use of io.trino.transaction.TransactionManager in project trino by trinodb.
the class TestCommitTask method testUnknownTransactionCommit.
@Test
public void testUnknownTransactionCommit() {
TransactionManager transactionManager = createTestTransactionManager();
Session session = sessionBuilder().setTransactionId(// Use a random transaction ID that is unknown to the system
TransactionId.create()).build();
QueryStateMachine stateMachine = createQueryStateMachine("COMMIT", session, transactionManager);
Future<?> future = new CommitTask(transactionManager).execute(new Commit(), stateMachine, emptyList(), WarningCollector.NOOP);
assertTrinoExceptionThrownBy(() -> getFutureValue(future)).hasErrorCode(UNKNOWN_TRANSACTION);
// Still issue clear signal
assertTrue(stateMachine.getQueryInfo(Optional.empty()).isClearTransactionId());
assertFalse(stateMachine.getQueryInfo(Optional.empty()).getStartedTransactionId().isPresent());
assertTrue(transactionManager.getAllTransactionInfos().isEmpty());
}
use of io.trino.transaction.TransactionManager in project trino by trinodb.
the class TestCommitTask method testNoTransactionCommit.
@Test
public void testNoTransactionCommit() {
TransactionManager transactionManager = createTestTransactionManager();
Session session = sessionBuilder().build();
QueryStateMachine stateMachine = createQueryStateMachine("COMMIT", session, transactionManager);
assertTrinoExceptionThrownBy(() -> getFutureValue(new CommitTask(transactionManager).execute(new Commit(), stateMachine, emptyList(), WarningCollector.NOOP))).hasErrorCode(NOT_IN_TRANSACTION);
assertFalse(stateMachine.getQueryInfo(Optional.empty()).isClearTransactionId());
assertFalse(stateMachine.getQueryInfo(Optional.empty()).getStartedTransactionId().isPresent());
assertTrue(transactionManager.getAllTransactionInfos().isEmpty());
}
use of io.trino.transaction.TransactionManager in project trino by trinodb.
the class TestDeallocateTask method executeDeallocate.
private Set<String> executeDeallocate(String statementName, String sqlString, Session session) {
TransactionManager transactionManager = createTestTransactionManager();
AccessControlManager accessControl = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), DefaultSystemAccessControl.NAME);
accessControl.setSystemAccessControls(List.of(AllowAllSystemAccessControl.INSTANCE));
QueryStateMachine stateMachine = QueryStateMachine.begin(Optional.empty(), sqlString, Optional.empty(), session, URI.create("fake://uri"), new ResourceGroupId("test"), false, transactionManager, accessControl, executor, metadata, WarningCollector.NOOP, Optional.empty());
Deallocate deallocate = new Deallocate(new Identifier(statementName));
new DeallocateTask().execute(deallocate, stateMachine, emptyList(), WarningCollector.NOOP);
return stateMachine.getDeallocatedPreparedStatements();
}
use of io.trino.transaction.TransactionManager in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testViewOperations.
@Test
public void testViewOperations() {
TransactionManager transactionManager = createTestTransactionManager();
AccessControlManager accessControlManager = newAccessControlManager(transactionManager, "catalog.json");
transaction(transactionManager, accessControlManager).execute(transactionId -> {
SecurityContext aliceContext = new SecurityContext(transactionId, alice, queryId);
SecurityContext bobContext = new SecurityContext(transactionId, bob, queryId);
SecurityContext nonAsciiContext = new SecurityContext(transactionId, nonAsciiUser, queryId);
accessControlManager.checkCanCreateView(aliceContext, aliceView);
accessControlManager.checkCanDropView(aliceContext, aliceView);
accessControlManager.checkCanSelectFromColumns(aliceContext, aliceView, ImmutableSet.of());
accessControlManager.checkCanCreateViewWithSelectFromColumns(aliceContext, aliceTable, ImmutableSet.of());
accessControlManager.checkCanCreateViewWithSelectFromColumns(aliceContext, aliceView, ImmutableSet.of());
accessControlManager.checkCanSetCatalogSessionProperty(aliceContext, "alice-catalog", "property");
accessControlManager.checkCanGrantTablePrivilege(aliceContext, SELECT, aliceTable, new TrinoPrincipal(USER, "grantee"), true);
accessControlManager.checkCanRevokeTablePrivilege(aliceContext, SELECT, aliceTable, new TrinoPrincipal(USER, "revokee"), true);
accessControlManager.checkCanCreateView(aliceContext, staffView);
accessControlManager.checkCanDropView(aliceContext, staffView);
accessControlManager.checkCanSelectFromColumns(aliceContext, staffView, ImmutableSet.of());
accessControlManager.checkCanCreateViewWithSelectFromColumns(aliceContext, staffTable, ImmutableSet.of());
accessControlManager.checkCanCreateViewWithSelectFromColumns(aliceContext, staffView, ImmutableSet.of());
accessControlManager.checkCanSetCatalogSessionProperty(aliceContext, "alice-catalog", "property");
accessControlManager.checkCanGrantTablePrivilege(aliceContext, SELECT, staffTable, new TrinoPrincipal(USER, "grantee"), true);
accessControlManager.checkCanRevokeTablePrivilege(aliceContext, SELECT, staffTable, new TrinoPrincipal(USER, "revokee"), true);
assertThatThrownBy(() -> accessControlManager.checkCanCreateView(bobContext, aliceView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanDropView(bobContext, aliceView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanSelectFromColumns(bobContext, aliceView, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanCreateViewWithSelectFromColumns(bobContext, aliceTable, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanCreateViewWithSelectFromColumns(bobContext, aliceView, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanSetCatalogSessionProperty(bobContext, "alice-catalog", "property")).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanGrantTablePrivilege(bobContext, SELECT, aliceTable, new TrinoPrincipal(USER, "grantee"), true)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanRevokeTablePrivilege(bobContext, SELECT, aliceTable, new TrinoPrincipal(USER, "revokee"), true)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
accessControlManager.checkCanCreateView(bobContext, staffView);
accessControlManager.checkCanDropView(bobContext, staffView);
accessControlManager.checkCanSelectFromColumns(bobContext, staffView, ImmutableSet.of());
accessControlManager.checkCanCreateViewWithSelectFromColumns(bobContext, staffTable, ImmutableSet.of());
accessControlManager.checkCanCreateViewWithSelectFromColumns(bobContext, staffView, ImmutableSet.of());
accessControlManager.checkCanSetCatalogSessionProperty(bobContext, "staff-catalog", "property");
accessControlManager.checkCanGrantTablePrivilege(bobContext, SELECT, staffTable, new TrinoPrincipal(USER, "grantee"), true);
accessControlManager.checkCanRevokeTablePrivilege(bobContext, SELECT, staffTable, new TrinoPrincipal(USER, "revokee"), true);
assertThatThrownBy(() -> accessControlManager.checkCanCreateView(nonAsciiContext, aliceView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanDropView(nonAsciiContext, aliceView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanSelectFromColumns(nonAsciiContext, aliceView, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanCreateViewWithSelectFromColumns(nonAsciiContext, aliceTable, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanCreateViewWithSelectFromColumns(nonAsciiContext, aliceView, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanSetCatalogSessionProperty(nonAsciiContext, "alice-catalog", "property")).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanGrantTablePrivilege(nonAsciiContext, SELECT, aliceTable, new TrinoPrincipal(USER, "grantee"), true)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanRevokeTablePrivilege(nonAsciiContext, SELECT, aliceTable, new TrinoPrincipal(USER, "revokee"), true)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanCreateView(nonAsciiContext, staffView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanDropView(nonAsciiContext, staffView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanSelectFromColumns(nonAsciiContext, staffView, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanCreateViewWithSelectFromColumns(nonAsciiContext, staffTable, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanCreateViewWithSelectFromColumns(nonAsciiContext, staffView, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanSetCatalogSessionProperty(nonAsciiContext, "staff-catalog", "property")).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanGrantTablePrivilege(nonAsciiContext, SELECT, staffTable, new TrinoPrincipal(USER, "grantee"), true)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
assertThatThrownBy(() -> accessControlManager.checkCanRevokeTablePrivilege(nonAsciiContext, SELECT, staffTable, new TrinoPrincipal(USER, "revokee"), true)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
});
}
use of io.trino.transaction.TransactionManager in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testDocsExample.
@Test
public void testDocsExample() {
TransactionManager transactionManager = createTestTransactionManager();
AccessControlManager accessControlManager = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), DefaultSystemAccessControl.NAME);
accessControlManager.setSystemAccessControl(FileBasedSystemAccessControl.NAME, ImmutableMap.of("security.config-file", new File("../../docs/src/main/sphinx/security/user-impersonation.json").getAbsolutePath()));
accessControlManager.checkCanImpersonateUser(admin, "charlie");
assertThatThrownBy(() -> accessControlManager.checkCanImpersonateUser(admin, "bob")).isInstanceOf(AccessDeniedException.class).hasMessageContaining("Access Denied: User alberto cannot impersonate user bob");
assertThatThrownBy(() -> accessControlManager.checkCanImpersonateUser(Identity.ofUser("charlie"), "doris")).isInstanceOf(AccessDeniedException.class).hasMessageContaining("Access Denied: User charlie cannot impersonate user doris");
accessControlManager.checkCanImpersonateUser(Identity.ofUser("charlie"), "test");
}
Aggregations