Search in sources :

Example 31 with SystemAccessControl

use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanDenyTablePrivilege.

@Test
public void testTableRulesForCheckCanDenyTablePrivilege() {
    SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
    accessControl.checkCanDenyTablePrivilege(ADMIN, Privilege.DELETE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"), null);
    assertAccessDenied(() -> accessControl.checkCanDenyTablePrivilege(BOB, Privilege.DELETE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"), null), DENY_DELETE_PRIVILEGE_ACCESS_DENIED_MESSAGE);
}
Also used : SystemAccessControl(io.trino.spi.security.SystemAccessControl) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) Test(org.testng.annotations.Test)

Example 32 with SystemAccessControl

use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testCheckCanSetViewAuthorizationForNonOwner.

@Test
public void testCheckCanSetViewAuthorizationForNonOwner() {
    SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
    assertAccessDenied(() -> accessControl.checkCanSetViewAuthorization(ALICE, new CatalogSchemaTableName("some-catalog", "test", "test"), new TrinoPrincipal(PrincipalType.ROLE, "some_role")), AUTH_VIEW_ACCESS_DENIED_MESSAGE);
    assertAccessDenied(() -> accessControl.checkCanSetViewAuthorization(ALICE, new CatalogSchemaTableName("some-catalog", "test", "test"), new TrinoPrincipal(PrincipalType.USER, "some_user")), AUTH_VIEW_ACCESS_DENIED_MESSAGE);
}
Also used : SystemAccessControl(io.trino.spi.security.SystemAccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) Test(org.testng.annotations.Test)

Example 33 with SystemAccessControl

use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanRefreshMaterializedView.

@Test
public void testTableRulesForCheckCanRefreshMaterializedView() {
    SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
    accessControl.checkCanRefreshMaterializedView(ADMIN, new CatalogSchemaTableName("some-catalog", "bobschema", "bob-materialized-view"));
    assertAccessDenied(() -> accessControl.checkCanRefreshMaterializedView(UNKNOWN, new CatalogSchemaTableName("some-catalog", "bobschema", "bob-materialized-view")), REFRESH_MATERIALIZED_VIEW_ACCESS_DENIED_MESSAGE);
}
Also used : SystemAccessControl(io.trino.spi.security.SystemAccessControl) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) Test(org.testng.annotations.Test)

Example 34 with SystemAccessControl

use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testCheckCanSetViewAuthorizationForAdmin.

@Test
public void testCheckCanSetViewAuthorizationForAdmin() {
    SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
    accessControl.checkCanSetViewAuthorization(ADMIN, new CatalogSchemaTableName("some-catalog", "test", "test"), new TrinoPrincipal(PrincipalType.ROLE, "some_role"));
    accessControl.checkCanSetViewAuthorization(ADMIN, new CatalogSchemaTableName("some-catalog", "test", "test"), new TrinoPrincipal(PrincipalType.USER, "some_user"));
}
Also used : SystemAccessControl(io.trino.spi.security.SystemAccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) Test(org.testng.annotations.Test)

Example 35 with SystemAccessControl

use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanRenameTable.

@Test
public void testTableRulesForCheckCanRenameTable() {
    SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
    accessControl.checkCanRenameTable(ADMIN, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"), new CatalogSchemaTableName("some-catalog", "aliceschema", "newbobtable"));
    accessControl.checkCanRenameTable(ALICE, new CatalogSchemaTableName("some-catalog", "aliceschema", "alicetable"), new CatalogSchemaTableName("some-catalog", "aliceschema", "newalicetable"));
    assertAccessDenied(() -> accessControl.checkCanRenameTable(BOB, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"), new CatalogSchemaTableName("some-catalog", "bobschema", "newbobtable")), RENAME_TABLE_ACCESS_DENIED_MESSAGE);
    assertAccessDenied(() -> accessControl.checkCanRenameTable(ALICE, new CatalogSchemaTableName("some-catalog", "aliceschema", "alicetable"), new CatalogSchemaTableName("some-catalog", "bobschema", "newalicetable")), RENAME_TABLE_ACCESS_DENIED_MESSAGE);
}
Also used : SystemAccessControl(io.trino.spi.security.SystemAccessControl) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) Test(org.testng.annotations.Test)

Aggregations

SystemAccessControl (io.trino.spi.security.SystemAccessControl)68 Test (org.testng.annotations.Test)59 CatalogSchemaTableName (io.trino.spi.connector.CatalogSchemaTableName)36 CatalogSchemaName (io.trino.spi.connector.CatalogSchemaName)12 TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)12 SystemSecurityContext (io.trino.spi.security.SystemSecurityContext)10 AllowAllSystemAccessControl (io.trino.plugin.base.security.AllowAllSystemAccessControl)9 DefaultSystemAccessControl (io.trino.plugin.base.security.DefaultSystemAccessControl)9 FileBasedSystemAccessControl (io.trino.plugin.base.security.FileBasedSystemAccessControl)9 ReadOnlySystemAccessControl (io.trino.plugin.base.security.ReadOnlySystemAccessControl)9 ForwardingSystemAccessControl (io.trino.plugin.base.security.ForwardingSystemAccessControl)8 AccessDeniedException (io.trino.spi.security.AccessDeniedException)8 ViewExpression (io.trino.spi.security.ViewExpression)5 File (java.io.File)4 Files.newTemporaryFile (org.assertj.core.util.Files.newTemporaryFile)4 SchemaTableName (io.trino.spi.connector.SchemaTableName)3 SystemAccessControlFactory (io.trino.spi.security.SystemAccessControlFactory)3 ImmutableList (com.google.common.collect.ImmutableList)2 ImmutableList.toImmutableList (com.google.common.collect.ImmutableList.toImmutableList)2 ThreadContextClassLoader (io.trino.spi.classloader.ThreadContextClassLoader)2