Search in sources :

Example 21 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testSystemInformation.

@Test
public void testSystemInformation() {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = newAccessControlManager(transactionManager, "system_information.json");
    accessControlManager.checkCanReadSystemInformation(admin);
    accessControlManager.checkCanWriteSystemInformation(admin);
    accessControlManager.checkCanReadSystemInformation(nonAsciiUser);
    accessControlManager.checkCanWriteSystemInformation(nonAsciiUser);
    accessControlManager.checkCanReadSystemInformation(admin);
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanWriteSystemInformation(alice);
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot write system information");
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanReadSystemInformation(bob);
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot read system information");
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanWriteSystemInformation(bob);
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot write system information");
}
Also used : QueryId(io.trino.spi.QueryId) AccessDeniedException(io.trino.spi.security.AccessDeniedException) TransactionBuilder.transaction(io.trino.transaction.TransactionBuilder.transaction) TransactionManager(io.trino.transaction.TransactionManager) USER(io.trino.spi.security.PrincipalType.USER) URISyntaxException(java.net.URISyntaxException) Assert.assertEquals(org.testng.Assert.assertEquals) Test(org.testng.annotations.Test) FileBasedSystemAccessControl(io.trino.plugin.base.security.FileBasedSystemAccessControl) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) SECURITY_CONFIG_FILE(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_CONFIG_FILE) Identity(io.trino.spi.security.Identity) Map(java.util.Map) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) SELECT(io.trino.spi.security.Privilege.SELECT) Thread.sleep(java.lang.Thread.sleep) Files.newTemporaryFile(org.assertj.core.util.Files.newTemporaryFile) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Set(java.util.Set) SchemaTableName(io.trino.spi.connector.SchemaTableName) File(java.io.File) TestingEventListenerManager.emptyEventListenerManager(io.trino.testing.TestingEventListenerManager.emptyEventListenerManager) Resources.getResource(com.google.common.io.Resources.getResource) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) DefaultSystemAccessControl(io.trino.plugin.base.security.DefaultSystemAccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) SECURITY_REFRESH_PERIOD(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_REFRESH_PERIOD) Files.copy(com.google.common.io.Files.copy) Optional(java.util.Optional) AccessDeniedException(io.trino.spi.security.AccessDeniedException) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Test(org.testng.annotations.Test)

Example 22 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testSchemaOperationsReadOnly.

@Test
public void testSchemaOperationsReadOnly() {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = newAccessControlManager(transactionManager, "catalog_read_only.json");
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        Set<String> aliceSchemas = ImmutableSet.of("schema");
        assertEquals(accessControlManager.filterSchemas(new SecurityContext(transactionId, alice, queryId), "alice-catalog", aliceSchemas), aliceSchemas);
        assertEquals(accessControlManager.filterSchemas(new SecurityContext(transactionId, bob, queryId), "alice-catalog", aliceSchemas), ImmutableSet.of());
        accessControlManager.checkCanShowSchemas(new SecurityContext(transactionId, alice, queryId), "alice-catalog");
    });
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateSchema(new SecurityContext(transactionId, alice, queryId), aliceSchema);
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot create schema alice-catalog.schema");
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanDropSchema(new SecurityContext(transactionId, alice, queryId), aliceSchema);
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot drop schema alice-catalog.schema");
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanRenameSchema(new SecurityContext(transactionId, alice, queryId), aliceSchema, "new-schema");
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot rename schema from alice-catalog.schema to new-schema");
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateSchema(new SecurityContext(transactionId, bob, queryId), aliceSchema);
    })).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
}
Also used : QueryId(io.trino.spi.QueryId) AccessDeniedException(io.trino.spi.security.AccessDeniedException) TransactionBuilder.transaction(io.trino.transaction.TransactionBuilder.transaction) TransactionManager(io.trino.transaction.TransactionManager) USER(io.trino.spi.security.PrincipalType.USER) URISyntaxException(java.net.URISyntaxException) Assert.assertEquals(org.testng.Assert.assertEquals) Test(org.testng.annotations.Test) FileBasedSystemAccessControl(io.trino.plugin.base.security.FileBasedSystemAccessControl) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) SECURITY_CONFIG_FILE(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_CONFIG_FILE) Identity(io.trino.spi.security.Identity) Map(java.util.Map) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) SELECT(io.trino.spi.security.Privilege.SELECT) Thread.sleep(java.lang.Thread.sleep) Files.newTemporaryFile(org.assertj.core.util.Files.newTemporaryFile) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Set(java.util.Set) SchemaTableName(io.trino.spi.connector.SchemaTableName) File(java.io.File) TestingEventListenerManager.emptyEventListenerManager(io.trino.testing.TestingEventListenerManager.emptyEventListenerManager) Resources.getResource(com.google.common.io.Resources.getResource) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) DefaultSystemAccessControl(io.trino.plugin.base.security.DefaultSystemAccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) SECURITY_REFRESH_PERIOD(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_REFRESH_PERIOD) Files.copy(com.google.common.io.Files.copy) Optional(java.util.Optional) AccessDeniedException(io.trino.spi.security.AccessDeniedException) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Test(org.testng.annotations.Test)

Example 23 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestFileBasedSystemAccessControl method testRefreshing.

@Test
public void testRefreshing() throws Exception {
    TransactionManager transactionManager = createTestTransactionManager();
    AccessControlManager accessControlManager = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), DefaultSystemAccessControl.NAME);
    File configFile = newTemporaryFile();
    configFile.deleteOnExit();
    copy(new File(getResourcePath("catalog.json")), configFile);
    accessControlManager.setSystemAccessControl(FileBasedSystemAccessControl.NAME, ImmutableMap.of(SECURITY_CONFIG_FILE, configFile.getAbsolutePath(), SECURITY_REFRESH_PERIOD, "1ms"));
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
        accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
        accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
    });
    copy(new File(getResourcePath("security-config-file-with-unknown-rules.json")), configFile);
    sleep(2);
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
    })).isInstanceOf(IllegalArgumentException.class).hasMessageStartingWith("Invalid JSON file");
    // test if file based cached control was not cached somewhere
    assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
    })).isInstanceOf(IllegalArgumentException.class).hasMessageStartingWith("Invalid JSON file");
    copy(new File(getResourcePath("catalog.json")), configFile);
    sleep(2);
    transaction(transactionManager, accessControlManager).execute(transactionId -> {
        accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
    });
}
Also used : QueryId(io.trino.spi.QueryId) AccessDeniedException(io.trino.spi.security.AccessDeniedException) TransactionBuilder.transaction(io.trino.transaction.TransactionBuilder.transaction) TransactionManager(io.trino.transaction.TransactionManager) USER(io.trino.spi.security.PrincipalType.USER) URISyntaxException(java.net.URISyntaxException) Assert.assertEquals(org.testng.Assert.assertEquals) Test(org.testng.annotations.Test) FileBasedSystemAccessControl(io.trino.plugin.base.security.FileBasedSystemAccessControl) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Assertions.assertThatThrownBy(org.assertj.core.api.Assertions.assertThatThrownBy) SECURITY_CONFIG_FILE(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_CONFIG_FILE) Identity(io.trino.spi.security.Identity) Map(java.util.Map) CatalogSchemaName(io.trino.spi.connector.CatalogSchemaName) SELECT(io.trino.spi.security.Privilege.SELECT) Thread.sleep(java.lang.Thread.sleep) Files.newTemporaryFile(org.assertj.core.util.Files.newTemporaryFile) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Set(java.util.Set) SchemaTableName(io.trino.spi.connector.SchemaTableName) File(java.io.File) TestingEventListenerManager.emptyEventListenerManager(io.trino.testing.TestingEventListenerManager.emptyEventListenerManager) Resources.getResource(com.google.common.io.Resources.getResource) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) DefaultSystemAccessControl(io.trino.plugin.base.security.DefaultSystemAccessControl) TrinoPrincipal(io.trino.spi.security.TrinoPrincipal) SECURITY_REFRESH_PERIOD(io.trino.plugin.base.security.FileBasedAccessControlConfig.SECURITY_REFRESH_PERIOD) Files.copy(com.google.common.io.Files.copy) Optional(java.util.Optional) TransactionManager(io.trino.transaction.TransactionManager) InMemoryTransactionManager.createTestTransactionManager(io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager) Files.newTemporaryFile(org.assertj.core.util.Files.newTemporaryFile) File(java.io.File) Test(org.testng.annotations.Test)

Example 24 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestKuduIntegrationDynamicFilter method testIncompleteDynamicFilterTimeout.

@Test(timeOut = 30_000)
public void testIncompleteDynamicFilterTimeout() throws Exception {
    QueryRunner runner = getQueryRunner();
    TransactionManager transactionManager = runner.getTransactionManager();
    TransactionId transactionId = transactionManager.beginTransaction(false);
    Session session = Session.builder(getSession()).setCatalogSessionProperty("kudu", "dynamic_filtering_wait_timeout", "1s").build().beginTransactionId(transactionId, transactionManager, new AllowAllAccessControl());
    QualifiedObjectName tableName = new QualifiedObjectName("kudu", "tpch", "orders");
    Optional<TableHandle> tableHandle = runner.getMetadata().getTableHandle(session, tableName);
    assertTrue(tableHandle.isPresent());
    SplitSource splitSource = runner.getSplitManager().getSplits(session, tableHandle.get(), UNGROUPED_SCHEDULING, new IncompleteDynamicFilter(), alwaysTrue());
    List<Split> splits = new ArrayList<>();
    while (!splitSource.isFinished()) {
        splits.addAll(splitSource.getNextBatch(NOT_PARTITIONED, Lifespan.taskWide(), 1000).get().getSplits());
    }
    splitSource.close();
    assertFalse(splits.isEmpty());
}
Also used : ArrayList(java.util.ArrayList) DistributedQueryRunner(io.trino.testing.DistributedQueryRunner) QueryRunner(io.trino.testing.QueryRunner) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) TransactionId(io.trino.transaction.TransactionId) TransactionManager(io.trino.transaction.TransactionManager) AllowAllAccessControl(io.trino.security.AllowAllAccessControl) TableHandle(io.trino.metadata.TableHandle) SplitSource(io.trino.split.SplitSource) Split(io.trino.metadata.Split) Session(io.trino.Session) Test(org.testng.annotations.Test)

Example 25 with TransactionManager

use of io.trino.transaction.TransactionManager in project trino by trinodb.

the class TestIcebergMetadataListing method getStorageTable.

private SchemaTableName getStorageTable(String catalogName, String schemaName, String objectName) {
    TransactionManager transactionManager = getQueryRunner().getTransactionManager();
    TransactionId transactionId = transactionManager.beginTransaction(false);
    Session session = getSession().beginTransactionId(transactionId, transactionManager, getQueryRunner().getAccessControl());
    Optional<MaterializedViewDefinition> materializedView = getQueryRunner().getMetadata().getMaterializedView(session, new QualifiedObjectName(catalogName, schemaName, objectName));
    assertThat(materializedView).isPresent();
    return materializedView.get().getStorageTable().get().getSchemaTableName();
}
Also used : MaterializedViewDefinition(io.trino.metadata.MaterializedViewDefinition) TransactionManager(io.trino.transaction.TransactionManager) QualifiedObjectName(io.trino.metadata.QualifiedObjectName) TransactionId(io.trino.transaction.TransactionId) Session(io.trino.Session)

Aggregations

TransactionManager (io.trino.transaction.TransactionManager)48 InMemoryTransactionManager.createTestTransactionManager (io.trino.transaction.InMemoryTransactionManager.createTestTransactionManager)42 Test (org.testng.annotations.Test)40 AccessDeniedException (io.trino.spi.security.AccessDeniedException)17 Session (io.trino.Session)16 QualifiedObjectName (io.trino.metadata.QualifiedObjectName)16 Optional (java.util.Optional)13 ImmutableSet (com.google.common.collect.ImmutableSet)12 SchemaTableName (io.trino.spi.connector.SchemaTableName)12 Map (java.util.Map)12 ImmutableMap (com.google.common.collect.ImmutableMap)11 DefaultSystemAccessControl (io.trino.plugin.base.security.DefaultSystemAccessControl)11 Identity (io.trino.spi.security.Identity)11 Set (java.util.Set)11 Assert.assertEquals (org.testng.Assert.assertEquals)11 QueryId (io.trino.spi.QueryId)10 CatalogSchemaName (io.trino.spi.connector.CatalogSchemaName)10 TestingEventListenerManager.emptyEventListenerManager (io.trino.testing.TestingEventListenerManager.emptyEventListenerManager)10 TransactionBuilder.transaction (io.trino.transaction.TransactionBuilder.transaction)10 Assertions.assertThatThrownBy (org.assertj.core.api.Assertions.assertThatThrownBy)10