Example 1 with SetRole
use of io.trino.sql.tree.SetRole in project trino by trinodb.
the class TestSetRoleTask method executeSetRole.
private QueryStateMachine executeSetRole(String statement) {
SetRole setRole = (SetRole) parser.createStatement(statement, new ParsingOptions());
QueryStateMachine stateMachine = QueryStateMachine.begin(Optional.empty(), statement, Optional.empty(), testSessionBuilder().setIdentity(Identity.ofUser(USER_NAME)).build(), URI.create("fake://uri"), new ResourceGroupId("test"), false, transactionManager, accessControl, executor, metadata, WarningCollector.NOOP, Optional.empty());
new SetRoleTask(metadata, accessControl).execute(setRole, stateMachine, ImmutableList.of(), WarningCollector.NOOP);
return stateMachine;
}
Also used :
SetRole(io.trino.sql.tree.SetRole)
ResourceGroupId(io.trino.spi.resourcegroups.ResourceGroupId)
ParsingOptions(io.trino.sql.parser.ParsingOptions)
Example 2 with SetRole
use of io.trino.sql.tree.SetRole in project trino by trinodb.
the class SetRoleTask method execute.
@Override
public ListenableFuture<Void> execute(SetRole statement, QueryStateMachine stateMachine, List<Expression> parameters, WarningCollector warningCollector) {
Session session = stateMachine.getSession();
Optional<String> catalog = processRoleCommandCatalog(metadata, session, statement, statement.getCatalog().map(Identifier::getValue));
if (statement.getType() == SetRole.Type.ROLE) {
String role = statement.getRole().map(c -> c.getValue().toLowerCase(ENGLISH)).orElseThrow();
if (!metadata.roleExists(session, role, catalog)) {
throw semanticException(ROLE_NOT_FOUND, statement, "Role '%s' does not exist", role);
}
if (catalog.isPresent()) {
accessControl.checkCanSetCatalogRole(SecurityContext.of(session), role, catalog.get());
} else {
Set<RoleGrant> roleGrants = metadata.listApplicableRoles(session, new TrinoPrincipal(USER, session.getUser()), Optional.empty());
if (roleGrants.stream().map(RoleGrant::getRoleName).noneMatch(role::equals)) {
denySetRole(role);
}
}
}
SelectedRole.Type type = toSelectedRoleType(statement.getType());
stateMachine.addSetRole(catalog.orElse("system"), new SelectedRole(type, statement.getRole().map(c -> c.getValue().toLowerCase(ENGLISH))));
return immediateVoidFuture();
}
Also used :
Futures.immediateVoidFuture(com.google.common.util.concurrent.Futures.immediateVoidFuture)
ListenableFuture(com.google.common.util.concurrent.ListenableFuture)
USER(io.trino.spi.security.PrincipalType.USER)
Set(java.util.Set)
RoleGrant(io.trino.spi.security.RoleGrant)
AccessDeniedException.denySetRole(io.trino.spi.security.AccessDeniedException.denySetRole)
Inject(javax.inject.Inject)
SelectedRole(io.trino.spi.security.SelectedRole)
List(java.util.List)
AccessControl(io.trino.security.AccessControl)
TrinoPrincipal(io.trino.spi.security.TrinoPrincipal)
SetRole(io.trino.sql.tree.SetRole)
Objects.requireNonNull(java.util.Objects.requireNonNull)
WarningCollector(io.trino.execution.warnings.WarningCollector)
Metadata(io.trino.metadata.Metadata)
Optional(java.util.Optional)
Expression(io.trino.sql.tree.Expression)
SecurityContext(io.trino.security.SecurityContext)
MetadataUtil.processRoleCommandCatalog(io.trino.metadata.MetadataUtil.processRoleCommandCatalog)
SemanticExceptions.semanticException(io.trino.sql.analyzer.SemanticExceptions.semanticException)
ENGLISH(java.util.Locale.ENGLISH)
Identifier(io.trino.sql.tree.Identifier)
ROLE_NOT_FOUND(io.trino.spi.StandardErrorCode.ROLE_NOT_FOUND)
Session(io.trino.Session)
RoleGrant(io.trino.spi.security.RoleGrant)
SelectedRole(io.trino.spi.security.SelectedRole)
TrinoPrincipal(io.trino.spi.security.TrinoPrincipal)
Session(io.trino.Session)
Example 3 with SetRole
use of io.trino.sql.tree.SetRole in project trino by trinodb.
the class TestSqlParser method testSetRole.
@Test
public void testSetRole() {
assertStatement("SET ROLE ALL", new SetRole(SetRole.Type.ALL, Optional.empty(), Optional.empty()));
assertStatement("SET ROLE NONE", new SetRole(SetRole.Type.NONE, Optional.empty(), Optional.empty()));
assertStatement("SET ROLE role", new SetRole(SetRole.Type.ROLE, Optional.of(new Identifier("role")), Optional.empty()));
assertStatement("SET ROLE \"role\"", new SetRole(SetRole.Type.ROLE, Optional.of(new Identifier("role")), Optional.empty()));
assertStatement("SET ROLE role IN my_catalog", new SetRole(SetRole.Type.ROLE, Optional.of(new Identifier("role")), Optional.of(new Identifier("my_catalog"))));
}
Also used :
SetRole(io.trino.sql.tree.SetRole)
QueryUtil.quotedIdentifier(io.trino.sql.QueryUtil.quotedIdentifier)
Identifier(io.trino.sql.tree.Identifier)
Test(org.junit.jupiter.api.Test)
Aggregations
SetRole (io.trino.sql.tree.SetRole)3
Identifier (io.trino.sql.tree.Identifier)2
Futures.immediateVoidFuture (com.google.common.util.concurrent.Futures.immediateVoidFuture)1
ListenableFuture (com.google.common.util.concurrent.ListenableFuture)1
Session (io.trino.Session)1
WarningCollector (io.trino.execution.warnings.WarningCollector)1
Metadata (io.trino.metadata.Metadata)1
MetadataUtil.processRoleCommandCatalog (io.trino.metadata.MetadataUtil.processRoleCommandCatalog)1
AccessControl (io.trino.security.AccessControl)1
SecurityContext (io.trino.security.SecurityContext)1
ROLE_NOT_FOUND (io.trino.spi.StandardErrorCode.ROLE_NOT_FOUND)1
ResourceGroupId (io.trino.spi.resourcegroups.ResourceGroupId)1
AccessDeniedException.denySetRole (io.trino.spi.security.AccessDeniedException.denySetRole)1
USER (io.trino.spi.security.PrincipalType.USER)1
RoleGrant (io.trino.spi.security.RoleGrant)1
SelectedRole (io.trino.spi.security.SelectedRole)1
TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)1
QueryUtil.quotedIdentifier (io.trino.sql.QueryUtil.quotedIdentifier)1
SemanticExceptions.semanticException (io.trino.sql.analyzer.SemanticExceptions.semanticException)1
ParsingOptions (io.trino.sql.parser.ParsingOptions)1
