use of io.trino.transaction.TransactionManager in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testSystemInformation.
@Test
public void testSystemInformation() {
TransactionManager transactionManager = createTestTransactionManager();
AccessControlManager accessControlManager = newAccessControlManager(transactionManager, "system_information.json");
accessControlManager.checkCanReadSystemInformation(admin);
accessControlManager.checkCanWriteSystemInformation(admin);
accessControlManager.checkCanReadSystemInformation(nonAsciiUser);
accessControlManager.checkCanWriteSystemInformation(nonAsciiUser);
accessControlManager.checkCanReadSystemInformation(admin);
assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanWriteSystemInformation(alice);
})).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot write system information");
assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanReadSystemInformation(bob);
})).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot read system information");
assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanWriteSystemInformation(bob);
})).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot write system information");
}
use of io.trino.transaction.TransactionManager in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testSchemaOperationsReadOnly.
@Test
public void testSchemaOperationsReadOnly() {
TransactionManager transactionManager = createTestTransactionManager();
AccessControlManager accessControlManager = newAccessControlManager(transactionManager, "catalog_read_only.json");
transaction(transactionManager, accessControlManager).execute(transactionId -> {
Set<String> aliceSchemas = ImmutableSet.of("schema");
assertEquals(accessControlManager.filterSchemas(new SecurityContext(transactionId, alice, queryId), "alice-catalog", aliceSchemas), aliceSchemas);
assertEquals(accessControlManager.filterSchemas(new SecurityContext(transactionId, bob, queryId), "alice-catalog", aliceSchemas), ImmutableSet.of());
accessControlManager.checkCanShowSchemas(new SecurityContext(transactionId, alice, queryId), "alice-catalog");
});
assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanCreateSchema(new SecurityContext(transactionId, alice, queryId), aliceSchema);
})).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot create schema alice-catalog.schema");
assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanDropSchema(new SecurityContext(transactionId, alice, queryId), aliceSchema);
})).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot drop schema alice-catalog.schema");
assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanRenameSchema(new SecurityContext(transactionId, alice, queryId), aliceSchema, "new-schema");
})).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot rename schema from alice-catalog.schema to new-schema");
assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanCreateSchema(new SecurityContext(transactionId, bob, queryId), aliceSchema);
})).isInstanceOf(AccessDeniedException.class).hasMessage("Access Denied: Cannot access catalog alice-catalog");
}
use of io.trino.transaction.TransactionManager in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testRefreshing.
@Test
public void testRefreshing() throws Exception {
TransactionManager transactionManager = createTestTransactionManager();
AccessControlManager accessControlManager = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), DefaultSystemAccessControl.NAME);
File configFile = newTemporaryFile();
configFile.deleteOnExit();
copy(new File(getResourcePath("catalog.json")), configFile);
accessControlManager.setSystemAccessControl(FileBasedSystemAccessControl.NAME, ImmutableMap.of(SECURITY_CONFIG_FILE, configFile.getAbsolutePath(), SECURITY_REFRESH_PERIOD, "1ms"));
transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
});
copy(new File(getResourcePath("security-config-file-with-unknown-rules.json")), configFile);
sleep(2);
assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
})).isInstanceOf(IllegalArgumentException.class).hasMessageStartingWith("Invalid JSON file");
// test if file based cached control was not cached somewhere
assertThatThrownBy(() -> transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
})).isInstanceOf(IllegalArgumentException.class).hasMessageStartingWith("Invalid JSON file");
copy(new File(getResourcePath("catalog.json")), configFile);
sleep(2);
transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanCreateView(new SecurityContext(transactionId, alice, queryId), aliceView);
});
}
use of io.trino.transaction.TransactionManager in project trino by trinodb.
the class TestKuduIntegrationDynamicFilter method testIncompleteDynamicFilterTimeout.
@Test(timeOut = 30_000)
public void testIncompleteDynamicFilterTimeout() throws Exception {
QueryRunner runner = getQueryRunner();
TransactionManager transactionManager = runner.getTransactionManager();
TransactionId transactionId = transactionManager.beginTransaction(false);
Session session = Session.builder(getSession()).setCatalogSessionProperty("kudu", "dynamic_filtering_wait_timeout", "1s").build().beginTransactionId(transactionId, transactionManager, new AllowAllAccessControl());
QualifiedObjectName tableName = new QualifiedObjectName("kudu", "tpch", "orders");
Optional<TableHandle> tableHandle = runner.getMetadata().getTableHandle(session, tableName);
assertTrue(tableHandle.isPresent());
SplitSource splitSource = runner.getSplitManager().getSplits(session, tableHandle.get(), UNGROUPED_SCHEDULING, new IncompleteDynamicFilter(), alwaysTrue());
List<Split> splits = new ArrayList<>();
while (!splitSource.isFinished()) {
splits.addAll(splitSource.getNextBatch(NOT_PARTITIONED, Lifespan.taskWide(), 1000).get().getSplits());
}
splitSource.close();
assertFalse(splits.isEmpty());
}
use of io.trino.transaction.TransactionManager in project trino by trinodb.
the class TestIcebergMetadataListing method getStorageTable.
private SchemaTableName getStorageTable(String catalogName, String schemaName, String objectName) {
TransactionManager transactionManager = getQueryRunner().getTransactionManager();
TransactionId transactionId = transactionManager.beginTransaction(false);
Session session = getSession().beginTransactionId(transactionId, transactionManager, getQueryRunner().getAccessControl());
Optional<MaterializedViewDefinition> materializedView = getQueryRunner().getMetadata().getMaterializedView(session, new QualifiedObjectName(catalogName, schemaName, objectName));
assertThat(materializedView).isPresent();
return materializedView.get().getStorageTable().get().getSchemaTableName();
}
Aggregations