Examples with TransactionManager io.trino.transaction.TransactionManager used on opensource projects

Search in sources :

Example 46 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testMaterializedViewAccess.

@Test
public void testMaterializedViewAccess() {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = newAccessControlManager(transactionManager, "catalog.json");
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        SecurityContext aliceContext = new SecurityContext(transactionId, alice, queryId);
        SecurityContext bobContext = new SecurityContext(transactionId, bob, queryId);
        SecurityContext nonAsciiContext = new SecurityContext(transactionId, nonAsciiUser, queryId);
        // User alice is allowed access to alice-catalog
        accessControlManager.checkCanCreateMaterializedView(aliceContext, aliceMaterializedView, Map.of());
        accessControlManager.checkCanDropMaterializedView(aliceContext, aliceMaterializedView);
        accessControlManager.checkCanRefreshMaterializedView(aliceContext, aliceMaterializedView);
        accessControlManager.checkCanSetMaterializedViewProperties(aliceContext, aliceMaterializedView, ImmutableMap.of());
        // User alice is part of staff group which is allowed access to staff-catalog
        accessControlManager.checkCanCreateMaterializedView(aliceContext, staffMaterializedView, Map.of());
        accessControlManager.checkCanDropMaterializedView(aliceContext, staffMaterializedView);
        accessControlManager.checkCanRefreshMaterializedView(aliceContext, staffMaterializedView);
        accessControlManager.checkCanSetMaterializedViewProperties(aliceContext, staffMaterializedView, ImmutableMap.of());
        assertThatThrownBy(() -> accessControlManager.checkCanCreateMaterializedView(bobContext, aliceMaterializedView, Map.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanDropMaterializedView(bobContext, aliceMaterializedView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanRefreshMaterializedView(bobContext, aliceMaterializedView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanSetMaterializedViewProperties(bobContext, aliceMaterializedView, ImmutableMap.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        // User bob is part of staff group which is allowed access to staff-catalog
        accessControlManager.checkCanCreateMaterializedView(bobContext, staffMaterializedView, Map.of());
        accessControlManager.checkCanDropMaterializedView(bobContext, staffMaterializedView);
        accessControlManager.checkCanRefreshMaterializedView(bobContext, staffMaterializedView);
        accessControlManager.checkCanSetMaterializedViewProperties(bobContext, staffMaterializedView, ImmutableMap.of());
        assertThatThrownBy(() -> accessControlManager.checkCanCreateMaterializedView(nonAsciiContext, aliceMaterializedView, Map.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanDropMaterializedView(nonAsciiContext, aliceMaterializedView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanRefreshMaterializedView(nonAsciiContext, aliceMaterializedView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanSetMaterializedViewProperties(nonAsciiContext, aliceMaterializedView, ImmutableMap.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
    });
}
Also used : AccessDeniedException(io.trino.spi.security.AccessDeniedException) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Test(org.testng.annotations.Test)

Example 47 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testReadOnlyMaterializedViewAccess.

@Test
public void testReadOnlyMaterializedViewAccess() {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = newAccessControlManager(transactionManager, "catalog_read_only.json");
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        SecurityContext context = new SecurityContext(transactionId, alice, queryId);
        accessControlManager.checkCanSelectFromColumns(context, aliceMaterializedView, ImmutableSet.of());
        accessControlManager.checkCanSetCatalogSessionProperty(context, "alice-catalog", "property");
    });
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateMaterializedView(new SecurityContext(transactionId, alice, queryId), aliceMaterializedView, Map.of());
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot create materialized view alice-catalog.schema.materialized-view");
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanDropMaterializedView(new SecurityContext(transactionId, alice, queryId), aliceMaterializedView);
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot drop materialized view alice-catalog.schema.materialized-view");
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanRefreshMaterializedView(new SecurityContext(transactionId, alice, queryId), aliceMaterializedView);
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot refresh materialized view alice-catalog.schema.materialized-view");
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanSetMaterializedViewProperties(new SecurityContext(transactionId, alice, queryId), aliceMaterializedView, ImmutableMap.of());
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot set properties of materialized view alice-catalog.schema.materialized-view");
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateMaterializedView(new SecurityContext(transactionId, bob, queryId), aliceMaterializedView, Map.of());
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanRefreshMaterializedView(new SecurityContext(transactionId, bob, queryId), aliceMaterializedView);
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanSetMaterializedViewProperties(new SecurityContext(transactionId, bob, queryId), aliceMaterializedView, ImmutableMap.of());
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
}
Also used : QueryId(io.trino.spi.QueryId) AccessDeniedException(io.trino.spi.security.AccessDeniedException) TransactionBuilder.transaction(io.trino.transaction.TransactionBuilder.transaction) TransactionManager(io.trino.transaction.TransactionManager) USER(io.trino.spi.security.PrincipalType.USER) URISyntaxException(java.net.URISyntaxException) Assert.assertEquals(org.testng.Assert.assertEquals) Test(org.testng.annotations.Test) FileBasedSystemAccessControl(io.trino.plugin.base.security.FileBasedSystemAccessControl) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) SECURITY_CONFIG_FILE(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_CONFIG_FILE) Identity(io.trino.spi.security.Identity) Map(java.util.Map) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) SELECT(io.trino.spi.security.Privilege.SELECT) Thread.sleep(java.lang.Thread.sleep) Files.newTemporaryFile(org.assertj.core.util.Files.newTemporaryFile) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Set(java.util.Set) SchemaTableName(io.trino.spi.connector.SchemaTableName) File(java.io.File) TestingEventListenerManager.emptyEventListenerManager(io.trino.testing.TestingEventListenerManager.emptyEventListenerManager) Resources.getResource(com.google.common.io.Resources.getResource) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) DefaultSystemAccessControl(io.trino.plugin.base.security.DefaultSystemAccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) SECURITY_REFRESH_PERIOD(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_REFRESH_PERIOD) Files.copy(com.google.common.io.Files.copy) Optional(java.util.Optional) AccessDeniedException(io.trino.spi.security.AccessDeniedException) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Test(org.testng.annotations.Test)

Example 48 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testViewOperationsReadOnly.

@Test
public void testViewOperationsReadOnly() {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = newAccessControlManager(transactionManager, "catalog_read_only.json");
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        SecurityContext context = new SecurityContext(transactionId, alice, queryId);
        accessControlManager.checkCanSelectFromColumns(context, aliceView, ImmutableSet.of());
        accessControlManager.checkCanSetCatalogSessionProperty(context, "alice-catalog", "property");
    });
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot create view alice-catalog.schema.view");
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanDropView(new SecurityContext(transactionId, alice, queryId), aliceView);
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot drop view alice-catalog.schema.view");
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanGrantTablePrivilege(new SecurityContext(transactionId, alice, queryId), SELECT, aliceTable, new TrinoPrincipal(USER, "grantee"), true);
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot grant privilege SELECT on table alice-catalog.schema.table");
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanRevokeTablePrivilege(new SecurityContext(transactionId, alice, queryId), SELECT, aliceTable, new TrinoPrincipal(USER, "revokee"), true);
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot revoke privilege SELECT on table alice-catalog.schema.table");
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateView(new SecurityContext(transactionId, bob, queryId), aliceView);
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
}
Also used : QueryId(io.trino.spi.QueryId) AccessDeniedException(io.trino.spi.security.AccessDeniedException) TransactionBuilder.transaction(io.trino.transaction.TransactionBuilder.transaction) TransactionManager(io.trino.transaction.TransactionManager) USER(io.trino.spi.security.PrincipalType.USER) URISyntaxException(java.net.URISyntaxException) Assert.assertEquals(org.testng.Assert.assertEquals) Test(org.testng.annotations.Test) FileBasedSystemAccessControl(io.trino.plugin.base.security.FileBasedSystemAccessControl) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) SECURITY_CONFIG_FILE(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_CONFIG_FILE) Identity(io.trino.spi.security.Identity) Map(java.util.Map) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) SELECT(io.trino.spi.security.Privilege.SELECT) Thread.sleep(java.lang.Thread.sleep) Files.newTemporaryFile(org.assertj.core.util.Files.newTemporaryFile) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Set(java.util.Set) SchemaTableName(io.trino.spi.connector.SchemaTableName) File(java.io.File) TestingEventListenerManager.emptyEventListenerManager(io.trino.testing.TestingEventListenerManager.emptyEventListenerManager) Resources.getResource(com.google.common.io.Resources.getResource) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) DefaultSystemAccessControl(io.trino.plugin.base.security.DefaultSystemAccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) SECURITY_REFRESH_PERIOD(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_REFRESH_PERIOD) Files.copy(com.google.common.io.Files.copy) Optional(java.util.Optional) AccessDeniedException(io.trino.spi.security.AccessDeniedException) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Test(org.testng.annotations.Test)

Aggregations

TransactionManager (io.trino.transaction.TransactionManager)48 InMemoryTransactionManager.createTestTransactionManager (io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager)42 Test (org.testng.annotations.Test)40 AccessDeniedException (io.trino.spi.security.AccessDeniedException)17 Session (io.trino.Session)16 QualifiedObjectName (io.trino.metadata.QualifiedObjectName)16 Optional (java.util.Optional)13 ImmutableSet (com.google.common.collect.ImmutableSet)12 SchemaTableName (io.trino.spi.connector.SchemaTableName)12 Map (java.util.Map)12 ImmutableMap (com.google.common.collect.ImmutableMap)11 DefaultSystemAccessControl (io.trino.plugin.base.security.DefaultSystemAccessControl)11 Identity (io.trino.spi.security.Identity)11 Set (java.util.Set)11 Assert.assertEquals (org.testng.Assert.assertEquals)11 QueryId (io.trino.spi.QueryId)10 CatalogSchemaName (io.trino.spi.connector.CatalogSchemaName)10 TestingEventListenerManager.emptyEventListenerManager (io.trino.testing.TestingEventListenerManager.emptyEventListenerManager)10 TransactionBuilder.transaction (io.trino.transaction.TransactionBuilder.transaction)10 Assertions.assertThatThrownBy (org.assertj.core.api.Assertions.assertThatThrownBy)10
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial