Example 36 with TrinoPrincipal
use of io.trino.spi.security.TrinoPrincipal in project trino by trinodb.
the class BaseTrinoCatalogTest method testRenameTable.
@Test
public void testRenameTable() throws IOException {
TrinoCatalog catalog = createTrinoCatalog(false);
Path tmpDirectory = Files.createTempDirectory("iceberg_catalog_test_rename_table_");
tmpDirectory.toFile().deleteOnExit();
String namespace = "test_rename_table_" + randomTableSuffix();
String targetNamespace = "test_rename_table_" + randomTableSuffix();
String table = "tableName";
SchemaTableName sourceSchemaTableName = new SchemaTableName(namespace, table);
try {
catalog.createNamespace(SESSION, namespace, ImmutableMap.of(), new TrinoPrincipal(PrincipalType.USER, SESSION.getUser()));
catalog.createNamespace(SESSION, targetNamespace, ImmutableMap.of(), new TrinoPrincipal(PrincipalType.USER, SESSION.getUser()));
catalog.newCreateTableTransaction(SESSION, sourceSchemaTableName, new Schema(Types.NestedField.of(1, true, "col1", Types.LongType.get())), PartitionSpec.unpartitioned(), tmpDirectory.toAbsolutePath().toString(), ImmutableMap.of()).commitTransaction();
assertThat(catalog.listTables(SESSION, Optional.of(namespace))).contains(sourceSchemaTableName);
// Rename within the same schema
SchemaTableName targetSchemaTableName = new SchemaTableName(sourceSchemaTableName.getSchemaName(), "newTableName");
catalog.renameTable(SESSION, sourceSchemaTableName, targetSchemaTableName);
assertThat(catalog.listTables(SESSION, Optional.of(namespace))).doesNotContain(sourceSchemaTableName);
assertThat(catalog.listTables(SESSION, Optional.of(namespace))).contains(targetSchemaTableName);
// Move to a different schema
sourceSchemaTableName = targetSchemaTableName;
targetSchemaTableName = new SchemaTableName(targetNamespace, sourceSchemaTableName.getTableName());
catalog.renameTable(SESSION, sourceSchemaTableName, targetSchemaTableName);
assertThat(catalog.listTables(SESSION, Optional.of(namespace))).doesNotContain(sourceSchemaTableName);
assertThat(catalog.listTables(SESSION, Optional.of(targetNamespace))).contains(targetSchemaTableName);
catalog.dropTable(SESSION, targetSchemaTableName);
} finally {
try {
catalog.dropNamespace(SESSION, namespace);
catalog.dropNamespace(SESSION, targetNamespace);
} catch (Exception e) {
LOG.warn("Failed to clean up namespaces: %s, %s", namespace, targetNamespace);
}
}
}
Also used :
Path(java.nio.file.Path)
Schema(org.apache.iceberg.Schema)
TrinoPrincipal(io.trino.spi.security.TrinoPrincipal)
SchemaTableName(io.trino.spi.connector.SchemaTableName)
TrinoCatalog(io.trino.plugin.iceberg.catalog.TrinoCatalog)
IOException(java.io.IOException)
Test(org.testng.annotations.Test)
Example 37 with TrinoPrincipal
use of io.trino.spi.security.TrinoPrincipal in project trino by trinodb.
the class BaseTrinoCatalogTest method testCreateTable.
@Test
public void testCreateTable() throws IOException {
TrinoCatalog catalog = createTrinoCatalog(false);
Path tmpDirectory = Files.createTempDirectory("iceberg_catalog_test_create_table_");
tmpDirectory.toFile().deleteOnExit();
String namespace = "test_create_table_" + randomTableSuffix();
String table = "tableName";
SchemaTableName schemaTableName = new SchemaTableName(namespace, table);
try {
catalog.createNamespace(SESSION, namespace, ImmutableMap.of(), new TrinoPrincipal(PrincipalType.USER, SESSION.getUser()));
catalog.newCreateTableTransaction(SESSION, schemaTableName, new Schema(Types.NestedField.of(1, true, "col1", Types.LongType.get())), PartitionSpec.unpartitioned(), tmpDirectory.toAbsolutePath().toString(), ImmutableMap.of()).commitTransaction();
assertThat(catalog.listTables(SESSION, Optional.of(namespace))).contains(schemaTableName);
assertThat(catalog.listTables(SESSION, Optional.empty())).contains(schemaTableName);
Table icebergTable = catalog.loadTable(SESSION, schemaTableName);
assertEquals(icebergTable.name(), quotedTableName(schemaTableName));
assertEquals(icebergTable.schema().columns().size(), 1);
assertEquals(icebergTable.schema().columns().get(0).name(), "col1");
assertEquals(icebergTable.schema().columns().get(0).type(), Types.LongType.get());
assertEquals(icebergTable.location(), tmpDirectory.toAbsolutePath().toString());
assertEquals(icebergTable.properties(), ImmutableMap.of());
catalog.dropTable(SESSION, schemaTableName);
assertThat(catalog.listTables(SESSION, Optional.of(namespace))).doesNotContain(schemaTableName);
assertThat(catalog.listTables(SESSION, Optional.empty())).doesNotContain(schemaTableName);
} finally {
try {
catalog.dropNamespace(SESSION, namespace);
} catch (Exception e) {
LOG.warn("Failed to clean up namespace: %s", namespace);
}
}
}
Also used :
Path(java.nio.file.Path)
Table(org.apache.iceberg.Table)
Schema(org.apache.iceberg.Schema)
TrinoPrincipal(io.trino.spi.security.TrinoPrincipal)
SchemaTableName(io.trino.spi.connector.SchemaTableName)
TrinoCatalog(io.trino.plugin.iceberg.catalog.TrinoCatalog)
IOException(java.io.IOException)
Test(org.testng.annotations.Test)
Example 38 with TrinoPrincipal
use of io.trino.spi.security.TrinoPrincipal in project trino by trinodb.
the class BaseTrinoCatalogTest method testCreateNamespaceWithLocation.
@Test
public void testCreateNamespaceWithLocation() {
TrinoCatalog catalog = createTrinoCatalog(false);
String namespace = "test_create_namespace_with_location_" + randomTableSuffix();
catalog.createNamespace(SESSION, namespace, ImmutableMap.of(LOCATION_PROPERTY, "/a/path/"), new TrinoPrincipal(PrincipalType.USER, SESSION.getUser()));
assertThat(catalog.listNamespaces(SESSION)).contains(namespace);
assertEquals(catalog.loadNamespaceMetadata(SESSION, namespace), ImmutableMap.of(LOCATION_PROPERTY, "/a/path/"));
assertEquals(catalog.defaultTableLocation(SESSION, new SchemaTableName(namespace, "table")), "/a/path/table");
catalog.dropNamespace(SESSION, namespace);
assertThat(catalog.listNamespaces(SESSION)).doesNotContain(namespace);
}
Also used :
TrinoPrincipal(io.trino.spi.security.TrinoPrincipal)
SchemaTableName(io.trino.spi.connector.SchemaTableName)
TrinoCatalog(io.trino.plugin.iceberg.catalog.TrinoCatalog)
Test(org.testng.annotations.Test)
Example 39 with TrinoPrincipal
use of io.trino.spi.security.TrinoPrincipal in project trino by trinodb.
the class TestTrinoGlueCatalogTest method testDefaultLocation.
@Test
public void testDefaultLocation() throws IOException {
Path tmpDirectory = Files.createTempDirectory("test_glue_catalog_default_location_");
tmpDirectory.toFile().deleteOnExit();
HdfsEnvironment hdfsEnvironment = new HdfsEnvironment(new HiveHdfsConfiguration(new HdfsConfigurationInitializer(new HdfsConfig(), ImmutableSet.of()), ImmutableSet.of()), new HdfsConfig(), new NoHdfsAuthentication());
TrinoCatalog catalogWithDefaultLocation = new TrinoGlueCatalog(hdfsEnvironment, new GlueIcebergTableOperationsProvider(new HdfsFileIoProvider(hdfsEnvironment), new GlueHiveMetastoreConfig()), AWSGlueAsyncClientBuilder.defaultClient(), new GlueMetastoreStats(), Optional.of(tmpDirectory.toAbsolutePath().toString()), false);
String namespace = "test_default_location_" + randomTableSuffix();
String table = "tableName";
SchemaTableName schemaTableName = new SchemaTableName(namespace, table);
catalogWithDefaultLocation.createNamespace(SESSION, namespace, ImmutableMap.of(), new TrinoPrincipal(PrincipalType.USER, SESSION.getUser()));
try {
File expectedSchemaDirectory = new File(tmpDirectory.toFile(), namespace + ".db");
File expectedTableDirectory = new File(expectedSchemaDirectory, schemaTableName.getTableName());
assertEquals(catalogWithDefaultLocation.defaultTableLocation(SESSION, schemaTableName), expectedTableDirectory.toPath().toAbsolutePath().toString());
} finally {
try {
catalogWithDefaultLocation.dropNamespace(SESSION, namespace);
} catch (Exception e) {
LOG.warn("Failed to clean up namespace: %s", namespace);
}
}
}
Also used :
Path(java.nio.file.Path)
HdfsConfigurationInitializer(io.trino.plugin.hive.HdfsConfigurationInitializer)
HiveHdfsConfiguration(io.trino.plugin.hive.HiveHdfsConfiguration)
TrinoGlueCatalog(io.trino.plugin.iceberg.catalog.glue.TrinoGlueCatalog)
HdfsConfig(io.trino.plugin.hive.HdfsConfig)
GlueMetastoreStats(io.trino.plugin.hive.metastore.glue.GlueMetastoreStats)
TrinoPrincipal(io.trino.spi.security.TrinoPrincipal)
NoHdfsAuthentication(io.trino.plugin.hive.authentication.NoHdfsAuthentication)
SchemaTableName(io.trino.spi.connector.SchemaTableName)
TrinoCatalog(io.trino.plugin.iceberg.catalog.TrinoCatalog)
IOException(java.io.IOException)
HdfsEnvironment(io.trino.plugin.hive.HdfsEnvironment)
GlueIcebergTableOperationsProvider(io.trino.plugin.iceberg.catalog.glue.GlueIcebergTableOperationsProvider)
GlueHiveMetastoreConfig(io.trino.plugin.hive.metastore.glue.GlueHiveMetastoreConfig)
File(java.io.File)
Test(org.testng.annotations.Test)
Example 40 with TrinoPrincipal
use of io.trino.spi.security.TrinoPrincipal in project trino by trinodb.
the class SetRoleTask method execute.
@Override
public ListenableFuture<Void> execute(SetRole statement, QueryStateMachine stateMachine, List<Expression> parameters, WarningCollector warningCollector) {
Session session = stateMachine.getSession();
Optional<String> catalog = processRoleCommandCatalog(metadata, session, statement, statement.getCatalog().map(Identifier::getValue));
if (statement.getType() == SetRole.Type.ROLE) {
String role = statement.getRole().map(c -> c.getValue().toLowerCase(ENGLISH)).orElseThrow();
if (!metadata.roleExists(session, role, catalog)) {
throw semanticException(ROLE_NOT_FOUND, statement, "Role '%s' does not exist", role);
}
if (catalog.isPresent()) {
accessControl.checkCanSetCatalogRole(SecurityContext.of(session), role, catalog.get());
} else {
Set<RoleGrant> roleGrants = metadata.listApplicableRoles(session, new TrinoPrincipal(USER, session.getUser()), Optional.empty());
if (roleGrants.stream().map(RoleGrant::getRoleName).noneMatch(role::equals)) {
denySetRole(role);
}
}
}
SelectedRole.Type type = toSelectedRoleType(statement.getType());
stateMachine.addSetRole(catalog.orElse("system"), new SelectedRole(type, statement.getRole().map(c -> c.getValue().toLowerCase(ENGLISH))));
return immediateVoidFuture();
}
Also used :
Futures.immediateVoidFuture(com.google.common.util.concurrent.Futures.immediateVoidFuture)
ListenableFuture(com.google.common.util.concurrent.ListenableFuture)
USER(io.trino.spi.security.PrincipalType.USER)
Set(java.util.Set)
RoleGrant(io.trino.spi.security.RoleGrant)
AccessDeniedException.denySetRole(io.trino.spi.security.AccessDeniedException.denySetRole)
Inject(javax.inject.Inject)
SelectedRole(io.trino.spi.security.SelectedRole)
List(java.util.List)
AccessControl(io.trino.security.AccessControl)
TrinoPrincipal(io.trino.spi.security.TrinoPrincipal)
SetRole(io.trino.sql.tree.SetRole)
Objects.requireNonNull(java.util.Objects.requireNonNull)
WarningCollector(io.trino.execution.warnings.WarningCollector)
Metadata(io.trino.metadata.Metadata)
Optional(java.util.Optional)
Expression(io.trino.sql.tree.Expression)
SecurityContext(io.trino.security.SecurityContext)
MetadataUtil.processRoleCommandCatalog(io.trino.metadata.MetadataUtil.processRoleCommandCatalog)
SemanticExceptions.semanticException(io.trino.sql.analyzer.SemanticExceptions.semanticException)
ENGLISH(java.util.Locale.ENGLISH)
Identifier(io.trino.sql.tree.Identifier)
ROLE_NOT_FOUND(io.trino.spi.StandardErrorCode.ROLE_NOT_FOUND)
Session(io.trino.Session)
RoleGrant(io.trino.spi.security.RoleGrant)
SelectedRole(io.trino.spi.security.SelectedRole)
TrinoPrincipal(io.trino.spi.security.TrinoPrincipal)
Session(io.trino.Session)
Aggregations
TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)57
Test (org.testng.annotations.Test)44
SchemaTableName (io.trino.spi.connector.SchemaTableName)20
Session (io.trino.Session)15
SystemAccessControl (io.trino.spi.security.SystemAccessControl)12
CatalogSchemaName (io.trino.spi.connector.CatalogSchemaName)11
USER (io.trino.spi.security.PrincipalType.USER)9
Optional (java.util.Optional)9
MockConnectorFactory (io.trino.connector.MockConnectorFactory)8
Identity (io.trino.spi.security.Identity)8
ImmutableList (com.google.common.collect.ImmutableList)7
Privilege (io.trino.spi.security.Privilege)7
TestingSession.testSessionBuilder (io.trino.testing.TestingSession.testSessionBuilder)7
ImmutableSet (com.google.common.collect.ImmutableSet)6
MockConnectorPlugin (io.trino.connector.MockConnectorPlugin)6
WarningCollector (io.trino.execution.warnings.WarningCollector)6
Metadata (io.trino.metadata.Metadata)6
AccessControl (io.trino.security.AccessControl)6
CatalogSchemaTableName (io.trino.spi.connector.CatalogSchemaTableName)6
RoleGrant (io.trino.spi.security.RoleGrant)6
