use of io.trino.spi.security.PrincipalType.USER in project trino by trinodb.
the class SetRoleTask method execute.
@Override
public ListenableFuture<Void> execute(SetRole statement, QueryStateMachine stateMachine, List<Expression> parameters, WarningCollector warningCollector) {
Session session = stateMachine.getSession();
Optional<String> catalog = processRoleCommandCatalog(metadata, session, statement, statement.getCatalog().map(Identifier::getValue));
if (statement.getType() == SetRole.Type.ROLE) {
String role = statement.getRole().map(c -> c.getValue().toLowerCase(ENGLISH)).orElseThrow();
if (!metadata.roleExists(session, role, catalog)) {
throw semanticException(ROLE_NOT_FOUND, statement, "Role '%s' does not exist", role);
}
if (catalog.isPresent()) {
accessControl.checkCanSetCatalogRole(SecurityContext.of(session), role, catalog.get());
} else {
Set<RoleGrant> roleGrants = metadata.listApplicableRoles(session, new TrinoPrincipal(USER, session.getUser()), Optional.empty());
if (roleGrants.stream().map(RoleGrant::getRoleName).noneMatch(role::equals)) {
denySetRole(role);
}
}
}
SelectedRole.Type type = toSelectedRoleType(statement.getType());
stateMachine.addSetRole(catalog.orElse("system"), new SelectedRole(type, statement.getRole().map(c -> c.getValue().toLowerCase(ENGLISH))));
return immediateVoidFuture();
}
use of io.trino.spi.security.PrincipalType.USER in project trino by trinodb.
the class TestAccessControl method createQueryRunner.
@Override
protected QueryRunner createQueryRunner() throws Exception {
Session session = testSessionBuilder().setCatalog("blackhole").setSchema("default").build();
DistributedQueryRunner queryRunner = DistributedQueryRunner.builder(session).setNodeCount(1).build();
queryRunner.installPlugin(new BlackHolePlugin());
queryRunner.createCatalog("blackhole", "blackhole");
queryRunner.installPlugin(new TpchPlugin());
queryRunner.createCatalog("tpch", "tpch");
queryRunner.installPlugin(new MockConnectorPlugin(MockConnectorFactory.builder().withGetViews((connectorSession, prefix) -> {
ConnectorViewDefinition definitionRunAsDefiner = new ConnectorViewDefinition("select 1", Optional.of("mock"), Optional.of("default"), ImmutableList.of(new ConnectorViewDefinition.ViewColumn("test", BIGINT.getTypeId())), Optional.of("comment"), Optional.of("admin"), false);
ConnectorViewDefinition definitionRunAsInvoker = new ConnectorViewDefinition("select 1", Optional.of("mock"), Optional.of("default"), ImmutableList.of(new ConnectorViewDefinition.ViewColumn("test", BIGINT.getTypeId())), Optional.of("comment"), Optional.empty(), true);
return ImmutableMap.of(new SchemaTableName("default", "test_view_definer"), definitionRunAsDefiner, new SchemaTableName("default", "test_view_invoker"), definitionRunAsInvoker);
}).withListRoleGrants((connectorSession, roles, grantees, limit) -> ImmutableSet.of(new RoleGrant(new TrinoPrincipal(USER, "alice"), "alice_role", false))).build()));
queryRunner.createCatalog("mock", "mock");
for (String tableName : ImmutableList.of("orders", "nation", "region", "lineitem")) {
queryRunner.execute(format("CREATE TABLE %1$s AS SELECT * FROM tpch.tiny.%1$s WITH NO DATA", tableName));
}
return queryRunner;
}
use of io.trino.spi.security.PrincipalType.USER in project trino by trinodb.
the class TestGrantOnSchema method initClass.
@BeforeClass
public void initClass() throws Exception {
queryRunner = DistributedQueryRunner.builder(admin).build();
MockConnectorFactory connectorFactory = MockConnectorFactory.builder().withListSchemaNames(session -> ImmutableList.of("information_schema", "default")).withListTables((session, schema) -> "default".equalsIgnoreCase(schema) ? ImmutableList.of(new SchemaTableName(schema, "table_one")) : ImmutableList.of()).withSchemaGrants(schemaGrants).build();
queryRunner.installPlugin(new MockConnectorPlugin(connectorFactory));
queryRunner.createCatalog("local", "mock");
assertions = new QueryAssertions(queryRunner);
schemaGrants.grant(new TrinoPrincipal(USER, admin.getUser()), "default", EnumSet.allOf(Privilege.class), true);
}
use of io.trino.spi.security.PrincipalType.USER in project trino by trinodb.
the class TestGrantOnTable method initClass.
@BeforeClass
public void initClass() throws Exception {
queryRunner = DistributedQueryRunner.builder(admin).build();
MockConnectorFactory connectorFactory = MockConnectorFactory.builder().withListSchemaNames(session -> ImmutableList.of("default")).withListTables((session, schemaName) -> "default".equalsIgnoreCase(schemaName) ? ImmutableList.of(table) : ImmutableList.of()).withGetTableHandle((session, tableName) -> tableName.equals(table) ? new MockConnectorTableHandle(tableName) : null).withSchemaGrants(new MutableGrants<>()).withTableGrants(tableGrants).build();
queryRunner.installPlugin(new MockConnectorPlugin(connectorFactory));
queryRunner.createCatalog("local", "mock");
assertions = new QueryAssertions(queryRunner);
tableGrants.grant(new TrinoPrincipal(USER, "admin"), table, EnumSet.allOf(Privilege.class), true);
}
use of io.trino.spi.security.PrincipalType.USER in project trino by trinodb.
the class TestDenyOnSchema method initClass.
@BeforeClass
public void initClass() throws Exception {
queryRunner = DistributedQueryRunner.builder(admin).setAdditionalModule(binder -> {
newOptionalBinder(binder, SystemSecurityMetadata.class).setBinding().toInstance(new DisabledSystemSecurityMetadata() {
@Override
public void denySchemaPrivileges(Session session, CatalogSchemaName schemaName, Set<Privilege> privileges, TrinoPrincipal grantee) {
assertThat(expectedSchemaName).isEqualTo(schemaName);
assertThat(expectedPrivileges).isEqualTo(privileges);
assertThat(expectedGrantee).isEqualTo(grantee);
assertThat(denyCalled).isFalse();
denyCalled = true;
}
});
}).build();
MockConnectorFactory connectorFactory = MockConnectorFactory.builder().withListSchemaNames(session -> ImmutableList.of("default")).withListTables((session, schemaName) -> "default".equalsIgnoreCase(schemaName) ? ImmutableList.of(table) : ImmutableList.of()).withGetTableHandle((session, tableName) -> tableName.equals(table) ? new MockConnectorTableHandle(tableName) : null).build();
queryRunner.installPlugin(new MockConnectorPlugin(connectorFactory));
queryRunner.createCatalog("local", "mock");
assertions = new QueryAssertions(queryRunner);
tableGrants.grant(new TrinoPrincipal(USER, "admin"), table, EnumSet.allOf(Privilege.class), true);
}
Aggregations