Search in sources :

Example 1 with ConnectorIdentity

use of io.trino.spi.security.ConnectorIdentity in project trino by trinodb.

the class OrcPageSourceFactory method createOrcPageSource.

private ConnectorPageSource createOrcPageSource(HdfsEnvironment hdfsEnvironment, ConnectorIdentity identity, Configuration configuration, Path path, long start, long length, long estimatedFileSize, List<HiveColumnHandle> columns, List<HiveColumnHandle> projections, boolean useOrcColumnNames, boolean isFullAcid, TupleDomain<HiveColumnHandle> effectivePredicate, DateTimeZone legacyFileTimeZone, OrcReaderOptions options, Optional<AcidInfo> acidInfo, OptionalInt bucketNumber, boolean originalFile, AcidTransaction transaction, FileFormatDataSourceStats stats) {
    for (HiveColumnHandle column : columns) {
        checkArgument(column.getColumnType() == REGULAR, "column type must be regular: %s", column);
    }
    checkArgument(!effectivePredicate.isNone());
    OrcDataSource orcDataSource;
    boolean originalFilesPresent = acidInfo.isPresent() && !acidInfo.get().getOriginalFiles().isEmpty();
    try {
        FileSystem fileSystem = hdfsEnvironment.getFileSystem(identity, path, configuration);
        FSDataInputStream inputStream = hdfsEnvironment.doAs(identity, () -> fileSystem.open(path));
        orcDataSource = new HdfsOrcDataSource(new OrcDataSourceId(path.toString()), estimatedFileSize, options, inputStream, stats);
    } catch (Exception e) {
        if (nullToEmpty(e.getMessage()).trim().equals("Filesystem closed") || e instanceof FileNotFoundException) {
            throw new TrinoException(HIVE_CANNOT_OPEN_SPLIT, e);
        }
        throw new TrinoException(HIVE_CANNOT_OPEN_SPLIT, splitError(e, path, start, length), e);
    }
    AggregatedMemoryContext memoryUsage = newSimpleAggregatedMemoryContext();
    try {
        Optional<OrcReader> optionalOrcReader = OrcReader.createOrcReader(orcDataSource, options);
        if (optionalOrcReader.isEmpty()) {
            return new EmptyPageSource();
        }
        OrcReader reader = optionalOrcReader.get();
        if (!originalFile && acidInfo.isPresent() && !acidInfo.get().isOrcAcidVersionValidated()) {
            validateOrcAcidVersion(path, reader);
        }
        List<OrcColumn> fileColumns = reader.getRootColumn().getNestedColumns();
        int actualColumnCount = columns.size() + (isFullAcid ? 3 : 0);
        List<OrcColumn> fileReadColumns = new ArrayList<>(actualColumnCount);
        List<Type> fileReadTypes = new ArrayList<>(actualColumnCount);
        List<OrcReader.ProjectedLayout> fileReadLayouts = new ArrayList<>(actualColumnCount);
        if (isFullAcid && !originalFilesPresent) {
            verifyAcidSchema(reader, path);
            Map<String, OrcColumn> acidColumnsByName = uniqueIndex(fileColumns, orcColumn -> orcColumn.getColumnName().toLowerCase(ENGLISH));
            fileColumns = ensureColumnNameConsistency(acidColumnsByName.get(AcidSchema.ACID_COLUMN_ROW_STRUCT.toLowerCase(ENGLISH)).getNestedColumns(), columns);
            fileReadColumns.add(acidColumnsByName.get(AcidSchema.ACID_COLUMN_ORIGINAL_TRANSACTION.toLowerCase(ENGLISH)));
            fileReadTypes.add(BIGINT);
            fileReadLayouts.add(fullyProjectedLayout());
            fileReadColumns.add(acidColumnsByName.get(AcidSchema.ACID_COLUMN_BUCKET.toLowerCase(ENGLISH)));
            fileReadTypes.add(INTEGER);
            fileReadLayouts.add(fullyProjectedLayout());
            fileReadColumns.add(acidColumnsByName.get(AcidSchema.ACID_COLUMN_ROW_ID.toLowerCase(ENGLISH)));
            fileReadTypes.add(BIGINT);
            fileReadLayouts.add(fullyProjectedLayout());
        }
        Map<String, OrcColumn> fileColumnsByName = ImmutableMap.of();
        if (useOrcColumnNames || isFullAcid) {
            verifyFileHasColumnNames(fileColumns, path);
            // Convert column names read from ORC files to lower case to be consistent with those stored in Hive Metastore
            fileColumnsByName = uniqueIndex(fileColumns, orcColumn -> orcColumn.getColumnName().toLowerCase(ENGLISH));
        }
        Map<String, List<List<String>>> projectionsByColumnName = ImmutableMap.of();
        Map<Integer, List<List<String>>> projectionsByColumnIndex = ImmutableMap.of();
        if (useOrcColumnNames || isFullAcid) {
            projectionsByColumnName = projections.stream().collect(Collectors.groupingBy(HiveColumnHandle::getBaseColumnName, mapping(OrcPageSourceFactory::getDereferencesAsList, toList())));
        } else {
            projectionsByColumnIndex = projections.stream().collect(Collectors.groupingBy(HiveColumnHandle::getBaseHiveColumnIndex, mapping(OrcPageSourceFactory::getDereferencesAsList, toList())));
        }
        TupleDomainOrcPredicateBuilder predicateBuilder = TupleDomainOrcPredicate.builder().setBloomFiltersEnabled(options.isBloomFiltersEnabled()).setDomainCompactionThreshold(domainCompactionThreshold);
        Map<HiveColumnHandle, Domain> effectivePredicateDomains = effectivePredicate.getDomains().orElseThrow(() -> new IllegalArgumentException("Effective predicate is none"));
        List<ColumnAdaptation> columnAdaptations = new ArrayList<>(columns.size());
        for (HiveColumnHandle column : columns) {
            OrcColumn orcColumn = null;
            OrcReader.ProjectedLayout projectedLayout = null;
            Map<Optional<HiveColumnProjectionInfo>, Domain> columnDomains = null;
            if (useOrcColumnNames || isFullAcid) {
                String columnName = column.getName().toLowerCase(ENGLISH);
                orcColumn = fileColumnsByName.get(columnName);
                if (orcColumn != null) {
                    projectedLayout = createProjectedLayout(orcColumn, projectionsByColumnName.get(columnName));
                    columnDomains = effectivePredicateDomains.entrySet().stream().filter(columnDomain -> columnDomain.getKey().getBaseColumnName().toLowerCase(ENGLISH).equals(columnName)).collect(toImmutableMap(columnDomain -> columnDomain.getKey().getHiveColumnProjectionInfo(), Map.Entry::getValue));
                }
            } else if (column.getBaseHiveColumnIndex() < fileColumns.size()) {
                orcColumn = fileColumns.get(column.getBaseHiveColumnIndex());
                if (orcColumn != null) {
                    projectedLayout = createProjectedLayout(orcColumn, projectionsByColumnIndex.get(column.getBaseHiveColumnIndex()));
                    columnDomains = effectivePredicateDomains.entrySet().stream().filter(columnDomain -> columnDomain.getKey().getBaseHiveColumnIndex() == column.getBaseHiveColumnIndex()).collect(toImmutableMap(columnDomain -> columnDomain.getKey().getHiveColumnProjectionInfo(), Map.Entry::getValue));
                }
            }
            Type readType = column.getType();
            if (orcColumn != null) {
                int sourceIndex = fileReadColumns.size();
                columnAdaptations.add(ColumnAdaptation.sourceColumn(sourceIndex));
                fileReadColumns.add(orcColumn);
                fileReadTypes.add(readType);
                fileReadLayouts.add(projectedLayout);
                // Add predicates on top-level and nested columns
                for (Map.Entry<Optional<HiveColumnProjectionInfo>, Domain> columnDomain : columnDomains.entrySet()) {
                    OrcColumn nestedColumn = getNestedColumn(orcColumn, columnDomain.getKey());
                    if (nestedColumn != null) {
                        predicateBuilder.addColumn(nestedColumn.getColumnId(), columnDomain.getValue());
                    }
                }
            } else {
                columnAdaptations.add(ColumnAdaptation.nullColumn(readType));
            }
        }
        OrcRecordReader recordReader = reader.createRecordReader(fileReadColumns, fileReadTypes, fileReadLayouts, predicateBuilder.build(), start, length, legacyFileTimeZone, memoryUsage, INITIAL_BATCH_SIZE, exception -> handleException(orcDataSource.getId(), exception), NameBasedFieldMapper::create);
        Optional<OrcDeletedRows> deletedRows = acidInfo.map(info -> new OrcDeletedRows(path.getName(), new OrcDeleteDeltaPageSourceFactory(options, identity, configuration, hdfsEnvironment, stats), identity, configuration, hdfsEnvironment, info, bucketNumber, memoryUsage));
        Optional<Long> originalFileRowId = acidInfo.filter(OrcPageSourceFactory::hasOriginalFiles).map(info -> OriginalFilesUtils.getPrecedingRowCount(acidInfo.get().getOriginalFiles(), path, hdfsEnvironment, identity, options, configuration, stats));
        if (transaction.isDelete()) {
            if (originalFile) {
                int bucket = bucketNumber.orElse(0);
                long startingRowId = originalFileRowId.orElse(0L);
                columnAdaptations.add(ColumnAdaptation.originalFileRowIdColumn(startingRowId, bucket));
            } else {
                columnAdaptations.add(ColumnAdaptation.rowIdColumn());
            }
        } else if (transaction.isUpdate()) {
            HiveUpdateProcessor updateProcessor = transaction.getUpdateProcessor().orElseThrow(() -> new IllegalArgumentException("updateProcessor not present"));
            List<HiveColumnHandle> dependencyColumns = projections.stream().filter(HiveColumnHandle::isBaseColumn).collect(toImmutableList());
            if (originalFile) {
                int bucket = bucketNumber.orElse(0);
                long startingRowId = originalFileRowId.orElse(0L);
                columnAdaptations.add(updatedRowColumnsWithOriginalFiles(startingRowId, bucket, updateProcessor, dependencyColumns));
            } else {
                columnAdaptations.add(updatedRowColumns(updateProcessor, dependencyColumns));
            }
        }
        return new OrcPageSource(recordReader, columnAdaptations, orcDataSource, deletedRows, originalFileRowId, memoryUsage, stats);
    } catch (Exception e) {
        try {
            orcDataSource.close();
        } catch (IOException ignored) {
        }
        if (e instanceof TrinoException) {
            throw (TrinoException) e;
        }
        String message = splitError(e, path, start, length);
        if (e instanceof BlockMissingException) {
            throw new TrinoException(HIVE_MISSING_DATA, message, e);
        }
        throw new TrinoException(HIVE_CANNOT_OPEN_SPLIT, message, e);
    }
}
Also used : DateTimeZone(org.joda.time.DateTimeZone) HiveUpdateProcessor(io.trino.plugin.hive.HiveUpdateProcessor) FileSystem(org.apache.hadoop.fs.FileSystem) HIVE_CANNOT_OPEN_SPLIT(io.trino.plugin.hive.HiveErrorCode.HIVE_CANNOT_OPEN_SPLIT) OrcTypeKind(io.trino.orc.metadata.OrcType.OrcTypeKind) Maps.uniqueIndex(com.google.common.collect.Maps.uniqueIndex) ColumnAdaptation(io.trino.plugin.hive.orc.OrcPageSource.ColumnAdaptation) BlockMissingException(org.apache.hadoop.hdfs.BlockMissingException) NOT_SUPPORTED(io.trino.spi.StandardErrorCode.NOT_SUPPORTED) HiveSessionProperties.getOrcLazyReadSmallRanges(io.trino.plugin.hive.HiveSessionProperties.getOrcLazyReadSmallRanges) Configuration(org.apache.hadoop.conf.Configuration) Map(java.util.Map) ConnectorPageSource(io.trino.spi.connector.ConnectorPageSource) ENGLISH(java.util.Locale.ENGLISH) FSDataInputStream(org.apache.hadoop.fs.FSDataInputStream) AcidTransaction(io.trino.plugin.hive.acid.AcidTransaction) HiveSessionProperties.getOrcTinyStripeThreshold(io.trino.plugin.hive.HiveSessionProperties.getOrcTinyStripeThreshold) FileFormatDataSourceStats(io.trino.plugin.hive.FileFormatDataSourceStats) HdfsEnvironment(io.trino.plugin.hive.HdfsEnvironment) ConnectorIdentity(io.trino.spi.security.ConnectorIdentity) Domain(io.trino.spi.predicate.Domain) ImmutableList.toImmutableList(com.google.common.collect.ImmutableList.toImmutableList) ReaderColumns(io.trino.plugin.hive.ReaderColumns) ReaderPageSource(io.trino.plugin.hive.ReaderPageSource) ImmutableMap.toImmutableMap(com.google.common.collect.ImmutableMap.toImmutableMap) Slice(io.airlift.slice.Slice) STRUCT(io.trino.orc.metadata.OrcType.OrcTypeKind.STRUCT) ColumnAdaptation.updatedRowColumns(io.trino.plugin.hive.orc.OrcPageSource.ColumnAdaptation.updatedRowColumns) ArrayList(java.util.ArrayList) Collectors.toUnmodifiableList(java.util.stream.Collectors.toUnmodifiableList) TupleDomainOrcPredicateBuilder(io.trino.orc.TupleDomainOrcPredicate.TupleDomainOrcPredicateBuilder) LONG(io.trino.orc.metadata.OrcType.OrcTypeKind.LONG) AggregatedMemoryContext(io.trino.memory.context.AggregatedMemoryContext) INT(io.trino.orc.metadata.OrcType.OrcTypeKind.INT) HIVE_BAD_DATA(io.trino.plugin.hive.HiveErrorCode.HIVE_BAD_DATA) Properties(java.util.Properties) IOException(java.io.IOException) ConnectorSession(io.trino.spi.connector.ConnectorSession) NameBasedFieldMapper(io.trino.orc.NameBasedFieldMapper) HivePageSourceProvider.projectBaseColumns(io.trino.plugin.hive.HivePageSourceProvider.projectBaseColumns) HiveSessionProperties.isOrcNestedLazy(io.trino.plugin.hive.HiveSessionProperties.isOrcNestedLazy) OrcColumn(io.trino.orc.OrcColumn) HIVE_MISSING_DATA(io.trino.plugin.hive.HiveErrorCode.HIVE_MISSING_DATA) OrcSerde(org.apache.hadoop.hive.ql.io.orc.OrcSerde) Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument) OrcRecordReader(io.trino.orc.OrcRecordReader) Path(org.apache.hadoop.fs.Path) OrcDataSource(io.trino.orc.OrcDataSource) HiveColumnHandle(io.trino.plugin.hive.HiveColumnHandle) INTEGER(io.trino.spi.type.IntegerType.INTEGER) ImmutableMap(com.google.common.collect.ImmutableMap) AcidUtils.isFullAcidTable(org.apache.hadoop.hive.ql.io.AcidUtils.isFullAcidTable) INITIAL_BATCH_SIZE(io.trino.orc.OrcReader.INITIAL_BATCH_SIZE) OrcPageSource.handleException(io.trino.plugin.hive.orc.OrcPageSource.handleException) TrinoException(io.trino.spi.TrinoException) Collectors(java.util.stream.Collectors) FileNotFoundException(java.io.FileNotFoundException) String.format(java.lang.String.format) OrcDataSourceId(io.trino.orc.OrcDataSourceId) List(java.util.List) BIGINT(io.trino.spi.type.BigintType.BIGINT) Function.identity(java.util.function.Function.identity) Optional(java.util.Optional) PRESTO_WRITER_ID(io.trino.orc.metadata.OrcMetadataWriter.PRESTO_WRITER_ID) HivePageSourceFactory(io.trino.plugin.hive.HivePageSourceFactory) Pattern(java.util.regex.Pattern) TRINO_WRITER_ID(io.trino.orc.metadata.OrcMetadataWriter.TRINO_WRITER_ID) Strings.nullToEmpty(com.google.common.base.Strings.nullToEmpty) AggregatedMemoryContext.newSimpleAggregatedMemoryContext(io.trino.memory.context.AggregatedMemoryContext.newSimpleAggregatedMemoryContext) HiveUtil.isDeserializerClass(io.trino.plugin.hive.util.HiveUtil.isDeserializerClass) Type(io.trino.spi.type.Type) TupleDomainOrcPredicate(io.trino.orc.TupleDomainOrcPredicate) AcidSchema(io.trino.plugin.hive.acid.AcidSchema) HiveSessionProperties.isUseOrcColumnNames(io.trino.plugin.hive.HiveSessionProperties.isUseOrcColumnNames) OptionalInt(java.util.OptionalInt) Inject(javax.inject.Inject) HiveSessionProperties.getOrcStreamBufferSize(io.trino.plugin.hive.HiveSessionProperties.getOrcStreamBufferSize) ImmutableList(com.google.common.collect.ImmutableList) OrcReaderOptions(io.trino.orc.OrcReaderOptions) Objects.requireNonNull(java.util.Objects.requireNonNull) Collectors.mapping(java.util.stream.Collectors.mapping) HiveSessionProperties.isOrcBloomFiltersEnabled(io.trino.plugin.hive.HiveSessionProperties.isOrcBloomFiltersEnabled) HiveSessionProperties.getOrcMaxReadBlockSize(io.trino.plugin.hive.HiveSessionProperties.getOrcMaxReadBlockSize) OrcReader(io.trino.orc.OrcReader) HiveSessionProperties.getOrcMaxBufferSize(io.trino.plugin.hive.HiveSessionProperties.getOrcMaxBufferSize) NameBasedProjectedLayout.createProjectedLayout(io.trino.orc.OrcReader.NameBasedProjectedLayout.createProjectedLayout) UTF_8(java.nio.charset.StandardCharsets.UTF_8) TupleDomain(io.trino.spi.predicate.TupleDomain) OrcReader.fullyProjectedLayout(io.trino.orc.OrcReader.fullyProjectedLayout) Maps(com.google.common.collect.Maps) HiveSessionProperties.getOrcMaxMergeDistance(io.trino.plugin.hive.HiveSessionProperties.getOrcMaxMergeDistance) ColumnAdaptation.updatedRowColumnsWithOriginalFiles(io.trino.plugin.hive.orc.OrcPageSource.ColumnAdaptation.updatedRowColumnsWithOriginalFiles) AcidInfo(io.trino.plugin.hive.AcidInfo) HiveColumnProjectionInfo(io.trino.plugin.hive.HiveColumnProjectionInfo) Collectors.toList(java.util.stream.Collectors.toList) EmptyPageSource(io.trino.spi.connector.EmptyPageSource) HIVE_FILE_MISSING_COLUMN_NAMES(io.trino.plugin.hive.HiveErrorCode.HIVE_FILE_MISSING_COLUMN_NAMES) HiveConfig(io.trino.plugin.hive.HiveConfig) REGULAR(io.trino.plugin.hive.HiveColumnHandle.ColumnType.REGULAR) FileNotFoundException(java.io.FileNotFoundException) ArrayList(java.util.ArrayList) NameBasedFieldMapper(io.trino.orc.NameBasedFieldMapper) FileSystem(org.apache.hadoop.fs.FileSystem) ImmutableList.toImmutableList(com.google.common.collect.ImmutableList.toImmutableList) ArrayList(java.util.ArrayList) Collectors.toUnmodifiableList(java.util.stream.Collectors.toUnmodifiableList) List(java.util.List) ImmutableList(com.google.common.collect.ImmutableList) Collectors.toList(java.util.stream.Collectors.toList) Optional(java.util.Optional) OrcColumn(io.trino.orc.OrcColumn) OrcReader(io.trino.orc.OrcReader) FSDataInputStream(org.apache.hadoop.fs.FSDataInputStream) Domain(io.trino.spi.predicate.Domain) TupleDomain(io.trino.spi.predicate.TupleDomain) Map(java.util.Map) ImmutableMap.toImmutableMap(com.google.common.collect.ImmutableMap.toImmutableMap) ImmutableMap(com.google.common.collect.ImmutableMap) ColumnAdaptation(io.trino.plugin.hive.orc.OrcPageSource.ColumnAdaptation) EmptyPageSource(io.trino.spi.connector.EmptyPageSource) BlockMissingException(org.apache.hadoop.hdfs.BlockMissingException) HiveColumnHandle(io.trino.plugin.hive.HiveColumnHandle) HiveUpdateProcessor(io.trino.plugin.hive.HiveUpdateProcessor) OrcDataSource(io.trino.orc.OrcDataSource) OrcDataSourceId(io.trino.orc.OrcDataSourceId) IOException(java.io.IOException) OrcRecordReader(io.trino.orc.OrcRecordReader) AggregatedMemoryContext(io.trino.memory.context.AggregatedMemoryContext) AggregatedMemoryContext.newSimpleAggregatedMemoryContext(io.trino.memory.context.AggregatedMemoryContext.newSimpleAggregatedMemoryContext) BlockMissingException(org.apache.hadoop.hdfs.BlockMissingException) IOException(java.io.IOException) OrcPageSource.handleException(io.trino.plugin.hive.orc.OrcPageSource.handleException) TrinoException(io.trino.spi.TrinoException) FileNotFoundException(java.io.FileNotFoundException) Type(io.trino.spi.type.Type) TupleDomainOrcPredicateBuilder(io.trino.orc.TupleDomainOrcPredicate.TupleDomainOrcPredicateBuilder) TrinoException(io.trino.spi.TrinoException) NameBasedProjectedLayout.createProjectedLayout(io.trino.orc.OrcReader.NameBasedProjectedLayout.createProjectedLayout) OrcReader.fullyProjectedLayout(io.trino.orc.OrcReader.fullyProjectedLayout)

Example 2 with ConnectorIdentity

use of io.trino.spi.security.ConnectorIdentity in project trino by trinodb.

the class ParquetPageSourceFactory method createPageSource.

/**
 * This method is available for other callers to use directly.
 */
public static ReaderPageSource createPageSource(Path path, long start, long length, long estimatedFileSize, List<HiveColumnHandle> columns, TupleDomain<HiveColumnHandle> effectivePredicate, boolean useColumnNames, HdfsEnvironment hdfsEnvironment, Configuration configuration, ConnectorIdentity identity, DateTimeZone timeZone, FileFormatDataSourceStats stats, ParquetReaderOptions options) {
    // Ignore predicates on partial columns for now.
    effectivePredicate = effectivePredicate.filter((column, domain) -> column.isBaseColumn());
    MessageType fileSchema;
    MessageType requestedSchema;
    MessageColumnIO messageColumn;
    ParquetReader parquetReader;
    ParquetDataSource dataSource = null;
    try {
        FileSystem fileSystem = hdfsEnvironment.getFileSystem(identity, path, configuration);
        FSDataInputStream inputStream = hdfsEnvironment.doAs(identity, () -> fileSystem.open(path));
        dataSource = new HdfsParquetDataSource(new ParquetDataSourceId(path.toString()), estimatedFileSize, inputStream, stats, options);
        ParquetMetadata parquetMetadata = MetadataReader.readFooter(dataSource);
        FileMetaData fileMetaData = parquetMetadata.getFileMetaData();
        fileSchema = fileMetaData.getSchema();
        Optional<MessageType> message = projectSufficientColumns(columns).map(projection -> projection.get().stream().map(HiveColumnHandle.class::cast).collect(toUnmodifiableList())).orElse(columns).stream().filter(column -> column.getColumnType() == REGULAR).map(column -> getColumnType(column, fileSchema, useColumnNames)).filter(Optional::isPresent).map(Optional::get).map(type -> new MessageType(fileSchema.getName(), type)).reduce(MessageType::union);
        requestedSchema = message.orElse(new MessageType(fileSchema.getName(), ImmutableList.of()));
        messageColumn = getColumnIO(fileSchema, requestedSchema);
        Map<List<String>, RichColumnDescriptor> descriptorsByPath = getDescriptors(fileSchema, requestedSchema);
        TupleDomain<ColumnDescriptor> parquetTupleDomain = options.isIgnoreStatistics() ? TupleDomain.all() : getParquetTupleDomain(descriptorsByPath, effectivePredicate, fileSchema, useColumnNames);
        Predicate parquetPredicate = buildPredicate(requestedSchema, parquetTupleDomain, descriptorsByPath, timeZone);
        long nextStart = 0;
        ImmutableList.Builder<BlockMetaData> blocks = ImmutableList.builder();
        ImmutableList.Builder<Long> blockStarts = ImmutableList.builder();
        ImmutableList.Builder<Optional<ColumnIndexStore>> columnIndexes = ImmutableList.builder();
        for (BlockMetaData block : parquetMetadata.getBlocks()) {
            long firstDataPage = block.getColumns().get(0).getFirstDataPageOffset();
            Optional<ColumnIndexStore> columnIndex = getColumnIndexStore(dataSource, block, descriptorsByPath, parquetTupleDomain, options);
            if (start <= firstDataPage && firstDataPage < start + length && predicateMatches(parquetPredicate, block, dataSource, descriptorsByPath, parquetTupleDomain, columnIndex)) {
                blocks.add(block);
                blockStarts.add(nextStart);
                columnIndexes.add(columnIndex);
            }
            nextStart += block.getRowCount();
        }
        parquetReader = new ParquetReader(Optional.ofNullable(fileMetaData.getCreatedBy()), messageColumn, blocks.build(), Optional.of(blockStarts.build()), dataSource, timeZone, newSimpleAggregatedMemoryContext(), options, parquetPredicate, columnIndexes.build());
    } catch (Exception e) {
        try {
            if (dataSource != null) {
                dataSource.close();
            }
        } catch (IOException ignored) {
        }
        if (e instanceof TrinoException) {
            throw (TrinoException) e;
        }
        if (e instanceof ParquetCorruptionException) {
            throw new TrinoException(HIVE_BAD_DATA, e);
        }
        if (nullToEmpty(e.getMessage()).trim().equals("Filesystem closed") || e instanceof FileNotFoundException) {
            throw new TrinoException(HIVE_CANNOT_OPEN_SPLIT, e);
        }
        String message = format("Error opening Hive split %s (offset=%s, length=%s): %s", path, start, length, e.getMessage());
        if (e instanceof BlockMissingException) {
            throw new TrinoException(HIVE_MISSING_DATA, message, e);
        }
        throw new TrinoException(HIVE_CANNOT_OPEN_SPLIT, message, e);
    }
    Optional<ReaderColumns> readerProjections = projectBaseColumns(columns);
    List<HiveColumnHandle> baseColumns = readerProjections.map(projection -> projection.get().stream().map(HiveColumnHandle.class::cast).collect(toUnmodifiableList())).orElse(columns);
    for (HiveColumnHandle column : baseColumns) {
        checkArgument(column == PARQUET_ROW_INDEX_COLUMN || column.getColumnType() == REGULAR, "column type must be REGULAR: %s", column);
    }
    ImmutableList.Builder<Type> trinoTypes = ImmutableList.builder();
    ImmutableList.Builder<Optional<Field>> internalFields = ImmutableList.builder();
    ImmutableList.Builder<Boolean> rowIndexColumns = ImmutableList.builder();
    for (HiveColumnHandle column : baseColumns) {
        trinoTypes.add(column.getBaseType());
        rowIndexColumns.add(column == PARQUET_ROW_INDEX_COLUMN);
        if (column == PARQUET_ROW_INDEX_COLUMN) {
            internalFields.add(Optional.empty());
        } else {
            internalFields.add(Optional.ofNullable(getParquetType(column, fileSchema, useColumnNames)).flatMap(field -> {
                String columnName = useColumnNames ? column.getBaseColumnName() : fileSchema.getFields().get(column.getBaseHiveColumnIndex()).getName();
                return constructField(column.getBaseType(), lookupColumnByName(messageColumn, columnName));
            }));
        }
    }
    ConnectorPageSource parquetPageSource = new ParquetPageSource(parquetReader, trinoTypes.build(), rowIndexColumns.build(), internalFields.build());
    return new ReaderPageSource(parquetPageSource, readerProjections);
}
Also used : DateTimeZone(org.joda.time.DateTimeZone) HIVE_MISSING_DATA(io.trino.plugin.hive.HiveErrorCode.HIVE_MISSING_DATA) FileSystem(org.apache.hadoop.fs.FileSystem) HIVE_CANNOT_OPEN_SPLIT(io.trino.plugin.hive.HiveErrorCode.HIVE_CANNOT_OPEN_SPLIT) MetadataReader(io.trino.parquet.reader.MetadataReader) HiveSessionProperties.isParquetUseColumnIndex(io.trino.plugin.hive.HiveSessionProperties.isParquetUseColumnIndex) BlockMissingException(org.apache.hadoop.hdfs.BlockMissingException) ParquetDataSourceId(io.trino.parquet.ParquetDataSourceId) HiveSessionProperties.isUseParquetColumnNames(io.trino.plugin.hive.HiveSessionProperties.isUseParquetColumnNames) Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument) HiveParquetColumnIOConverter.constructField(io.trino.plugin.hive.parquet.HiveParquetColumnIOConverter.constructField) Configuration(org.apache.hadoop.conf.Configuration) Map(java.util.Map) Path(org.apache.hadoop.fs.Path) HiveUtil.getDeserializerClassName(io.trino.plugin.hive.util.HiveUtil.getDeserializerClassName) ConnectorPageSource(io.trino.spi.connector.ConnectorPageSource) HiveColumnHandle(io.trino.plugin.hive.HiveColumnHandle) FSDataInputStream(org.apache.hadoop.fs.FSDataInputStream) AcidTransaction(io.trino.plugin.hive.acid.AcidTransaction) ImmutableSet(com.google.common.collect.ImmutableSet) FileFormatDataSourceStats(io.trino.plugin.hive.FileFormatDataSourceStats) HdfsEnvironment(io.trino.plugin.hive.HdfsEnvironment) ConnectorIdentity(io.trino.spi.security.ConnectorIdentity) GroupType(org.apache.parquet.schema.GroupType) ImmutableMap(com.google.common.collect.ImmutableMap) Domain(io.trino.spi.predicate.Domain) ParquetReader(io.trino.parquet.reader.ParquetReader) ReaderColumns(io.trino.plugin.hive.ReaderColumns) Set(java.util.Set) TrinoException(io.trino.spi.TrinoException) ParquetTypeUtils.getColumnIO(io.trino.parquet.ParquetTypeUtils.getColumnIO) ColumnIndexStore(org.apache.parquet.internal.filter2.columnindex.ColumnIndexStore) ColumnChunkMetaData(org.apache.parquet.hadoop.metadata.ColumnChunkMetaData) FileNotFoundException(java.io.FileNotFoundException) String.format(java.lang.String.format) ReaderPageSource(io.trino.plugin.hive.ReaderPageSource) MessageType(org.apache.parquet.schema.MessageType) List(java.util.List) HiveSessionProperties.getParquetMaxReadBlockSize(io.trino.plugin.hive.HiveSessionProperties.getParquetMaxReadBlockSize) BIGINT(io.trino.spi.type.BigintType.BIGINT) ColumnDescriptor(org.apache.parquet.column.ColumnDescriptor) BlockMetaData(org.apache.parquet.hadoop.metadata.BlockMetaData) Entry(java.util.Map.Entry) Optional(java.util.Optional) HivePageSourceFactory(io.trino.plugin.hive.HivePageSourceFactory) ParquetCorruptionException(io.trino.parquet.ParquetCorruptionException) MessageColumnIO(org.apache.parquet.io.MessageColumnIO) ColumnPath(org.apache.parquet.hadoop.metadata.ColumnPath) Strings.nullToEmpty(com.google.common.base.Strings.nullToEmpty) AggregatedMemoryContext.newSimpleAggregatedMemoryContext(io.trino.memory.context.AggregatedMemoryContext.newSimpleAggregatedMemoryContext) Type(io.trino.spi.type.Type) OptionalInt(java.util.OptionalInt) HiveSessionProperties.isParquetIgnoreStatistics(io.trino.plugin.hive.HiveSessionProperties.isParquetIgnoreStatistics) Collectors.toUnmodifiableList(java.util.stream.Collectors.toUnmodifiableList) Inject(javax.inject.Inject) HashSet(java.util.HashSet) HiveType(io.trino.plugin.hive.HiveType) ParquetTypeUtils.lookupColumnByName(io.trino.parquet.ParquetTypeUtils.lookupColumnByName) ImmutableList(com.google.common.collect.ImmutableList) Objects.requireNonNull(java.util.Objects.requireNonNull) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) RichColumnDescriptor(io.trino.parquet.RichColumnDescriptor) ParquetTypeUtils.getParquetTypeByName(io.trino.parquet.ParquetTypeUtils.getParquetTypeByName) ParquetReaderOptions(io.trino.parquet.ParquetReaderOptions) Predicate(io.trino.parquet.predicate.Predicate) HIVE_BAD_DATA(io.trino.plugin.hive.HiveErrorCode.HIVE_BAD_DATA) HivePageSourceProvider.projectSufficientColumns(io.trino.plugin.hive.HivePageSourceProvider.projectSufficientColumns) Properties(java.util.Properties) TrinoColumnIndexStore(io.trino.parquet.reader.TrinoColumnIndexStore) PredicateUtils.predicateMatches(io.trino.parquet.predicate.PredicateUtils.predicateMatches) IOException(java.io.IOException) ConnectorSession(io.trino.spi.connector.ConnectorSession) TupleDomain(io.trino.spi.predicate.TupleDomain) PRIMITIVE(org.apache.hadoop.hive.serde2.objectinspector.ObjectInspector.Category.PRIMITIVE) AcidInfo(io.trino.plugin.hive.AcidInfo) ParquetTypeUtils.getDescriptors(io.trino.parquet.ParquetTypeUtils.getDescriptors) HivePageSourceProvider.projectBaseColumns(io.trino.plugin.hive.HivePageSourceProvider.projectBaseColumns) Field(io.trino.parquet.Field) ParquetDataSource(io.trino.parquet.ParquetDataSource) FileMetaData(org.apache.parquet.hadoop.metadata.FileMetaData) ParquetMetadata(org.apache.parquet.hadoop.metadata.ParquetMetadata) PredicateUtils.buildPredicate(io.trino.parquet.predicate.PredicateUtils.buildPredicate) HiveConfig(io.trino.plugin.hive.HiveConfig) REGULAR(io.trino.plugin.hive.HiveColumnHandle.ColumnType.REGULAR) BlockMetaData(org.apache.parquet.hadoop.metadata.BlockMetaData) ParquetMetadata(org.apache.parquet.hadoop.metadata.ParquetMetadata) RichColumnDescriptor(io.trino.parquet.RichColumnDescriptor) ImmutableList(com.google.common.collect.ImmutableList) FileNotFoundException(java.io.FileNotFoundException) ConnectorPageSource(io.trino.spi.connector.ConnectorPageSource) MessageColumnIO(org.apache.parquet.io.MessageColumnIO) Predicate(io.trino.parquet.predicate.Predicate) PredicateUtils.buildPredicate(io.trino.parquet.predicate.PredicateUtils.buildPredicate) ParquetCorruptionException(io.trino.parquet.ParquetCorruptionException) FileSystem(org.apache.hadoop.fs.FileSystem) ColumnIndexStore(org.apache.parquet.internal.filter2.columnindex.ColumnIndexStore) TrinoColumnIndexStore(io.trino.parquet.reader.TrinoColumnIndexStore) List(java.util.List) Collectors.toUnmodifiableList(java.util.stream.Collectors.toUnmodifiableList) ImmutableList(com.google.common.collect.ImmutableList) BlockMissingException(org.apache.hadoop.hdfs.BlockMissingException) MessageType(org.apache.parquet.schema.MessageType) FileMetaData(org.apache.parquet.hadoop.metadata.FileMetaData) HiveColumnHandle(io.trino.plugin.hive.HiveColumnHandle) ParquetDataSource(io.trino.parquet.ParquetDataSource) Optional(java.util.Optional) ParquetDataSourceId(io.trino.parquet.ParquetDataSourceId) ColumnDescriptor(org.apache.parquet.column.ColumnDescriptor) RichColumnDescriptor(io.trino.parquet.RichColumnDescriptor) ParquetReader(io.trino.parquet.reader.ParquetReader) IOException(java.io.IOException) BlockMissingException(org.apache.hadoop.hdfs.BlockMissingException) TrinoException(io.trino.spi.TrinoException) FileNotFoundException(java.io.FileNotFoundException) ParquetCorruptionException(io.trino.parquet.ParquetCorruptionException) IOException(java.io.IOException) GroupType(org.apache.parquet.schema.GroupType) MessageType(org.apache.parquet.schema.MessageType) Type(io.trino.spi.type.Type) HiveType(io.trino.plugin.hive.HiveType) FSDataInputStream(org.apache.hadoop.fs.FSDataInputStream) TrinoException(io.trino.spi.TrinoException) ReaderPageSource(io.trino.plugin.hive.ReaderPageSource) ReaderColumns(io.trino.plugin.hive.ReaderColumns)

Example 3 with ConnectorIdentity

use of io.trino.spi.security.ConnectorIdentity in project trino by trinodb.

the class SqlStandardAccessControl method isDatabaseOwner.

private boolean isDatabaseOwner(ConnectorSecurityContext context, String databaseName) {
    // all users are "owners" of the default database
    if (DEFAULT_DATABASE_NAME.equalsIgnoreCase(databaseName)) {
        return true;
    }
    if (isAdmin(context)) {
        return true;
    }
    Optional<Database> databaseMetadata = metastore.getDatabase(context, databaseName);
    if (databaseMetadata.isEmpty()) {
        return false;
    }
    Database database = databaseMetadata.get();
    // a database can be owned by a user or role
    ConnectorIdentity identity = context.getIdentity();
    if (database.getOwnerName().isPresent()) {
        if (database.getOwnerType().orElse(null) == USER && identity.getUser().equals(database.getOwnerName().get())) {
            return true;
        }
        if (database.getOwnerType().orElse(null) == ROLE && isRoleEnabled(identity, hivePrincipal -> metastore.listRoleGrants(context, hivePrincipal), database.getOwnerName().get())) {
            return true;
        }
    }
    return false;
}
Also used : AccessDeniedException.denyAddColumn(io.trino.spi.security.AccessDeniedException.denyAddColumn) DEFAULT_DATABASE_NAME(io.trino.plugin.hive.metastore.Database.DEFAULT_DATABASE_NAME) SchemaRoutineName(io.trino.spi.connector.SchemaRoutineName) AccessDeniedException.denySetCatalogSessionProperty(io.trino.spi.security.AccessDeniedException.denySetCatalogSessionProperty) AccessDeniedException.denyDropTable(io.trino.spi.security.AccessDeniedException.denyDropTable) AccessDeniedException.denySetTableProperties(io.trino.spi.security.AccessDeniedException.denySetTableProperties) USER(io.trino.spi.security.PrincipalType.USER) AccessDeniedException.denySetMaterializedViewProperties(io.trino.spi.security.AccessDeniedException.denySetMaterializedViewProperties) Database(io.trino.plugin.hive.metastore.Database) AccessDeniedException.denyInsertTable(io.trino.spi.security.AccessDeniedException.denyInsertTable) ThriftMetastoreUtil.listEnabledPrincipals(io.trino.plugin.hive.metastore.thrift.ThriftMetastoreUtil.listEnabledPrincipals) AccessDeniedException.denyExecuteTableProcedure(io.trino.spi.security.AccessDeniedException.denyExecuteTableProcedure) AccessDeniedException.denyShowCreateTable(io.trino.spi.security.AccessDeniedException.denyShowCreateTable) AccessDeniedException.denyRevokeTablePrivilege(io.trino.spi.security.AccessDeniedException.denyRevokeTablePrivilege) NOT_SUPPORTED(io.trino.spi.StandardErrorCode.NOT_SUPPORTED) AccessDeniedException.denyUpdateTableColumns(io.trino.spi.security.AccessDeniedException.denyUpdateTableColumns) Map(java.util.Map) AccessDeniedException.denyCreateSchema(io.trino.spi.security.AccessDeniedException.denyCreateSchema) AccessDeniedException.denyCreateMaterializedView(io.trino.spi.security.AccessDeniedException.denyCreateMaterializedView) AccessDeniedException.denyCreateTable(io.trino.spi.security.AccessDeniedException.denyCreateTable) AccessDeniedException.denyDeleteTable(io.trino.spi.security.AccessDeniedException.denyDeleteTable) AccessDeniedException.denyDropView(io.trino.spi.security.AccessDeniedException.denyDropView) AccessDeniedException.denyRenameSchema(io.trino.spi.security.AccessDeniedException.denyRenameSchema) AccessDeniedException.denyShowRoles(io.trino.spi.security.AccessDeniedException.denyShowRoles) Collectors.toSet(java.util.stream.Collectors.toSet) AccessDeniedException.denyShowColumns(io.trino.spi.security.AccessDeniedException.denyShowColumns) UPDATE(io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.UPDATE) INSERT(io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.INSERT) AccessDeniedException.denyRenameMaterializedView(io.trino.spi.security.AccessDeniedException.denyRenameMaterializedView) ImmutableSet(com.google.common.collect.ImmutableSet) ConnectorIdentity(io.trino.spi.security.ConnectorIdentity) AccessDeniedException.denySetTableAuthorization(io.trino.spi.security.AccessDeniedException.denySetTableAuthorization) AccessDeniedException.denyDropSchema(io.trino.spi.security.AccessDeniedException.denyDropSchema) AccessDeniedException.denyTruncateTable(io.trino.spi.security.AccessDeniedException.denyTruncateTable) ViewExpression(io.trino.spi.security.ViewExpression) ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) Set(java.util.Set) TrinoException(io.trino.spi.TrinoException) SchemaTableName(io.trino.spi.connector.SchemaTableName) AccessDeniedException.denySetRole(io.trino.spi.security.AccessDeniedException.denySetRole) AccessDeniedException.denyShowCreateSchema(io.trino.spi.security.AccessDeniedException.denyShowCreateSchema) Stream(java.util.stream.Stream) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) OWNERSHIP(io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.OWNERSHIP) AccessDeniedException.denyRefreshMaterializedView(io.trino.spi.security.AccessDeniedException.denyRefreshMaterializedView) AccessDeniedException.denyCreateRole(io.trino.spi.security.AccessDeniedException.denyCreateRole) Optional(java.util.Optional) HivePrivilegeInfo(io.trino.plugin.hive.metastore.HivePrivilegeInfo) HivePrincipal(io.trino.plugin.hive.metastore.HivePrincipal) AccessDeniedException(io.trino.spi.security.AccessDeniedException) HivePrivilegeInfo.toHivePrivilege(io.trino.plugin.hive.metastore.HivePrivilegeInfo.toHivePrivilege) AccessDeniedException.denyDropColumn(io.trino.spi.security.AccessDeniedException.denyDropColumn) Type(io.trino.spi.type.Type) ThriftMetastoreUtil.isRoleApplicable(io.trino.plugin.hive.metastore.thrift.ThriftMetastoreUtil.isRoleApplicable) AccessDeniedException.denyDropRole(io.trino.spi.security.AccessDeniedException.denyDropRole) AccessDeniedException.denySetViewAuthorization(io.trino.spi.security.AccessDeniedException.denySetViewAuthorization) Inject(javax.inject.Inject) AccessDeniedException.denyCommentColumn(io.trino.spi.security.AccessDeniedException.denyCommentColumn) AccessDeniedException.denySetSchemaAuthorization(io.trino.spi.security.AccessDeniedException.denySetSchemaAuthorization) AccessDeniedException.denyCreateViewWithSelect(io.trino.spi.security.AccessDeniedException.denyCreateViewWithSelect) AccessDeniedException.denyDropMaterializedView(io.trino.spi.security.AccessDeniedException.denyDropMaterializedView) Objects.requireNonNull(java.util.Objects.requireNonNull) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) AccessDeniedException.denyRevokeRoles(io.trino.spi.security.AccessDeniedException.denyRevokeRoles) Privilege(io.trino.spi.security.Privilege) AccessDeniedException.denyRenameTable(io.trino.spi.security.AccessDeniedException.denyRenameTable) AccessDeniedException.denyShowRoleAuthorizationDescriptors(io.trino.spi.security.AccessDeniedException.denyShowRoleAuthorizationDescriptors) ConnectorSecurityContext(io.trino.spi.connector.ConnectorSecurityContext) AccessDeniedException.denySelectTable(io.trino.spi.security.AccessDeniedException.denySelectTable) AccessDeniedException.denyCreateView(io.trino.spi.security.AccessDeniedException.denyCreateView) DELETE(io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.DELETE) AccessDeniedException.denyCommentTable(io.trino.spi.security.AccessDeniedException.denyCommentTable) CatalogName(io.trino.plugin.base.CatalogName) ROLE(io.trino.spi.security.PrincipalType.ROLE) RoleGrant(io.trino.spi.security.RoleGrant) SELECT(io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.SELECT) AccessDeniedException.denyRenameColumn(io.trino.spi.security.AccessDeniedException.denyRenameColumn) AccessDeniedException.denyGrantRoles(io.trino.spi.security.AccessDeniedException.denyGrantRoles) ThriftMetastoreUtil.listApplicableRoles(io.trino.plugin.hive.metastore.thrift.ThriftMetastoreUtil.listApplicableRoles) ThriftMetastoreUtil.isRoleEnabled(io.trino.plugin.hive.metastore.thrift.ThriftMetastoreUtil.isRoleEnabled) AccessDeniedException.denyRenameView(io.trino.spi.security.AccessDeniedException.denyRenameView) AccessDeniedException.denyGrantTablePrivilege(io.trino.spi.security.AccessDeniedException.denyGrantTablePrivilege) HivePrivilege(io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege) Database(io.trino.plugin.hive.metastore.Database) ConnectorIdentity(io.trino.spi.security.ConnectorIdentity)

Example 4 with ConnectorIdentity

use of io.trino.spi.security.ConnectorIdentity in project trino by trinodb.

the class FileBasedAccessControl method checkCanSelectFromColumns.

@Override
public void checkCanSelectFromColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set<String> columnNames) {
    if (INFORMATION_SCHEMA_NAME.equals(tableName.getSchemaName())) {
        return;
    }
    ConnectorIdentity identity = context.getIdentity();
    boolean allowed = tableRules.stream().filter(rule -> rule.matches(identity.getUser(), identity.getEnabledSystemRoles(), identity.getGroups(), tableName)).map(rule -> rule.canSelectColumns(columnNames)).findFirst().orElse(false);
    if (!allowed) {
        denySelectTable(tableName.toString());
    }
}
Also used : AccessDeniedException.denyAddColumn(io.trino.spi.security.AccessDeniedException.denyAddColumn) SchemaRoutineName(io.trino.spi.connector.SchemaRoutineName) AccessDeniedException.denySetCatalogSessionProperty(io.trino.spi.security.AccessDeniedException.denySetCatalogSessionProperty) AccessDeniedException.denyDropTable(io.trino.spi.security.AccessDeniedException.denyDropTable) AccessDeniedException.denySetTableProperties(io.trino.spi.security.AccessDeniedException.denySetTableProperties) AccessDeniedException.denyGrantSchemaPrivilege(io.trino.spi.security.AccessDeniedException.denyGrantSchemaPrivilege) AccessDeniedException.denySetMaterializedViewProperties(io.trino.spi.security.AccessDeniedException.denySetMaterializedViewProperties) AccessDeniedException.denyInsertTable(io.trino.spi.security.AccessDeniedException.denyInsertTable) AccessDeniedException.denyShowCreateTable(io.trino.spi.security.AccessDeniedException.denyShowCreateTable) AccessDeniedException.denyRevokeTablePrivilege(io.trino.spi.security.AccessDeniedException.denyRevokeTablePrivilege) INSERT(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.INSERT) Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument) DELETE(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.DELETE) JsonUtils.parseJson(io.trino.plugin.base.util.JsonUtils.parseJson) AccessDeniedException.denyUpdateTableColumns(io.trino.spi.security.AccessDeniedException.denyUpdateTableColumns) Map(java.util.Map) AccessDeniedException.denyCreateSchema(io.trino.spi.security.AccessDeniedException.denyCreateSchema) AccessDeniedException.denyCreateMaterializedView(io.trino.spi.security.AccessDeniedException.denyCreateMaterializedView) AccessDeniedException.denyCreateTable(io.trino.spi.security.AccessDeniedException.denyCreateTable) AccessDeniedException.denyDeleteTable(io.trino.spi.security.AccessDeniedException.denyDeleteTable) AccessDeniedException.denyDropView(io.trino.spi.security.AccessDeniedException.denyDropView) AccessDeniedException.denyRenameSchema(io.trino.spi.security.AccessDeniedException.denyRenameSchema) AccessDeniedException.denyShowColumns(io.trino.spi.security.AccessDeniedException.denyShowColumns) AccessDeniedException.denyRenameMaterializedView(io.trino.spi.security.AccessDeniedException.denyRenameMaterializedView) ImmutableSet(com.google.common.collect.ImmutableSet) ConnectorIdentity(io.trino.spi.security.ConnectorIdentity) AccessDeniedException.denySetTableAuthorization(io.trino.spi.security.AccessDeniedException.denySetTableAuthorization) OWNERSHIP(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.OWNERSHIP) AccessDeniedException.denyDropSchema(io.trino.spi.security.AccessDeniedException.denyDropSchema) Predicate(java.util.function.Predicate) AccessDeniedException.denyTruncateTable(io.trino.spi.security.AccessDeniedException.denyTruncateTable) ViewExpression(io.trino.spi.security.ViewExpression) ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) Set(java.util.Set) SchemaTableName(io.trino.spi.connector.SchemaTableName) AccessDeniedException.denySetRole(io.trino.spi.security.AccessDeniedException.denySetRole) AccessDeniedException.denyShowCreateSchema(io.trino.spi.security.AccessDeniedException.denyShowCreateSchema) TablePrivilege(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege) List(java.util.List) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) AccessDeniedException.denyRefreshMaterializedView(io.trino.spi.security.AccessDeniedException.denyRefreshMaterializedView) AccessDeniedException.denyCreateRole(io.trino.spi.security.AccessDeniedException.denyCreateRole) Optional(java.util.Optional) SELECT(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.SELECT) AccessDeniedException.denyDenySchemaPrivilege(io.trino.spi.security.AccessDeniedException.denyDenySchemaPrivilege) GRANT_SELECT(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.GRANT_SELECT) AccessDeniedException.denyDenyTablePrivilege(io.trino.spi.security.AccessDeniedException.denyDenyTablePrivilege) AccessDeniedException.denyDropColumn(io.trino.spi.security.AccessDeniedException.denyDropColumn) AccessDeniedException.denyRevokeSchemaPrivilege(io.trino.spi.security.AccessDeniedException.denyRevokeSchemaPrivilege) Type(io.trino.spi.type.Type) AccessDeniedException.denyDropRole(io.trino.spi.security.AccessDeniedException.denyDropRole) Function(java.util.function.Function) AccessDeniedException.denySetViewAuthorization(io.trino.spi.security.AccessDeniedException.denySetViewAuthorization) AccessDeniedException.denyCommentColumn(io.trino.spi.security.AccessDeniedException.denyCommentColumn) AccessDeniedException.denySetSchemaAuthorization(io.trino.spi.security.AccessDeniedException.denySetSchemaAuthorization) AccessDeniedException.denyCreateViewWithSelect(io.trino.spi.security.AccessDeniedException.denyCreateViewWithSelect) AccessDeniedException.denyDropMaterializedView(io.trino.spi.security.AccessDeniedException.denyDropMaterializedView) AccessDeniedException.denyShowTables(io.trino.spi.security.AccessDeniedException.denyShowTables) Objects.requireNonNull(java.util.Objects.requireNonNull) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) AccessDeniedException.denyRevokeRoles(io.trino.spi.security.AccessDeniedException.denyRevokeRoles) Privilege(io.trino.spi.security.Privilege) AccessDeniedException.denyRenameTable(io.trino.spi.security.AccessDeniedException.denyRenameTable) ConnectorSecurityContext(io.trino.spi.connector.ConnectorSecurityContext) AccessDeniedException.denySelectTable(io.trino.spi.security.AccessDeniedException.denySelectTable) AccessDeniedException.denyCreateView(io.trino.spi.security.AccessDeniedException.denyCreateView) AccessDeniedException.denyCommentTable(io.trino.spi.security.AccessDeniedException.denyCommentTable) CatalogName(io.trino.plugin.base.CatalogName) File(java.io.File) UPDATE(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.UPDATE) AccessDeniedException.denyRenameColumn(io.trino.spi.security.AccessDeniedException.denyRenameColumn) AccessDeniedException.denyGrantRoles(io.trino.spi.security.AccessDeniedException.denyGrantRoles) AccessDeniedException.denyRenameView(io.trino.spi.security.AccessDeniedException.denyRenameView) AccessDeniedException.denyGrantTablePrivilege(io.trino.spi.security.AccessDeniedException.denyGrantTablePrivilege) ConnectorIdentity(io.trino.spi.security.ConnectorIdentity)

Example 5 with ConnectorIdentity

use of io.trino.spi.security.ConnectorIdentity in project trino by trinodb.

the class FileBasedAccessControl method filterColumns.

@Override
public Set<String> filterColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set<String> columns) {
    if (INFORMATION_SCHEMA_NAME.equals(tableName.getSchemaName())) {
        return columns;
    }
    ConnectorIdentity identity = context.getIdentity();
    TableAccessControlRule rule = tableRules.stream().filter(tableRule -> tableRule.matches(identity.getUser(), identity.getEnabledSystemRoles(), identity.getGroups(), tableName)).findFirst().orElse(null);
    if (rule == null || rule.getPrivileges().isEmpty()) {
        return ImmutableSet.of();
    }
    // if user has privileges other than select, show all columns
    if (rule.getPrivileges().stream().anyMatch(privilege -> SELECT != privilege)) {
        return columns;
    }
    Set<String> restrictedColumns = rule.getRestrictedColumns();
    return columns.stream().filter(column -> !restrictedColumns.contains(column)).collect(toImmutableSet());
}
Also used : AccessDeniedException.denyAddColumn(io.trino.spi.security.AccessDeniedException.denyAddColumn) SchemaRoutineName(io.trino.spi.connector.SchemaRoutineName) AccessDeniedException.denySetCatalogSessionProperty(io.trino.spi.security.AccessDeniedException.denySetCatalogSessionProperty) AccessDeniedException.denyDropTable(io.trino.spi.security.AccessDeniedException.denyDropTable) AccessDeniedException.denySetTableProperties(io.trino.spi.security.AccessDeniedException.denySetTableProperties) AccessDeniedException.denyGrantSchemaPrivilege(io.trino.spi.security.AccessDeniedException.denyGrantSchemaPrivilege) AccessDeniedException.denySetMaterializedViewProperties(io.trino.spi.security.AccessDeniedException.denySetMaterializedViewProperties) AccessDeniedException.denyInsertTable(io.trino.spi.security.AccessDeniedException.denyInsertTable) AccessDeniedException.denyShowCreateTable(io.trino.spi.security.AccessDeniedException.denyShowCreateTable) AccessDeniedException.denyRevokeTablePrivilege(io.trino.spi.security.AccessDeniedException.denyRevokeTablePrivilege) INSERT(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.INSERT) Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument) DELETE(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.DELETE) JsonUtils.parseJson(io.trino.plugin.base.util.JsonUtils.parseJson) AccessDeniedException.denyUpdateTableColumns(io.trino.spi.security.AccessDeniedException.denyUpdateTableColumns) Map(java.util.Map) AccessDeniedException.denyCreateSchema(io.trino.spi.security.AccessDeniedException.denyCreateSchema) AccessDeniedException.denyCreateMaterializedView(io.trino.spi.security.AccessDeniedException.denyCreateMaterializedView) AccessDeniedException.denyCreateTable(io.trino.spi.security.AccessDeniedException.denyCreateTable) AccessDeniedException.denyDeleteTable(io.trino.spi.security.AccessDeniedException.denyDeleteTable) AccessDeniedException.denyDropView(io.trino.spi.security.AccessDeniedException.denyDropView) AccessDeniedException.denyRenameSchema(io.trino.spi.security.AccessDeniedException.denyRenameSchema) AccessDeniedException.denyShowColumns(io.trino.spi.security.AccessDeniedException.denyShowColumns) AccessDeniedException.denyRenameMaterializedView(io.trino.spi.security.AccessDeniedException.denyRenameMaterializedView) ImmutableSet(com.google.common.collect.ImmutableSet) ConnectorIdentity(io.trino.spi.security.ConnectorIdentity) AccessDeniedException.denySetTableAuthorization(io.trino.spi.security.AccessDeniedException.denySetTableAuthorization) OWNERSHIP(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.OWNERSHIP) AccessDeniedException.denyDropSchema(io.trino.spi.security.AccessDeniedException.denyDropSchema) Predicate(java.util.function.Predicate) AccessDeniedException.denyTruncateTable(io.trino.spi.security.AccessDeniedException.denyTruncateTable) ViewExpression(io.trino.spi.security.ViewExpression) ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) Set(java.util.Set) SchemaTableName(io.trino.spi.connector.SchemaTableName) AccessDeniedException.denySetRole(io.trino.spi.security.AccessDeniedException.denySetRole) AccessDeniedException.denyShowCreateSchema(io.trino.spi.security.AccessDeniedException.denyShowCreateSchema) TablePrivilege(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege) List(java.util.List) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) AccessDeniedException.denyRefreshMaterializedView(io.trino.spi.security.AccessDeniedException.denyRefreshMaterializedView) AccessDeniedException.denyCreateRole(io.trino.spi.security.AccessDeniedException.denyCreateRole) Optional(java.util.Optional) SELECT(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.SELECT) AccessDeniedException.denyDenySchemaPrivilege(io.trino.spi.security.AccessDeniedException.denyDenySchemaPrivilege) GRANT_SELECT(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.GRANT_SELECT) AccessDeniedException.denyDenyTablePrivilege(io.trino.spi.security.AccessDeniedException.denyDenyTablePrivilege) AccessDeniedException.denyDropColumn(io.trino.spi.security.AccessDeniedException.denyDropColumn) AccessDeniedException.denyRevokeSchemaPrivilege(io.trino.spi.security.AccessDeniedException.denyRevokeSchemaPrivilege) Type(io.trino.spi.type.Type) AccessDeniedException.denyDropRole(io.trino.spi.security.AccessDeniedException.denyDropRole) Function(java.util.function.Function) AccessDeniedException.denySetViewAuthorization(io.trino.spi.security.AccessDeniedException.denySetViewAuthorization) AccessDeniedException.denyCommentColumn(io.trino.spi.security.AccessDeniedException.denyCommentColumn) AccessDeniedException.denySetSchemaAuthorization(io.trino.spi.security.AccessDeniedException.denySetSchemaAuthorization) AccessDeniedException.denyCreateViewWithSelect(io.trino.spi.security.AccessDeniedException.denyCreateViewWithSelect) AccessDeniedException.denyDropMaterializedView(io.trino.spi.security.AccessDeniedException.denyDropMaterializedView) AccessDeniedException.denyShowTables(io.trino.spi.security.AccessDeniedException.denyShowTables) Objects.requireNonNull(java.util.Objects.requireNonNull) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) AccessDeniedException.denyRevokeRoles(io.trino.spi.security.AccessDeniedException.denyRevokeRoles) Privilege(io.trino.spi.security.Privilege) AccessDeniedException.denyRenameTable(io.trino.spi.security.AccessDeniedException.denyRenameTable) ConnectorSecurityContext(io.trino.spi.connector.ConnectorSecurityContext) AccessDeniedException.denySelectTable(io.trino.spi.security.AccessDeniedException.denySelectTable) AccessDeniedException.denyCreateView(io.trino.spi.security.AccessDeniedException.denyCreateView) AccessDeniedException.denyCommentTable(io.trino.spi.security.AccessDeniedException.denyCommentTable) CatalogName(io.trino.plugin.base.CatalogName) File(java.io.File) UPDATE(io.trino.plugin.base.security.TableAccessControlRule.TablePrivilege.UPDATE) AccessDeniedException.denyRenameColumn(io.trino.spi.security.AccessDeniedException.denyRenameColumn) AccessDeniedException.denyGrantRoles(io.trino.spi.security.AccessDeniedException.denyGrantRoles) AccessDeniedException.denyRenameView(io.trino.spi.security.AccessDeniedException.denyRenameView) AccessDeniedException.denyGrantTablePrivilege(io.trino.spi.security.AccessDeniedException.denyGrantTablePrivilege) ConnectorIdentity(io.trino.spi.security.ConnectorIdentity)

Aggregations

ConnectorIdentity (io.trino.spi.security.ConnectorIdentity)21 TrinoException (io.trino.spi.TrinoException)16 Type (io.trino.spi.type.Type)12 Map (java.util.Map)11 Optional (java.util.Optional)11 ImmutableList (com.google.common.collect.ImmutableList)10 Connection (java.sql.Connection)10 SchemaTableName (io.trino.spi.connector.SchemaTableName)9 List (java.util.List)9 Set (java.util.Set)9 Objects.requireNonNull (java.util.Objects.requireNonNull)8 Inject (javax.inject.Inject)8 ImmutableMap (com.google.common.collect.ImmutableMap)7 ImmutableSet (com.google.common.collect.ImmutableSet)7 ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)7 NOT_SUPPORTED (io.trino.spi.StandardErrorCode.NOT_SUPPORTED)7 String.format (java.lang.String.format)7 Preconditions.checkArgument (com.google.common.base.Preconditions.checkArgument)6 ImmutableList.toImmutableList (com.google.common.collect.ImmutableList.toImmutableList)6 ConnectorSession (io.trino.spi.connector.ConnectorSession)6