use of io.trino.spi.security.RoleGrant in project trino by trinodb.
the class FileHiveMetastore method grantRoles.
@Override
public synchronized void grantRoles(Set<String> roles, Set<HivePrincipal> grantees, boolean adminOption, HivePrincipal grantor) {
Set<String> existingRoles = listRoles();
Set<RoleGrant> existingGrants = listRoleGrantsSanitized();
Set<RoleGrant> modifiedGrants = new HashSet<>(existingGrants);
for (HivePrincipal grantee : grantees) {
for (String role : roles) {
checkArgument(existingRoles.contains(role), "Role does not exist: %s", role);
if (grantee.getType() == ROLE) {
checkArgument(existingRoles.contains(grantee.getName()), "Role does not exist: %s", grantee.getName());
}
RoleGrant grantWithAdminOption = new RoleGrant(grantee.toTrinoPrincipal(), role, true);
RoleGrant grantWithoutAdminOption = new RoleGrant(grantee.toTrinoPrincipal(), role, false);
if (adminOption) {
modifiedGrants.remove(grantWithoutAdminOption);
modifiedGrants.add(grantWithAdminOption);
} else {
modifiedGrants.remove(grantWithAdminOption);
modifiedGrants.add(grantWithoutAdminOption);
}
}
}
modifiedGrants = removeDuplicatedEntries(modifiedGrants);
if (!existingGrants.equals(modifiedGrants)) {
writeRoleGrantsFile(modifiedGrants);
}
}
use of io.trino.spi.security.RoleGrant in project trino by trinodb.
the class FileHiveMetastore method revokeRoles.
@Override
public synchronized void revokeRoles(Set<String> roles, Set<HivePrincipal> grantees, boolean adminOption, HivePrincipal grantor) {
Set<RoleGrant> existingGrants = listRoleGrantsSanitized();
Set<RoleGrant> modifiedGrants = new HashSet<>(existingGrants);
for (HivePrincipal grantee : grantees) {
for (String role : roles) {
RoleGrant grantWithAdminOption = new RoleGrant(grantee.toTrinoPrincipal(), role, true);
RoleGrant grantWithoutAdminOption = new RoleGrant(grantee.toTrinoPrincipal(), role, false);
if (modifiedGrants.contains(grantWithAdminOption) || modifiedGrants.contains(grantWithoutAdminOption)) {
if (adminOption) {
modifiedGrants.remove(grantWithAdminOption);
modifiedGrants.add(grantWithoutAdminOption);
} else {
modifiedGrants.remove(grantWithAdminOption);
modifiedGrants.remove(grantWithoutAdminOption);
}
}
}
}
modifiedGrants = removeDuplicatedEntries(modifiedGrants);
if (!existingGrants.equals(modifiedGrants)) {
writeRoleGrantsFile(modifiedGrants);
}
}
use of io.trino.spi.security.RoleGrant in project trino by trinodb.
the class FileHiveMetastore method listRoleGrants.
@Override
public synchronized Set<RoleGrant> listRoleGrants(HivePrincipal principal) {
ImmutableSet.Builder<RoleGrant> result = ImmutableSet.builder();
if (principal.getType() == USER) {
result.add(new RoleGrant(principal.toTrinoPrincipal(), PUBLIC_ROLE_NAME, false));
if (ADMIN_USERS.contains(principal.getName())) {
result.add(new RoleGrant(principal.toTrinoPrincipal(), ADMIN_ROLE_NAME, true));
}
}
result.addAll(listRoleGrantsSanitized().stream().filter(grant -> HivePrincipal.from(grant.getGrantee()).equals(principal)).collect(toSet()));
return result.build();
}
use of io.trino.spi.security.RoleGrant in project trino by trinodb.
the class SqlStandardAccessControlMetadata method getRoleGrantsByRoles.
private Set<RoleGrant> getRoleGrantsByRoles(Set<String> roles, OptionalLong limit) {
ImmutableSet.Builder<RoleGrant> roleGrants = ImmutableSet.builder();
int count = 0;
for (String role : roles) {
if (limit.isPresent() && count >= limit.getAsLong()) {
break;
}
for (RoleGrant grant : metastore.listGrantedPrincipals(role)) {
count++;
roleGrants.add(grant);
}
}
return roleGrants.build();
}
use of io.trino.spi.security.RoleGrant in project trino by trinodb.
the class TestSetRoleTask method setUp.
@BeforeClass
public void setUp() {
queryRunner = LocalQueryRunner.create(TEST_SESSION);
MockConnectorFactory mockConnectorFactory = MockConnectorFactory.builder().withListRoleGrants((connectorSession, roles, grantees, limit) -> ImmutableSet.of(new RoleGrant(new TrinoPrincipal(USER, USER_NAME), ROLE_NAME, false))).build();
queryRunner.createCatalog(CATALOG_NAME, mockConnectorFactory, ImmutableMap.of());
MockConnectorFactory systemConnectorFactory = MockConnectorFactory.builder().withName("system_role_connector").build();
queryRunner.createCatalog(SYSTEM_ROLE_CATALOG_NAME, systemConnectorFactory, ImmutableMap.of());
transactionManager = queryRunner.getTransactionManager();
accessControl = queryRunner.getAccessControl();
metadata = queryRunner.getMetadata();
parser = queryRunner.getSqlParser();
executor = newCachedThreadPool(daemonThreadsNamed("test-set-role-task-executor-%s"));
}
Aggregations