Examples with ConnectorAccessControl io.trino.spi.connector.ConnectorAccessControl used on opensource projects

Search in sources :

Example 6 with ConnectorAccessControl

use of io.trino.spi.connector.ConnectorAccessControl in project trino by trinodb.

the class TestFileBasedAccessControl method testSessionPropertyRules.

@Test
public void testSessionPropertyRules() {
    ConnectorAccessControl accessControl = createAccessControl("session_property.json");
    accessControl.checkCanSetCatalogSessionProperty(ADMIN, "dangerous");
    accessControl.checkCanSetCatalogSessionProperty(ALICE, "safe");
    accessControl.checkCanSetCatalogSessionProperty(ALICE, "unsafe");
    accessControl.checkCanSetCatalogSessionProperty(ALICE, "staff");
    accessControl.checkCanSetCatalogSessionProperty(BOB, "safe");
    accessControl.checkCanSetCatalogSessionProperty(BOB, "staff");
    assertDenied(() -> accessControl.checkCanSetCatalogSessionProperty(BOB, "unsafe"));
    assertDenied(() -> accessControl.checkCanSetCatalogSessionProperty(ALICE, "dangerous"));
    assertDenied(() -> accessControl.checkCanSetCatalogSessionProperty(CHARLIE, "safe"));
    assertDenied(() -> accessControl.checkCanSetCatalogSessionProperty(CHARLIE, "staff"));
    assertDenied(() -> accessControl.checkCanSetCatalogSessionProperty(JOE, "staff"));
}
Also used : ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) Test(org.testng.annotations.Test)

Example 7 with ConnectorAccessControl

use of io.trino.spi.connector.ConnectorAccessControl in project trino by trinodb.

the class TestFileBasedAccessControl method testTableFilter.

@Test
public void testTableFilter() {
    ConnectorAccessControl accessControl = createAccessControl("table-filter.json");
    Set<SchemaTableName> tables = ImmutableSet.<SchemaTableName>builder().add(new SchemaTableName("restricted", "any")).add(new SchemaTableName("secret", "any")).add(new SchemaTableName("aliceschema", "any")).add(new SchemaTableName("aliceschema", "bobtable")).add(new SchemaTableName("bobschema", "bob_any")).add(new SchemaTableName("bobschema", "any")).add(new SchemaTableName("any", "any")).build();
    assertEquals(accessControl.filterTables(ALICE, tables), ImmutableSet.<SchemaTableName>builder().add(new SchemaTableName("aliceschema", "any")).add(new SchemaTableName("aliceschema", "bobtable")).build());
    assertEquals(accessControl.filterTables(BOB, tables), ImmutableSet.<SchemaTableName>builder().add(new SchemaTableName("aliceschema", "bobtable")).add(new SchemaTableName("bobschema", "bob_any")).build());
    assertEquals(accessControl.filterTables(ADMIN, tables), ImmutableSet.<SchemaTableName>builder().add(new SchemaTableName("secret", "any")).add(new SchemaTableName("aliceschema", "any")).add(new SchemaTableName("aliceschema", "bobtable")).add(new SchemaTableName("bobschema", "bob_any")).add(new SchemaTableName("bobschema", "any")).add(new SchemaTableName("any", "any")).build());
}
Also used : ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) SchemaTableName(io.trino.spi.connector.SchemaTableName) Test(org.testng.annotations.Test)

Example 8 with ConnectorAccessControl

use of io.trino.spi.connector.ConnectorAccessControl in project trino by trinodb.

the class TestFileBasedAccessControl method testSchemaRulesForCheckCanShowTables.

@Test
public void testSchemaRulesForCheckCanShowTables() {
    ConnectorAccessControl accessControl = createAccessControl("visibility.json");
    accessControl.checkCanShowTables(ADMIN, "specific-schema");
    accessControl.checkCanShowTables(ADMIN, "bob-schema");
    accessControl.checkCanShowTables(ADMIN, "alice-schema");
    accessControl.checkCanShowTables(ADMIN, "secret");
    accessControl.checkCanShowTables(ADMIN, "any");
    accessControl.checkCanShowTables(ALICE, "specific-schema");
    accessControl.checkCanShowTables(ALICE, "alice-schema");
    assertDenied(() -> accessControl.checkCanShowTables(ALICE, "bob-schema"));
    assertDenied(() -> accessControl.checkCanShowTables(ALICE, "secret"));
    assertDenied(() -> accessControl.checkCanShowTables(ALICE, "any"));
    accessControl.checkCanShowTables(BOB, "specific-schema");
    accessControl.checkCanShowTables(BOB, "bob-schema");
    assertDenied(() -> accessControl.checkCanShowTables(BOB, "alice-schema"));
    assertDenied(() -> accessControl.checkCanShowTables(BOB, "secret"));
    assertDenied(() -> accessControl.checkCanShowTables(BOB, "any"));
    accessControl.checkCanShowTables(CHARLIE, "specific-schema");
    assertDenied(() -> accessControl.checkCanShowTables(CHARLIE, "bob-schema"));
    assertDenied(() -> accessControl.checkCanShowTables(CHARLIE, "alice-schema"));
    assertDenied(() -> accessControl.checkCanShowTables(CHARLIE, "secret"));
    assertDenied(() -> accessControl.checkCanShowTables(CHARLIE, "any"));
}
Also used : ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) Test(org.testng.annotations.Test)

Example 9 with ConnectorAccessControl

use of io.trino.spi.connector.ConnectorAccessControl in project trino by trinodb.

the class InternalIcebergConnectorFactory method createConnector.

public static Connector createConnector(String catalogName, Map<String, String> config, ConnectorContext context, Module module, Optional<HiveMetastore> metastore, Optional<FileIoProvider> fileIoProvider) {
    ClassLoader classLoader = InternalIcebergConnectorFactory.class.getClassLoader();
    try (ThreadContextClassLoader ignored = new ThreadContextClassLoader(classLoader)) {
        Bootstrap app = new Bootstrap(new EventModule(), new MBeanModule(), new ConnectorObjectNameGeneratorModule(catalogName, "io.trino.plugin.iceberg", "trino.plugin.iceberg"), new JsonModule(), new IcebergModule(), new IcebergSecurityModule(), new IcebergCatalogModule(metastore), new HiveHdfsModule(), new HiveS3Module(), new HiveGcsModule(), new HiveAzureModule(), new HdfsAuthenticationModule(), new MBeanServerModule(), fileIoProvider.<Module>map(provider -> binder -> binder.bind(FileIoProvider.class).toInstance(provider)).orElse(binder -> binder.bind(FileIoProvider.class).to(HdfsFileIoProvider.class).in(SINGLETON)), binder -> {
            binder.bind(NodeVersion.class).toInstance(new NodeVersion(context.getNodeManager().getCurrentNode().getVersion()));
            binder.bind(NodeManager.class).toInstance(context.getNodeManager());
            binder.bind(TypeManager.class).toInstance(context.getTypeManager());
            binder.bind(PageIndexerFactory.class).toInstance(context.getPageIndexerFactory());
            binder.bind(CatalogName.class).toInstance(new CatalogName(catalogName));
        }, module);
        Injector injector = app.doNotInitializeLogging().setRequiredConfigurationProperties(config).initialize();
        LifeCycleManager lifeCycleManager = injector.getInstance(LifeCycleManager.class);
        IcebergTransactionManager transactionManager = injector.getInstance(IcebergTransactionManager.class);
        ConnectorSplitManager splitManager = injector.getInstance(ConnectorSplitManager.class);
        ConnectorPageSourceProvider connectorPageSource = injector.getInstance(ConnectorPageSourceProvider.class);
        ConnectorPageSinkProvider pageSinkProvider = injector.getInstance(ConnectorPageSinkProvider.class);
        ConnectorNodePartitioningProvider connectorDistributionProvider = injector.getInstance(ConnectorNodePartitioningProvider.class);
        Set<SessionPropertiesProvider> sessionPropertiesProviders = injector.getInstance(Key.get(new TypeLiteral<Set<SessionPropertiesProvider>>() {
        }));
        IcebergTableProperties icebergTableProperties = injector.getInstance(IcebergTableProperties.class);
        Set<Procedure> procedures = injector.getInstance(Key.get(new TypeLiteral<Set<Procedure>>() {
        }));
        Set<TableProcedureMetadata> tableProcedures = injector.getInstance(Key.get(new TypeLiteral<Set<TableProcedureMetadata>>() {
        }));
        Optional<ConnectorAccessControl> accessControl = injector.getInstance(Key.get(new TypeLiteral<Optional<ConnectorAccessControl>>() {
        }));
        return new IcebergConnector(lifeCycleManager, transactionManager, new ClassLoaderSafeConnectorSplitManager(splitManager, classLoader), new ClassLoaderSafeConnectorPageSourceProvider(connectorPageSource, classLoader), new ClassLoaderSafeConnectorPageSinkProvider(pageSinkProvider, classLoader), new ClassLoaderSafeNodePartitioningProvider(connectorDistributionProvider, classLoader), sessionPropertiesProviders, IcebergSchemaProperties.SCHEMA_PROPERTIES, icebergTableProperties.getTableProperties(), accessControl, procedures, tableProcedures);
    }
}
Also used : Module(com.google.inject.Module) HiveAzureModule(io.trino.plugin.hive.azure.HiveAzureModule) ConnectorSplitManager(io.trino.spi.connector.ConnectorSplitManager) MBeanModule(org.weakref.jmx.guice.MBeanModule) NodeManager(io.trino.spi.NodeManager) Key(com.google.inject.Key) HiveHdfsModule(io.trino.plugin.hive.HiveHdfsModule) ConnectorContext(io.trino.spi.connector.ConnectorContext) ClassLoaderSafeConnectorSplitManager(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorSplitManager) ConnectorObjectNameGeneratorModule(io.trino.plugin.base.jmx.ConnectorObjectNameGeneratorModule) EventModule(io.airlift.event.client.EventModule) HiveS3Module(io.trino.plugin.hive.s3.HiveS3Module) SINGLETON(com.google.inject.Scopes.SINGLETON) SessionPropertiesProvider(io.trino.plugin.base.session.SessionPropertiesProvider) HiveMetastore(io.trino.plugin.hive.metastore.HiveMetastore) Procedure(io.trino.spi.procedure.Procedure) NodeVersion(io.trino.plugin.hive.NodeVersion) PageIndexerFactory(io.trino.spi.PageIndexerFactory) Map(java.util.Map) ClassLoaderSafeConnectorPageSinkProvider(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSinkProvider) ConnectorNodePartitioningProvider(io.trino.spi.connector.ConnectorNodePartitioningProvider) ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) ConnectorPageSourceProvider(io.trino.spi.connector.ConnectorPageSourceProvider) LifeCycleManager(io.airlift.bootstrap.LifeCycleManager) Set(java.util.Set) CatalogName(io.trino.plugin.base.CatalogName) ThreadContextClassLoader(io.trino.spi.classloader.ThreadContextClassLoader) TableProcedureMetadata(io.trino.spi.connector.TableProcedureMetadata) Injector(com.google.inject.Injector) ClassLoaderSafeNodePartitioningProvider(io.trino.plugin.base.classloader.ClassLoaderSafeNodePartitioningProvider) ClassLoaderSafeConnectorPageSourceProvider(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSourceProvider) HdfsAuthenticationModule(io.trino.plugin.hive.authentication.HdfsAuthenticationModule) HiveGcsModule(io.trino.plugin.hive.gcs.HiveGcsModule) Bootstrap(io.airlift.bootstrap.Bootstrap) Optional(java.util.Optional) TypeLiteral(com.google.inject.TypeLiteral) IcebergCatalogModule(io.trino.plugin.iceberg.catalog.IcebergCatalogModule) TypeManager(io.trino.spi.type.TypeManager) MBeanServerModule(io.trino.plugin.base.jmx.MBeanServerModule) ConnectorPageSinkProvider(io.trino.spi.connector.ConnectorPageSinkProvider) JsonModule(io.airlift.json.JsonModule) Connector(io.trino.spi.connector.Connector) MBeanModule(org.weakref.jmx.guice.MBeanModule) IcebergCatalogModule(io.trino.plugin.iceberg.catalog.IcebergCatalogModule) EventModule(io.airlift.event.client.EventModule) ConnectorObjectNameGeneratorModule(io.trino.plugin.base.jmx.ConnectorObjectNameGeneratorModule) SessionPropertiesProvider(io.trino.plugin.base.session.SessionPropertiesProvider) NodeVersion(io.trino.plugin.hive.NodeVersion) ClassLoaderSafeConnectorPageSourceProvider(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSourceProvider) TypeLiteral(com.google.inject.TypeLiteral) Injector(com.google.inject.Injector) TableProcedureMetadata(io.trino.spi.connector.TableProcedureMetadata) ThreadContextClassLoader(io.trino.spi.classloader.ThreadContextClassLoader) Bootstrap(io.airlift.bootstrap.Bootstrap) Procedure(io.trino.spi.procedure.Procedure) ThreadContextClassLoader(io.trino.spi.classloader.ThreadContextClassLoader) ClassLoaderSafeNodePartitioningProvider(io.trino.plugin.base.classloader.ClassLoaderSafeNodePartitioningProvider) ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) HiveAzureModule(io.trino.plugin.hive.azure.HiveAzureModule) ClassLoaderSafeConnectorPageSinkProvider(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSinkProvider) HdfsAuthenticationModule(io.trino.plugin.hive.authentication.HdfsAuthenticationModule) JsonModule(io.airlift.json.JsonModule) PageIndexerFactory(io.trino.spi.PageIndexerFactory) HiveS3Module(io.trino.plugin.hive.s3.HiveS3Module) NodeManager(io.trino.spi.NodeManager) LifeCycleManager(io.airlift.bootstrap.LifeCycleManager) ClassLoaderSafeConnectorPageSinkProvider(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSinkProvider) ConnectorPageSinkProvider(io.trino.spi.connector.ConnectorPageSinkProvider) HiveGcsModule(io.trino.plugin.hive.gcs.HiveGcsModule) ConnectorSplitManager(io.trino.spi.connector.ConnectorSplitManager) ClassLoaderSafeConnectorSplitManager(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorSplitManager) ConnectorPageSourceProvider(io.trino.spi.connector.ConnectorPageSourceProvider) ClassLoaderSafeConnectorPageSourceProvider(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSourceProvider) HiveHdfsModule(io.trino.plugin.hive.HiveHdfsModule) MBeanServerModule(io.trino.plugin.base.jmx.MBeanServerModule) ConnectorNodePartitioningProvider(io.trino.spi.connector.ConnectorNodePartitioningProvider) ClassLoaderSafeConnectorSplitManager(io.trino.plugin.base.classloader.ClassLoaderSafeConnectorSplitManager) TypeManager(io.trino.spi.type.TypeManager) CatalogName(io.trino.plugin.base.CatalogName) Module(com.google.inject.Module) HiveAzureModule(io.trino.plugin.hive.azure.HiveAzureModule) MBeanModule(org.weakref.jmx.guice.MBeanModule) HiveHdfsModule(io.trino.plugin.hive.HiveHdfsModule) ConnectorObjectNameGeneratorModule(io.trino.plugin.base.jmx.ConnectorObjectNameGeneratorModule) EventModule(io.airlift.event.client.EventModule) HiveS3Module(io.trino.plugin.hive.s3.HiveS3Module) HdfsAuthenticationModule(io.trino.plugin.hive.authentication.HdfsAuthenticationModule) HiveGcsModule(io.trino.plugin.hive.gcs.HiveGcsModule) IcebergCatalogModule(io.trino.plugin.iceberg.catalog.IcebergCatalogModule) MBeanServerModule(io.trino.plugin.base.jmx.MBeanServerModule) JsonModule(io.airlift.json.JsonModule)

Example 10 with ConnectorAccessControl

use of io.trino.spi.connector.ConnectorAccessControl in project trino by trinodb.

the class TestAccessControlManager method testColumnMaskOrdering.

@Test
public void testColumnMaskOrdering() {
    try (LocalQueryRunner queryRunner = LocalQueryRunner.create(TEST_SESSION)) {
        TransactionManager transactionManager = queryRunner.getTransactionManager();
        AccessControlManager accessControlManager = createAccessControlManager(transactionManager);
        accessControlManager.addSystemAccessControlFactory(new SystemAccessControlFactory() {

            @Override
            public String getName() {
                return "test";
            }

            @Override
            public SystemAccessControl create(Map<String, String> config) {
                return new SystemAccessControl() {

                    @Override
                    public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String column, Type type) {
                        return Optional.of(new ViewExpression("user", Optional.empty(), Optional.empty(), "system mask"));
                    }

                    @Override
                    public void checkCanSetSystemSessionProperty(SystemSecurityContext context, String propertyName) {
                    }
                };
            }
        });
        accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
        queryRunner.createCatalog("catalog", MockConnectorFactory.create(), ImmutableMap.of());
        accessControlManager.addCatalogAccessControl(new CatalogName("catalog"), new ConnectorAccessControl() {

            @Override
            public Optional<ViewExpression> getColumnMask(ConnectorSecurityContext context, SchemaTableName tableName, String column, Type type) {
                return Optional.of(new ViewExpression("user", Optional.empty(), Optional.empty(), "connector mask"));
            }

            @Override
            public void checkCanShowCreateTable(ConnectorSecurityContext context, SchemaTableName tableName) {
            }
        });
        transaction(transactionManager, accessControlManager).execute(transactionId -> {
            List<ViewExpression> masks = accessControlManager.getColumnMasks(context(transactionId), new QualifiedObjectName("catalog", "schema", "table"), "column", BIGINT);
            assertEquals(masks.get(0).getExpression(), "connector mask");
            assertEquals(masks.get(1).getExpression(), "system mask");
        });
    }
}
Also used : Optional(java.util.Optional) ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) ReadOnlySystemAccessControl(io.trino.plugin.base.security.ReadOnlySystemAccessControl) SystemAccessControl(io.trino.spi.security.SystemAccessControl) DefaultSystemAccessControl(io.trino.plugin.base.security.DefaultSystemAccessControl) AllowAllSystemAccessControl(io.trino.plugin.base.security.AllowAllSystemAccessControl) ConnectorSecurityContext(io.trino.spi.connector.ConnectorSecurityContext) SchemaTableName(io.trino.spi.connector.SchemaTableName) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) LocalQueryRunner(io.trino.testing.LocalQueryRunner) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) ViewExpression(io.trino.spi.security.ViewExpression) SystemAccessControlFactory(io.trino.spi.security.SystemAccessControlFactory) SystemSecurityContext(io.trino.spi.security.SystemSecurityContext) Type(io.trino.spi.type.Type) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) CatalogName(io.trino.connector.CatalogName) Test(org.testng.annotations.Test)

Aggregations

ConnectorAccessControl (io.trino.spi.connector.ConnectorAccessControl)16 Test (org.testng.annotations.Test)12 SchemaTableName (io.trino.spi.connector.SchemaTableName)7 TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)5 ThreadContextClassLoader (io.trino.spi.classloader.ThreadContextClassLoader)4 Procedure (io.trino.spi.procedure.Procedure)4 Optional (java.util.Optional)3 Set (java.util.Set)3 ImmutableList (com.google.common.collect.ImmutableList)2 Injector (com.google.inject.Injector)2 Key (com.google.inject.Key)2 Module (com.google.inject.Module)2 TypeLiteral (com.google.inject.TypeLiteral)2 Bootstrap (io.airlift.bootstrap.Bootstrap)2 LifeCycleManager (io.airlift.bootstrap.LifeCycleManager)2 EventModule (io.airlift.event.client.EventModule)2 JsonModule (io.airlift.json.JsonModule)2 ClassLoaderSafeConnectorPageSinkProvider (io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSinkProvider)2 ClassLoaderSafeConnectorPageSourceProvider (io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSourceProvider)2 ClassLoaderSafeConnectorSplitManager (io.trino.plugin.base.classloader.ClassLoaderSafeConnectorSplitManager)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial