Search in sources :

Example 11 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestAccessControlManager method testDenyCatalogAccessControl.

@Test
public void testDenyCatalogAccessControl() {
    try (LocalQueryRunner queryRunner = LocalQueryRunner.create(TEST_SESSION)) {
        TransactionManager transactionManager = queryRunner.getTransactionManager();
        AccessControlManager accessControlManager = createAccessControlManager(transactionManager);
        TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
        accessControlManager.addSystemAccessControlFactory(accessControlFactory);
        accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
        queryRunner.createCatalog("catalog", MockConnectorFactory.create(), ImmutableMap.of());
        accessControlManager.addCatalogAccessControl(new CatalogName("catalog"), new DenyConnectorAccessControl());
        assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
            accessControlManager.checkCanSelectFromColumns(context(transactionId), new QualifiedObjectName("catalog", "schema", "table"), ImmutableSet.of("column"));
        })).isInstanceOf(TrinoException.class).hasMessageMatching("Access Denied: Cannot select from columns \\[column\\] in table or view schema.table");
    }
}
Also used : QueryId(io.trino.spi.QueryId) TransactionBuilder.transaction(io.trino.transaction.TransactionBuilder.transaction) TransactionManager(io.trino.transaction.TransactionManager) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Test(org.testng.annotations.Test) SystemSecurityContext(io.trino.spi.security.SystemSecurityContext) CatalogName(io.trino.connector.CatalogName) MockConnectorFactory(io.trino.connector.MockConnectorFactory) Map(java.util.Map) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) TEST_SESSION(io.trino.SessionTestUtils.TEST_SESSION) Path(java.nio.file.Path) WRITE(java.nio.file.StandardOpenOption.WRITE) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) ViewExpression(io.trino.spi.security.ViewExpression) ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) Set(java.util.Set) TrinoException(io.trino.spi.TrinoException) SchemaTableName(io.trino.spi.connector.SchemaTableName) BasicPrincipal(io.trino.spi.security.BasicPrincipal) TestingEventListenerManager.emptyEventListenerManager(io.trino.testing.TestingEventListenerManager.emptyEventListenerManager) List(java.util.List) Principal(java.security.Principal) BIGINT(io.trino.spi.type.BigintType.BIGINT) ReadOnlySystemAccessControl(io.trino.plugin.base.security.ReadOnlySystemAccessControl) CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName) Optional(java.util.Optional) SystemAccessControlFactory(io.trino.spi.security.SystemAccessControlFactory) AccessDeniedException(io.trino.spi.security.AccessDeniedException) TestingEventListenerManager(io.trino.testing.TestingEventListenerManager) TRUNCATE_EXISTING(java.nio.file.StandardOpenOption.TRUNCATE_EXISTING) Type(io.trino.spi.type.Type) Assert.assertEquals(org.testng.Assert.assertEquals) AllowAllAccessControl(io.trino.plugin.base.security.AllowAllAccessControl) SystemAccessControl(io.trino.spi.security.SystemAccessControl) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) ImmutableList(com.google.common.collect.ImmutableList) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) Identity(io.trino.spi.security.Identity) LocalQueryRunner(io.trino.testing.LocalQueryRunner) Objects.requireNonNull(java.util.Objects.requireNonNull) ConnectorSecurityContext(io.trino.spi.connector.ConnectorSecurityContext) Files(java.nio.file.Files) AccessDeniedException.denySelectTable(io.trino.spi.security.AccessDeniedException.denySelectTable) IOException(java.io.IOException) Files.createTempFile(java.nio.file.Files.createTempFile) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) DefaultSystemAccessControl(io.trino.plugin.base.security.DefaultSystemAccessControl) EventListenerManager(io.trino.eventlistener.EventListenerManager) CatalogManager(io.trino.metadata.CatalogManager) CREATE(java.nio.file.StandardOpenOption.CREATE) TransactionId(io.trino.transaction.TransactionId) EventListener(io.trino.spi.eventlistener.EventListener) AllowAllSystemAccessControl(io.trino.plugin.base.security.AllowAllSystemAccessControl) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) TrinoException(io.trino.spi.TrinoException) CatalogName(io.trino.connector.CatalogName) LocalQueryRunner(io.trino.testing.LocalQueryRunner) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) Test(org.testng.annotations.Test)

Example 12 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestAccessControlManager method testNoCatalogAccessControl.

@Test
public void testNoCatalogAccessControl() {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = createAccessControlManager(transactionManager);
    TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test");
    accessControlManager.addSystemAccessControlFactory(accessControlFactory);
    accessControlManager.setSystemAccessControl("test", ImmutableMap.of());
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanSelectFromColumns(context(transactionId), new QualifiedObjectName("catalog", "schema", "table"), ImmutableSet.of("column"));
    });
}
Also used : TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) Test(org.testng.annotations.Test)

Example 13 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testSchemaOperations.

@Test
public void testSchemaOperations() {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = newAccessControlManager(transactionManager, "catalog.json");
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        Set<String> aliceSchemas = ImmutableSet.of("schema");
        assertEquals(accessControlManager.filterSchemas(new SecurityContext(transactionId, alice, queryId), "alice-catalog", aliceSchemas), aliceSchemas);
        assertEquals(accessControlManager.filterSchemas(new SecurityContext(transactionId, bob, queryId), "alice-catalog", aliceSchemas), ImmutableSet.of());
        accessControlManager.checkCanCreateSchema(new SecurityContext(transactionId, alice, queryId), aliceSchema);
        accessControlManager.checkCanDropSchema(new SecurityContext(transactionId, alice, queryId), aliceSchema);
        accessControlManager.checkCanRenameSchema(new SecurityContext(transactionId, alice, queryId), aliceSchema, "new-schema");
        accessControlManager.checkCanShowSchemas(new SecurityContext(transactionId, alice, queryId), "alice-catalog");
    });
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateSchema(new SecurityContext(transactionId, bob, queryId), aliceSchema);
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
}
Also used : QueryId(io.trino.spi.QueryId) AccessDeniedException(io.trino.spi.security.AccessDeniedException) TransactionBuilder.transaction(io.trino.transaction.TransactionBuilder.transaction) TransactionManager(io.trino.transaction.TransactionManager) USER(io.trino.spi.security.PrincipalType.USER) URISyntaxException(java.net.URISyntaxException) Assert.assertEquals(org.testng.Assert.assertEquals) Test(org.testng.annotations.Test) FileBasedSystemAccessControl(io.trino.plugin.base.security.FileBasedSystemAccessControl) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) SECURITY_CONFIG_FILE(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_CONFIG_FILE) Identity(io.trino.spi.security.Identity) Map(java.util.Map) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) SELECT(io.trino.spi.security.Privilege.SELECT) Thread.sleep(java.lang.Thread.sleep) Files.newTemporaryFile(org.assertj.core.util.Files.newTemporaryFile) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Set(java.util.Set) SchemaTableName(io.trino.spi.connector.SchemaTableName) File(java.io.File) TestingEventListenerManager.emptyEventListenerManager(io.trino.testing.TestingEventListenerManager.emptyEventListenerManager) Resources.getResource(com.google.common.io.Resources.getResource) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) DefaultSystemAccessControl(io.trino.plugin.base.security.DefaultSystemAccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) SECURITY_REFRESH_PERIOD(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_REFRESH_PERIOD) Files.copy(com.google.common.io.Files.copy) Optional(java.util.Optional) AccessDeniedException(io.trino.spi.security.AccessDeniedException) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Test(org.testng.annotations.Test)

Example 14 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestCallTask method executeCallTask.

private void executeCallTask(MethodHandle methodHandle, Function<TransactionManager, AccessControl> accessControlProvider) {
    TransactionManager transactionManager = queryRunner.getTransactionManager();
    ProcedureRegistry procedureRegistry = createProcedureRegistry(new Procedure("test", "testing_procedure", ImmutableList.of(), methodHandle));
    AccessControl accessControl = accessControlProvider.apply(transactionManager);
    PlannerContext plannerContext = plannerContextBuilder().withTransactionManager(transactionManager).build();
    new CallTask(transactionManager, plannerContext, accessControl, procedureRegistry).execute(new Call(QualifiedName.of("testing_procedure"), ImmutableList.of()), stateMachine(transactionManager, plannerContext.getMetadata(), accessControl), ImmutableList.of(), WarningCollector.NOOP);
}
Also used : Call(io.trino.sql.tree.Call) PlannerContext(io.trino.sql.PlannerContext) TransactionManager(io.trino.transaction.TransactionManager) ProcedureRegistry(io.trino.metadata.ProcedureRegistry) Procedure(io.trino.spi.procedure.Procedure) AllowAllAccessControl(io.trino.security.AllowAllAccessControl) DenyAllAccessControl(io.trino.security.DenyAllAccessControl) ConnectorAccessControl(io.trino.spi.connector.ConnectorAccessControl) AccessControl(io.trino.security.AccessControl) AllowAllSystemAccessControl(io.trino.plugin.base.security.AllowAllSystemAccessControl)

Example 15 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestCommitTask method testCommit.

@Test
public void testCommit() {
    TransactionManager transactionManager = createTestTransactionManager();
    Session session = sessionBuilder().setTransactionId(transactionManager.beginTransaction(false)).build();
    QueryStateMachine stateMachine = createQueryStateMachine("COMMIT", session, transactionManager);
    assertTrue(stateMachine.getSession().getTransactionId().isPresent());
    assertEquals(transactionManager.getAllTransactionInfos().size(), 1);
    getFutureValue(new CommitTask(transactionManager).execute(new Commit(), stateMachine, emptyList(), WarningCollector.NOOP));
    assertTrue(stateMachine.getQueryInfo(Optional.empty()).isClearTransactionId());
    assertFalse(stateMachine.getQueryInfo(Optional.empty()).getStartedTransactionId().isPresent());
    assertTrue(transactionManager.getAllTransactionInfos().isEmpty());
}
Also used : Commit(io.trino.sql.tree.Commit) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Session(io.trino.Session) Test(org.testng.annotations.Test)

Aggregations

TransactionManager (io.trino.transaction.TransactionManager)48 InMemoryTransactionManager.createTestTransactionManager (io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager)42 Test (org.testng.annotations.Test)40 AccessDeniedException (io.trino.spi.security.AccessDeniedException)17 Session (io.trino.Session)16 QualifiedObjectName (io.trino.metadata.QualifiedObjectName)16 Optional (java.util.Optional)13 ImmutableSet (com.google.common.collect.ImmutableSet)12 SchemaTableName (io.trino.spi.connector.SchemaTableName)12 Map (java.util.Map)12 ImmutableMap (com.google.common.collect.ImmutableMap)11 DefaultSystemAccessControl (io.trino.plugin.base.security.DefaultSystemAccessControl)11 Identity (io.trino.spi.security.Identity)11 Set (java.util.Set)11 Assert.assertEquals (org.testng.Assert.assertEquals)11 QueryId (io.trino.spi.QueryId)10 CatalogSchemaName (io.trino.spi.connector.CatalogSchemaName)10 TestingEventListenerManager.emptyEventListenerManager (io.trino.testing.TestingEventListenerManager.emptyEventListenerManager)10 TransactionBuilder.transaction (io.trino.transaction.TransactionBuilder.transaction)10 Assertions.assertThatThrownBy (org.assertj.core.api.Assertions.assertThatThrownBy)10