Search in sources :

Example 1 with GrantInfo

use of io.trino.spi.security.GrantInfo in project trino by trinodb.

the class SqlStandardAccessControlMetadata method buildGrants.

private List<GrantInfo> buildGrants(SchemaTableName tableName, Optional<HivePrincipal> principal) {
    ImmutableList.Builder<GrantInfo> result = ImmutableList.builder();
    Set<HivePrivilegeInfo> hivePrivileges = metastore.listTablePrivileges(tableName.getSchemaName(), tableName.getTableName(), principal);
    for (HivePrivilegeInfo hivePrivilege : hivePrivileges) {
        Set<PrivilegeInfo> prestoPrivileges = hivePrivilege.toPrivilegeInfo();
        for (PrivilegeInfo prestoPrivilege : prestoPrivileges) {
            GrantInfo grant = new GrantInfo(prestoPrivilege, hivePrivilege.getGrantee().toTrinoPrincipal(), tableName, Optional.of(hivePrivilege.getGrantor().toTrinoPrincipal()), Optional.empty());
            result.add(grant);
        }
    }
    return result.build();
}
Also used : HivePrivilegeInfo(io.trino.plugin.hive.metastore.HivePrivilegeInfo) ImmutableList(com.google.common.collect.ImmutableList) GrantInfo(io.trino.spi.security.GrantInfo) PrivilegeInfo(io.trino.spi.security.PrivilegeInfo) HivePrivilegeInfo(io.trino.plugin.hive.metastore.HivePrivilegeInfo)

Example 2 with GrantInfo

use of io.trino.spi.security.GrantInfo in project trino by trinodb.

the class SqlStandardAccessControlMetadata method listTablePrivileges.

@Override
public List<GrantInfo> listTablePrivileges(ConnectorSession session, List<SchemaTableName> tableNames) {
    Set<HivePrincipal> principals = ThriftMetastoreUtil.listEnabledPrincipals(session.getIdentity(), metastore::listRoleGrants).collect(toImmutableSet());
    boolean isAdminRoleSet = hasAdminRole(principals);
    ImmutableList.Builder<GrantInfo> result = ImmutableList.builder();
    for (SchemaTableName tableName : tableNames) {
        try {
            result.addAll(buildGrants(principals, isAdminRoleSet, tableName));
        } catch (TableNotFoundException e) {
        // table disappeared during listing operation
        } catch (HiveViewNotSupportedException e) {
        // table is an unsupported hive view but shouldn't fail listTablePrivileges.
        }
    }
    return result.build();
}
Also used : TableNotFoundException(io.trino.spi.connector.TableNotFoundException) HivePrincipal(io.trino.plugin.hive.metastore.HivePrincipal) ImmutableList(com.google.common.collect.ImmutableList) GrantInfo(io.trino.spi.security.GrantInfo) SchemaTableName(io.trino.spi.connector.SchemaTableName) HiveViewNotSupportedException(io.trino.plugin.hive.HiveViewNotSupportedException)

Example 3 with GrantInfo

use of io.trino.spi.security.GrantInfo in project trino by trinodb.

the class MetadataManager method listTablePrivileges.

// TODO support table redirection
@Override
public List<GrantInfo> listTablePrivileges(Session session, QualifiedTablePrefix prefix) {
    requireNonNull(prefix, "prefix is null");
    Optional<CatalogMetadata> catalog = getOptionalCatalogMetadata(session, prefix.getCatalogName());
    ImmutableSet.Builder<GrantInfo> grantInfos = ImmutableSet.builder();
    if (catalog.isPresent()) {
        CatalogMetadata catalogMetadata = catalog.get();
        ConnectorSession connectorSession = session.toConnectorSession(catalogMetadata.getCatalogName());
        List<CatalogName> connectorIds = prefix.asQualifiedObjectName().map(qualifiedTableName -> singletonList(catalogMetadata.getConnectorId(session, qualifiedTableName))).orElseGet(catalogMetadata::listConnectorIds);
        for (CatalogName catalogName : connectorIds) {
            ConnectorMetadata metadata = catalogMetadata.getMetadataFor(session, catalogName);
            if (catalogMetadata.getSecurityManagement() == SecurityManagement.SYSTEM) {
                grantInfos.addAll(systemSecurityMetadata.listTablePrivileges(session, prefix));
            } else {
                grantInfos.addAll(metadata.listTablePrivileges(connectorSession, prefix.asSchemaTablePrefix()));
            }
        }
    }
    return ImmutableList.copyOf(grantInfos.build());
}
Also used : RedirectionAwareTableHandle.noRedirection(io.trino.metadata.RedirectionAwareTableHandle.noRedirection) TransactionManager(io.trino.transaction.TransactionManager) AggregateFunction(io.trino.spi.connector.AggregateFunction) TypeSignatureProvider.fromTypes(io.trino.sql.analyzer.TypeSignatureProvider.fromTypes) TypeOperators(io.trino.spi.type.TypeOperators) ConnectorTableExecuteHandle(io.trino.spi.connector.ConnectorTableExecuteHandle) Collections.singletonList(java.util.Collections.singletonList) NOT_SUPPORTED(io.trino.spi.StandardErrorCode.NOT_SUPPORTED) CatalogName(io.trino.connector.CatalogName) SystemSessionProperties.getRetryPolicy(io.trino.SystemSessionProperties.getRetryPolicy) ConnectorOutputTableHandle(io.trino.spi.connector.ConnectorOutputTableHandle) ConnectorTableHandle(io.trino.spi.connector.ConnectorTableHandle) Map(java.util.Map) ProjectionApplicationResult(io.trino.spi.connector.ProjectionApplicationResult) ENGLISH(java.util.Locale.ENGLISH) TABLE_REDIRECTION_ERROR(io.trino.spi.StandardErrorCode.TABLE_REDIRECTION_ERROR) ImmutableList.toImmutableList(com.google.common.collect.ImmutableList.toImmutableList) MoreFutures.toListenableFuture(io.airlift.concurrent.MoreFutures.toListenableFuture) Set(java.util.Set) ConnectorExpressions(io.trino.sql.planner.ConnectorExpressions) LimitApplicationResult(io.trino.spi.connector.LimitApplicationResult) GuardedBy(javax.annotation.concurrent.GuardedBy) SchemaTableName(io.trino.spi.connector.SchemaTableName) MoreExecutors.directExecutor(com.google.common.util.concurrent.MoreExecutors.directExecutor) ImmutableMap.toImmutableMap(com.google.common.collect.ImmutableMap.toImmutableMap) Stream(java.util.stream.Stream) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) ConnectorPartitioningHandle(io.trino.spi.connector.ConnectorPartitioningHandle) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) SchemaTablePrefix(io.trino.spi.connector.SchemaTablePrefix) TableScanRedirectApplicationResult(io.trino.spi.connector.TableScanRedirectApplicationResult) FUNCTION_IMPLEMENTATION_MISSING(io.trino.spi.StandardErrorCode.FUNCTION_IMPLEMENTATION_MISSING) TableColumnsMetadata(io.trino.spi.connector.TableColumnsMetadata) INVALID_VIEW(io.trino.spi.StandardErrorCode.INVALID_VIEW) Session(io.trino.Session) Verify.verifyNotNull(com.google.common.base.Verify.verifyNotNull) ConnectorResolvedIndex(io.trino.spi.connector.ConnectorResolvedIndex) ConnectorInsertTableHandle(io.trino.spi.connector.ConnectorInsertTableHandle) JoinCondition(io.trino.spi.connector.JoinCondition) Slice(io.airlift.slice.Slice) ColumnMetadata(io.trino.spi.connector.ColumnMetadata) ConnectorTableMetadata(io.trino.spi.connector.ConnectorTableMetadata) QualifiedObjectName.convertFromSchemaTableName(io.trino.metadata.QualifiedObjectName.convertFromSchemaTableName) Variable(io.trino.spi.expression.Variable) TypeSignatureProvider.fromTypeSignatures(io.trino.sql.analyzer.TypeSignatureProvider.fromTypeSignatures) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) ArrayList(java.util.ArrayList) LinkedHashMap(java.util.LinkedHashMap) OptionalLong(java.util.OptionalLong) Signature.mangleOperatorName(io.trino.metadata.Signature.mangleOperatorName) GrantInfo(io.trino.spi.security.GrantInfo) MaterializedViewFreshness(io.trino.spi.connector.MaterializedViewFreshness) Identity(io.trino.spi.security.Identity) ColumnHandle(io.trino.spi.connector.ColumnHandle) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) LinkedHashSet(java.util.LinkedHashSet) SCHEMA_NOT_FOUND(io.trino.spi.StandardErrorCode.SCHEMA_NOT_FOUND) ConstraintApplicationResult(io.trino.spi.connector.ConstraintApplicationResult) BlockTypeOperators(io.trino.type.BlockTypeOperators) ConnectorCapabilities(io.trino.spi.connector.ConnectorCapabilities) TESTING_TYPE_MANAGER(io.trino.type.InternalTypeManager.TESTING_TYPE_MANAGER) ConnectorSession(io.trino.spi.connector.ConnectorSession) RoleGrant(io.trino.spi.security.RoleGrant) OperatorType(io.trino.spi.function.OperatorType) Futures(com.google.common.util.concurrent.Futures) ConnectorExpression(io.trino.spi.expression.ConnectorExpression) TypeSignatureProvider(io.trino.sql.analyzer.TypeSignatureProvider) TableStatisticsMetadata(io.trino.spi.statistics.TableStatisticsMetadata) QueryId(io.trino.spi.QueryId) TypeNotFoundException(io.trino.spi.type.TypeNotFoundException) SortItem(io.trino.spi.connector.SortItem) SecurityManagement(io.trino.metadata.Catalog.SecurityManagement) TopNApplicationResult(io.trino.spi.connector.TopNApplicationResult) ConnectorMaterializedViewDefinition(io.trino.spi.connector.ConnectorMaterializedViewDefinition) RedirectionAwareTableHandle.withRedirectionTo(io.trino.metadata.RedirectionAwareTableHandle.withRedirectionTo) Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument) Locale(java.util.Locale) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) ConnectorViewDefinition(io.trino.spi.connector.ConnectorViewDefinition) SignatureBinder.applyBoundVariables(io.trino.metadata.SignatureBinder.applyBoundVariables) SampleType(io.trino.spi.connector.SampleType) SampleApplicationResult(io.trino.spi.connector.SampleApplicationResult) TypeSignature(io.trino.spi.type.TypeSignature) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) FUNCTION_NOT_FOUND(io.trino.spi.StandardErrorCode.FUNCTION_NOT_FOUND) Collections.nCopies(java.util.Collections.nCopies) Collection(java.util.Collection) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) ComputedStatistics(io.trino.spi.statistics.ComputedStatistics) PartitioningHandle(io.trino.sql.planner.PartitioningHandle) TrinoException(io.trino.spi.TrinoException) Streams(com.google.common.collect.Streams) AGGREGATE(io.trino.metadata.FunctionKind.AGGREGATE) ConnectorOutputMetadata(io.trino.spi.connector.ConnectorOutputMetadata) Collectors(java.util.stream.Collectors) String.format(java.lang.String.format) ConnectorTableSchema(io.trino.spi.connector.ConnectorTableSchema) Preconditions.checkState(com.google.common.base.Preconditions.checkState) Objects(java.util.Objects) SafeCaches.buildNonEvictableCache(io.trino.collect.cache.SafeCaches.buildNonEvictableCache) List(java.util.List) UNKNOWN(io.trino.client.NodeVersion.UNKNOWN) Assignment(io.trino.spi.connector.Assignment) BeginTableExecuteResult(io.trino.spi.connector.BeginTableExecuteResult) Entry(java.util.Map.Entry) Optional(java.util.Optional) CacheBuilder(com.google.common.cache.CacheBuilder) ConnectorMetadata(io.trino.spi.connector.ConnectorMetadata) SystemTable(io.trino.spi.connector.SystemTable) SYNTAX_ERROR(io.trino.spi.StandardErrorCode.SYNTAX_ERROR) Constraint(io.trino.spi.connector.Constraint) ListenableFuture(com.google.common.util.concurrent.ListenableFuture) Type(io.trino.spi.type.Type) HashMap(java.util.HashMap) Function(java.util.function.Function) ConnectorTableVersion(io.trino.spi.connector.ConnectorTableVersion) ConcurrentMap(java.util.concurrent.ConcurrentMap) Inject(javax.inject.Inject) JoinStatistics(io.trino.spi.connector.JoinStatistics) ImmutableList(com.google.common.collect.ImmutableList) JoinType(io.trino.spi.connector.JoinType) Verify.verify(com.google.common.base.Verify.verify) UncheckedExecutionException(com.google.common.util.concurrent.UncheckedExecutionException) Objects.requireNonNull(java.util.Objects.requireNonNull) TableStatistics(io.trino.spi.statistics.TableStatistics) CacheUtils.uncheckedCacheGet(io.trino.collect.cache.CacheUtils.uncheckedCacheGet) NonEvictableCache(io.trino.collect.cache.NonEvictableCache) Privilege(io.trino.spi.security.Privilege) ResolvedFunctionDecoder(io.trino.metadata.ResolvedFunction.ResolvedFunctionDecoder) TupleDomain(io.trino.spi.predicate.TupleDomain) AggregationApplicationResult(io.trino.spi.connector.AggregationApplicationResult) QualifiedName(io.trino.sql.tree.QualifiedName) JoinApplicationResult(io.trino.spi.connector.JoinApplicationResult) FeaturesConfig(io.trino.FeaturesConfig) VisibleForTesting(com.google.common.annotations.VisibleForTesting) TypeManager(io.trino.spi.type.TypeManager) ConnectorTransactionHandle(io.trino.spi.connector.ConnectorTransactionHandle) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) ImmutableSet(com.google.common.collect.ImmutableSet) ConnectorSession(io.trino.spi.connector.ConnectorSession) CatalogName(io.trino.connector.CatalogName) ConnectorMetadata(io.trino.spi.connector.ConnectorMetadata) GrantInfo(io.trino.spi.security.GrantInfo)

Aggregations

ImmutableList (com.google.common.collect.ImmutableList)3 GrantInfo (io.trino.spi.security.GrantInfo)3 SchemaTableName (io.trino.spi.connector.SchemaTableName)2 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 Preconditions.checkArgument (com.google.common.base.Preconditions.checkArgument)1 Preconditions.checkState (com.google.common.base.Preconditions.checkState)1 Verify.verify (com.google.common.base.Verify.verify)1 Verify.verifyNotNull (com.google.common.base.Verify.verifyNotNull)1 CacheBuilder (com.google.common.cache.CacheBuilder)1 ImmutableList.toImmutableList (com.google.common.collect.ImmutableList.toImmutableList)1 ImmutableMap (com.google.common.collect.ImmutableMap)1 ImmutableMap.toImmutableMap (com.google.common.collect.ImmutableMap.toImmutableMap)1 ImmutableSet (com.google.common.collect.ImmutableSet)1 ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)1 Streams (com.google.common.collect.Streams)1 Futures (com.google.common.util.concurrent.Futures)1 ListenableFuture (com.google.common.util.concurrent.ListenableFuture)1 MoreExecutors.directExecutor (com.google.common.util.concurrent.MoreExecutors.directExecutor)1 UncheckedExecutionException (com.google.common.util.concurrent.UncheckedExecutionException)1 MoreFutures.toListenableFuture (io.airlift.concurrent.MoreFutures.toListenableFuture)1