Search in sources :

Example 1 with ValidatorFailure

use of org.teiid.query.validator.ValidatorFailure in project teiid by teiid.

the class TestAuthorizationValidationVisitor method helpTest.

private void helpTest(String sql, QueryMetadataInterface metadata, String[] expectedInaccesible, VDBMetaData vdb, DataPolicyMetadata... roles) throws QueryParserException, QueryResolverException, TeiidComponentException {
    QueryParser parser = QueryParser.getQueryParser();
    Command command = parser.parseCommand(sql);
    QueryResolver.resolveCommand(command, metadata);
    DataRolePolicyDecider dataRolePolicyDecider = createPolicyDecider(metadata, vdb, roles);
    // $NON-NLS-1$
    AuthorizationValidationVisitor visitor = new AuthorizationValidationVisitor(dataRolePolicyDecider, context);
    ValidatorReport report = Validator.validate(command, metadata, visitor);
    if (report.hasItems()) {
        ValidatorFailure firstFailure = report.getItems().iterator().next();
        // strings
        Set<String> expected = new HashSet<String>(Arrays.asList(expectedInaccesible));
        // elements
        Set<String> actual = new HashSet<String>();
        for (LanguageObject obj : firstFailure.getInvalidObjects()) {
            if (obj instanceof ElementSymbol) {
                actual.add(((ElementSymbol) obj).getName());
            } else {
                actual.add(obj.toString());
            }
        }
        assertEquals(expected, actual);
    } else if (expectedInaccesible.length > 0) {
        // $NON-NLS-1$
        fail("Expected inaccessible objects, but got none.");
    }
}
Also used : ElementSymbol(org.teiid.query.sql.symbol.ElementSymbol) QueryParser(org.teiid.query.parser.QueryParser) Command(org.teiid.query.sql.lang.Command) ValidatorFailure(org.teiid.query.validator.ValidatorFailure) ValidatorReport(org.teiid.query.validator.ValidatorReport) LanguageObject(org.teiid.query.sql.LanguageObject) HashSet(java.util.HashSet)

Example 2 with ValidatorFailure

use of org.teiid.query.validator.ValidatorFailure in project teiid by teiid.

the class TestMetadataValidator method printError.

private String printError(ValidatorReport report) {
    StringBuilder sb = new StringBuilder();
    for (ValidatorFailure v : report.getItems()) {
        if (v.getStatus() == ValidatorFailure.Status.ERROR) {
            sb.append(v);
            sb.append("\n");
        }
    }
    return sb.toString();
}
Also used : ValidatorFailure(org.teiid.query.validator.ValidatorFailure)

Example 3 with ValidatorFailure

use of org.teiid.query.validator.ValidatorFailure in project teiid by teiid.

the class RowBasedSecurityHelper method resolveCondition.

static Criteria resolveCondition(QueryMetadataInterface metadata, final GroupSymbol group, String fullName, Map.Entry<String, DataPolicy> entry, PermissionMetaData pmd, String filterString) throws QueryMetadataException {
    Criteria filter = (Criteria) pmd.getResolvedCondition();
    if (filter == null) {
        try {
            filter = QueryParser.getQueryParser().parseCriteria(filterString);
            GroupSymbol gs = group;
            if (group.getDefinition() != null) {
                gs = new GroupSymbol(fullName);
                gs.setMetadataID(group.getMetadataID());
            }
            Collection<GroupSymbol> groups = Arrays.asList(gs);
            for (SubqueryContainer container : ValueIteratorProviderCollectorVisitor.getValueIteratorProviders(filter)) {
                container.getCommand().pushNewResolvingContext(groups);
                QueryResolver.resolveCommand(container.getCommand(), metadata, false);
            }
            ResolverVisitor.resolveLanguageObject(filter, groups, metadata);
            ValidatorReport report = Validator.validate(filter, metadata, new ValidationVisitor());
            if (report.hasItems()) {
                ValidatorFailure firstFailure = report.getItems().iterator().next();
                // $NON-NLS-1$
                throw new QueryMetadataException(QueryPlugin.Event.TEIID31129, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31129, entry.getKey(), fullName) + " " + firstFailure);
            }
            pmd.setResolvedCondition(filter.clone());
        } catch (QueryMetadataException e) {
            throw e;
        } catch (TeiidException e) {
            throw new QueryMetadataException(QueryPlugin.Event.TEIID31129, e, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31129, entry.getKey(), fullName));
        }
    } else {
        filter = (Criteria) filter.clone();
    }
    return filter;
}
Also used : ValidationVisitor(org.teiid.query.validator.ValidationVisitor) ValidatorFailure(org.teiid.query.validator.ValidatorFailure) GroupSymbol(org.teiid.query.sql.symbol.GroupSymbol) QueryMetadataException(org.teiid.api.exception.query.QueryMetadataException) ValidatorReport(org.teiid.query.validator.ValidatorReport) TeiidException(org.teiid.core.TeiidException)

Example 4 with ValidatorFailure

use of org.teiid.query.validator.ValidatorFailure in project teiid by teiid.

the class ColumnMaskingHelper method maskColumn.

private static Expression maskColumn(ElementSymbol col, GroupSymbol unaliased, QueryMetadataInterface metadata, ExpressionMappingVisitor emv, Map<String, DataPolicy> policies, CommandContext cc) throws TeiidComponentException, TeiidProcessingException {
    Object metadataID = col.getMetadataID();
    String fullName = metadata.getFullName(metadataID);
    final GroupSymbol group = col.getGroupSymbol();
    String elementType = metadata.getElementRuntimeTypeName(col.getMetadataID());
    Class<?> expectedType = DataTypeManager.getDataTypeClass(elementType);
    List<WhenThen> cases = null;
    Collection<GroupSymbol> groups = Arrays.asList(unaliased);
    for (Map.Entry<String, DataPolicy> entry : policies.entrySet()) {
        DataPolicyMetadata dpm = (DataPolicyMetadata) entry.getValue();
        PermissionMetaData pmd = dpm.getPermissionMap().get(fullName);
        if (pmd == null) {
            continue;
        }
        String maskString = pmd.getMask();
        if (maskString == null) {
            continue;
        }
        Criteria condition = null;
        if (pmd.getCondition() != null) {
            condition = RowBasedSecurityHelper.resolveCondition(metadata, group, metadata.getFullName(group.getMetadataID()), entry, pmd, pmd.getCondition());
        } else {
            condition = QueryRewriter.TRUE_CRITERIA;
        }
        Expression mask = (Expression) pmd.getResolvedMask();
        if (mask == null) {
            try {
                mask = QueryParser.getQueryParser().parseExpression(pmd.getMask());
                for (SubqueryContainer container : ValueIteratorProviderCollectorVisitor.getValueIteratorProviders(mask)) {
                    container.getCommand().pushNewResolvingContext(groups);
                    QueryResolver.resolveCommand(container.getCommand(), metadata, false);
                }
                ResolverVisitor.resolveLanguageObject(mask, groups, metadata);
                ValidatorReport report = Validator.validate(mask, metadata, new ValidationVisitor());
                if (report.hasItems()) {
                    ValidatorFailure firstFailure = report.getItems().iterator().next();
                    // $NON-NLS-1$
                    throw new QueryMetadataException(QueryPlugin.Event.TEIID31139, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31139, dpm.getName(), fullName) + " " + firstFailure);
                }
                if (mask.getType() != expectedType) {
                    mask = ResolverUtil.convertExpression(mask, elementType, metadata);
                }
                pmd.setResolvedMask(mask.clone());
                if (!dpm.isAnyAuthenticated()) {
                    // we treat this as user deterministic since the data roles won't change.  this may change if the logic becomes dynamic
                    // TODO: this condition may not even be used
                    cc.setDeterminismLevel(Determinism.USER_DETERMINISTIC);
                }
            } catch (QueryMetadataException e) {
                throw e;
            } catch (TeiidException e) {
                throw new QueryMetadataException(QueryPlugin.Event.TEIID31129, e, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31129, dpm.getName(), fullName));
            }
        } else {
            mask = (Expression) mask.clone();
        }
        if (group.getDefinition() != null) {
            PreOrPostOrderNavigator.doVisit(mask, emv, PreOrPostOrderNavigator.PRE_ORDER, true);
        }
        if (cases == null) {
            cases = new ArrayList<ColumnMaskingHelper.WhenThen>();
        }
        cases.add(new WhenThen(pmd.getOrder(), condition, mask));
    }
    if (cases == null) {
        return col;
    }
    Collections.sort(cases);
    List<Criteria> whens = new ArrayList<Criteria>();
    List<Expression> thens = new ArrayList<Expression>();
    for (WhenThen whenThen : cases) {
        whens.add(whenThen.when);
        thens.add(whenThen.then);
    }
    SearchedCaseExpression sce = new SearchedCaseExpression(whens, thens);
    sce.setElseExpression(col);
    sce.setType(expectedType);
    Expression mask = QueryRewriter.rewriteExpression(sce, cc, metadata, true);
    return mask;
}
Also used : ValidationVisitor(org.teiid.query.validator.ValidationVisitor) ArrayList(java.util.ArrayList) Criteria(org.teiid.query.sql.lang.Criteria) ValidatorFailure(org.teiid.query.validator.ValidatorFailure) DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata) DataPolicy(org.teiid.adminapi.DataPolicy) SubqueryContainer(org.teiid.query.sql.lang.SubqueryContainer) QueryMetadataException(org.teiid.api.exception.query.QueryMetadataException) ValidatorReport(org.teiid.query.validator.ValidatorReport) TeiidException(org.teiid.core.TeiidException) SearchedCaseExpression(org.teiid.query.sql.symbol.SearchedCaseExpression) SearchedCaseExpression(org.teiid.query.sql.symbol.SearchedCaseExpression) Expression(org.teiid.query.sql.symbol.Expression) GroupSymbol(org.teiid.query.sql.symbol.GroupSymbol) Map(java.util.Map) PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)

Example 5 with ValidatorFailure

use of org.teiid.query.validator.ValidatorFailure in project teiid by teiid.

the class TestProcedurePlanner method helpPlanProcedure.

// ################ getReplacementClause tests ###################
private ProcessorPlan helpPlanProcedure(String userQuery, String procedure, TriggerEvent procedureType) throws TeiidComponentException, QueryMetadataException, TeiidProcessingException {
    QueryMetadataInterface metadata = RealMetadataFactory.exampleUpdateProc(procedureType, procedure);
    QueryParser parser = QueryParser.getQueryParser();
    Command userCommand = userQuery != null ? parser.parseCommand(userQuery) : parser.parseCommand(procedure);
    if (userCommand instanceof CreateProcedureCommand) {
        GroupSymbol gs = new GroupSymbol("proc");
        gs.setMetadataID(new TempMetadataID("proc", Collections.EMPTY_LIST));
        ((CreateProcedureCommand) userCommand).setVirtualGroup(gs);
    }
    QueryResolver.resolveCommand(userCommand, metadata);
    ValidatorReport report = Validator.validate(userCommand, metadata);
    if (report.hasItems()) {
        ValidatorFailure firstFailure = report.getItems().iterator().next();
        throw new QueryValidatorException(firstFailure.getMessage());
    }
    userCommand = QueryRewriter.rewrite(userCommand, metadata, null);
    AnalysisRecord analysisRecord = new AnalysisRecord(false, DEBUG);
    try {
        return QueryOptimizer.optimizePlan(userCommand, metadata, null, new DefaultCapabilitiesFinder(), analysisRecord, null);
    } finally {
        if (DEBUG) {
            System.out.println(analysisRecord.getDebugLog());
        }
    }
}
Also used : QueryParser(org.teiid.query.parser.QueryParser) AnalysisRecord(org.teiid.query.analysis.AnalysisRecord) CreateProcedureCommand(org.teiid.query.sql.proc.CreateProcedureCommand) CreateProcedureCommand(org.teiid.query.sql.proc.CreateProcedureCommand) Command(org.teiid.query.sql.lang.Command) ValidatorFailure(org.teiid.query.validator.ValidatorFailure) QueryValidatorException(org.teiid.api.exception.query.QueryValidatorException) GroupSymbol(org.teiid.query.sql.symbol.GroupSymbol) TempMetadataID(org.teiid.query.metadata.TempMetadataID) QueryMetadataInterface(org.teiid.query.metadata.QueryMetadataInterface) DefaultCapabilitiesFinder(org.teiid.query.optimizer.capabilities.DefaultCapabilitiesFinder) ValidatorReport(org.teiid.query.validator.ValidatorReport)

Aggregations

ValidatorFailure (org.teiid.query.validator.ValidatorFailure)7 ValidatorReport (org.teiid.query.validator.ValidatorReport)6 Command (org.teiid.query.sql.lang.Command)3 GroupSymbol (org.teiid.query.sql.symbol.GroupSymbol)3 QueryMetadataException (org.teiid.api.exception.query.QueryMetadataException)2 QueryValidatorException (org.teiid.api.exception.query.QueryValidatorException)2 TeiidException (org.teiid.core.TeiidException)2 AnalysisRecord (org.teiid.query.analysis.AnalysisRecord)2 DefaultCapabilitiesFinder (org.teiid.query.optimizer.capabilities.DefaultCapabilitiesFinder)2 QueryParser (org.teiid.query.parser.QueryParser)2 ValidationVisitor (org.teiid.query.validator.ValidationVisitor)2 ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1 Map (java.util.Map)1 DataPolicy (org.teiid.adminapi.DataPolicy)1 DataPolicyMetadata (org.teiid.adminapi.impl.DataPolicyMetadata)1 PermissionMetaData (org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)1 VDBMetaData (org.teiid.adminapi.impl.VDBMetaData)1 MetadataException (org.teiid.metadata.MetadataException)1 MetadataStore (org.teiid.metadata.MetadataStore)1