Search in sources :

Example 6 with RoleGrant

use of io.trino.spi.security.RoleGrant in project trino by trinodb.

the class TestThriftMetastoreUtil method testListApplicableRoles.

@Test
public void testListApplicableRoles() {
    TrinoPrincipal admin = new TrinoPrincipal(USER, "admin");
    Multimap<String, String> inheritance = ImmutableMultimap.<String, String>builder().put("a", "b1").put("a", "b2").put("b1", "d").put("b1", "e").put("b2", "d").put("b2", "e").put("d", "u").put("e", "w").build();
    assertThat(ThriftMetastoreUtil.listApplicableRoles(new HivePrincipal(ROLE, "a"), principal -> inheritance.get(principal.getName()).stream().map(name -> new RoleGrant(admin, name, false)).collect(toImmutableSet()))).containsOnly(new RoleGrant(admin, "b1", false), new RoleGrant(admin, "b2", false), new RoleGrant(admin, "d", false), new RoleGrant(admin, "e", false), new RoleGrant(admin, "u", false), new RoleGrant(admin, "w", false));
}
Also used : RoleGrant(io.trino.spi.security.RoleGrant) HivePrincipal(io.trino.plugin.hive.metastore.HivePrincipal) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Test(org.testng.annotations.Test)

Example 7 with RoleGrant

use of io.trino.spi.security.RoleGrant in project trino by trinodb.

the class TestingSystemSecurityMetadata method createRoleGrants.

private static Set<RoleGrant> createRoleGrants(Set<String> roles, Set<TrinoPrincipal> grantees, boolean adminOption, Optional<TrinoPrincipal> grantor) {
    checkArgument(grantor.isEmpty(), "Grantor is not yet supported");
    Set<RoleGrant> roleGrantToAdd = new HashSet<>();
    for (String role : roles) {
        for (TrinoPrincipal grantee : grantees) {
            roleGrantToAdd.add(new RoleGrant(grantee, role, adminOption));
        }
    }
    return roleGrantToAdd;
}
Also used : RoleGrant(io.trino.spi.security.RoleGrant) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) HashSet(java.util.HashSet)

Example 8 with RoleGrant

use of io.trino.spi.security.RoleGrant in project trino by trinodb.

the class SqlStandardAccessControlMetadata method getRoleGrantsByGrantees.

private Set<RoleGrant> getRoleGrantsByGrantees(Set<String> grantees, OptionalLong limit) {
    ImmutableSet.Builder<RoleGrant> roleGrants = ImmutableSet.builder();
    int count = 0;
    for (String grantee : grantees) {
        for (PrincipalType type : new PrincipalType[] { USER, ROLE }) {
            if (limit.isPresent() && count >= limit.getAsLong()) {
                return roleGrants.build();
            }
            for (RoleGrant grant : metastore.listRoleGrants(new HivePrincipal(type, grantee))) {
                // Filter out the "public" role since it is not explicitly granted in Hive.
                if (PUBLIC_ROLE_NAME.equals(grant.getRoleName())) {
                    continue;
                }
                count++;
                roleGrants.add(grant);
            }
        }
    }
    return roleGrants.build();
}
Also used : RoleGrant(io.trino.spi.security.RoleGrant) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) ImmutableSet(com.google.common.collect.ImmutableSet) HivePrincipal(io.trino.plugin.hive.metastore.HivePrincipal) PrincipalType(io.trino.spi.security.PrincipalType)

Example 9 with RoleGrant

use of io.trino.spi.security.RoleGrant in project trino by trinodb.

the class FileHiveMetastore method removeDuplicatedEntries.

private Set<RoleGrant> removeDuplicatedEntries(Set<RoleGrant> grants) {
    Map<RoleGranteeTuple, RoleGrant> map = new HashMap<>();
    for (RoleGrant grant : grants) {
        RoleGranteeTuple tuple = new RoleGranteeTuple(grant.getRoleName(), HivePrincipal.from(grant.getGrantee()));
        map.merge(tuple, grant, (first, second) -> first.isGrantable() ? first : second);
    }
    return ImmutableSet.copyOf(map.values());
}
Also used : RoleGrant(io.trino.spi.security.RoleGrant) LinkedHashMap(java.util.LinkedHashMap) HashMap(java.util.HashMap)

Example 10 with RoleGrant

use of io.trino.spi.security.RoleGrant in project trino by trinodb.

the class FileHiveMetastore method removeNonExistingRoles.

private static Set<RoleGrant> removeNonExistingRoles(Set<RoleGrant> grants, Set<String> existingRoles) {
    ImmutableSet.Builder<RoleGrant> result = ImmutableSet.builder();
    for (RoleGrant grant : grants) {
        if (!existingRoles.contains(grant.getRoleName())) {
            continue;
        }
        HivePrincipal grantee = HivePrincipal.from(grant.getGrantee());
        if (grantee.getType() == ROLE && !existingRoles.contains(grantee.getName())) {
            continue;
        }
        result.add(grant);
    }
    return result.build();
}
Also used : RoleGrant(io.trino.spi.security.RoleGrant) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) ImmutableSet(com.google.common.collect.ImmutableSet) HivePrincipal(io.trino.plugin.hive.metastore.HivePrincipal)

Aggregations

RoleGrant (io.trino.spi.security.RoleGrant)13 ImmutableSet (com.google.common.collect.ImmutableSet)6 TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)6 HivePrincipal (io.trino.plugin.hive.metastore.HivePrincipal)5 ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)4 USER (io.trino.spi.security.PrincipalType.USER)3 SelectedRole (io.trino.spi.security.SelectedRole)3 HashSet (java.util.HashSet)3 Optional (java.util.Optional)3 ImmutableList (com.google.common.collect.ImmutableList)2 ImmutableMap (com.google.common.collect.ImmutableMap)2 Session (io.trino.Session)2 MockConnectorFactory (io.trino.connector.MockConnectorFactory)2 WarningCollector (io.trino.execution.warnings.WarningCollector)2 Metadata (io.trino.metadata.Metadata)2 AccessControl (io.trino.security.AccessControl)2 ROLE_NOT_FOUND (io.trino.spi.StandardErrorCode.ROLE_NOT_FOUND)2 Identity (io.trino.spi.security.Identity)2 SetRole (io.trino.sql.tree.SetRole)2 LinkedHashSet (java.util.LinkedHashSet)2