJson) AccessDeniedException.denyCreateSchema(io.trino.spi.security.AccessDeniedException.denyCreateSchema) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) CatalogSchemaRoutineName(io.trino.spi.connector.CatalogSchemaRoutineName) AccessDeniedException.denyCreateMaterializedView(io.trino.spi.security.AccessDeniedException.denyCreateMaterializedView) AccessDeniedException.denyDropView(io.trino.spi.security.AccessDeniedException.denyDropView) AccessDeniedException.denyShowSchemas(io.trino.spi.security.AccessDeniedException.denyShowSchemas) ImmutableSet(com.google.common.collect.ImmutableSet) AccessDeniedException.denySetTableAuthorization(io.trino.spi.security.AccessDeniedException.denySetTableAuthorization) Predicate(java.util.function.Predicate) AccessDeniedException.denyTruncateTable(io.trino.spi.security.AccessDeniedException.denyTruncateTable) ViewExpression(io.trino.spi.security.ViewExpression) TrinoException(io.trino.spi.TrinoException) String.format(java.lang.String.format) List(java.util.List) Principal(java.security.Principal) Optional(java.util.Optional) SystemAccessControlFactory(io.trino.spi.security.SystemAccessControlFactory) Pattern(java.util.regex.Pattern) SELECT(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.SELECT) GRANT_SELECT(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.GRANT_SELECT) Logger(io.airlift.log.Logger) AccessDeniedException.denyRevokeSchemaPrivilege(io.trino.spi.security.AccessDeniedException.denyRevokeSchemaPrivilege) AccessDeniedException.denyWriteSystemInformationAccess(io.trino.spi.security.AccessDeniedException.denyWriteSystemInformationAccess) Type(io.trino.spi.type.Type) AccessDeniedException.denyDropRole(io.trino.spi.security.AccessDeniedException.denyDropRole) Function(java.util.function.Function) AccessDeniedException.denyCommentColumn(io.trino.spi.security.AccessDeniedException.denyCommentColumn) AccessDeniedException.denyCreateViewWithSelect(io.trino.spi.security.AccessDeniedException.denyCreateViewWithSelect) CONFIGURATION_INVALID(io.trino.spi.StandardErrorCode.CONFIGURATION_INVALID) ImmutableList(com.google.common.collect.ImmutableList) AccessDeniedException.denyShowTables(io.trino.spi.security.AccessDeniedException.denyShowTables) Objects.requireNonNull(java.util.Objects.requireNonNull) AccessDeniedException.denyRevokeRoles(io.trino.spi.security.AccessDeniedException.denyRevokeRoles) Privilege(io.trino.spi.security.Privilege) AccessDeniedException.denyRenameTable(io.trino.spi.security.AccessDeniedException.denyRenameTable) AccessDeniedException.denyShowRoleAuthorizationDescriptors(io.trino.spi.security.AccessDeniedException.denyShowRoleAuthorizationDescriptors) AccessDeniedException.denyImpersonateUser(io.trino.spi.security.AccessDeniedException.denyImpersonateUser) Injector(com.google.inject.Injector) AccessDeniedException.denyGrantRoles(io.trino.spi.security.AccessDeniedException.denyGrantRoles) SECURITY_REFRESH_PERIOD(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_REFRESH_PERIOD) AccessDeniedException.denyGrantTablePrivilege(io.trino.spi.security.AccessDeniedException.denyGrantTablePrivilege) Identity(io.trino.spi.security.Identity)

Example 42 with CatalogSchemaTableName

use of io.trino.spi.connector.CatalogSchemaTableName in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanSelectFromColumns.

@Test
public void testTableRulesForCheckCanSelectFromColumns() {
    SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
    accessControl.checkCanSelectFromColumns(ALICE, new CatalogSchemaTableName("some-catalog", "test", "test"), ImmutableSet.of());
    accessControl.checkCanSelectFromColumns(ALICE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns"), ImmutableSet.of());
    accessControl.checkCanSelectFromColumns(ALICE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns"), ImmutableSet.of("bobcolumn", "private", "restricted"));
    accessControl.checkCanSelectFromColumns(CHARLIE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns"), ImmutableSet.of());
    accessControl.checkCanSelectFromColumns(CHARLIE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns"), ImmutableSet.of("bobcolumn"));
    assertAccessDenied(() -> accessControl.checkCanSelectFromColumns(CHARLIE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns"), ImmutableSet.of("bobcolumn", "private")), SELECT_TABLE_ACCESS_DENIED_MESSAGE);
    accessControl.checkCanSelectFromColumns(JOE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns"), ImmutableSet.of());
    assertAccessDenied(() -> accessControl.checkCanSelectFromColumns(ADMIN, new CatalogSchemaTableName("secret", "secret", "secret"), ImmutableSet.of()), SELECT_TABLE_ACCESS_DENIED_MESSAGE);
    assertAccessDenied(() -> accessControl.checkCanSelectFromColumns(JOE, new CatalogSchemaTableName("secret", "secret", "secret"), ImmutableSet.of()), SELECT_TABLE_ACCESS_DENIED_MESSAGE);
}
Also used : SystemAccessControl(io.trino.spi.security.SystemAccessControl) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) Test(org.testng.annotations.Test)

Example 43 with CatalogSchemaTableName

use of io.trino.spi.connector.CatalogSchemaTableName in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanRenameColumn.

@Test
public void testTableRulesForCheckCanRenameColumn() {
    SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
    accessControl.checkCanRenameColumn(ADMIN, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"));
    assertAccessDenied(() -> accessControl.checkCanRenameColumn(BOB, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable")), RENAME_COLUMNS_ACCESS_DENIED_MESSAGE);
}
Also used : SystemAccessControl(io.trino.spi.security.SystemAccessControl) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) Test(org.testng.annotations.Test)

Example 44 with CatalogSchemaTableName

use of io.trino.spi.connector.CatalogSchemaTableName in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanSetTableProperties.

@Test
public void testTableRulesForCheckCanSetTableProperties() {
    SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
    accessControl.checkCanSetTableProperties(ADMIN, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"), ImmutableMap.of());
    accessControl.checkCanSetTableProperties(ALICE, new CatalogSchemaTableName("some-catalog", "aliceschema", "alicetable"), ImmutableMap.of());
    assertAccessDenied(() -> accessControl.checkCanSetTableProperties(BOB, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"), ImmutableMap.of()), SET_TABLE_PROPERTIES_ACCESS_DENIED_MESSAGE);
}
Also used : SystemAccessControl(io.trino.spi.security.SystemAccessControl) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) Test(org.testng.annotations.Test)

Example 45 with CatalogSchemaTableName

use of io.trino.spi.connector.CatalogSchemaTableName in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanTruncateTable.

@Test
public void testTableRulesForCheckCanTruncateTable() {
    SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
    accessControl.checkCanTruncateTable(ADMIN, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"));
    assertAccessDenied(() -> accessControl.checkCanTruncateTable(CHARLIE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable")), TRUNCATE_TABLE_ACCESS_DENIED_MESSAGE);
}
Also used : SystemAccessControl(io.trino.spi.security.SystemAccessControl) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) Test(org.testng.annotations.Test)

Aggregations

CatalogSchemaTableName (io.trino.spi.connector.CatalogSchemaTableName)68 Test (org.testng.annotations.Test)48 SystemAccessControl (io.trino.spi.security.SystemAccessControl)38 SchemaTableName (io.trino.spi.connector.SchemaTableName)18 Optional (java.util.Optional)13 TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)12 Type (io.trino.spi.type.Type)11 Map (java.util.Map)11 ImmutableList (com.google.common.collect.ImmutableList)9 ImmutableMap (com.google.common.collect.ImmutableMap)9 TrinoException (io.trino.spi.TrinoException)9 List (java.util.List)8 Objects.requireNonNull (java.util.Objects.requireNonNull)8 ImmutableSet (com.google.common.collect.ImmutableSet)7 Session (io.trino.Session)7 Logger (io.airlift.log.Logger)6 ViewExpression (io.trino.spi.security.ViewExpression)6 ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)5 CatalogSchemaName (io.trino.spi.connector.CatalogSchemaName)5 ConnectorMetadata (io.trino.spi.connector.ConnectorMetadata)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial