Search in sources :

Example 16 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestCommitTask method testUnknownTransactionCommit.

@Test
public void testUnknownTransactionCommit() {
    TransactionManager transactionManager = createTestTransactionManager();
    Session session = sessionBuilder().setTransactionId(// Use a random transaction ID that is unknown to the system
    TransactionId.create()).build();
    QueryStateMachine stateMachine = createQueryStateMachine("COMMIT", session, transactionManager);
    Future<?> future = new CommitTask(transactionManager).execute(new Commit(), stateMachine, emptyList(), WarningCollector.NOOP);
    assertTrinoExceptionThrownBy(() -> getFutureValue(future)).hasErrorCode(UNKNOWN_TRANSACTION);
    // Still issue clear signal
    assertTrue(stateMachine.getQueryInfo(Optional.empty()).isClearTransactionId());
    assertFalse(stateMachine.getQueryInfo(Optional.empty()).getStartedTransactionId().isPresent());
    assertTrue(transactionManager.getAllTransactionInfos().isEmpty());
}
Also used : Commit(io.trino.sql.tree.Commit) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Session(io.trino.Session) Test(org.testng.annotations.Test)

Example 17 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestCommitTask method testNoTransactionCommit.

@Test
public void testNoTransactionCommit() {
    TransactionManager transactionManager = createTestTransactionManager();
    Session session = sessionBuilder().build();
    QueryStateMachine stateMachine = createQueryStateMachine("COMMIT", session, transactionManager);
    assertTrinoExceptionThrownBy(() -> getFutureValue(new CommitTask(transactionManager).execute(new Commit(), stateMachine, emptyList(), WarningCollector.NOOP))).hasErrorCode(NOT_IN_TRANSACTION);
    assertFalse(stateMachine.getQueryInfo(Optional.empty()).isClearTransactionId());
    assertFalse(stateMachine.getQueryInfo(Optional.empty()).getStartedTransactionId().isPresent());
    assertTrue(transactionManager.getAllTransactionInfos().isEmpty());
}
Also used : Commit(io.trino.sql.tree.Commit) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Session(io.trino.Session) Test(org.testng.annotations.Test)

Example 18 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestDeallocateTask method executeDeallocate.

private Set<String> executeDeallocate(String statementName, String sqlString, Session session) {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControl = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), DefaultSystemAccessControl.NAME);
    accessControl.setSystemAccessControls(List.of(AllowAllSystemAccessControl.INSTANCE));
    QueryStateMachine stateMachine = QueryStateMachine.begin(Optional.empty(), sqlString, Optional.empty(), session, URI.create("fake://uri"), new ResourceGroupId("test"), false, transactionManager, accessControl, executor, metadata, WarningCollector.NOOP, Optional.empty());
    Deallocate deallocate = new Deallocate(new Identifier(statementName));
    new DeallocateTask().execute(deallocate, stateMachine, emptyList(), WarningCollector.NOOP);
    return stateMachine.getDeallocatedPreparedStatements();
}
Also used : AccessControlManager(io.trino.security.AccessControlManager) AccessControlConfig(io.trino.security.AccessControlConfig) Identifier(io.trino.sql.tree.Identifier) ResourceGroupId(io.trino.spi.resourcegroups.ResourceGroupId) Deallocate(io.trino.sql.tree.Deallocate) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager)

Example 19 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testViewOperations.

@Test
public void testViewOperations() {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = newAccessControlManager(transactionManager, "catalog.json");
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        SecurityContext aliceContext = new SecurityContext(transactionId, alice, queryId);
        SecurityContext bobContext = new SecurityContext(transactionId, bob, queryId);
        SecurityContext nonAsciiContext = new SecurityContext(transactionId, nonAsciiUser, queryId);
        accessControlManager.checkCanCreateView(aliceContext, aliceView);
        accessControlManager.checkCanDropView(aliceContext, aliceView);
        accessControlManager.checkCanSelectFromColumns(aliceContext, aliceView, ImmutableSet.of());
        accessControlManager.checkCanCreateViewWithSelectFromColumns(aliceContext, aliceTable, ImmutableSet.of());
        accessControlManager.checkCanCreateViewWithSelectFromColumns(aliceContext, aliceView, ImmutableSet.of());
        accessControlManager.checkCanSetCatalogSessionProperty(aliceContext, "alice-catalog", "property");
        accessControlManager.checkCanGrantTablePrivilege(aliceContext, SELECT, aliceTable, new TrinoPrincipal(USER, "grantee"), true);
        accessControlManager.checkCanRevokeTablePrivilege(aliceContext, SELECT, aliceTable, new TrinoPrincipal(USER, "revokee"), true);
        accessControlManager.checkCanCreateView(aliceContext, staffView);
        accessControlManager.checkCanDropView(aliceContext, staffView);
        accessControlManager.checkCanSelectFromColumns(aliceContext, staffView, ImmutableSet.of());
        accessControlManager.checkCanCreateViewWithSelectFromColumns(aliceContext, staffTable, ImmutableSet.of());
        accessControlManager.checkCanCreateViewWithSelectFromColumns(aliceContext, staffView, ImmutableSet.of());
        accessControlManager.checkCanSetCatalogSessionProperty(aliceContext, "alice-catalog", "property");
        accessControlManager.checkCanGrantTablePrivilege(aliceContext, SELECT, staffTable, new TrinoPrincipal(USER, "grantee"), true);
        accessControlManager.checkCanRevokeTablePrivilege(aliceContext, SELECT, staffTable, new TrinoPrincipal(USER, "revokee"), true);
        assertThatThrownBy(() -> accessControlManager.checkCanCreateView(bobContext, aliceView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanDropView(bobContext, aliceView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanSelectFromColumns(bobContext, aliceView, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanCreateViewWithSelectFromColumns(bobContext, aliceTable, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanCreateViewWithSelectFromColumns(bobContext, aliceView, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanSetCatalogSessionProperty(bobContext, "alice-catalog", "property")).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanGrantTablePrivilege(bobContext, SELECT, aliceTable, new TrinoPrincipal(USER, "grantee"), true)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanRevokeTablePrivilege(bobContext, SELECT, aliceTable, new TrinoPrincipal(USER, "revokee"), true)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        accessControlManager.checkCanCreateView(bobContext, staffView);
        accessControlManager.checkCanDropView(bobContext, staffView);
        accessControlManager.checkCanSelectFromColumns(bobContext, staffView, ImmutableSet.of());
        accessControlManager.checkCanCreateViewWithSelectFromColumns(bobContext, staffTable, ImmutableSet.of());
        accessControlManager.checkCanCreateViewWithSelectFromColumns(bobContext, staffView, ImmutableSet.of());
        accessControlManager.checkCanSetCatalogSessionProperty(bobContext, "staff-catalog", "property");
        accessControlManager.checkCanGrantTablePrivilege(bobContext, SELECT, staffTable, new TrinoPrincipal(USER, "grantee"), true);
        accessControlManager.checkCanRevokeTablePrivilege(bobContext, SELECT, staffTable, new TrinoPrincipal(USER, "revokee"), true);
        assertThatThrownBy(() -> accessControlManager.checkCanCreateView(nonAsciiContext, aliceView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanDropView(nonAsciiContext, aliceView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanSelectFromColumns(nonAsciiContext, aliceView, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanCreateViewWithSelectFromColumns(nonAsciiContext, aliceTable, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanCreateViewWithSelectFromColumns(nonAsciiContext, aliceView, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanSetCatalogSessionProperty(nonAsciiContext, "alice-catalog", "property")).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanGrantTablePrivilege(nonAsciiContext, SELECT, aliceTable, new TrinoPrincipal(USER, "grantee"), true)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanRevokeTablePrivilege(nonAsciiContext, SELECT, aliceTable, new TrinoPrincipal(USER, "revokee"), true)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanCreateView(nonAsciiContext, staffView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanDropView(nonAsciiContext, staffView)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanSelectFromColumns(nonAsciiContext, staffView, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanCreateViewWithSelectFromColumns(nonAsciiContext, staffTable, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanCreateViewWithSelectFromColumns(nonAsciiContext, staffView, ImmutableSet.of())).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanSetCatalogSessionProperty(nonAsciiContext, "staff-catalog", "property")).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanGrantTablePrivilege(nonAsciiContext, SELECT, staffTable, new TrinoPrincipal(USER, "grantee"), true)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
        assertThatThrownBy(() -> accessControlManager.checkCanRevokeTablePrivilege(nonAsciiContext, SELECT, staffTable, new TrinoPrincipal(USER, "revokee"), true)).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog staff-catalog");
    });
}
Also used : AccessDeniedException(io.trino.spi.security.AccessDeniedException) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) Test(org.testng.annotations.Test)

Example 20 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testDocsExample.

@Test
public void testDocsExample() {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), DefaultSystemAccessControl.NAME);
    accessControlManager.setSystemAccessControl(FileBasedSystemAccessControl.NAME, ImmutableMap.of("security.config-file", new File("../../docs/src/main/sphinx/security/user-impersonation.json").getAbsolutePath()));
    accessControlManager.checkCanImpersonateUser(admin, "charlie");
    assertThatThrownBy(() -> accessControlManager.checkCanImpersonateUser(admin, "bob")).isInstanceOf(AccessDeniedException.class).hasMessageContaining("Access Denied: User alberto cannot impersonate user bob");
    assertThatThrownBy(() -> accessControlManager.checkCanImpersonateUser(Identity.ofUser("charlie"), "doris")).isInstanceOf(AccessDeniedException.class).hasMessageContaining("Access Denied: User charlie cannot impersonate user doris");
    accessControlManager.checkCanImpersonateUser(Identity.ofUser("charlie"), "test");
}
Also used : AccessDeniedException(io.trino.spi.security.AccessDeniedException) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Files.newTemporaryFile(org.assertj.core.util.Files.newTemporaryFile) File(java.io.File) Test(org.testng.annotations.Test)

Aggregations

TransactionManager (io.trino.transaction.TransactionManager)48 InMemoryTransactionManager.createTestTransactionManager (io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager)42 Test (org.testng.annotations.Test)40 AccessDeniedException (io.trino.spi.security.AccessDeniedException)17 Session (io.trino.Session)16 QualifiedObjectName (io.trino.metadata.QualifiedObjectName)16 Optional (java.util.Optional)13 ImmutableSet (com.google.common.collect.ImmutableSet)12 SchemaTableName (io.trino.spi.connector.SchemaTableName)12 Map (java.util.Map)12 ImmutableMap (com.google.common.collect.ImmutableMap)11 DefaultSystemAccessControl (io.trino.plugin.base.security.DefaultSystemAccessControl)11 Identity (io.trino.spi.security.Identity)11 Set (java.util.Set)11 Assert.assertEquals (org.testng.Assert.assertEquals)11 QueryId (io.trino.spi.QueryId)10 CatalogSchemaName (io.trino.spi.connector.CatalogSchemaName)10 TestingEventListenerManager.emptyEventListenerManager (io.trino.testing.TestingEventListenerManager.emptyEventListenerManager)10 TransactionBuilder.transaction (io.trino.transaction.TransactionBuilder.transaction)10 Assertions.assertThatThrownBy (org.assertj.core.api.Assertions.assertThatThrownBy)10