Examples with SystemAccessControl io.trino.spi.security.SystemAccessControl used on opensource projects

Search in sources :

Example 36 with SystemAccessControl

use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.

the class TestUserImpersonationAccessControl method createQueryRunner.

@Override
protected QueryRunner createQueryRunner() throws Exception {
    String securityConfigFile = getResource("access_control_rules.json").getPath();
    SystemAccessControl accessControl = new FileBasedSystemAccessControl.Factory().create(ImmutableMap.of(SECURITY_CONFIG_FILE, securityConfigFile));
    QueryRunner queryRunner = DistributedQueryRunner.builder(TEST_SESSION).setNodeCount(1).setSystemAccessControl(accessControl).build();
    queryRunner.installPlugin(new TpchPlugin());
    queryRunner.createCatalog("tpch", "tpch", ImmutableMap.of());
    return queryRunner;
}
Also used : FileBasedSystemAccessControl(io.trino.plugin.base.security.FileBasedSystemAccessControl) SystemAccessControl(io.trino.spi.security.SystemAccessControl) TpchPlugin(io.trino.plugin.tpch.TpchPlugin) FileBasedSystemAccessControl(io.trino.plugin.base.security.FileBasedSystemAccessControl) DistributedQueryRunner(io.trino.testing.DistributedQueryRunner) QueryRunner(io.trino.testing.QueryRunner)

Example 37 with SystemAccessControl

use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.

the class TestAccessControlManager method testColumnMaskOrdering.

@Test
public void testColumnMaskOrdering() {
    try (LocalQueryRunner queryRunner = LocalQueryRunner.create(TEST_SESSION)) {
        TransactionManager transactionManager = queryRunner.getTransactionManager();
        AccessControlManager accessControlManager = createAccessControlManager(transactionManager);
        accessControlManager.addSystemAccessControlFactory(new SystemAccessControlFactory() {

            @Override
            public String getName() {
                return "test";
            }

            @Override
            public SystemAccessControl create(Map<String, String> config) {
                return new SystemAccessControl() {

                    @Override
                    public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String column, Type type) {
                        return Optional.of(new ViewExpression("user", Optional.empty(), Optional.empty(), "system mask"));
                    }

                    @Override
                    public void checkCanSetSystemSessionProperty(SystemSecurityContext context, String propertyName) {
                    }
                };
            }
        });
        accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
        queryRunner.createCatalog("catalog", MockConnectorFactory.create(), ImmutableMap.of());
        accessControlManager.addCatalogAccessControl(new CatalogName("catalog"), new ConnectorAccessControl() {

            @Override
            public Optional<ViewExpression> getColumnMask(ConnectorSecurityContext context, SchemaTableName tableName, String column, Type type) {
                return Optional.of(new ViewExpression("user", Optional.empty(), Optional.empty(), "connector mask"));
            }

            @Override
            public void checkCanShowCreateTable(ConnectorSecurityContext context, SchemaTableName tableName) {
            }
        });
        transaction(transactionManager, accessControlManager).execute(transactionId -> {
            List<ViewExpression> masks = accessControlManager.getColumnMasks(context(transactionId), new QualifiedObjectName("catalog", "schema", "table"), "column", BIGINT);
            assertEquals(masks.get(0).getExpression(), "connector mask");
            assertEquals(masks.get(1).getExpression(), "system mask");
        });
    }
}
Also used : Optional(java.util.Optional) ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) ReadOnlySystemAccessControl(io.trino.plugin.base.security.ReadOnlySystemAccessControl) SystemAccessControl(io.trino.spi.security.SystemAccessControl) DefaultSystemAccessControl(io.trino.plugin.base.security.DefaultSystemAccessControl) AllowAllSystemAccessControl(io.trino.plugin.base.security.AllowAllSystemAccessControl) ConnectorSecurityContext(io.trino.spi.connector.ConnectorSecurityContext) SchemaTableName(io.trino.spi.connector.SchemaTableName) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) LocalQueryRunner(io.trino.testing.LocalQueryRunner) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) ViewExpression(io.trino.spi.security.ViewExpression) SystemAccessControlFactory(io.trino.spi.security.SystemAccessControlFactory) SystemSecurityContext(io.trino.spi.security.SystemSecurityContext) Type(io.trino.spi.type.Type) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) CatalogName(io.trino.connector.CatalogName) Test(org.testng.annotations.Test)

Example 38 with SystemAccessControl

use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.

the class AccessControlManager method filterColumns.

@Override
public Set<String> filterColumns(SecurityContext securityContext, CatalogSchemaTableName table, Set<String> columns) {
    requireNonNull(securityContext, "securityContext is null");
    requireNonNull(table, "tableName is null");
    if (filterTables(securityContext, table.getCatalogName(), ImmutableSet.of(table.getSchemaTableName())).isEmpty()) {
        return ImmutableSet.of();
    }
    for (SystemAccessControl systemAccessControl : getSystemAccessControls()) {
        columns = systemAccessControl.filterColumns(securityContext.toSystemSecurityContext(), table, columns);
    }
    CatalogAccessControlEntry entry = getConnectorAccessControl(securityContext.getTransactionId(), table.getCatalogName());
    if (entry != null) {
        columns = entry.getAccessControl().filterColumns(entry.toConnectorSecurityContext(securityContext), table.getSchemaTableName(), columns);
    }
    return columns;
}
Also used : ReadOnlySystemAccessControl(io.trino.plugin.base.security.ReadOnlySystemAccessControl) FileBasedSystemAccessControl(io.trino.plugin.base.security.FileBasedSystemAccessControl) SystemAccessControl(io.trino.spi.security.SystemAccessControl) ForwardingSystemAccessControl(io.trino.plugin.base.security.ForwardingSystemAccessControl) DefaultSystemAccessControl(io.trino.plugin.base.security.DefaultSystemAccessControl) AllowAllSystemAccessControl(io.trino.plugin.base.security.AllowAllSystemAccessControl)

Example 39 with SystemAccessControl

use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.

the class AccessControlManager method getColumnMasks.

@Override
public List<ViewExpression> getColumnMasks(SecurityContext context, QualifiedObjectName tableName, String columnName, Type type) {
    requireNonNull(context, "context is null");
    requireNonNull(tableName, "tableName is null");
    ImmutableList.Builder<ViewExpression> masks = ImmutableList.builder();
    // connector-provided masks take precedence over global masks
    CatalogAccessControlEntry entry = getConnectorAccessControl(context.getTransactionId(), tableName.getCatalogName());
    if (entry != null) {
        entry.getAccessControl().getColumnMask(entry.toConnectorSecurityContext(context), tableName.asSchemaTableName(), columnName, type).ifPresent(masks::add);
    }
    for (SystemAccessControl systemAccessControl : getSystemAccessControls()) {
        systemAccessControl.getColumnMask(context.toSystemSecurityContext(), tableName.asCatalogSchemaTableName(), columnName, type).ifPresent(masks::add);
    }
    return masks.build();
}
Also used : ReadOnlySystemAccessControl(io.trino.plugin.base.security.ReadOnlySystemAccessControl) FileBasedSystemAccessControl(io.trino.plugin.base.security.FileBasedSystemAccessControl) SystemAccessControl(io.trino.spi.security.SystemAccessControl) ForwardingSystemAccessControl(io.trino.plugin.base.security.ForwardingSystemAccessControl) DefaultSystemAccessControl(io.trino.plugin.base.security.DefaultSystemAccessControl) AllowAllSystemAccessControl(io.trino.plugin.base.security.AllowAllSystemAccessControl) ImmutableList.toImmutableList(com.google.common.collect.ImmutableList.toImmutableList) ImmutableList(com.google.common.collect.ImmutableList) ViewExpression(io.trino.spi.security.ViewExpression)

Example 40 with SystemAccessControl

use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.

the class AccessControlManager method filterCatalogs.

@Override
public Set<String> filterCatalogs(SecurityContext securityContext, Set<String> catalogs) {
    requireNonNull(securityContext, "securityContext is null");
    requireNonNull(catalogs, "catalogs is null");
    for (SystemAccessControl systemAccessControl : getSystemAccessControls()) {
        catalogs = systemAccessControl.filterCatalogs(securityContext.toSystemSecurityContext(), catalogs);
    }
    return catalogs;
}
Also used : ReadOnlySystemAccessControl(io.trino.plugin.base.security.ReadOnlySystemAccessControl) FileBasedSystemAccessControl(io.trino.plugin.base.security.FileBasedSystemAccessControl) SystemAccessControl(io.trino.spi.security.SystemAccessControl) ForwardingSystemAccessControl(io.trino.plugin.base.security.ForwardingSystemAccessControl) DefaultSystemAccessControl(io.trino.plugin.base.security.DefaultSystemAccessControl) AllowAllSystemAccessControl(io.trino.plugin.base.security.AllowAllSystemAccessControl)

Aggregations

SystemAccessControl (io.trino.spi.security.SystemAccessControl)68 Test (org.testng.annotations.Test)59 CatalogSchemaTableName (io.trino.spi.connector.CatalogSchemaTableName)36 CatalogSchemaName (io.trino.spi.connector.CatalogSchemaName)12 TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)12 SystemSecurityContext (io.trino.spi.security.SystemSecurityContext)10 AllowAllSystemAccessControl (io.trino.plugin.base.security.AllowAllSystemAccessControl)9 DefaultSystemAccessControl (io.trino.plugin.base.security.DefaultSystemAccessControl)9 FileBasedSystemAccessControl (io.trino.plugin.base.security.FileBasedSystemAccessControl)9 ReadOnlySystemAccessControl (io.trino.plugin.base.security.ReadOnlySystemAccessControl)9 ForwardingSystemAccessControl (io.trino.plugin.base.security.ForwardingSystemAccessControl)8 AccessDeniedException (io.trino.spi.security.AccessDeniedException)8 ViewExpression (io.trino.spi.security.ViewExpression)5 File (java.io.File)4 Files.newTemporaryFile (org.assertj.core.util.Files.newTemporaryFile)4 SchemaTableName (io.trino.spi.connector.SchemaTableName)3 SystemAccessControlFactory (io.trino.spi.security.SystemAccessControlFactory)3 ImmutableList (com.google.common.collect.ImmutableList)2 ImmutableList.toImmutableList (com.google.common.collect.ImmutableList.toImmutableList)2 ThreadContextClassLoader (io.trino.spi.classloader.ThreadContextClassLoader)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial