Search in sources :

Example 1 with ConnectorAccessControl

use of io.trino.spi.connector.ConnectorAccessControl in project trino by trinodb.

the class InternalHiveConnectorFactory method createConnector.

public static Connector createConnector(String catalogName, Map<String, String> config, ConnectorContext context, Module module, Optional<HiveMetastore> metastore, Optional<CachingDirectoryLister> cachingDirectoryLister) {
    requireNonNull(config, "config is null");
    ClassLoader classLoader = InternalHiveConnectorFactory.class.getClassLoader();
    try (ThreadContextClassLoader ignored = new ThreadContextClassLoader(classLoader)) {
        Bootstrap app = new Bootstrap(new CatalogNameModule(catalogName), new EventModule(), new MBeanModule(), new ConnectorObjectNameGeneratorModule(catalogName, "io.trino.plugin.hive", "trino.plugin.hive"), new JsonModule(), new TypeDeserializerModule(context.getTypeManager()), new HiveModule(), new CachingDirectoryListerModule(cachingDirectoryLister), new HiveHdfsModule(), new HiveS3Module(), new HiveGcsModule(), new HiveAzureModule(), conditionalModule(RubixEnabledConfig.class, RubixEnabledConfig::isCacheEnabled, new RubixModule()), new HiveMetastoreModule(metastore), new HiveSecurityModule(), new HdfsAuthenticationModule(), new HiveProcedureModule(), new MBeanServerModule(), binder -> {
            binder.bind(NodeVersion.class).toInstance(new NodeVersion(context.getNodeManager().getCurrentNode().getVersion()));
            binder.bind(NodeManager.class).toInstance(context.getNodeManager());
            binder.bind(VersionEmbedder.class).toInstance(context.getVersionEmbedder());
            binder.bind(MetadataProvider.class).toInstance(context.getMetadataProvider());
            binder.bind(PageIndexerFactory.class).toInstance(context.getPageIndexerFactory());
            binder.bind(PageSorter.class).toInstance(context.getPageSorter());
        }, binder -> newSetBinder(binder, EventListener.class), binder -> bindSessionPropertiesProvider(binder, HiveSessionProperties.class), module);
        Injector injector = app.doNotInitializeLogging().setRequiredConfigurationProperties(config).initialize();
        LifeCycleManager lifeCycleManager = injector.getInstance(LifeCycleManager.class);
        HiveTransactionManager transactionManager = injector.getInstance(HiveTransactionManager.class);
        ConnectorSplitManager splitManager = injector.getInstance(ConnectorSplitManager.class);
        ConnectorPageSourceProvider connectorPageSource = injector.getInstance(ConnectorPageSourceProvider.class);
        ConnectorPageSinkProvider pageSinkProvider = injector.getInstance(ConnectorPageSinkProvider.class);
        ConnectorNodePartitioningProvider connectorDistributionProvider = injector.getInstance(ConnectorNodePartitioningProvider.class);
        Set<SessionPropertiesProvider> sessionPropertiesProviders = injector.getInstance(Key.get(new TypeLiteral<Set<SessionPropertiesProvider>>() {
        }));
        HiveTableProperties hiveTableProperties = injector.getInstance(HiveTableProperties.class);
        HiveAnalyzeProperties hiveAnalyzeProperties = injector.getInstance(HiveAnalyzeProperties.class);
        HiveMaterializedViewPropertiesProvider hiveMaterializedViewPropertiesProvider = injector.getInstance(HiveMaterializedViewPropertiesProvider.class);
        Set<Procedure> procedures = injector.getInstance(Key.get(new TypeLiteral<Set<Procedure>>() {
        }));
        Set<TableProcedureMetadata> tableProcedures = injector.getInstance(Key.get(new TypeLiteral<Set<TableProcedureMetadata>>() {
        }));
        Set<EventListener> eventListeners = injector.getInstance(Key.get(new TypeLiteral<Set<EventListener>>() {
        })).stream().map(listener -> new ClassLoaderSafeEventListener(listener, classLoader)).collect(toImmutableSet());
        Set<SystemTableProvider> systemTableProviders = injector.getInstance(Key.get(new TypeLiteral<Set<SystemTableProvider>>() {
        }));
        Optional<ConnectorAccessControl> hiveAccessControl = injector.getInstance(Key.get(new TypeLiteral<Optional<ConnectorAccessControl>>() {
        })).map(accessControl -> new SystemTableAwareAccessControl(accessControl, systemTableProviders)).map(accessControl -> new ClassLoaderSafeConnectorAccessControl(accessControl, classLoader));
        return new HiveConnector(lifeCycleManager, transactionManager, new ClassLoaderSafeConnectorSplitManager(splitManager, classLoader), new ClassLoaderSafeConnectorPageSourceProvider(connectorPageSource, classLoader), new ClassLoaderSafeConnectorPageSinkProvider(pageSinkProvider, classLoader), new ClassLoaderSafeNodePartitioningProvider(connectorDistributionProvider, classLoader), procedures, tableProcedures, eventListeners, sessionPropertiesProviders, HiveSchemaProperties.SCHEMA_PROPERTIES, hiveTableProperties.getTableProperties(), hiveAnalyzeProperties.getAnalyzeProperties(), hiveMaterializedViewPropertiesProvider.getMaterializedViewProperties(), hiveAccessControl, injector.getInstance(HiveConfig.class).isSingleStatementWritesOnly(), classLoader);
    }
}
Also used : HiveProcedureModule(io.trino.plugin.hive.procedure.HiveProcedureModule) Module(com.google.inject.Module) HiveAzureModule(io.trino.plugin.hive.azure.HiveAzureModule) ConnectorSplitManager(io.trino.spi.connector.ConnectorSplitManager) MBeanModule(org.weakref.jmx.guice.MBeanModule) NodeManager(io.trino.spi.NodeManager) Key(com.google.inject.Key) TypeDeserializerModule(io.trino.plugin.base.TypeDeserializerModule) ConnectorContext(io.trino.spi.connector.ConnectorContext) MetadataProvider(io.trino.spi.connector.MetadataProvider) ConditionalModule.conditionalModule(io.airlift.configuration.ConditionalModule.conditionalModule) PageSorter(io.trino.spi.PageSorter) Map(java.util.Map) Multibinder.newSetBinder(com.google.inject.multibindings.Multibinder.newSetBinder) ClassLoaderSafeConnectorPageSinkProvider(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSinkProvider) ConnectorNodePartitioningProvider(io.trino.spi.connector.ConnectorNodePartitioningProvider) HiveMetastoreModule(io.trino.plugin.hive.metastore.HiveMetastoreModule) ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) LifeCycleManager(io.airlift.bootstrap.LifeCycleManager) Set(java.util.Set) ThreadContextClassLoader(io.trino.spi.classloader.ThreadContextClassLoader) TableProcedureMetadata(io.trino.spi.connector.TableProcedureMetadata) RubixEnabledConfig(io.trino.plugin.hive.rubix.RubixEnabledConfig) RubixModule(io.trino.plugin.hive.rubix.RubixModule) SystemTableAwareAccessControl(io.trino.plugin.hive.security.SystemTableAwareAccessControl) ClassLoaderSafeConnectorPageSourceProvider(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSourceProvider) HiveGcsModule(io.trino.plugin.hive.gcs.HiveGcsModule) VersionEmbedder(io.trino.spi.VersionEmbedder) Bootstrap(io.airlift.bootstrap.Bootstrap) Optional(java.util.Optional) TypeLiteral(com.google.inject.TypeLiteral) MBeanServerModule(io.trino.plugin.base.jmx.MBeanServerModule) ClassLoaderSafeConnectorAccessControl(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorAccessControl) ClassLoaderSafeConnectorSplitManager(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorSplitManager) ConnectorObjectNameGeneratorModule(io.trino.plugin.base.jmx.ConnectorObjectNameGeneratorModule) EventModule(io.airlift.event.client.EventModule) HiveS3Module(io.trino.plugin.hive.s3.HiveS3Module) SessionPropertiesProvider(io.trino.plugin.base.session.SessionPropertiesProvider) HiveMetastore(io.trino.plugin.hive.metastore.HiveMetastore) Binder(com.google.inject.Binder) Procedure(io.trino.spi.procedure.Procedure) PageIndexerFactory(io.trino.spi.PageIndexerFactory) Objects.requireNonNull(java.util.Objects.requireNonNull) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) HiveSecurityModule(io.trino.plugin.hive.security.HiveSecurityModule) ConnectorPageSourceProvider(io.trino.spi.connector.ConnectorPageSourceProvider) CatalogNameModule(io.trino.plugin.base.CatalogNameModule) Scopes(com.google.inject.Scopes) Injector(com.google.inject.Injector) ClassLoaderSafeNodePartitioningProvider(io.trino.plugin.base.classloader.ClassLoaderSafeNodePartitioningProvider) ClassLoaderSafeEventListener(io.trino.plugin.base.classloader.ClassLoaderSafeEventListener) HdfsAuthenticationModule(io.trino.plugin.hive.authentication.HdfsAuthenticationModule) HiveProcedureModule(io.trino.plugin.hive.procedure.HiveProcedureModule) EventListener(io.trino.spi.eventlistener.EventListener) ConnectorPageSinkProvider(io.trino.spi.connector.ConnectorPageSinkProvider) JsonModule(io.airlift.json.JsonModule) Connector(io.trino.spi.connector.Connector) ClassLoaderSafeEventListener(io.trino.plugin.base.classloader.ClassLoaderSafeEventListener) CatalogNameModule(io.trino.plugin.base.CatalogNameModule) ClassLoaderSafeConnectorPageSourceProvider(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSourceProvider) Injector(com.google.inject.Injector) TableProcedureMetadata(io.trino.spi.connector.TableProcedureMetadata) PageSorter(io.trino.spi.PageSorter) Procedure(io.trino.spi.procedure.Procedure) HiveMetastoreModule(io.trino.plugin.hive.metastore.HiveMetastoreModule) ClassLoaderSafeNodePartitioningProvider(io.trino.plugin.base.classloader.ClassLoaderSafeNodePartitioningProvider) ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) ClassLoaderSafeConnectorAccessControl(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorAccessControl) RubixModule(io.trino.plugin.hive.rubix.RubixModule) ClassLoaderSafeConnectorPageSinkProvider(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSinkProvider) JsonModule(io.airlift.json.JsonModule) PageIndexerFactory(io.trino.spi.PageIndexerFactory) NodeManager(io.trino.spi.NodeManager) LifeCycleManager(io.airlift.bootstrap.LifeCycleManager) ConnectorSplitManager(io.trino.spi.connector.ConnectorSplitManager) ClassLoaderSafeConnectorSplitManager(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorSplitManager) MetadataProvider(io.trino.spi.connector.MetadataProvider) SystemTableAwareAccessControl(io.trino.plugin.hive.security.SystemTableAwareAccessControl) ClassLoaderSafeConnectorAccessControl(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorAccessControl) TypeDeserializerModule(io.trino.plugin.base.TypeDeserializerModule) MBeanModule(org.weakref.jmx.guice.MBeanModule) Set(java.util.Set) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) EventModule(io.airlift.event.client.EventModule) ConnectorObjectNameGeneratorModule(io.trino.plugin.base.jmx.ConnectorObjectNameGeneratorModule) SessionPropertiesProvider(io.trino.plugin.base.session.SessionPropertiesProvider) TypeLiteral(com.google.inject.TypeLiteral) HiveSecurityModule(io.trino.plugin.hive.security.HiveSecurityModule) ThreadContextClassLoader(io.trino.spi.classloader.ThreadContextClassLoader) Bootstrap(io.airlift.bootstrap.Bootstrap) ClassLoaderSafeEventListener(io.trino.plugin.base.classloader.ClassLoaderSafeEventListener) EventListener(io.trino.spi.eventlistener.EventListener) ThreadContextClassLoader(io.trino.spi.classloader.ThreadContextClassLoader) HiveAzureModule(io.trino.plugin.hive.azure.HiveAzureModule) RubixEnabledConfig(io.trino.plugin.hive.rubix.RubixEnabledConfig) VersionEmbedder(io.trino.spi.VersionEmbedder) HdfsAuthenticationModule(io.trino.plugin.hive.authentication.HdfsAuthenticationModule) HiveS3Module(io.trino.plugin.hive.s3.HiveS3Module) ClassLoaderSafeConnectorPageSinkProvider(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSinkProvider) ConnectorPageSinkProvider(io.trino.spi.connector.ConnectorPageSinkProvider) HiveGcsModule(io.trino.plugin.hive.gcs.HiveGcsModule) ClassLoaderSafeConnectorPageSourceProvider(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSourceProvider) ConnectorPageSourceProvider(io.trino.spi.connector.ConnectorPageSourceProvider) MBeanServerModule(io.trino.plugin.base.jmx.MBeanServerModule) ConnectorNodePartitioningProvider(io.trino.spi.connector.ConnectorNodePartitioningProvider) ClassLoaderSafeConnectorSplitManager(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorSplitManager)

Example 2 with ConnectorAccessControl

use of io.trino.spi.connector.ConnectorAccessControl in project trino by trinodb.

the class SyncPartitionMetadataProcedure method doSyncPartitionMetadata.

private void doSyncPartitionMetadata(ConnectorSession session, ConnectorAccessControl accessControl, String schemaName, String tableName, String mode, boolean caseSensitive) {
    SyncMode syncMode = toSyncMode(mode);
    HdfsContext hdfsContext = new HdfsContext(session);
    SemiTransactionalHiveMetastore metastore = hiveMetadataFactory.create(session.getIdentity(), true).getMetastore();
    SchemaTableName schemaTableName = new SchemaTableName(schemaName, tableName);
    Table table = metastore.getTable(schemaName, tableName).orElseThrow(() -> new TableNotFoundException(schemaTableName));
    if (table.getPartitionColumns().isEmpty()) {
        throw new TrinoException(INVALID_PROCEDURE_ARGUMENT, "Table is not partitioned: " + schemaTableName);
    }
    if (syncMode == SyncMode.ADD || syncMode == SyncMode.FULL) {
        accessControl.checkCanInsertIntoTable(null, new SchemaTableName(schemaName, tableName));
    }
    if (syncMode == SyncMode.DROP || syncMode == SyncMode.FULL) {
        accessControl.checkCanDeleteFromTable(null, new SchemaTableName(schemaName, tableName));
    }
    Path tableLocation = new Path(table.getStorage().getLocation());
    Set<String> partitionsToAdd;
    Set<String> partitionsToDrop;
    try {
        FileSystem fileSystem = hdfsEnvironment.getFileSystem(hdfsContext, tableLocation);
        List<String> partitionsInMetastore = metastore.getPartitionNames(schemaName, tableName).orElseThrow(() -> new TableNotFoundException(schemaTableName));
        List<String> partitionsInFileSystem = listDirectory(fileSystem, fileSystem.getFileStatus(tableLocation), table.getPartitionColumns(), table.getPartitionColumns().size(), caseSensitive).stream().map(fileStatus -> fileStatus.getPath().toUri()).map(uri -> tableLocation.toUri().relativize(uri).getPath()).collect(toImmutableList());
        // partitions in file system but not in metastore
        partitionsToAdd = difference(partitionsInFileSystem, partitionsInMetastore);
        // partitions in metastore but not in file system
        partitionsToDrop = difference(partitionsInMetastore, partitionsInFileSystem);
    } catch (IOException e) {
        throw new TrinoException(HIVE_FILESYSTEM_ERROR, e);
    }
    syncPartitions(partitionsToAdd, partitionsToDrop, syncMode, metastore, session, table);
}
Also used : Path(org.apache.hadoop.fs.Path) PartitionStatistics(io.trino.plugin.hive.PartitionStatistics) MethodHandle(java.lang.invoke.MethodHandle) HivePartitionManager.extractPartitionValues(io.trino.plugin.hive.HivePartitionManager.extractPartitionValues) Provider(javax.inject.Provider) TransactionalMetadataFactory(io.trino.plugin.hive.TransactionalMetadataFactory) FileSystem(org.apache.hadoop.fs.FileSystem) MethodHandleUtil.methodHandle(io.trino.spi.block.MethodHandleUtil.methodHandle) BOOLEAN(io.trino.spi.type.BooleanType.BOOLEAN) FileStatus(org.apache.hadoop.fs.FileStatus) Inject(javax.inject.Inject) HashSet(java.util.HashSet) INVALID_PROCEDURE_ARGUMENT(io.trino.spi.StandardErrorCode.INVALID_PROCEDURE_ARGUMENT) VARCHAR(io.trino.spi.type.VarcharType.VARCHAR) TableNotFoundException(io.trino.spi.connector.TableNotFoundException) ImmutableList(com.google.common.collect.ImmutableList) Column(io.trino.plugin.hive.metastore.Column) Procedure(io.trino.spi.procedure.Procedure) SemiTransactionalHiveMetastore(io.trino.plugin.hive.metastore.SemiTransactionalHiveMetastore) Objects.requireNonNull(java.util.Objects.requireNonNull) Path(org.apache.hadoop.fs.Path) PRESTO_QUERY_ID_NAME(io.trino.plugin.hive.HiveMetadata.PRESTO_QUERY_ID_NAME) HIVE_FILESYSTEM_ERROR(io.trino.plugin.hive.HiveErrorCode.HIVE_FILESYSTEM_ERROR) ENGLISH(java.util.Locale.ENGLISH) Argument(io.trino.spi.procedure.Procedure.Argument) HdfsEnvironment(io.trino.plugin.hive.HdfsEnvironment) Table(io.trino.plugin.hive.metastore.Table) ImmutableMap(com.google.common.collect.ImmutableMap) ImmutableList.toImmutableList(com.google.common.collect.ImmutableList.toImmutableList) ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) Set(java.util.Set) TrinoException(io.trino.spi.TrinoException) IOException(java.io.IOException) ConnectorSession(io.trino.spi.connector.ConnectorSession) ThreadContextClassLoader(io.trino.spi.classloader.ThreadContextClassLoader) Sets(com.google.common.collect.Sets) SchemaTableName(io.trino.spi.connector.SchemaTableName) List(java.util.List) HdfsContext(io.trino.plugin.hive.HdfsEnvironment.HdfsContext) Stream(java.util.stream.Stream) Optional(java.util.Optional) TRUE(java.lang.Boolean.TRUE) Partition(io.trino.plugin.hive.metastore.Partition) Table(io.trino.plugin.hive.metastore.Table) SemiTransactionalHiveMetastore(io.trino.plugin.hive.metastore.SemiTransactionalHiveMetastore) IOException(java.io.IOException) SchemaTableName(io.trino.spi.connector.SchemaTableName) TableNotFoundException(io.trino.spi.connector.TableNotFoundException) FileSystem(org.apache.hadoop.fs.FileSystem) TrinoException(io.trino.spi.TrinoException) HdfsContext(io.trino.plugin.hive.HdfsEnvironment.HdfsContext)

Example 3 with ConnectorAccessControl

use of io.trino.spi.connector.ConnectorAccessControl in project trino by trinodb.

the class TestFileBasedAccessControl method testNoTableRules.

@Test
public void testNoTableRules() {
    ConnectorAccessControl accessControl = createAccessControl("no-access.json");
    assertDenied(() -> accessControl.checkCanShowColumns(BOB, new SchemaTableName("bobschema", "bobtable")));
    assertDenied(() -> accessControl.checkCanShowTables(BOB, "bobschema"));
    assertEquals(accessControl.filterColumns(BOB, new SchemaTableName("bobschema", "bobtable"), ImmutableSet.of("a")), ImmutableSet.of());
    Set<SchemaTableName> tables = ImmutableSet.<SchemaTableName>builder().add(new SchemaTableName("restricted", "any")).add(new SchemaTableName("secret", "any")).add(new SchemaTableName("any", "any")).build();
    assertEquals(accessControl.filterTables(ALICE, tables), ImmutableSet.of());
    assertEquals(accessControl.filterTables(BOB, tables), ImmutableSet.of());
}
Also used : ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) SchemaTableName(io.trino.spi.connector.SchemaTableName) Test(org.testng.annotations.Test)

Example 4 with ConnectorAccessControl

use of io.trino.spi.connector.ConnectorAccessControl in project trino by trinodb.

the class TestFileBasedAccessControl method testEmptyFile.

@Test
public void testEmptyFile() {
    ConnectorAccessControl accessControl = createAccessControl("empty.json");
    accessControl.checkCanCreateSchema(UNKNOWN, "unknown");
    accessControl.checkCanDropSchema(UNKNOWN, "unknown");
    accessControl.checkCanRenameSchema(UNKNOWN, "unknown", "new_unknown");
    accessControl.checkCanSetSchemaAuthorization(UNKNOWN, "unknown", new TrinoPrincipal(PrincipalType.ROLE, "some_role"));
    accessControl.checkCanShowCreateSchema(UNKNOWN, "unknown");
    accessControl.checkCanSelectFromColumns(UNKNOWN, new SchemaTableName("unknown", "unknown"), ImmutableSet.of());
    accessControl.checkCanShowColumns(UNKNOWN, new SchemaTableName("unknown", "unknown"));
    accessControl.checkCanInsertIntoTable(UNKNOWN, new SchemaTableName("unknown", "unknown"));
    accessControl.checkCanDeleteFromTable(UNKNOWN, new SchemaTableName("unknown", "unknown"));
    accessControl.checkCanCreateTable(UNKNOWN, new SchemaTableName("unknown", "unknown"), Map.of());
    accessControl.checkCanDropTable(UNKNOWN, new SchemaTableName("unknown", "unknown"));
    accessControl.checkCanTruncateTable(UNKNOWN, new SchemaTableName("unknown", "unknown"));
    accessControl.checkCanRenameTable(UNKNOWN, new SchemaTableName("unknown", "unknown"), new SchemaTableName("unknown", "new_unknown"));
    accessControl.checkCanSetCatalogSessionProperty(UNKNOWN, "anything");
    Set<SchemaTableName> tables = ImmutableSet.<SchemaTableName>builder().add(new SchemaTableName("secret", "any")).add(new SchemaTableName("any", "any")).build();
    assertEquals(accessControl.filterTables(UNKNOWN, tables), tables);
    // permissions management APIs are hard coded to deny
    TrinoPrincipal someUser = new TrinoPrincipal(PrincipalType.USER, "some_user");
    assertDenied(() -> accessControl.checkCanGrantTablePrivilege(ADMIN, Privilege.SELECT, new SchemaTableName("any", "any"), someUser, false));
    assertDenied(() -> accessControl.checkCanDenyTablePrivilege(ADMIN, Privilege.SELECT, new SchemaTableName("any", "any"), someUser));
    assertDenied(() -> accessControl.checkCanRevokeTablePrivilege(ADMIN, Privilege.SELECT, new SchemaTableName("any", "any"), someUser, false));
    assertDenied(() -> accessControl.checkCanCreateRole(ADMIN, "role", Optional.empty()));
    assertDenied(() -> accessControl.checkCanDropRole(ADMIN, "role"));
    assertDenied(() -> accessControl.checkCanGrantRoles(ADMIN, ImmutableSet.of("test"), ImmutableSet.of(someUser), false, Optional.empty()));
    assertDenied(() -> accessControl.checkCanRevokeRoles(ADMIN, ImmutableSet.of("test"), ImmutableSet.of(someUser), false, Optional.empty()));
    assertDenied(() -> accessControl.checkCanSetRole(ADMIN, "role"));
    // showing roles and permissions is hard coded to allow
    accessControl.checkCanShowRoleAuthorizationDescriptors(UNKNOWN);
    accessControl.checkCanShowRoles(UNKNOWN);
    accessControl.checkCanShowCurrentRoles(UNKNOWN);
    accessControl.checkCanShowRoleGrants(UNKNOWN);
}
Also used : ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) SchemaTableName(io.trino.spi.connector.SchemaTableName) Test(org.testng.annotations.Test)

Example 5 with ConnectorAccessControl

use of io.trino.spi.connector.ConnectorAccessControl in project trino by trinodb.

the class TestFileBasedAccessControl method testFilterSchemas.

@Test
public void testFilterSchemas() {
    ConnectorAccessControl accessControl = createAccessControl("visibility.json");
    ImmutableSet<String> allSchemas = ImmutableSet.of("specific-schema", "alice-schema", "bob-schema", "unknown");
    assertEquals(accessControl.filterSchemas(ADMIN, allSchemas), allSchemas);
    assertEquals(accessControl.filterSchemas(ALICE, allSchemas), ImmutableSet.of("specific-schema", "alice-schema"));
    assertEquals(accessControl.filterSchemas(BOB, allSchemas), ImmutableSet.of("specific-schema", "bob-schema"));
    assertEquals(accessControl.filterSchemas(CHARLIE, allSchemas), ImmutableSet.of("specific-schema"));
}
Also used : ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) Test(org.testng.annotations.Test)

Aggregations

ConnectorAccessControl (io.trino.spi.connector.ConnectorAccessControl)16 Test (org.testng.annotations.Test)12 SchemaTableName (io.trino.spi.connector.SchemaTableName)7 TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)5 ThreadContextClassLoader (io.trino.spi.classloader.ThreadContextClassLoader)4 Procedure (io.trino.spi.procedure.Procedure)4 Optional (java.util.Optional)3 Set (java.util.Set)3 ImmutableList (com.google.common.collect.ImmutableList)2 Injector (com.google.inject.Injector)2 Key (com.google.inject.Key)2 Module (com.google.inject.Module)2 TypeLiteral (com.google.inject.TypeLiteral)2 Bootstrap (io.airlift.bootstrap.Bootstrap)2 LifeCycleManager (io.airlift.bootstrap.LifeCycleManager)2 EventModule (io.airlift.event.client.EventModule)2 JsonModule (io.airlift.json.JsonModule)2 ClassLoaderSafeConnectorPageSinkProvider (io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSinkProvider)2 ClassLoaderSafeConnectorPageSourceProvider (io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSourceProvider)2 ClassLoaderSafeConnectorSplitManager (io.trino.plugin.base.classloader.ClassLoaderSafeConnectorSplitManager)2