Examples with ViewExpression io.trino.spi.security.ViewExpression used on opensource projects

Search in sources :

Example 31 with ViewExpression

use of io.trino.spi.security.ViewExpression in project trino by trinodb.

the class TestRowFilter method testSimpleFilter.

@Test
public void testSimpleFilter() {
    accessControl.reset();
    accessControl.rowFilter(new QualifiedObjectName(CATALOG, "tiny", "orders"), USER, new ViewExpression(USER, Optional.empty(), Optional.empty(), "orderkey < 10"));
    assertThat(assertions.query("SELECT count(*) FROM orders")).matches("VALUES BIGINT '7'");
    accessControl.reset();
    accessControl.rowFilter(new QualifiedObjectName(CATALOG, "tiny", "orders"), USER, new ViewExpression(USER, Optional.empty(), Optional.empty(), "NULL"));
    assertThat(assertions.query("SELECT count(*) FROM orders")).matches("VALUES BIGINT '0'");
}
Also used : QualifiedObjectName(io.trino.metadata.QualifiedObjectName) ViewExpression(io.trino.spi.security.ViewExpression) Test(org.junit.jupiter.api.Test)

Example 32 with ViewExpression

use of io.trino.spi.security.ViewExpression in project trino by trinodb.

the class TestRowFilter method testRowFilterOnOptionalColumn.

@Test
public void testRowFilterOnOptionalColumn() {
    accessControl.reset();
    accessControl.rowFilter(new QualifiedObjectName(MOCK_CATALOG_MISSING_COLUMNS, "tiny", "nation_with_optional_column"), USER, new ViewExpression(USER, Optional.empty(), Optional.empty(), "length(optional) > 2"));
    assertions.query("INSERT INTO mockmissingcolumns.tiny.nation_with_optional_column(nationkey, name, regionkey, comment, optional) VALUES (0, 'POLAND', 0, 'No comment', 'some string')").assertThat().skippingTypesCheck().matches("VALUES BIGINT '1'");
    assertThatThrownBy(() -> assertions.query("INSERT INTO mockmissingcolumns.tiny.nation_with_optional_column(nationkey, name, regionkey, comment, optional) VALUES (0, 'POLAND', 0, 'No comment', 'so')")).isInstanceOf(TrinoException.class).hasMessage("Access Denied: Cannot insert row that does not match to a row filter");
    assertThatThrownBy(() -> assertions.query("INSERT INTO mockmissingcolumns.tiny.nation_with_optional_column(nationkey, name, regionkey, comment, optional) VALUES (0, 'POLAND', 0, 'No comment', null)")).isInstanceOf(TrinoException.class).hasMessage("Access Denied: Cannot insert row that does not match to a row filter");
}
Also used : TrinoException(io.trino.spi.TrinoException) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) ViewExpression(io.trino.spi.security.ViewExpression) Test(org.junit.jupiter.api.Test)

Example 33 with ViewExpression

use of io.trino.spi.security.ViewExpression in project trino by trinodb.

the class TestRowFilter method testUpdate.

@Test
public void testUpdate() {
    accessControl.reset();
    accessControl.rowFilter(new QualifiedObjectName(MOCK_CATALOG, "tiny", "nation"), USER, new ViewExpression(USER, Optional.empty(), Optional.empty(), "nationkey < 10"));
    // Within allowed row filter
    assertThatThrownBy(() -> assertions.query("UPDATE mock.tiny.nation SET regionkey = regionkey * 2 WHERE nationkey < 3")).hasMessage("line 1:1: Updating a table with a row filter is not supported");
    assertThatThrownBy(() -> assertions.query("UPDATE mock.tiny.nation SET regionkey = regionkey * 2 WHERE nationkey IN (1, 2, 3)")).hasMessage("line 1:1: Updating a table with a row filter is not supported");
    // Outside allowed row filter, only readable rows were update
    assertThatThrownBy(() -> assertions.query("UPDATE mock.tiny.nation SET regionkey = regionkey * 2")).hasMessage("line 1:1: Updating a table with a row filter is not supported");
    assertThatThrownBy(() -> assertions.query("UPDATE mock.tiny.nation SET regionkey = regionkey * 2 WHERE nationkey IN (1, 11)")).hasMessage("line 1:1: Updating a table with a row filter is not supported");
    assertThatThrownBy(() -> assertions.query("UPDATE mock.tiny.nation SET regionkey = regionkey * 2 WHERE nationkey = 11")).hasMessage("line 1:1: Updating a table with a row filter is not supported");
    // Within allowed row filter, but updated rows are outside the row filter
    assertThatThrownBy(() -> assertions.query("UPDATE mock.tiny.nation SET nationkey = 10 WHERE nationkey < 3")).hasMessage("line 1:1: Updating a table with a row filter is not supported");
    assertThatThrownBy(() -> assertions.query("UPDATE mock.tiny.nation SET nationkey = null WHERE nationkey < 3")).hasMessage("line 1:1: Updating a table with a row filter is not supported");
    // Outside allowed row filter, but updated rows are outside the row filter
    assertThatThrownBy(() -> assertions.query("UPDATE mock.tiny.nation SET nationkey = 10 WHERE nationkey = 10")).hasMessage("line 1:1: Updating a table with a row filter is not supported");
    assertThatThrownBy(() -> assertions.query("UPDATE mock.tiny.nation SET nationkey = null WHERE nationkey = null ")).hasMessage("line 1:1: Updating a table with a row filter is not supported");
}
Also used : QualifiedObjectName(io.trino.metadata.QualifiedObjectName) ViewExpression(io.trino.spi.security.ViewExpression) Test(org.junit.jupiter.api.Test)

Example 34 with ViewExpression

use of io.trino.spi.security.ViewExpression in project trino by trinodb.

the class TestRowFilter method testLimitedScope.

@Test
public void testLimitedScope() {
    accessControl.reset();
    accessControl.rowFilter(new QualifiedObjectName(CATALOG, "tiny", "customer"), USER, new ViewExpression(USER, Optional.of(CATALOG), Optional.of("tiny"), "orderkey = 1"));
    assertThatThrownBy(() -> assertions.query("SELECT (SELECT min(name) FROM customer WHERE customer.custkey = orders.custkey) FROM orders")).hasMessage("line 1:31: Invalid row filter for 'local.tiny.customer': Column 'orderkey' cannot be resolved");
}
Also used : QualifiedObjectName(io.trino.metadata.QualifiedObjectName) ViewExpression(io.trino.spi.security.ViewExpression) Test(org.junit.jupiter.api.Test)

Example 35 with ViewExpression

use of io.trino.spi.security.ViewExpression in project trino by trinodb.

the class TestRowFilter method testRowFilterWithHiddenColumns.

@Test
public void testRowFilterWithHiddenColumns() {
    accessControl.reset();
    accessControl.rowFilter(new QualifiedObjectName(MOCK_CATALOG, "tiny", "nation_with_hidden_column"), USER, new ViewExpression(USER, Optional.empty(), Optional.empty(), "nationkey < 1"));
    assertions.query("SELECT * FROM mock.tiny.nation_with_hidden_column").assertThat().skippingTypesCheck().matches("VALUES (BIGINT '0', 'ALGERIA', BIGINT '0', ' haggle. carefully final deposits detect slyly agai')");
    assertThatThrownBy(() -> assertions.query("INSERT INTO mock.tiny.nation_with_hidden_column VALUES (101, 'POLAND', 0, 'No comment')")).isInstanceOf(TrinoException.class).hasMessage("Access Denied: Cannot insert row that does not match to a row filter");
    assertions.query("INSERT INTO mock.tiny.nation_with_hidden_column VALUES (0, 'POLAND', 0, 'No comment')").assertThat().skippingTypesCheck().matches("VALUES BIGINT '1'");
    assertThatThrownBy(() -> assertions.query("UPDATE mock.tiny.nation_with_hidden_column SET name = 'POLAND'")).isInstanceOf(TrinoException.class).hasMessageContaining("Updating a table with a row filter is not supported");
    assertions.query("DELETE FROM mock.tiny.nation_with_hidden_column WHERE regionkey < 5").assertThat().skippingTypesCheck().matches("SELECT BIGINT '1'");
    assertions.query("DELETE FROM mock.tiny.nation_with_hidden_column WHERE \"$hidden\" IS NOT NULL").assertThat().skippingTypesCheck().matches("SELECT BIGINT '1'");
}
Also used : TrinoException(io.trino.spi.TrinoException) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) ViewExpression(io.trino.spi.security.ViewExpression) Test(org.junit.jupiter.api.Test)

Aggregations

ViewExpression (io.trino.spi.security.ViewExpression)56 QualifiedObjectName (io.trino.metadata.QualifiedObjectName)48 Test (org.junit.jupiter.api.Test)41 Test (org.testng.annotations.Test)10 SystemAccessControl (io.trino.spi.security.SystemAccessControl)7 ImmutableList (com.google.common.collect.ImmutableList)5 TrinoException (io.trino.spi.TrinoException)5 CatalogSchemaTableName (io.trino.spi.connector.CatalogSchemaTableName)5 SchemaTableName (io.trino.spi.connector.SchemaTableName)4 ImmutableSet (com.google.common.collect.ImmutableSet)3 ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)3 AllowAllSystemAccessControl (io.trino.plugin.base.security.AllowAllSystemAccessControl)3 DefaultSystemAccessControl (io.trino.plugin.base.security.DefaultSystemAccessControl)3 ReadOnlySystemAccessControl (io.trino.plugin.base.security.ReadOnlySystemAccessControl)3 Suppliers.memoizeWithExpiration (com.google.common.base.Suppliers.memoizeWithExpiration)2 ImmutableList.toImmutableList (com.google.common.collect.ImmutableList.toImmutableList)2 Injector (com.google.inject.Injector)2 Bootstrap (io.airlift.bootstrap.Bootstrap)2 ConfigBinder.configBinder (io.airlift.configuration.ConfigBinder.configBinder)2 Logger (io.airlift.log.Logger)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial