Search in sources :

Example 1 with TestingAccessControlManager

use of io.trino.testing.TestingAccessControlManager in project trino by trinodb.

the class TestMaterializedViews method testMaterializedViewWithCasts.

@Test
public void testMaterializedViewWithCasts() {
    TestingAccessControlManager accessControl = getQueryRunner().getAccessControl();
    accessControl.columnMask(new QualifiedObjectName(CATALOG, SCHEMA, "materialized_view_with_casts"), "a", "user", new ViewExpression("user", Optional.empty(), Optional.empty(), "a + 1"));
    assertPlan("SELECT * FROM materialized_view_with_casts", anyTree(project(ImmutableMap.of("A_CAST", expression("CAST(A as BIGINT) + BIGINT '1'"), "B_CAST", expression("CAST(B as BIGINT)")), tableScan("storage_table_with_casts", ImmutableMap.of("A", "a", "B", "b")))));
}
Also used : QualifiedObjectName(io.trino.metadata.QualifiedObjectName) TestingAccessControlManager(io.trino.testing.TestingAccessControlManager) ViewExpression(io.trino.spi.security.ViewExpression) Test(org.testng.annotations.Test) BasePlanTest(io.trino.sql.planner.assertions.BasePlanTest)

Example 2 with TestingAccessControlManager

use of io.trino.testing.TestingAccessControlManager in project trino by trinodb.

the class TestCreateMaterializedViewTask method testCreateDenyPermission.

@Test
public void testCreateDenyPermission() {
    CreateMaterializedView statement = new CreateMaterializedView(Optional.empty(), QualifiedName.of("test_mv"), simpleQuery(selectList(new AllColumns()), table(QualifiedName.of("catalog", "schema", "mock_table"))), false, true, ImmutableList.of(), Optional.empty());
    TestingAccessControlManager accessControl = new TestingAccessControlManager(transactionManager, emptyEventListenerManager());
    accessControl.loadSystemAccessControl(AllowAllSystemAccessControl.NAME, ImmutableMap.of());
    accessControl.deny(privilege("test_mv", CREATE_MATERIALIZED_VIEW));
    StatementAnalyzerFactory statementAnalyzerFactory = createTestingStatementAnalyzerFactory(plannerContext, accessControl, new TablePropertyManager(), new AnalyzePropertyManager());
    AnalyzerFactory analyzerFactory = new AnalyzerFactory(statementAnalyzerFactory, new StatementRewrite(ImmutableSet.of()));
    assertThatThrownBy(() -> getFutureValue(new CreateMaterializedViewTask(plannerContext, accessControl, parser, analyzerFactory, materializedViewPropertyManager, new FeaturesConfig()).execute(statement, queryStateMachine, ImmutableList.of(), WarningCollector.NOOP))).isInstanceOf(AccessDeniedException.class).hasMessageContaining("Cannot create materialized view catalog.schema.test_mv");
}
Also used : AccessDeniedException(io.trino.spi.security.AccessDeniedException) CreateMaterializedView(io.trino.sql.tree.CreateMaterializedView) FeaturesConfig(io.trino.FeaturesConfig) StatementRewrite(io.trino.sql.rewrite.StatementRewrite) AllColumns(io.trino.sql.tree.AllColumns) TablePropertyManager(io.trino.metadata.TablePropertyManager) TestingAccessControlManager(io.trino.testing.TestingAccessControlManager) StatementAnalyzerFactory.createTestingStatementAnalyzerFactory(io.trino.sql.analyzer.StatementAnalyzerFactory.createTestingStatementAnalyzerFactory) StatementAnalyzerFactory(io.trino.sql.analyzer.StatementAnalyzerFactory) AnalyzePropertyManager(io.trino.metadata.AnalyzePropertyManager) AnalyzerFactory(io.trino.sql.analyzer.AnalyzerFactory) StatementAnalyzerFactory.createTestingStatementAnalyzerFactory(io.trino.sql.analyzer.StatementAnalyzerFactory.createTestingStatementAnalyzerFactory) StatementAnalyzerFactory(io.trino.sql.analyzer.StatementAnalyzerFactory) Test(org.testng.annotations.Test)

Example 3 with TestingAccessControlManager

use of io.trino.testing.TestingAccessControlManager in project trino by trinodb.

the class TestCreateTableTask method testCreateLikeDenyPermission.

@Test
public void testCreateLikeDenyPermission() {
    CreateTable statement = getCreatleLikeStatement(false);
    TestingAccessControlManager accessControl = new TestingAccessControlManager(transactionManager, new EventListenerManager(new EventListenerConfig()));
    accessControl.deny(privilege("parent_table", SELECT_COLUMN));
    CreateTableTask createTableTask = new CreateTableTask(plannerContext, accessControl, columnPropertyManager, tablePropertyManager);
    assertThatThrownBy(() -> getFutureValue(createTableTask.internalExecute(statement, testSession, List.of(), output -> {
    }))).isInstanceOf(AccessDeniedException.class).hasMessageContaining("Cannot reference columns of table");
}
Also used : AccessDeniedException(io.trino.spi.security.AccessDeniedException) CreateTable(io.trino.sql.tree.CreateTable) EventListenerManager(io.trino.eventlistener.EventListenerManager) TestingAccessControlManager(io.trino.testing.TestingAccessControlManager) EventListenerConfig(io.trino.eventlistener.EventListenerConfig) Test(org.testng.annotations.Test)

Example 4 with TestingAccessControlManager

use of io.trino.testing.TestingAccessControlManager in project trino by trinodb.

the class TestCreateTableTask method testCreateLikeWithPropertiesDenyPermission.

@Test
public void testCreateLikeWithPropertiesDenyPermission() {
    CreateTable statement = getCreatleLikeStatement(true);
    TestingAccessControlManager accessControl = new TestingAccessControlManager(transactionManager, new EventListenerManager(new EventListenerConfig()));
    accessControl.deny(privilege("parent_table", SHOW_CREATE_TABLE));
    CreateTableTask createTableTask = new CreateTableTask(plannerContext, accessControl, columnPropertyManager, tablePropertyManager);
    assertThatThrownBy(() -> getFutureValue(createTableTask.internalExecute(statement, testSession, List.of(), output -> {
    }))).isInstanceOf(AccessDeniedException.class).hasMessageContaining("Cannot reference properties of table");
}
Also used : AccessDeniedException(io.trino.spi.security.AccessDeniedException) CreateTable(io.trino.sql.tree.CreateTable) EventListenerManager(io.trino.eventlistener.EventListenerManager) TestingAccessControlManager(io.trino.testing.TestingAccessControlManager) EventListenerConfig(io.trino.eventlistener.EventListenerConfig) Test(org.testng.annotations.Test)

Example 5 with TestingAccessControlManager

use of io.trino.testing.TestingAccessControlManager in project trino by trinodb.

the class TestAnalyzer method testAnalyzeMaterializedViewWithAccessControl.

@Test
public void testAnalyzeMaterializedViewWithAccessControl() {
    TestingAccessControlManager accessControlManager = new TestingAccessControlManager(transactionManager, emptyEventListenerManager());
    accessControlManager.setSystemAccessControls(List.of(AllowAllSystemAccessControl.INSTANCE));
    analyze("SELECT * FROM fresh_materialized_view");
    // materialized view analysis should succeed even if access to storage table is denied when querying the table directly
    accessControlManager.deny(privilege("t2.a", SELECT_COLUMN));
    analyze("SELECT * FROM fresh_materialized_view");
    accessControlManager.deny(privilege("fresh_materialized_view.a", SELECT_COLUMN));
    assertFails(CLIENT_SESSION, "SELECT * FROM fresh_materialized_view", accessControlManager).hasErrorCode(PERMISSION_DENIED).hasMessage("Access Denied: Cannot select from columns [a, b] in table or view tpch.s1.fresh_materialized_view");
}
Also used : TestingAccessControlManager(io.trino.testing.TestingAccessControlManager) Test(org.testng.annotations.Test)

Aggregations

TestingAccessControlManager (io.trino.testing.TestingAccessControlManager)5 Test (org.testng.annotations.Test)5 AccessDeniedException (io.trino.spi.security.AccessDeniedException)3 EventListenerConfig (io.trino.eventlistener.EventListenerConfig)2 EventListenerManager (io.trino.eventlistener.EventListenerManager)2 CreateTable (io.trino.sql.tree.CreateTable)2 FeaturesConfig (io.trino.FeaturesConfig)1 AnalyzePropertyManager (io.trino.metadata.AnalyzePropertyManager)1 QualifiedObjectName (io.trino.metadata.QualifiedObjectName)1 TablePropertyManager (io.trino.metadata.TablePropertyManager)1 ViewExpression (io.trino.spi.security.ViewExpression)1 AnalyzerFactory (io.trino.sql.analyzer.AnalyzerFactory)1 StatementAnalyzerFactory (io.trino.sql.analyzer.StatementAnalyzerFactory)1 StatementAnalyzerFactory.createTestingStatementAnalyzerFactory (io.trino.sql.analyzer.StatementAnalyzerFactory.createTestingStatementAnalyzerFactory)1 BasePlanTest (io.trino.sql.planner.assertions.BasePlanTest)1 StatementRewrite (io.trino.sql.rewrite.StatementRewrite)1 AllColumns (io.trino.sql.tree.AllColumns)1 CreateMaterializedView (io.trino.sql.tree.CreateMaterializedView)1