Examples with SelectedRole io.trino.spi.security.SelectedRole used on opensource projects

Search in sources :

Example 6 with SelectedRole

use of io.trino.spi.security.SelectedRole in project trino by trinodb.

the class BaseHiveConnectorTest method testSchemaOperations.

@Test
public void testSchemaOperations() {
    Session session = Session.builder(getSession()).setIdentity(Identity.forUser("hive").withConnectorRole("hive", new SelectedRole(ROLE, Optional.of("admin"))).build()).build();
    assertUpdate(session, "CREATE SCHEMA new_schema");
    assertUpdate(session, "CREATE TABLE new_schema.test (x bigint)");
    assertQueryFails(session, "DROP SCHEMA new_schema", ".*Cannot drop non-empty schema 'new_schema'");
    assertUpdate(session, "DROP TABLE new_schema.test");
    assertUpdate(session, "DROP SCHEMA new_schema");
}
Also used : SelectedRole(io.trino.spi.security.SelectedRole) HiveQueryRunner.createBucketedSession(io.trino.plugin.hive.HiveQueryRunner.createBucketedSession) Session(io.trino.Session) Test(org.testng.annotations.Test) BaseConnectorTest(io.trino.testing.BaseConnectorTest)

Example 7 with SelectedRole

use of io.trino.spi.security.SelectedRole in project trino by trinodb.

the class BaseHiveConnectorTest method testViewAuthorization.

@Test
public void testViewAuthorization() {
    Session admin = Session.builder(getSession()).setCatalog(getSession().getCatalog()).setIdentity(Identity.forUser("hive").withConnectorRole("hive", new SelectedRole(ROLE, Optional.of("admin"))).build()).build();
    Session alice = testSessionBuilder().setCatalog(getSession().getCatalog()).setIdentity(Identity.forUser("alice").build()).build();
    String schema = "test_view_authorization" + TestTable.randomTableSuffix();
    assertUpdate(admin, "CREATE SCHEMA " + schema);
    assertUpdate(admin, "CREATE VIEW " + schema + ".test_view AS SELECT current_user AS user");
    assertAccessDenied(alice, "ALTER VIEW " + schema + ".test_view SET AUTHORIZATION alice", "Cannot set authorization for view " + schema + ".test_view to USER alice");
    assertUpdate(admin, "ALTER VIEW " + schema + ".test_view SET AUTHORIZATION alice");
    assertUpdate(alice, "ALTER VIEW " + schema + ".test_view SET AUTHORIZATION admin");
    assertUpdate(admin, "DROP VIEW " + schema + ".test_view");
    assertUpdate(admin, "DROP SCHEMA " + schema);
}
Also used : SelectedRole(io.trino.spi.security.SelectedRole) HiveQueryRunner.createBucketedSession(io.trino.plugin.hive.HiveQueryRunner.createBucketedSession) Session(io.trino.Session) Test(org.testng.annotations.Test) BaseConnectorTest(io.trino.testing.BaseConnectorTest)

Example 8 with SelectedRole

use of io.trino.spi.security.SelectedRole in project trino by trinodb.

the class BaseHiveConnectorTest method testCreateSchemaWithAuthorizationForUser.

@Test
public void testCreateSchemaWithAuthorizationForUser() {
    Session admin = Session.builder(getSession()).setIdentity(Identity.forUser("hive").withConnectorRole("hive", new SelectedRole(ROLE, Optional.of("admin"))).build()).build();
    Session user = testSessionBuilder().setCatalog(getSession().getCatalog()).setSchema("test_createschema_authorization_user").setIdentity(Identity.forUser("user").withPrincipal(getSession().getIdentity().getPrincipal()).build()).build();
    Session anotherUser = testSessionBuilder().setCatalog(getSession().getCatalog()).setSchema("test_createschema_authorization_user").setIdentity(Identity.forUser("anotheruser").withPrincipal(getSession().getIdentity().getPrincipal()).build()).build();
    assertUpdate(admin, "CREATE SCHEMA test_createschema_authorization_user AUTHORIZATION user");
    assertUpdate(user, "CREATE TABLE test_createschema_authorization_user.test (x bigint)");
    // another user should not be able to drop the table
    assertQueryFails(anotherUser, "DROP TABLE test_createschema_authorization_user.test", "Access Denied: Cannot drop table test_createschema_authorization_user.test");
    // or access the table in any way
    assertQueryFails(anotherUser, "SELECT 1 FROM test_createschema_authorization_user.test", "Access Denied: Cannot select from table test_createschema_authorization_user.test");
    assertUpdate(user, "DROP TABLE test_createschema_authorization_user.test");
    assertUpdate(user, "DROP SCHEMA test_createschema_authorization_user");
}
Also used : SelectedRole(io.trino.spi.security.SelectedRole) HiveQueryRunner.createBucketedSession(io.trino.plugin.hive.HiveQueryRunner.createBucketedSession) Session(io.trino.Session) Test(org.testng.annotations.Test) BaseConnectorTest(io.trino.testing.BaseConnectorTest)

Example 9 with SelectedRole

use of io.trino.spi.security.SelectedRole in project trino by trinodb.

the class BaseHiveConnectorTest method testTableAuthorization.

@Test
public void testTableAuthorization() {
    Session admin = Session.builder(getSession()).setCatalog(getSession().getCatalog()).setIdentity(Identity.forUser("hive").withConnectorRole("hive", new SelectedRole(ROLE, Optional.of("admin"))).build()).build();
    Session alice = testSessionBuilder().setCatalog(getSession().getCatalog()).setIdentity(Identity.forUser("alice").build()).build();
    assertUpdate(admin, "CREATE SCHEMA test_table_authorization");
    assertUpdate(admin, "CREATE TABLE test_table_authorization.foo (col int)");
    assertAccessDenied(alice, "ALTER TABLE test_table_authorization.foo SET AUTHORIZATION alice", "Cannot set authorization for table test_table_authorization.foo to USER alice");
    assertUpdate(admin, "ALTER TABLE test_table_authorization.foo SET AUTHORIZATION alice");
    assertUpdate(alice, "ALTER TABLE test_table_authorization.foo SET AUTHORIZATION admin");
    assertUpdate(admin, "DROP TABLE test_table_authorization.foo");
    assertUpdate(admin, "DROP SCHEMA test_table_authorization");
}
Also used : SelectedRole(io.trino.spi.security.SelectedRole) HiveQueryRunner.createBucketedSession(io.trino.plugin.hive.HiveQueryRunner.createBucketedSession) Session(io.trino.Session) Test(org.testng.annotations.Test) BaseConnectorTest(io.trino.testing.BaseConnectorTest)

Example 10 with SelectedRole

use of io.trino.spi.security.SelectedRole in project trino by trinodb.

the class TestHttpRequestSessionContextFactory method assertSessionContext.

private static void assertSessionContext(ProtocolHeaders protocolHeaders) {
    MultivaluedMap<String, String> headers = new GuavaMultivaluedMap<>(ImmutableListMultimap.<String, String>builder().put(protocolHeaders.requestUser(), "testUser").put(protocolHeaders.requestSource(), "testSource").put(protocolHeaders.requestCatalog(), "testCatalog").put(protocolHeaders.requestSchema(), "testSchema").put(protocolHeaders.requestPath(), "testPath").put(protocolHeaders.requestLanguage(), "zh-TW").put(protocolHeaders.requestTimeZone(), "Asia/Taipei").put(protocolHeaders.requestClientInfo(), "client-info").put(protocolHeaders.requestSession(), QUERY_MAX_MEMORY + "=1GB").put(protocolHeaders.requestSession(), JOIN_DISTRIBUTION_TYPE + "=partitioned," + HASH_PARTITION_COUNT + " = 43").put(protocolHeaders.requestSession(), "some_session_property=some value with %2C comma").put(protocolHeaders.requestPreparedStatement(), "query1=select * from foo,query2=select * from bar").put(protocolHeaders.requestRole(), "system=ROLE{system-role}").put(protocolHeaders.requestRole(), "foo_connector=ALL").put(protocolHeaders.requestRole(), "bar_connector=NONE").put(protocolHeaders.requestRole(), "foobar_connector=ROLE{catalog-role}").put(protocolHeaders.requestExtraCredential(), "test.token.foo=bar").put(protocolHeaders.requestExtraCredential(), "test.token.abc=xyz").build());
    SessionContext context = SESSION_CONTEXT_FACTORY.createSessionContext(headers, Optional.of(protocolHeaders.getProtocolName()), Optional.of("testRemote"), Optional.empty());
    assertEquals(context.getSource().orElse(null), "testSource");
    assertEquals(context.getCatalog().orElse(null), "testCatalog");
    assertEquals(context.getSchema().orElse(null), "testSchema");
    assertEquals(context.getPath().orElse(null), "testPath");
    assertEquals(context.getIdentity(), Identity.ofUser("testUser"));
    assertEquals(context.getClientInfo().orElse(null), "client-info");
    assertEquals(context.getLanguage().orElse(null), "zh-TW");
    assertEquals(context.getTimeZoneId().orElse(null), "Asia/Taipei");
    assertEquals(context.getSystemProperties(), ImmutableMap.of(QUERY_MAX_MEMORY, "1GB", JOIN_DISTRIBUTION_TYPE, "partitioned", HASH_PARTITION_COUNT, "43", "some_session_property", "some value with , comma"));
    assertEquals(context.getPreparedStatements(), ImmutableMap.of("query1", "select * from foo", "query2", "select * from bar"));
    assertEquals(context.getSelectedRole(), new SelectedRole(SelectedRole.Type.ROLE, Optional.of("system-role")));
    assertEquals(context.getIdentity().getCatalogRoles(), ImmutableMap.of("foo_connector", new SelectedRole(SelectedRole.Type.ALL, Optional.empty()), "bar_connector", new SelectedRole(SelectedRole.Type.NONE, Optional.empty()), "foobar_connector", new SelectedRole(SelectedRole.Type.ROLE, Optional.of("catalog-role"))));
    assertEquals(context.getIdentity().getExtraCredentials(), ImmutableMap.of("test.token.foo", "bar", "test.token.abc", "xyz"));
    assertEquals(context.getIdentity().getGroups(), ImmutableSet.of("testUser"));
}
Also used : SelectedRole(io.trino.spi.security.SelectedRole) GuavaMultivaluedMap(io.airlift.jaxrs.testing.GuavaMultivaluedMap)

Aggregations

SelectedRole (io.trino.spi.security.SelectedRole)30 Session (io.trino.Session)24 Test (org.testng.annotations.Test)22 HiveQueryRunner.createBucketedSession (io.trino.plugin.hive.HiveQueryRunner.createBucketedSession)19 BaseConnectorTest (io.trino.testing.BaseConnectorTest)19 ImmutableMap (com.google.common.collect.ImmutableMap)3 MaterializedResult (io.trino.testing.MaterializedResult)3 SecurityContext (io.trino.security.SecurityContext)2 CatalogSchemaTableName (io.trino.spi.connector.CatalogSchemaTableName)2 Identity (io.trino.spi.security.Identity)2 ColumnConstraint (io.trino.sql.planner.planprinter.IoPlanPrinter.ColumnConstraint)2 EstimatedStatsAndCost (io.trino.sql.planner.planprinter.IoPlanPrinter.EstimatedStatsAndCost)2 FormattedDomain (io.trino.sql.planner.planprinter.IoPlanPrinter.FormattedDomain)2 FormattedMarker (io.trino.sql.planner.planprinter.IoPlanPrinter.FormattedMarker)2 FormattedRange (io.trino.sql.planner.planprinter.IoPlanPrinter.FormattedRange)2 IoPlan (io.trino.sql.planner.planprinter.IoPlanPrinter.IoPlan)2 TableColumnInfo (io.trino.sql.planner.planprinter.IoPlanPrinter.IoPlan.TableColumnInfo)2 ImmutableMap.toImmutableMap (com.google.common.collect.ImmutableMap.toImmutableMap)1 ImmutableSet (com.google.common.collect.ImmutableSet)1 Futures.immediateVoidFuture (com.google.common.util.concurrent.Futures.immediateVoidFuture)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial