Examples with SelectedRole io.trino.spi.security.SelectedRole used on opensource projects

Search in sources :

Example 26 with SelectedRole

use of io.trino.spi.security.SelectedRole in project trino by trinodb.

the class BaseHiveConnectorTest method testIoExplainFilterOnAgg.

@Test
public void testIoExplainFilterOnAgg() {
    Session admin = Session.builder(getSession()).setIdentity(Identity.forUser("hive").withConnectorRole("hive", new SelectedRole(ROLE, Optional.of("admin"))).build()).build();
    assertUpdate(admin, "create table io_explain_test_filter_on_agg(\n" + "id integer,\n" + "a varchar,\n" + "b varchar,\n" + "ds varchar)" + "WITH (format='PARQUET', partitioned_by = ARRAY['ds'])");
    assertUpdate(admin, "insert into io_explain_test_filter_on_agg(id,a,ds) values(1, 'a','a')", 1);
    EstimatedStatsAndCost estimate = new EstimatedStatsAndCost(1.0, 5.0, 5.0, 0.0, 0.0);
    EstimatedStatsAndCost finalEstimate = new EstimatedStatsAndCost(Double.NaN, Double.NaN, Double.NaN, Double.NaN, Double.NaN);
    MaterializedResult result = computeActual("EXPLAIN (TYPE IO, FORMAT JSON) SELECT * FROM (SELECT COUNT(*) cnt FROM io_explain_test_filter_on_agg WHERE b = 'b') WHERE cnt > 0");
    assertEquals(getIoPlanCodec().fromJson((String) getOnlyElement(result.getOnlyColumnAsSet())), new IoPlan(ImmutableSet.of(new TableColumnInfo(new CatalogSchemaTableName(catalog, "tpch", "io_explain_test_filter_on_agg"), ImmutableSet.of(new ColumnConstraint("ds", VARCHAR, new FormattedDomain(false, ImmutableSet.of(new FormattedRange(new FormattedMarker(Optional.of("a"), EXACTLY), new FormattedMarker(Optional.of("a"), EXACTLY))))), new ColumnConstraint("b", VARCHAR, new FormattedDomain(false, ImmutableSet.of(new FormattedRange(new FormattedMarker(Optional.of("b"), EXACTLY), new FormattedMarker(Optional.of("b"), EXACTLY)))))), estimate)), Optional.empty(), finalEstimate));
    assertUpdate("DROP TABLE io_explain_test_filter_on_agg");
}
Also used : FormattedDomain(io.trino.sql.planner.planprinter.IoPlanPrinter.FormattedDomain) SelectedRole(io.trino.spi.security.SelectedRole) ColumnConstraint(io.trino.sql.planner.planprinter.IoPlanPrinter.ColumnConstraint) TableColumnInfo(io.trino.sql.planner.planprinter.IoPlanPrinter.IoPlan.TableColumnInfo) FormattedMarker(io.trino.sql.planner.planprinter.IoPlanPrinter.FormattedMarker) FormattedRange(io.trino.sql.planner.planprinter.IoPlanPrinter.FormattedRange) EstimatedStatsAndCost(io.trino.sql.planner.planprinter.IoPlanPrinter.EstimatedStatsAndCost) MaterializedResult(io.trino.testing.MaterializedResult) IoPlan(io.trino.sql.planner.planprinter.IoPlanPrinter.IoPlan) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) HiveQueryRunner.createBucketedSession(io.trino.plugin.hive.HiveQueryRunner.createBucketedSession) Session(io.trino.Session) Test(org.testng.annotations.Test) BaseConnectorTest(io.trino.testing.BaseConnectorTest)

Example 27 with SelectedRole

use of io.trino.spi.security.SelectedRole in project trino by trinodb.

the class SetRoleTask method execute.

@Override
public ListenableFuture<Void> execute(SetRole statement, QueryStateMachine stateMachine, List<Expression> parameters, WarningCollector warningCollector) {
    Session session = stateMachine.getSession();
    Optional<String> catalog = processRoleCommandCatalog(metadata, session, statement, statement.getCatalog().map(Identifier::getValue));
    if (statement.getType() == SetRole.Type.ROLE) {
        String role = statement.getRole().map(c -> c.getValue().toLowerCase(ENGLISH)).orElseThrow();
        if (!metadata.roleExists(session, role, catalog)) {
            throw semanticException(ROLE_NOT_FOUND, statement, "Role '%s' does not exist", role);
        }
        if (catalog.isPresent()) {
            accessControl.checkCanSetCatalogRole(SecurityContext.of(session), role, catalog.get());
        } else {
            Set<RoleGrant> roleGrants = metadata.listApplicableRoles(session, new TrinoPrincipal(USER, session.getUser()), Optional.empty());
            if (roleGrants.stream().map(RoleGrant::getRoleName).noneMatch(role::equals)) {
                denySetRole(role);
            }
        }
    }
    SelectedRole.Type type = toSelectedRoleType(statement.getType());
    stateMachine.addSetRole(catalog.orElse("system"), new SelectedRole(type, statement.getRole().map(c -> c.getValue().toLowerCase(ENGLISH))));
    return immediateVoidFuture();
}
Also used : Futures.immediateVoidFuture(com.google.common.util.concurrent.Futures.immediateVoidFuture) ListenableFuture(com.google.common.util.concurrent.ListenableFuture) USER(io.trino.spi.security.PrincipalType.USER) Set(java.util.Set) RoleGrant(io.trino.spi.security.RoleGrant) AccessDeniedException.denySetRole(io.trino.spi.security.AccessDeniedException.denySetRole) Inject(javax.inject.Inject) SelectedRole(io.trino.spi.security.SelectedRole) List(java.util.List) AccessControl(io.trino.security.AccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) SetRole(io.trino.sql.tree.SetRole) Objects.requireNonNull(java.util.Objects.requireNonNull) WarningCollector(io.trino.execution.warnings.WarningCollector) Metadata(io.trino.metadata.Metadata) Optional(java.util.Optional) Expression(io.trino.sql.tree.Expression) SecurityContext(io.trino.security.SecurityContext) MetadataUtil.processRoleCommandCatalog(io.trino.metadata.MetadataUtil.processRoleCommandCatalog) SemanticExceptions.semanticException(io.trino.sql.analyzer.SemanticExceptions.semanticException) ENGLISH(java.util.Locale.ENGLISH) Identifier(io.trino.sql.tree.Identifier) ROLE_NOT_FOUND(io.trino.spi.StandardErrorCode.ROLE_NOT_FOUND) Session(io.trino.Session) RoleGrant(io.trino.spi.security.RoleGrant) SelectedRole(io.trino.spi.security.SelectedRole) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Session(io.trino.Session)

Example 28 with SelectedRole

use of io.trino.spi.security.SelectedRole in project trino by trinodb.

the class TestAccessControl method testShowRolesWithLegacyCatalogRoles.

@Test
public void testShowRolesWithLegacyCatalogRoles() {
    Session session = testSessionBuilder().setCatalog("mock").setIdentity(Identity.forUser("alice").withConnectorRoles(ImmutableMap.of("mock", new SelectedRole(ROLE, Optional.of("alice_role")))).build()).setSystemProperty("legacy_catalog_roles", "true").build();
    assertQuery(session, "SHOW ROLES", "VALUES 'alice_role'");
    assertQuery(session, "SHOW ROLE GRANTS", "VALUES 'alice_role'");
    assertQuery(session, "SHOW CURRENT ROLES", "VALUES 'alice_role'");
    assertQuery(session, "SELECT * FROM mock.information_schema.applicable_roles", "SELECT 'alice', 'USER', 'alice_role', 'NO'");
}
Also used : SelectedRole(io.trino.spi.security.SelectedRole) TestingSession(io.trino.testing.TestingSession) Session(io.trino.Session) Test(org.testng.annotations.Test)

Example 29 with SelectedRole

use of io.trino.spi.security.SelectedRole in project trino by trinodb.

the class AbstractTestingTrinoClient method getRoles.

private static Map<String, ClientSelectedRole> getRoles(Session session) {
    ImmutableMap.Builder<String, ClientSelectedRole> builder = ImmutableMap.builder();
    session.getIdentity().getEnabledRoles().forEach(role -> builder.put("system", toClientSelectedRole(new SelectedRole(ROLE, Optional.of(role)))));
    session.getIdentity().getCatalogRoles().forEach((key, value) -> builder.put(key, toClientSelectedRole(value)));
    return builder.buildOrThrow();
}
Also used : ClientSelectedRole(io.trino.client.ClientSelectedRole) ClientSelectedRole(io.trino.client.ClientSelectedRole) SelectedRole(io.trino.spi.security.SelectedRole) ImmutableMap(com.google.common.collect.ImmutableMap)

Example 30 with SelectedRole

use of io.trino.spi.security.SelectedRole in project trino by trinodb.

the class TestingSessionContext method fromSession.

public static SessionContext fromSession(Session session) {
    requireNonNull(session, "session is null");
    Set<String> enabledRoles = session.getIdentity().getEnabledRoles();
    SelectedRole selectedRole;
    if (enabledRoles.isEmpty()) {
        selectedRole = new SelectedRole(Type.NONE, Optional.empty());
    } else if (enabledRoles.size() == 1) {
        selectedRole = new SelectedRole(Type.ROLE, Optional.of(enabledRoles.iterator().next()));
    } else {
        selectedRole = new SelectedRole(Type.ALL, Optional.empty());
    }
    return new SessionContext(session.getProtocolHeaders(), session.getCatalog(), session.getSchema(), session.getPath().getRawPath(), Optional.empty(), session.getIdentity(), selectedRole, session.getSource(), session.getTraceToken(), session.getUserAgent(), session.getRemoteUserAddress(), Optional.of(session.getTimeZoneKey().getId()), Optional.of(session.getLocale().getLanguage()), session.getClientTags(), session.getClientCapabilities(), session.getResourceEstimates(), session.getSystemProperties(), session.getCatalogProperties(), session.getPreparedStatements(), session.getTransactionId(), session.isClientTransactionSupport(), session.getClientInfo());
}
Also used : SelectedRole(io.trino.spi.security.SelectedRole) SessionContext(io.trino.server.SessionContext)

Aggregations

SelectedRole (io.trino.spi.security.SelectedRole)30 Session (io.trino.Session)24 Test (org.testng.annotations.Test)22 HiveQueryRunner.createBucketedSession (io.trino.plugin.hive.HiveQueryRunner.createBucketedSession)19 BaseConnectorTest (io.trino.testing.BaseConnectorTest)19 ImmutableMap (com.google.common.collect.ImmutableMap)3 MaterializedResult (io.trino.testing.MaterializedResult)3 SecurityContext (io.trino.security.SecurityContext)2 CatalogSchemaTableName (io.trino.spi.connector.CatalogSchemaTableName)2 Identity (io.trino.spi.security.Identity)2 ColumnConstraint (io.trino.sql.planner.planprinter.IoPlanPrinter.ColumnConstraint)2 EstimatedStatsAndCost (io.trino.sql.planner.planprinter.IoPlanPrinter.EstimatedStatsAndCost)2 FormattedDomain (io.trino.sql.planner.planprinter.IoPlanPrinter.FormattedDomain)2 FormattedMarker (io.trino.sql.planner.planprinter.IoPlanPrinter.FormattedMarker)2 FormattedRange (io.trino.sql.planner.planprinter.IoPlanPrinter.FormattedRange)2 IoPlan (io.trino.sql.planner.planprinter.IoPlanPrinter.IoPlan)2 TableColumnInfo (io.trino.sql.planner.planprinter.IoPlanPrinter.IoPlan.TableColumnInfo)2 ImmutableMap.toImmutableMap (com.google.common.collect.ImmutableMap.toImmutableMap)1 ImmutableSet (com.google.common.collect.ImmutableSet)1 Futures.immediateVoidFuture (com.google.common.util.concurrent.Futures.immediateVoidFuture)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial