Examples with SystemAccessControl io.trino.spi.security.SystemAccessControl used on opensource projects

Search in sources :

Example 61 with SystemAccessControl

use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanCreateViewWithSelectFromColumns.

@Test
public void testTableRulesForCheckCanCreateViewWithSelectFromColumns() {
    SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
    assertAccessDenied(() -> accessControl.checkCanCreateViewWithSelectFromColumns(ALICE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns_with_grant"), ImmutableSet.of()), CREATE_VIEW_ACCESS_DENIED_MESSAGE);
    accessControl.checkCanCreateViewWithSelectFromColumns(BOB, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns_with_grant"), ImmutableSet.of("bobcolumn", "private"));
    accessControl.checkCanCreateViewWithSelectFromColumns(CHARLIE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns_with_grant"), ImmutableSet.of("bobcolumn"));
    assertAccessDenied(() -> accessControl.checkCanCreateViewWithSelectFromColumns(CHARLIE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobcolumns_with_grant"), ImmutableSet.of("bobcolumn", "private")), SELECT_TABLE_ACCESS_DENIED_MESSAGE);
}
Also used : SystemAccessControl(io.trino.spi.security.SystemAccessControl) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) Test(org.testng.annotations.Test)

Example 62 with SystemAccessControl

use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanDropTable.

@Test
public void testTableRulesForCheckCanDropTable() {
    SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
    accessControl.checkCanDropTable(ADMIN, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"));
    assertAccessDenied(() -> accessControl.checkCanDropTable(BOB, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable")), DROP_TABLE_ACCESS_DENIED_MESSAGE);
}
Also used : SystemAccessControl(io.trino.spi.security.SystemAccessControl) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) Test(org.testng.annotations.Test)

Example 63 with SystemAccessControl

use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testDenySchemaPrivilege.

@Test
public void testDenySchemaPrivilege() {
    SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-schema.json");
    TrinoPrincipal grantee = new TrinoPrincipal(PrincipalType.USER, "alice");
    accessControl.checkCanDenySchemaPrivilege(ADMIN, UPDATE, new CatalogSchemaName("some-catalog", "bob"), grantee);
    accessControl.checkCanDenySchemaPrivilege(ADMIN, UPDATE, new CatalogSchemaName("some-catalog", "staff"), grantee);
    accessControl.checkCanDenySchemaPrivilege(ADMIN, UPDATE, new CatalogSchemaName("some-catalog", "authenticated"), grantee);
    accessControl.checkCanDenySchemaPrivilege(ADMIN, UPDATE, new CatalogSchemaName("some-catalog", "test"), grantee);
    accessControl.checkCanDenySchemaPrivilege(BOB, UPDATE, new CatalogSchemaName("some-catalog", "bob"), grantee);
    accessControl.checkCanDenySchemaPrivilege(BOB, UPDATE, new CatalogSchemaName("some-catalog", "staff"), grantee);
    accessControl.checkCanDenySchemaPrivilege(BOB, UPDATE, new CatalogSchemaName("some-catalog", "authenticated"), grantee);
    assertAccessDenied(() -> accessControl.checkCanDenySchemaPrivilege(BOB, UPDATE, new CatalogSchemaName("some-catalog", "test"), grantee), format(DENY_SCHEMA_ACCESS_DENIED_MESSAGE, UPDATE, "some-catalog.test", ""));
    assertAccessDenied(() -> accessControl.checkCanDenySchemaPrivilege(CHARLIE, UPDATE, new CatalogSchemaName("some-catalog", "bob"), grantee), format(DENY_SCHEMA_ACCESS_DENIED_MESSAGE, UPDATE, "some-catalog.bob", ""));
    assertAccessDenied(() -> accessControl.checkCanDenySchemaPrivilege(CHARLIE, UPDATE, new CatalogSchemaName("some-catalog", "staff"), grantee), format(DENY_SCHEMA_ACCESS_DENIED_MESSAGE, UPDATE, "some-catalog.staff", ""));
    accessControl.checkCanDenySchemaPrivilege(CHARLIE, UPDATE, new CatalogSchemaName("some-catalog", "authenticated"), grantee);
    assertAccessDenied(() -> accessControl.checkCanDenySchemaPrivilege(CHARLIE, UPDATE, new CatalogSchemaName("some-catalog", "test"), grantee), format(DENY_SCHEMA_ACCESS_DENIED_MESSAGE, UPDATE, "some-catalog.test", ""));
}
Also used : SystemAccessControl(io.trino.spi.security.SystemAccessControl) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Test(org.testng.annotations.Test)

Example 64 with SystemAccessControl

use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testSystemInformation.

@Test
public void testSystemInformation() {
    SystemAccessControl accessControlManager = newFileBasedSystemAccessControl("system-information.json");
    accessControlManager.checkCanReadSystemInformation(new SystemSecurityContext(admin, Optional.empty()));
    accessControlManager.checkCanWriteSystemInformation(new SystemSecurityContext(admin, Optional.empty()));
    accessControlManager.checkCanReadSystemInformation(new SystemSecurityContext(alice, Optional.empty()));
    assertThatThrownBy(() -> accessControlManager.checkCanWriteSystemInformation(new SystemSecurityContext(alice, Optional.empty()))).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot write system information");
    assertThatThrownBy(() -> accessControlManager.checkCanReadSystemInformation(new SystemSecurityContext(bob, Optional.empty()))).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot read system information");
    assertThatThrownBy(() -> accessControlManager.checkCanWriteSystemInformation(new SystemSecurityContext(bob, Optional.empty()))).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot write system information");
    accessControlManager.checkCanReadSystemInformation(new SystemSecurityContext(nonAsciiUser, Optional.empty()));
    accessControlManager.checkCanWriteSystemInformation(new SystemSecurityContext(nonAsciiUser, Optional.empty()));
}
Also used : SystemSecurityContext(io.trino.spi.security.SystemSecurityContext) AccessDeniedException(io.trino.spi.security.AccessDeniedException) SystemAccessControl(io.trino.spi.security.SystemAccessControl) Test(org.testng.annotations.Test)

Example 65 with SystemAccessControl

use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testRevokeSchemaPrivilege.

@Test(dataProvider = "privilegeGrantOption")
public void testRevokeSchemaPrivilege(Privilege privilege, boolean grantOption) {
    SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-schema.json");
    TrinoPrincipal grantee = new TrinoPrincipal(PrincipalType.USER, "alice");
    accessControl.checkCanRevokeSchemaPrivilege(ADMIN, privilege, new CatalogSchemaName("some-catalog", "bob"), grantee, grantOption);
    accessControl.checkCanRevokeSchemaPrivilege(ADMIN, privilege, new CatalogSchemaName("some-catalog", "staff"), grantee, grantOption);
    accessControl.checkCanRevokeSchemaPrivilege(ADMIN, privilege, new CatalogSchemaName("some-catalog", "authenticated"), grantee, grantOption);
    accessControl.checkCanRevokeSchemaPrivilege(ADMIN, privilege, new CatalogSchemaName("some-catalog", "test"), grantee, grantOption);
    accessControl.checkCanRevokeSchemaPrivilege(BOB, privilege, new CatalogSchemaName("some-catalog", "bob"), grantee, grantOption);
    accessControl.checkCanRevokeSchemaPrivilege(BOB, privilege, new CatalogSchemaName("some-catalog", "staff"), grantee, grantOption);
    accessControl.checkCanRevokeSchemaPrivilege(BOB, privilege, new CatalogSchemaName("some-catalog", "authenticated"), grantee, grantOption);
    assertAccessDenied(() -> accessControl.checkCanRevokeSchemaPrivilege(BOB, privilege, new CatalogSchemaName("some-catalog", "test"), grantee, grantOption), format(REVOKE_SCHEMA_ACCESS_DENIED_MESSAGE, privilege, "some-catalog.test", ""));
    assertAccessDenied(() -> accessControl.checkCanRevokeSchemaPrivilege(CHARLIE, privilege, new CatalogSchemaName("some-catalog", "bob"), grantee, grantOption), format(REVOKE_SCHEMA_ACCESS_DENIED_MESSAGE, privilege, "some-catalog.bob", ""));
    assertAccessDenied(() -> accessControl.checkCanRevokeSchemaPrivilege(CHARLIE, privilege, new CatalogSchemaName("some-catalog", "staff"), grantee, grantOption), format(REVOKE_SCHEMA_ACCESS_DENIED_MESSAGE, privilege, "some-catalog.staff", ""));
    accessControl.checkCanRevokeSchemaPrivilege(CHARLIE, privilege, new CatalogSchemaName("some-catalog", "authenticated"), grantee, grantOption);
    assertAccessDenied(() -> accessControl.checkCanRevokeSchemaPrivilege(CHARLIE, privilege, new CatalogSchemaName("some-catalog", "test"), grantee, grantOption), format(REVOKE_SCHEMA_ACCESS_DENIED_MESSAGE, privilege, "some-catalog.test", ""));
}
Also used : SystemAccessControl(io.trino.spi.security.SystemAccessControl) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Test(org.testng.annotations.Test)

Aggregations

SystemAccessControl (io.trino.spi.security.SystemAccessControl)68 Test (org.testng.annotations.Test)59 CatalogSchemaTableName (io.trino.spi.connector.CatalogSchemaTableName)36 CatalogSchemaName (io.trino.spi.connector.CatalogSchemaName)12 TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)12 SystemSecurityContext (io.trino.spi.security.SystemSecurityContext)10 AllowAllSystemAccessControl (io.trino.plugin.base.security.AllowAllSystemAccessControl)9 DefaultSystemAccessControl (io.trino.plugin.base.security.DefaultSystemAccessControl)9 FileBasedSystemAccessControl (io.trino.plugin.base.security.FileBasedSystemAccessControl)9 ReadOnlySystemAccessControl (io.trino.plugin.base.security.ReadOnlySystemAccessControl)9 ForwardingSystemAccessControl (io.trino.plugin.base.security.ForwardingSystemAccessControl)8 AccessDeniedException (io.trino.spi.security.AccessDeniedException)8 ViewExpression (io.trino.spi.security.ViewExpression)5 File (java.io.File)4 Files.newTemporaryFile (org.assertj.core.util.Files.newTemporaryFile)4 SchemaTableName (io.trino.spi.connector.SchemaTableName)3 SystemAccessControlFactory (io.trino.spi.security.SystemAccessControlFactory)3 ImmutableList (com.google.common.collect.ImmutableList)2 ImmutableList.toImmutableList (com.google.common.collect.ImmutableList.toImmutableList)2 ThreadContextClassLoader (io.trino.spi.classloader.ThreadContextClassLoader)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial