Examples with ConnectorAccessControl io.trino.spi.connector.ConnectorAccessControl used on opensource projects

Search in sources :

Example 11 with ConnectorAccessControl

use of io.trino.spi.connector.ConnectorAccessControl in project trino by trinodb.

the class DropStatsProcedure method doDropStats.

private void doDropStats(ConnectorSession session, ConnectorAccessControl accessControl, String schema, String table, List<?> partitionValues) {
    TransactionalMetadata hiveMetadata = hiveMetadataFactory.create(session.getIdentity(), true);
    HiveTableHandle handle = (HiveTableHandle) hiveMetadata.getTableHandle(session, new SchemaTableName(schema, table));
    if (handle == null) {
        throw new TrinoException(INVALID_PROCEDURE_ARGUMENT, format("Table '%s' does not exist", new SchemaTableName(schema, table)));
    }
    accessControl.checkCanInsertIntoTable(null, new SchemaTableName(schema, table));
    Map<String, ColumnHandle> columns = hiveMetadata.getColumnHandles(session, handle);
    List<String> partitionColumns = columns.values().stream().map(HiveColumnHandle.class::cast).filter(HiveColumnHandle::isPartitionKey).map(HiveColumnHandle::getName).collect(toImmutableList());
    HiveMetastoreClosure metastore = hiveMetadata.getMetastore().unsafeGetRawHiveMetastoreClosure();
    if (partitionValues != null) {
        // drop stats for specified partitions
        List<List<String>> partitionStringValues = partitionValues.stream().map(DropStatsProcedure::validateParameterType).collect(toImmutableList());
        validatePartitions(partitionStringValues, partitionColumns);
        partitionStringValues.forEach(values -> metastore.updatePartitionStatistics(schema, table, makePartName(partitionColumns, values), stats -> PartitionStatistics.empty()));
    } else {
        // no partition specified, so drop stats for the entire table
        if (partitionColumns.isEmpty()) {
            // for non-partitioned tables, just wipe table stats
            metastore.updateTableStatistics(schema, table, NO_ACID_TRANSACTION, stats -> PartitionStatistics.empty());
        } else {
            // the table is partitioned; remove stats for every partition
            metastore.getPartitionNamesByFilter(handle.getSchemaName(), handle.getTableName(), partitionColumns, TupleDomain.all()).ifPresent(partitions -> partitions.forEach(partitionName -> metastore.updatePartitionStatistics(schema, table, partitionName, stats -> PartitionStatistics.empty())));
        }
    }
    hiveMetadata.commit();
}
Also used : PartitionStatistics(io.trino.plugin.hive.PartitionStatistics) MethodHandle(java.lang.invoke.MethodHandle) Provider(javax.inject.Provider) TransactionalMetadataFactory(io.trino.plugin.hive.TransactionalMetadataFactory) MethodHandleUtil.methodHandle(io.trino.spi.block.MethodHandleUtil.methodHandle) NO_ACID_TRANSACTION(io.trino.plugin.hive.acid.AcidTransaction.NO_ACID_TRANSACTION) Inject(javax.inject.Inject) INVALID_PROCEDURE_ARGUMENT(io.trino.spi.StandardErrorCode.INVALID_PROCEDURE_ARGUMENT) VARCHAR(io.trino.spi.type.VarcharType.VARCHAR) ImmutableList(com.google.common.collect.ImmutableList) Procedure(io.trino.spi.procedure.Procedure) HiveTableHandle(io.trino.plugin.hive.HiveTableHandle) TransactionalMetadata(io.trino.plugin.hive.TransactionalMetadata) Map(java.util.Map) Objects.requireNonNull(java.util.Objects.requireNonNull) ColumnHandle(io.trino.spi.connector.ColumnHandle) HiveColumnHandle(io.trino.plugin.hive.HiveColumnHandle) Argument(io.trino.spi.procedure.Procedure.Argument) FileUtils.makePartName(org.apache.hadoop.hive.metastore.utils.FileUtils.makePartName) ImmutableList.toImmutableList(com.google.common.collect.ImmutableList.toImmutableList) ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) TrinoException(io.trino.spi.TrinoException) ArrayType(io.trino.spi.type.ArrayType) ConnectorSession(io.trino.spi.connector.ConnectorSession) TupleDomain(io.trino.spi.predicate.TupleDomain) ThreadContextClassLoader(io.trino.spi.classloader.ThreadContextClassLoader) SchemaTableName(io.trino.spi.connector.SchemaTableName) String.format(java.lang.String.format) List(java.util.List) HiveMetastoreClosure(io.trino.plugin.hive.HiveMetastoreClosure) ColumnHandle(io.trino.spi.connector.ColumnHandle) HiveColumnHandle(io.trino.plugin.hive.HiveColumnHandle) TransactionalMetadata(io.trino.plugin.hive.TransactionalMetadata) SchemaTableName(io.trino.spi.connector.SchemaTableName) HiveTableHandle(io.trino.plugin.hive.HiveTableHandle) TrinoException(io.trino.spi.TrinoException) ImmutableList(com.google.common.collect.ImmutableList) ImmutableList.toImmutableList(com.google.common.collect.ImmutableList.toImmutableList) List(java.util.List) HiveMetastoreClosure(io.trino.plugin.hive.HiveMetastoreClosure) HiveColumnHandle(io.trino.plugin.hive.HiveColumnHandle)

Example 12 with ConnectorAccessControl

use of io.trino.spi.connector.ConnectorAccessControl in project trino by trinodb.

the class TestFileBasedAccessControl method testSchemaRules.

@Test
public void testSchemaRules() {
    ConnectorAccessControl accessControl = createAccessControl("schema.json");
    accessControl.checkCanCreateSchema(ADMIN, "bob");
    accessControl.checkCanCreateSchema(ADMIN, "staff");
    accessControl.checkCanCreateSchema(ADMIN, "authenticated");
    accessControl.checkCanCreateSchema(ADMIN, "test");
    accessControl.checkCanCreateSchema(BOB, "bob");
    accessControl.checkCanCreateSchema(BOB, "staff");
    accessControl.checkCanCreateSchema(BOB, "authenticated");
    assertDenied(() -> accessControl.checkCanCreateSchema(BOB, "test"));
    assertDenied(() -> accessControl.checkCanCreateSchema(CHARLIE, "bob"));
    assertDenied(() -> accessControl.checkCanCreateSchema(CHARLIE, "staff"));
    accessControl.checkCanCreateSchema(CHARLIE, "authenticated");
    assertDenied(() -> accessControl.checkCanCreateSchema(CHARLIE, "test"));
    accessControl.checkCanDropSchema(ADMIN, "bob");
    accessControl.checkCanDropSchema(ADMIN, "staff");
    accessControl.checkCanDropSchema(ADMIN, "authenticated");
    accessControl.checkCanDropSchema(ADMIN, "test");
    accessControl.checkCanDropSchema(BOB, "bob");
    accessControl.checkCanDropSchema(BOB, "staff");
    accessControl.checkCanDropSchema(BOB, "authenticated");
    assertDenied(() -> accessControl.checkCanDropSchema(BOB, "test"));
    assertDenied(() -> accessControl.checkCanDropSchema(CHARLIE, "bob"));
    assertDenied(() -> accessControl.checkCanDropSchema(CHARLIE, "staff"));
    accessControl.checkCanDropSchema(CHARLIE, "authenticated");
    assertDenied(() -> accessControl.checkCanDropSchema(CHARLIE, "test"));
    accessControl.checkCanRenameSchema(ADMIN, "bob", "new_schema");
    accessControl.checkCanRenameSchema(ADMIN, "staff", "new_schema");
    accessControl.checkCanRenameSchema(ADMIN, "authenticated", "new_schema");
    accessControl.checkCanRenameSchema(ADMIN, "test", "new_schema");
    accessControl.checkCanRenameSchema(BOB, "bob", "staff");
    accessControl.checkCanRenameSchema(BOB, "staff", "authenticated");
    accessControl.checkCanRenameSchema(BOB, "authenticated", "bob");
    assertDenied(() -> accessControl.checkCanRenameSchema(BOB, "test", "bob"));
    assertDenied(() -> accessControl.checkCanRenameSchema(BOB, "bob", "test"));
    assertDenied(() -> accessControl.checkCanRenameSchema(CHARLIE, "bob", "new_schema"));
    assertDenied(() -> accessControl.checkCanRenameSchema(CHARLIE, "staff", "new_schema"));
    accessControl.checkCanRenameSchema(CHARLIE, "authenticated", "authenticated");
    assertDenied(() -> accessControl.checkCanRenameSchema(CHARLIE, "test", "new_schema"));
    accessControl.checkCanSetSchemaAuthorization(ADMIN, "test", new TrinoPrincipal(PrincipalType.ROLE, "some_role"));
    accessControl.checkCanSetSchemaAuthorization(ADMIN, "test", new TrinoPrincipal(PrincipalType.USER, "some_user"));
    accessControl.checkCanSetSchemaAuthorization(BOB, "bob", new TrinoPrincipal(PrincipalType.ROLE, "some_role"));
    accessControl.checkCanSetSchemaAuthorization(BOB, "bob", new TrinoPrincipal(PrincipalType.USER, "some_user"));
    assertDenied(() -> accessControl.checkCanSetSchemaAuthorization(BOB, "test", new TrinoPrincipal(PrincipalType.ROLE, "some_role")));
    assertDenied(() -> accessControl.checkCanSetSchemaAuthorization(BOB, "test", new TrinoPrincipal(PrincipalType.USER, "some_user")));
    accessControl.checkCanShowCreateSchema(ADMIN, "bob");
    accessControl.checkCanShowCreateSchema(ADMIN, "staff");
    accessControl.checkCanShowCreateSchema(ADMIN, "authenticated");
    accessControl.checkCanShowCreateSchema(ADMIN, "test");
    accessControl.checkCanShowCreateSchema(BOB, "bob");
    accessControl.checkCanShowCreateSchema(BOB, "staff");
    accessControl.checkCanShowCreateSchema(BOB, "authenticated");
    assertDenied(() -> accessControl.checkCanShowCreateSchema(BOB, "test"));
    assertDenied(() -> accessControl.checkCanShowCreateSchema(CHARLIE, "bob"));
    assertDenied(() -> accessControl.checkCanShowCreateSchema(CHARLIE, "staff"));
    accessControl.checkCanShowCreateSchema(CHARLIE, "authenticated");
    assertDenied(() -> accessControl.checkCanShowCreateSchema(CHARLIE, "test"));
}
Also used : ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Test(org.testng.annotations.Test)

Example 13 with ConnectorAccessControl

use of io.trino.spi.connector.ConnectorAccessControl in project trino by trinodb.

the class TestFileBasedAccessControl method testRevokeSchemaPrivilege.

@Test(dataProvider = "privilegeGrantOption")
public void testRevokeSchemaPrivilege(Privilege privilege, boolean grantOption) {
    ConnectorAccessControl accessControl = createAccessControl("schema.json");
    TrinoPrincipal grantee = new TrinoPrincipal(PrincipalType.USER, "alice");
    accessControl.checkCanRevokeSchemaPrivilege(ADMIN, privilege, "bob", grantee, grantOption);
    accessControl.checkCanRevokeSchemaPrivilege(ADMIN, privilege, "staff", grantee, grantOption);
    accessControl.checkCanRevokeSchemaPrivilege(ADMIN, privilege, "authenticated", grantee, grantOption);
    accessControl.checkCanRevokeSchemaPrivilege(ADMIN, privilege, "test", grantee, grantOption);
    accessControl.checkCanRevokeSchemaPrivilege(BOB, privilege, "bob", grantee, grantOption);
    accessControl.checkCanRevokeSchemaPrivilege(BOB, privilege, "staff", grantee, grantOption);
    accessControl.checkCanRevokeSchemaPrivilege(BOB, privilege, "authenticated", grantee, grantOption);
    assertDenied(() -> accessControl.checkCanRevokeSchemaPrivilege(BOB, privilege, "test", grantee, grantOption));
    assertDenied(() -> accessControl.checkCanRevokeSchemaPrivilege(CHARLIE, privilege, "bob", grantee, grantOption));
    assertDenied(() -> accessControl.checkCanRevokeSchemaPrivilege(CHARLIE, privilege, "staff", grantee, grantOption));
    accessControl.checkCanRevokeSchemaPrivilege(CHARLIE, privilege, "authenticated", grantee, grantOption);
    assertDenied(() -> accessControl.checkCanRevokeSchemaPrivilege(CHARLIE, privilege, "test", grantee, grantOption));
}
Also used : ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Test(org.testng.annotations.Test)

Example 14 with ConnectorAccessControl

use of io.trino.spi.connector.ConnectorAccessControl in project trino by trinodb.

the class TestFileBasedAccessControl method testDenySchemaPrivilege.

@Test
public void testDenySchemaPrivilege() {
    ConnectorAccessControl accessControl = createAccessControl("schema.json");
    TrinoPrincipal grantee = new TrinoPrincipal(PrincipalType.USER, "alice");
    accessControl.checkCanDenySchemaPrivilege(ADMIN, UPDATE, "bob", grantee);
    accessControl.checkCanDenySchemaPrivilege(ADMIN, UPDATE, "staff", grantee);
    accessControl.checkCanDenySchemaPrivilege(ADMIN, UPDATE, "authenticated", grantee);
    accessControl.checkCanDenySchemaPrivilege(ADMIN, UPDATE, "test", grantee);
    accessControl.checkCanDenySchemaPrivilege(BOB, UPDATE, "bob", grantee);
    accessControl.checkCanDenySchemaPrivilege(BOB, UPDATE, "staff", grantee);
    accessControl.checkCanDenySchemaPrivilege(BOB, UPDATE, "authenticated", grantee);
    assertDenied(() -> accessControl.checkCanDenySchemaPrivilege(BOB, UPDATE, "test", grantee));
    assertDenied(() -> accessControl.checkCanDenySchemaPrivilege(CHARLIE, UPDATE, "bob", grantee));
    assertDenied(() -> accessControl.checkCanDenySchemaPrivilege(CHARLIE, UPDATE, "staff", grantee));
    accessControl.checkCanDenySchemaPrivilege(CHARLIE, UPDATE, "authenticated", grantee);
    assertDenied(() -> accessControl.checkCanDenySchemaPrivilege(CHARLIE, UPDATE, "test", grantee));
}
Also used : ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Test(org.testng.annotations.Test)

Example 15 with ConnectorAccessControl

use of io.trino.spi.connector.ConnectorAccessControl in project trino by trinodb.

the class TestFileBasedAccessControl method testGrantSchemaPrivilege.

@Test(dataProvider = "privilegeGrantOption")
public void testGrantSchemaPrivilege(Privilege privilege, boolean grantOption) {
    ConnectorAccessControl accessControl = createAccessControl("schema.json");
    TrinoPrincipal grantee = new TrinoPrincipal(PrincipalType.USER, "alice");
    accessControl.checkCanGrantSchemaPrivilege(ADMIN, privilege, "bob", grantee, grantOption);
    accessControl.checkCanGrantSchemaPrivilege(ADMIN, privilege, "staff", grantee, grantOption);
    accessControl.checkCanGrantSchemaPrivilege(ADMIN, privilege, "authenticated", grantee, grantOption);
    accessControl.checkCanGrantSchemaPrivilege(ADMIN, privilege, "test", grantee, grantOption);
    accessControl.checkCanGrantSchemaPrivilege(BOB, privilege, "bob", grantee, grantOption);
    accessControl.checkCanGrantSchemaPrivilege(BOB, privilege, "staff", grantee, grantOption);
    accessControl.checkCanGrantSchemaPrivilege(BOB, privilege, "authenticated", grantee, grantOption);
    assertDenied(() -> accessControl.checkCanGrantSchemaPrivilege(BOB, privilege, "test", grantee, grantOption));
    assertDenied(() -> accessControl.checkCanGrantSchemaPrivilege(CHARLIE, privilege, "bob", grantee, grantOption));
    assertDenied(() -> accessControl.checkCanGrantSchemaPrivilege(CHARLIE, privilege, "staff", grantee, grantOption));
    accessControl.checkCanGrantSchemaPrivilege(CHARLIE, privilege, "authenticated", grantee, grantOption);
    assertDenied(() -> accessControl.checkCanGrantSchemaPrivilege(CHARLIE, privilege, "test", grantee, grantOption));
}
Also used : ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Test(org.testng.annotations.Test)

Aggregations

ConnectorAccessControl (io.trino.spi.connector.ConnectorAccessControl)16 Test (org.testng.annotations.Test)12 SchemaTableName (io.trino.spi.connector.SchemaTableName)7 TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)5 ThreadContextClassLoader (io.trino.spi.classloader.ThreadContextClassLoader)4 Procedure (io.trino.spi.procedure.Procedure)4 Optional (java.util.Optional)3 Set (java.util.Set)3 ImmutableList (com.google.common.collect.ImmutableList)2 Injector (com.google.inject.Injector)2 Key (com.google.inject.Key)2 Module (com.google.inject.Module)2 TypeLiteral (com.google.inject.TypeLiteral)2 Bootstrap (io.airlift.bootstrap.Bootstrap)2 LifeCycleManager (io.airlift.bootstrap.LifeCycleManager)2 EventModule (io.airlift.event.client.EventModule)2 JsonModule (io.airlift.json.JsonModule)2 ClassLoaderSafeConnectorPageSinkProvider (io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSinkProvider)2 ClassLoaderSafeConnectorPageSourceProvider (io.trino.plugin.base.classloader.ClassLoaderSafeConnectorPageSourceProvider)2 ClassLoaderSafeConnectorSplitManager (io.trino.plugin.base.classloader.ClassLoaderSafeConnectorSplitManager)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial