use of io.trino.spi.security.RoleGrant in project trino by trinodb.
the class TestThriftMetastoreUtil method testListApplicableRoles.
@Test
public void testListApplicableRoles() {
TrinoPrincipal admin = new TrinoPrincipal(USER, "admin");
Multimap<String, String> inheritance = ImmutableMultimap.<String, String>builder().put("a", "b1").put("a", "b2").put("b1", "d").put("b1", "e").put("b2", "d").put("b2", "e").put("d", "u").put("e", "w").build();
assertThat(ThriftMetastoreUtil.listApplicableRoles(new HivePrincipal(ROLE, "a"), principal -> inheritance.get(principal.getName()).stream().map(name -> new RoleGrant(admin, name, false)).collect(toImmutableSet()))).containsOnly(new RoleGrant(admin, "b1", false), new RoleGrant(admin, "b2", false), new RoleGrant(admin, "d", false), new RoleGrant(admin, "e", false), new RoleGrant(admin, "u", false), new RoleGrant(admin, "w", false));
}
use of io.trino.spi.security.RoleGrant in project trino by trinodb.
the class TestingSystemSecurityMetadata method createRoleGrants.
private static Set<RoleGrant> createRoleGrants(Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor) {
checkArgument(grantor.isEmpty(), "Grantor is not yet supported");
Set<RoleGrant> roleGrantToAdd = new HashSet<>();
for (String role : roles) {
for (TrinoPrincipal grantee : grantees) {
roleGrantToAdd.add(new RoleGrant(grantee, role, adminOption));
}
}
return roleGrantToAdd;
}
use of io.trino.spi.security.RoleGrant in project trino by trinodb.
the class SqlStandardAccessControlMetadata method getRoleGrantsByGrantees.
private Set<RoleGrant> getRoleGrantsByGrantees(Set<String> grantees, OptionalLong limit) {
ImmutableSet.Builder<RoleGrant> roleGrants = ImmutableSet.builder();
int count = 0;
for (String grantee : grantees) {
for (PrincipalType type : new PrincipalType[] { USER, ROLE }) {
if (limit.isPresent() && count >= limit.getAsLong()) {
return roleGrants.build();
}
for (RoleGrant grant : metastore.listRoleGrants(new HivePrincipal(type, grantee))) {
// Filter out the "public" role since it is not explicitly granted in Hive.
if (PUBLIC_ROLE_NAME.equals(grant.getRoleName())) {
continue;
}
count++;
roleGrants.add(grant);
}
}
}
return roleGrants.build();
}
use of io.trino.spi.security.RoleGrant in project trino by trinodb.
the class FileHiveMetastore method removeDuplicatedEntries.
private Set<RoleGrant> removeDuplicatedEntries(Set<RoleGrant> grants) {
Map<RoleGranteeTuple, RoleGrant> map = new HashMap<>();
for (RoleGrant grant : grants) {
RoleGranteeTuple tuple = new RoleGranteeTuple(grant.getRoleName(), HivePrincipal.from(grant.getGrantee()));
map.merge(tuple, grant, (first, second) -> first.isGrantable() ? first : second);
}
return ImmutableSet.copyOf(map.values());
}
use of io.trino.spi.security.RoleGrant in project trino by trinodb.
the class FileHiveMetastore method removeNonExistingRoles.
private static Set<RoleGrant> removeNonExistingRoles(Set<RoleGrant> grants, Set<String> existingRoles) {
ImmutableSet.Builder<RoleGrant> result = ImmutableSet.builder();
for (RoleGrant grant : grants) {
if (!existingRoles.contains(grant.getRoleName())) {
continue;
}
HivePrincipal grantee = HivePrincipal.from(grant.getGrantee());
if (grantee.getType() == ROLE && !existingRoles.contains(grantee.getName())) {
continue;
}
result.add(grant);
}
return result.build();
}
Aggregations