use of io.trino.spi.security.SystemAccessControlFactory in project trino by trinodb.
the class AccessControlManager method createSystemAccessControl.
private SystemAccessControl createSystemAccessControl(File configFile) {
log.info("-- Loading system access control %s --", configFile);
configFile = configFile.getAbsoluteFile();
Map<String, String> properties;
try {
properties = new HashMap<>(loadPropertiesFrom(configFile.getPath()));
} catch (IOException e) {
throw new UncheckedIOException("Failed to read configuration file: " + configFile, e);
}
String name = properties.remove(NAME_PROPERTY);
checkState(!isNullOrEmpty(name), "Access control configuration does not contain '%s' property: %s", NAME_PROPERTY, configFile);
SystemAccessControlFactory factory = systemAccessControlFactories.get(name);
checkState(factory != null, "Access control '%s' is not registered: %s", name, configFile);
SystemAccessControl systemAccessControl;
try (ThreadContextClassLoader ignored = new ThreadContextClassLoader(factory.getClass().getClassLoader())) {
systemAccessControl = factory.create(ImmutableMap.copyOf(properties));
}
log.info("-- Loaded system access control %s --", name);
return systemAccessControl;
}
use of io.trino.spi.security.SystemAccessControlFactory in project trino by trinodb.
the class AccessControlManager method setSystemAccessControl.
@VisibleForTesting
protected void setSystemAccessControl(String name, Map<String, String> properties) {
requireNonNull(name, "name is null");
requireNonNull(properties, "properties is null");
SystemAccessControlFactory factory = systemAccessControlFactories.get(name);
checkState(factory != null, "Access control '%s' is not registered", name);
SystemAccessControl systemAccessControl;
try (ThreadContextClassLoader ignored = new ThreadContextClassLoader(factory.getClass().getClassLoader())) {
systemAccessControl = factory.create(ImmutableMap.copyOf(properties));
}
setSystemAccessControls(ImmutableList.of(systemAccessControl));
}
use of io.trino.spi.security.SystemAccessControlFactory in project trino by trinodb.
the class PluginManager method installPluginInternal.
private void installPluginInternal(Plugin plugin, Function<CatalogName, ClassLoader> duplicatePluginClassLoaderFactory) {
for (BlockEncoding blockEncoding : plugin.getBlockEncodings()) {
log.info("Registering block encoding %s", blockEncoding.getName());
blockEncodingManager.addBlockEncoding(blockEncoding);
}
for (Type type : plugin.getTypes()) {
log.info("Registering type %s", type.getTypeSignature());
typeRegistry.addType(type);
}
for (ParametricType parametricType : plugin.getParametricTypes()) {
log.info("Registering parametric type %s", parametricType.getName());
typeRegistry.addParametricType(parametricType);
}
for (ConnectorFactory connectorFactory : plugin.getConnectorFactories()) {
log.info("Registering connector %s", connectorFactory.getName());
connectorManager.addConnectorFactory(connectorFactory, duplicatePluginClassLoaderFactory);
}
Set<Class<?>> functions = plugin.getFunctions();
if (!functions.isEmpty()) {
log.info("Registering functions from %s", plugin.getClass().getSimpleName());
InternalFunctionBundleBuilder builder = InternalFunctionBundle.builder();
functions.forEach(builder::functions);
globalFunctionCatalog.addFunctions(builder.build());
}
for (SessionPropertyConfigurationManagerFactory sessionConfigFactory : plugin.getSessionPropertyConfigurationManagerFactories()) {
log.info("Registering session property configuration manager %s", sessionConfigFactory.getName());
sessionPropertyDefaults.addConfigurationManagerFactory(sessionConfigFactory);
}
for (ResourceGroupConfigurationManagerFactory configurationManagerFactory : plugin.getResourceGroupConfigurationManagerFactories()) {
log.info("Registering resource group configuration manager %s", configurationManagerFactory.getName());
resourceGroupManager.addConfigurationManagerFactory(configurationManagerFactory);
}
for (SystemAccessControlFactory accessControlFactory : plugin.getSystemAccessControlFactories()) {
log.info("Registering system access control %s", accessControlFactory.getName());
accessControlManager.addSystemAccessControlFactory(accessControlFactory);
}
passwordAuthenticatorManager.ifPresent(authenticationManager -> {
for (PasswordAuthenticatorFactory authenticatorFactory : plugin.getPasswordAuthenticatorFactories()) {
log.info("Registering password authenticator %s", authenticatorFactory.getName());
authenticationManager.addPasswordAuthenticatorFactory(authenticatorFactory);
}
});
for (CertificateAuthenticatorFactory authenticatorFactory : plugin.getCertificateAuthenticatorFactories()) {
log.info("Registering certificate authenticator %s", authenticatorFactory.getName());
certificateAuthenticatorManager.addCertificateAuthenticatorFactory(authenticatorFactory);
}
headerAuthenticatorManager.ifPresent(authenticationManager -> {
for (HeaderAuthenticatorFactory authenticatorFactory : plugin.getHeaderAuthenticatorFactories()) {
log.info("Registering header authenticator %s", authenticatorFactory.getName());
authenticationManager.addHeaderAuthenticatorFactory(authenticatorFactory);
}
});
for (EventListenerFactory eventListenerFactory : plugin.getEventListenerFactories()) {
log.info("Registering event listener %s", eventListenerFactory.getName());
eventListenerManager.addEventListenerFactory(eventListenerFactory);
}
for (GroupProviderFactory groupProviderFactory : plugin.getGroupProviderFactories()) {
log.info("Registering group provider %s", groupProviderFactory.getName());
groupProviderManager.addGroupProviderFactory(groupProviderFactory);
}
for (ExchangeManagerFactory exchangeManagerFactory : plugin.getExchangeManagerFactories()) {
log.info("Registering exchange manager %s", exchangeManagerFactory.getName());
exchangeManagerRegistry.addExchangeManagerFactory(exchangeManagerFactory);
}
}
use of io.trino.spi.security.SystemAccessControlFactory in project trino by trinodb.
the class TestAccessControlManager method testColumnMaskOrdering.
@Test
public void testColumnMaskOrdering() {
try (LocalQueryRunner queryRunner = LocalQueryRunner.create(TEST_SESSION)) {
TransactionManager transactionManager = queryRunner.getTransactionManager();
AccessControlManager accessControlManager = createAccessControlManager(transactionManager);
accessControlManager.addSystemAccessControlFactory(new SystemAccessControlFactory() {
@Override
public String getName() {
return "test";
}
@Override
public SystemAccessControl create(Map<String, String> config) {
return new SystemAccessControl() {
@Override
public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String column, Type type) {
return Optional.of(new ViewExpression("user", Optional.empty(), Optional.empty(), "system mask"));
}
@Override
public void checkCanSetSystemSessionProperty(SystemSecurityContext context, String propertyName) {
}
};
}
});
accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
queryRunner.createCatalog("catalog", MockConnectorFactory.create(), ImmutableMap.of());
accessControlManager.addCatalogAccessControl(new CatalogName("catalog"), new ConnectorAccessControl() {
@Override
public Optional<ViewExpression> getColumnMask(ConnectorSecurityContext context, SchemaTableName tableName, String column, Type type) {
return Optional.of(new ViewExpression("user", Optional.empty(), Optional.empty(), "connector mask"));
}
@Override
public void checkCanShowCreateTable(ConnectorSecurityContext context, SchemaTableName tableName) {
}
});
transaction(transactionManager, accessControlManager).execute(transactionId -> {
List<ViewExpression> masks = accessControlManager.getColumnMasks(context(transactionId), new QualifiedObjectName("catalog", "schema", "table"), "column", BIGINT);
assertEquals(masks.get(0).getExpression(), "connector mask");
assertEquals(masks.get(1).getExpression(), "system mask");
});
}
}
Aggregations