Examples with USER io.trino.spi.security.PrincipalType.USER used on opensource projects

Search in sources :

Example 6 with USER

use of io.trino.spi.security.PrincipalType.USER in project trino by trinodb.

the class SetRoleTask method execute.

@Override
public ListenableFuture<Void> execute(SetRole statement, QueryStateMachine stateMachine, List<Expression> parameters, WarningCollector warningCollector) {
    Session session = stateMachine.getSession();
    Optional<String> catalog = processRoleCommandCatalog(metadata, session, statement, statement.getCatalog().map(Identifier::getValue));
    if (statement.getType() == SetRole.Type.ROLE) {
        String role = statement.getRole().map(c -> c.getValue().toLowerCase(ENGLISH)).orElseThrow();
        if (!metadata.roleExists(session, role, catalog)) {
            throw semanticException(ROLE_NOT_FOUND, statement, "Role '%s' does not exist", role);
        }
        if (catalog.isPresent()) {
            accessControl.checkCanSetCatalogRole(SecurityContext.of(session), role, catalog.get());
        } else {
            Set<RoleGrant> roleGrants = metadata.listApplicableRoles(session, new TrinoPrincipal(USER, session.getUser()), Optional.empty());
            if (roleGrants.stream().map(RoleGrant::getRoleName).noneMatch(role::equals)) {
                denySetRole(role);
            }
        }
    }
    SelectedRole.Type type = toSelectedRoleType(statement.getType());
    stateMachine.addSetRole(catalog.orElse("system"), new SelectedRole(type, statement.getRole().map(c -> c.getValue().toLowerCase(ENGLISH))));
    return immediateVoidFuture();
}
Also used : Futures.immediateVoidFuture(com.google.common.util.concurrent.Futures.immediateVoidFuture) ListenableFuture(com.google.common.util.concurrent.ListenableFuture) USER(io.trino.spi.security.PrincipalType.USER) Set(java.util.Set) RoleGrant(io.trino.spi.security.RoleGrant) AccessDeniedException.denySetRole(io.trino.spi.security.AccessDeniedException.denySetRole) Inject(javax.inject.Inject) SelectedRole(io.trino.spi.security.SelectedRole) List(java.util.List) AccessControl(io.trino.security.AccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) SetRole(io.trino.sql.tree.SetRole) Objects.requireNonNull(java.util.Objects.requireNonNull) WarningCollector(io.trino.execution.warnings.WarningCollector) Metadata(io.trino.metadata.Metadata) Optional(java.util.Optional) Expression(io.trino.sql.tree.Expression) SecurityContext(io.trino.security.SecurityContext) MetadataUtil.processRoleCommandCatalog(io.trino.metadata.MetadataUtil.processRoleCommandCatalog) SemanticExceptions.semanticException(io.trino.sql.analyzer.SemanticExceptions.semanticException) ENGLISH(java.util.Locale.ENGLISH) Identifier(io.trino.sql.tree.Identifier) ROLE_NOT_FOUND(io.trino.spi.StandardErrorCode.ROLE_NOT_FOUND) Session(io.trino.Session) RoleGrant(io.trino.spi.security.RoleGrant) SelectedRole(io.trino.spi.security.SelectedRole) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Session(io.trino.Session)

Example 7 with USER

use of io.trino.spi.security.PrincipalType.USER in project trino by trinodb.

the class TestAccessControl method createQueryRunner.

@Override
protected QueryRunner createQueryRunner() throws Exception {
    Session session = testSessionBuilder().setCatalog("blackhole").setSchema("default").build();
    DistributedQueryRunner queryRunner = DistributedQueryRunner.builder(session).setNodeCount(1).build();
    queryRunner.installPlugin(new BlackHolePlugin());
    queryRunner.createCatalog("blackhole", "blackhole");
    queryRunner.installPlugin(new TpchPlugin());
    queryRunner.createCatalog("tpch", "tpch");
    queryRunner.installPlugin(new MockConnectorPlugin(MockConnectorFactory.builder().withGetViews((connectorSession, prefix) -> {
        ConnectorViewDefinition definitionRunAsDefiner = new ConnectorViewDefinition("select 1", Optional.of("mock"), Optional.of("default"), ImmutableList.of(new ConnectorViewDefinition.ViewColumn("test", BIGINT.getTypeId())), Optional.of("comment"), Optional.of("admin"), false);
        ConnectorViewDefinition definitionRunAsInvoker = new ConnectorViewDefinition("select 1", Optional.of("mock"), Optional.of("default"), ImmutableList.of(new ConnectorViewDefinition.ViewColumn("test", BIGINT.getTypeId())), Optional.of("comment"), Optional.empty(), true);
        return ImmutableMap.of(new SchemaTableName("default", "test_view_definer"), definitionRunAsDefiner, new SchemaTableName("default", "test_view_invoker"), definitionRunAsInvoker);
    }).withListRoleGrants((connectorSession, roles, grantees, limit) -> ImmutableSet.of(new RoleGrant(new TrinoPrincipal(USER, "alice"), "alice_role", false))).build()));
    queryRunner.createCatalog("mock", "mock");
    for (String tableName : ImmutableList.of("orders", "nation", "region", "lineitem")) {
        queryRunner.execute(format("CREATE TABLE %1$s AS SELECT * FROM tpch.tiny.%1$s WITH NO DATA", tableName));
    }
    return queryRunner;
}
Also used : EXECUTE_QUERY(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.EXECUTE_QUERY) SHOW_COLUMNS(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.SHOW_COLUMNS) USER(io.trino.spi.security.PrincipalType.USER) Test(org.testng.annotations.Test) TRUNCATE_TABLE(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.TRUNCATE_TABLE) CREATE_VIEW_WITH_SELECT_COLUMNS(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.CREATE_VIEW_WITH_SELECT_COLUMNS) SHOW_CREATE_TABLE(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.SHOW_CREATE_TABLE) BlackHolePlugin(io.trino.plugin.blackhole.BlackHolePlugin) AbstractTestQueryFramework(io.trino.testing.AbstractTestQueryFramework) Assertions(io.airlift.testing.Assertions) DELETE_TABLE(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.DELETE_TABLE) DistributedQueryRunner(io.trino.testing.DistributedQueryRunner) MockConnectorFactory(io.trino.connector.MockConnectorFactory) TestingPrivilege(io.trino.testing.TestingAccessControlManager.TestingPrivilege) SET_TABLE_PROPERTIES(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.SET_TABLE_PROPERTIES) ConnectorViewDefinition(io.trino.spi.connector.ConnectorViewDefinition) TpchPlugin(io.trino.plugin.tpch.TpchPlugin) CREATE_MATERIALIZED_VIEW(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.CREATE_MATERIALIZED_VIEW) TestTable.randomTableSuffix(io.trino.testing.sql.TestTable.randomTableSuffix) INSERT_TABLE(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.INSERT_TABLE) RENAME_COLUMN(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.RENAME_COLUMN) ImmutableSet(com.google.common.collect.ImmutableSet) QUERY_MAX_MEMORY(io.trino.SystemSessionProperties.QUERY_MAX_MEMORY) ImmutableMap(com.google.common.collect.ImmutableMap) DROP_TABLE(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.DROP_TABLE) SchemaTableName(io.trino.spi.connector.SchemaTableName) String.format(java.lang.String.format) SelectedRole(io.trino.spi.security.SelectedRole) DROP_COLUMN(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.DROP_COLUMN) TestingSession.testSessionBuilder(io.trino.testing.TestingSession.testSessionBuilder) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) BIGINT(io.trino.spi.type.BigintType.BIGINT) RENAME_TABLE(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.RENAME_TABLE) ROLE(io.trino.spi.security.SelectedRole.Type.ROLE) UPDATE_TABLE(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.UPDATE_TABLE) TestingSession(io.trino.testing.TestingSession) Optional(java.util.Optional) CREATE_VIEW(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.CREATE_VIEW) SET_USER(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.SET_USER) Session(io.trino.Session) SELECT_COLUMN(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.SELECT_COLUMN) CREATE_TABLE(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.CREATE_TABLE) ImmutableList(com.google.common.collect.ImmutableList) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) Identity(io.trino.spi.security.Identity) SET_SESSION(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.SET_SESSION) MockConnectorPlugin(io.trino.connector.MockConnectorPlugin) EXECUTE_FUNCTION(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.EXECUTE_FUNCTION) GRANT_EXECUTE_FUNCTION(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.GRANT_EXECUTE_FUNCTION) RoleGrant(io.trino.spi.security.RoleGrant) TestingAccessControlManager.privilege(io.trino.testing.TestingAccessControlManager.privilege) QueryRunner(io.trino.testing.QueryRunner) ADD_COLUMN(io.trino.testing.TestingAccessControlManager.TestingPrivilegeType.ADD_COLUMN) RoleGrant(io.trino.spi.security.RoleGrant) DistributedQueryRunner(io.trino.testing.DistributedQueryRunner) BlackHolePlugin(io.trino.plugin.blackhole.BlackHolePlugin) TpchPlugin(io.trino.plugin.tpch.TpchPlugin) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) MockConnectorPlugin(io.trino.connector.MockConnectorPlugin) SchemaTableName(io.trino.spi.connector.SchemaTableName) TestingSession(io.trino.testing.TestingSession) Session(io.trino.Session) ConnectorViewDefinition(io.trino.spi.connector.ConnectorViewDefinition)

Example 8 with USER

use of io.trino.spi.security.PrincipalType.USER in project trino by trinodb.

the class TestGrantOnSchema method initClass.

@BeforeClass
public void initClass() throws Exception {
    queryRunner = DistributedQueryRunner.builder(admin).build();
    MockConnectorFactory connectorFactory = MockConnectorFactory.builder().withListSchemaNames(session -> ImmutableList.of("information_schema", "default")).withListTables((session, schema) -> "default".equalsIgnoreCase(schema) ? ImmutableList.of(new SchemaTableName(schema, "table_one")) : ImmutableList.of()).withSchemaGrants(schemaGrants).build();
    queryRunner.installPlugin(new MockConnectorPlugin(connectorFactory));
    queryRunner.createCatalog("local", "mock");
    assertions = new QueryAssertions(queryRunner);
    schemaGrants.grant(new TrinoPrincipal(USER, admin.getUser()), "default", EnumSet.allOf(Privilege.class), true);
}
Also used : AfterClass(org.testng.annotations.AfterClass) DataProvider(org.testng.annotations.DataProvider) DataProviders(io.trino.testing.DataProviders) USER(io.trino.spi.security.PrincipalType.USER) BeforeClass(org.testng.annotations.BeforeClass) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Test(org.testng.annotations.Test) SchemaTableName(io.trino.spi.connector.SchemaTableName) String.format(java.lang.String.format) TestingSession.testSessionBuilder(io.trino.testing.TestingSession.testSessionBuilder) DistributedQueryRunner(io.trino.testing.DistributedQueryRunner) ImmutableList(com.google.common.collect.ImmutableList) MockConnectorFactory(io.trino.connector.MockConnectorFactory) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) Randoms.randomUsername(io.trino.common.Randoms.randomUsername) Identity(io.trino.spi.security.Identity) Grants(io.trino.connector.Grants) QueryAssertions(io.trino.sql.query.QueryAssertions) MockConnectorPlugin(io.trino.connector.MockConnectorPlugin) MutableGrants(io.trino.connector.MutableGrants) Privilege(io.trino.spi.security.Privilege) EnumSet(java.util.EnumSet) Session(io.trino.Session) MockConnectorFactory(io.trino.connector.MockConnectorFactory) QueryAssertions(io.trino.sql.query.QueryAssertions) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) MockConnectorPlugin(io.trino.connector.MockConnectorPlugin) Privilege(io.trino.spi.security.Privilege) SchemaTableName(io.trino.spi.connector.SchemaTableName) BeforeClass(org.testng.annotations.BeforeClass)

Example 9 with USER

use of io.trino.spi.security.PrincipalType.USER in project trino by trinodb.

the class TestGrantOnTable method initClass.

@BeforeClass
public void initClass() throws Exception {
    queryRunner = DistributedQueryRunner.builder(admin).build();
    MockConnectorFactory connectorFactory = MockConnectorFactory.builder().withListSchemaNames(session -> ImmutableList.of("default")).withListTables((session, schemaName) -> "default".equalsIgnoreCase(schemaName) ? ImmutableList.of(table) : ImmutableList.of()).withGetTableHandle((session, tableName) -> tableName.equals(table) ? new MockConnectorTableHandle(tableName) : null).withSchemaGrants(new MutableGrants<>()).withTableGrants(tableGrants).build();
    queryRunner.installPlugin(new MockConnectorPlugin(connectorFactory));
    queryRunner.createCatalog("local", "mock");
    assertions = new QueryAssertions(queryRunner);
    tableGrants.grant(new TrinoPrincipal(USER, "admin"), table, EnumSet.allOf(Privilege.class), true);
}
Also used : DataProvider(org.testng.annotations.DataProvider) USER(io.trino.spi.security.PrincipalType.USER) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Test(org.testng.annotations.Test) DistributedQueryRunner(io.trino.testing.DistributedQueryRunner) ImmutableList(com.google.common.collect.ImmutableList) MockConnectorFactory(io.trino.connector.MockConnectorFactory) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) Identity(io.trino.spi.security.Identity) Grants(io.trino.connector.Grants) MockConnectorPlugin(io.trino.connector.MockConnectorPlugin) Privilege(io.trino.spi.security.Privilege) EnumSet(java.util.EnumSet) AfterClass(org.testng.annotations.AfterClass) DataProviders(io.trino.testing.DataProviders) BeforeClass(org.testng.annotations.BeforeClass) SchemaTableName(io.trino.spi.connector.SchemaTableName) String.format(java.lang.String.format) MockConnectorTableHandle(io.trino.connector.MockConnectorTableHandle) TestingSession.testSessionBuilder(io.trino.testing.TestingSession.testSessionBuilder) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Randoms.randomUsername(io.trino.common.Randoms.randomUsername) QueryAssertions(io.trino.sql.query.QueryAssertions) MutableGrants(io.trino.connector.MutableGrants) Session(io.trino.Session) MockConnectorFactory(io.trino.connector.MockConnectorFactory) QueryAssertions(io.trino.sql.query.QueryAssertions) MockConnectorTableHandle(io.trino.connector.MockConnectorTableHandle) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) MockConnectorPlugin(io.trino.connector.MockConnectorPlugin) Privilege(io.trino.spi.security.Privilege) BeforeClass(org.testng.annotations.BeforeClass)

Example 10 with USER

use of io.trino.spi.security.PrincipalType.USER in project trino by trinodb.

the class TestDenyOnSchema method initClass.

@BeforeClass
public void initClass() throws Exception {
    queryRunner = DistributedQueryRunner.builder(admin).setAdditionalModule(binder -> {
        newOptionalBinder(binder, SystemSecurityMetadata.class).setBinding().toInstance(new DisabledSystemSecurityMetadata() {

            @Override
            public void denySchemaPrivileges(Session session, CatalogSchemaName schemaName, Set<Privilege> privileges, TrinoPrincipal grantee) {
                assertThat(expectedSchemaName).isEqualTo(schemaName);
                assertThat(expectedPrivileges).isEqualTo(privileges);
                assertThat(expectedGrantee).isEqualTo(grantee);
                assertThat(denyCalled).isFalse();
                denyCalled = true;
            }
        });
    }).build();
    MockConnectorFactory connectorFactory = MockConnectorFactory.builder().withListSchemaNames(session -> ImmutableList.of("default")).withListTables((session, schemaName) -> "default".equalsIgnoreCase(schemaName) ? ImmutableList.of(table) : ImmutableList.of()).withGetTableHandle((session, tableName) -> tableName.equals(table) ? new MockConnectorTableHandle(tableName) : null).build();
    queryRunner.installPlugin(new MockConnectorPlugin(connectorFactory));
    queryRunner.createCatalog("local", "mock");
    assertions = new QueryAssertions(queryRunner);
    tableGrants.grant(new TrinoPrincipal(USER, "admin"), table, EnumSet.allOf(Privilege.class), true);
}
Also used : SystemSecurityMetadata(io.trino.metadata.SystemSecurityMetadata) DataProvider(org.testng.annotations.DataProvider) USER(io.trino.spi.security.PrincipalType.USER) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Test(org.testng.annotations.Test) DistributedQueryRunner(io.trino.testing.DistributedQueryRunner) ImmutableList(com.google.common.collect.ImmutableList) MockConnectorFactory(io.trino.connector.MockConnectorFactory) DisabledSystemSecurityMetadata(io.trino.metadata.DisabledSystemSecurityMetadata) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) Identity(io.trino.spi.security.Identity) Grants(io.trino.connector.Grants) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) ROOT(java.util.Locale.ROOT) MockConnectorPlugin(io.trino.connector.MockConnectorPlugin) Privilege(io.trino.spi.security.Privilege) EnumSet(java.util.EnumSet) OptionalBinder.newOptionalBinder(com.google.inject.multibindings.OptionalBinder.newOptionalBinder) AfterClass(org.testng.annotations.AfterClass) ImmutableSet(com.google.common.collect.ImmutableSet) BeforeClass(org.testng.annotations.BeforeClass) Set(java.util.Set) SchemaTableName(io.trino.spi.connector.SchemaTableName) String.format(java.lang.String.format) MockConnectorTableHandle(io.trino.connector.MockConnectorTableHandle) TestingSession.testSessionBuilder(io.trino.testing.TestingSession.testSessionBuilder) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Randoms.randomUsername(io.trino.common.Randoms.randomUsername) QueryAssertions(io.trino.sql.query.QueryAssertions) MutableGrants(io.trino.connector.MutableGrants) Session(io.trino.Session) MockConnectorFactory(io.trino.connector.MockConnectorFactory) QueryAssertions(io.trino.sql.query.QueryAssertions) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) MockConnectorTableHandle(io.trino.connector.MockConnectorTableHandle) DisabledSystemSecurityMetadata(io.trino.metadata.DisabledSystemSecurityMetadata) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Privilege(io.trino.spi.security.Privilege) MockConnectorPlugin(io.trino.connector.MockConnectorPlugin) Session(io.trino.Session) BeforeClass(org.testng.annotations.BeforeClass)

Aggregations

USER (io.trino.spi.security.PrincipalType.USER)11 TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)11 SchemaTableName (io.trino.spi.connector.SchemaTableName)9 ImmutableSet (com.google.common.collect.ImmutableSet)8 Identity (io.trino.spi.security.Identity)8 Test (org.testng.annotations.Test)8 ImmutableList (com.google.common.collect.ImmutableList)7 Session (io.trino.Session)7 MockConnectorFactory (io.trino.connector.MockConnectorFactory)7 Privilege (io.trino.spi.security.Privilege)7 TestingSession.testSessionBuilder (io.trino.testing.TestingSession.testSessionBuilder)7 MockConnectorPlugin (io.trino.connector.MockConnectorPlugin)6 Optional (java.util.Optional)6 Assertions.assertThatThrownBy (org.assertj.core.api.Assertions.assertThatThrownBy)6 AfterClass (org.testng.annotations.AfterClass)6 BeforeClass (org.testng.annotations.BeforeClass)6 Randoms.randomUsername (io.trino.common.Randoms.randomUsername)5 Grants (io.trino.connector.Grants)5 MutableGrants (io.trino.connector.MutableGrants)5 RoleGrant (io.trino.spi.security.RoleGrant)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial