Example 1 with ValidatorFailure
use of org.teiid.query.validator.ValidatorFailure in project teiid by teiid.
the class TestAuthorizationValidationVisitor method helpTest.
private void helpTest(String sql, QueryMetadataInterface metadata, String[] expectedInaccesible, VDBMetaData vdb, DataPolicyMetadata... roles) throws QueryParserException, QueryResolverException, TeiidComponentException {
QueryParser parser = QueryParser.getQueryParser();
Command command = parser.parseCommand(sql);
QueryResolver.resolveCommand(command, metadata);
DataRolePolicyDecider dataRolePolicyDecider = createPolicyDecider(metadata, vdb, roles);
// $NON-NLS-1$
AuthorizationValidationVisitor visitor = new AuthorizationValidationVisitor(dataRolePolicyDecider, context);
ValidatorReport report = Validator.validate(command, metadata, visitor);
if (report.hasItems()) {
ValidatorFailure firstFailure = report.getItems().iterator().next();
// strings
Set<String> expected = new HashSet<String>(Arrays.asList(expectedInaccesible));
// elements
Set<String> actual = new HashSet<String>();
for (LanguageObject obj : firstFailure.getInvalidObjects()) {
if (obj instanceof ElementSymbol) {
actual.add(((ElementSymbol) obj).getName());
} else {
actual.add(obj.toString());
}
}
assertEquals(expected, actual);
} else if (expectedInaccesible.length > 0) {
// $NON-NLS-1$
fail("Expected inaccessible objects, but got none.");
}
}
Also used :
ElementSymbol(org.teiid.query.sql.symbol.ElementSymbol)
QueryParser(org.teiid.query.parser.QueryParser)
Command(org.teiid.query.sql.lang.Command)
ValidatorFailure(org.teiid.query.validator.ValidatorFailure)
ValidatorReport(org.teiid.query.validator.ValidatorReport)
LanguageObject(org.teiid.query.sql.LanguageObject)
HashSet(java.util.HashSet)
Example 2 with ValidatorFailure
use of org.teiid.query.validator.ValidatorFailure in project teiid by teiid.
the class TestMetadataValidator method printError.
private String printError(ValidatorReport report) {
StringBuilder sb = new StringBuilder();
for (ValidatorFailure v : report.getItems()) {
if (v.getStatus() == ValidatorFailure.Status.ERROR) {
sb.append(v);
sb.append("\n");
}
}
return sb.toString();
}
Also used :
ValidatorFailure(org.teiid.query.validator.ValidatorFailure)
Example 3 with ValidatorFailure
use of org.teiid.query.validator.ValidatorFailure in project teiid by teiid.
the class RowBasedSecurityHelper method resolveCondition.
static Criteria resolveCondition(QueryMetadataInterface metadata, final GroupSymbol group, String fullName, Map.Entry<String, DataPolicy> entry, PermissionMetaData pmd, String filterString) throws QueryMetadataException {
Criteria filter = (Criteria) pmd.getResolvedCondition();
if (filter == null) {
try {
filter = QueryParser.getQueryParser().parseCriteria(filterString);
GroupSymbol gs = group;
if (group.getDefinition() != null) {
gs = new GroupSymbol(fullName);
gs.setMetadataID(group.getMetadataID());
}
Collection<GroupSymbol> groups = Arrays.asList(gs);
for (SubqueryContainer container : ValueIteratorProviderCollectorVisitor.getValueIteratorProviders(filter)) {
container.getCommand().pushNewResolvingContext(groups);
QueryResolver.resolveCommand(container.getCommand(), metadata, false);
}
ResolverVisitor.resolveLanguageObject(filter, groups, metadata);
ValidatorReport report = Validator.validate(filter, metadata, new ValidationVisitor());
if (report.hasItems()) {
ValidatorFailure firstFailure = report.getItems().iterator().next();
// $NON-NLS-1$
throw new QueryMetadataException(QueryPlugin.Event.TEIID31129, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31129, entry.getKey(), fullName) + " " + firstFailure);
}
pmd.setResolvedCondition(filter.clone());
} catch (QueryMetadataException e) {
throw e;
} catch (TeiidException e) {
throw new QueryMetadataException(QueryPlugin.Event.TEIID31129, e, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31129, entry.getKey(), fullName));
}
} else {
filter = (Criteria) filter.clone();
}
return filter;
}
Also used :
ValidationVisitor(org.teiid.query.validator.ValidationVisitor)
ValidatorFailure(org.teiid.query.validator.ValidatorFailure)
GroupSymbol(org.teiid.query.sql.symbol.GroupSymbol)
QueryMetadataException(org.teiid.api.exception.query.QueryMetadataException)
ValidatorReport(org.teiid.query.validator.ValidatorReport)
TeiidException(org.teiid.core.TeiidException)
Example 4 with ValidatorFailure
use of org.teiid.query.validator.ValidatorFailure in project teiid by teiid.
the class ColumnMaskingHelper method maskColumn.
private static Expression maskColumn(ElementSymbol col, GroupSymbol unaliased, QueryMetadataInterface metadata, ExpressionMappingVisitor emv, Map<String, DataPolicy> policies, CommandContext cc) throws TeiidComponentException, TeiidProcessingException {
Object metadataID = col.getMetadataID();
String fullName = metadata.getFullName(metadataID);
final GroupSymbol group = col.getGroupSymbol();
String elementType = metadata.getElementRuntimeTypeName(col.getMetadataID());
Class<?> expectedType = DataTypeManager.getDataTypeClass(elementType);
List<WhenThen> cases = null;
Collection<GroupSymbol> groups = Arrays.asList(unaliased);
for (Map.Entry<String, DataPolicy> entry : policies.entrySet()) {
DataPolicyMetadata dpm = (DataPolicyMetadata) entry.getValue();
PermissionMetaData pmd = dpm.getPermissionMap().get(fullName);
if (pmd == null) {
continue;
}
String maskString = pmd.getMask();
if (maskString == null) {
continue;
}
Criteria condition = null;
if (pmd.getCondition() != null) {
condition = RowBasedSecurityHelper.resolveCondition(metadata, group, metadata.getFullName(group.getMetadataID()), entry, pmd, pmd.getCondition());
} else {
condition = QueryRewriter.TRUE_CRITERIA;
}
Expression mask = (Expression) pmd.getResolvedMask();
if (mask == null) {
try {
mask = QueryParser.getQueryParser().parseExpression(pmd.getMask());
for (SubqueryContainer container : ValueIteratorProviderCollectorVisitor.getValueIteratorProviders(mask)) {
container.getCommand().pushNewResolvingContext(groups);
QueryResolver.resolveCommand(container.getCommand(), metadata, false);
}
ResolverVisitor.resolveLanguageObject(mask, groups, metadata);
ValidatorReport report = Validator.validate(mask, metadata, new ValidationVisitor());
if (report.hasItems()) {
ValidatorFailure firstFailure = report.getItems().iterator().next();
// $NON-NLS-1$
throw new QueryMetadataException(QueryPlugin.Event.TEIID31139, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31139, dpm.getName(), fullName) + " " + firstFailure);
}
if (mask.getType() != expectedType) {
mask = ResolverUtil.convertExpression(mask, elementType, metadata);
}
pmd.setResolvedMask(mask.clone());
if (!dpm.isAnyAuthenticated()) {
// we treat this as user deterministic since the data roles won't change. this may change if the logic becomes dynamic
// TODO: this condition may not even be used
cc.setDeterminismLevel(Determinism.USER_DETERMINISTIC);
}
} catch (QueryMetadataException e) {
throw e;
} catch (TeiidException e) {
throw new QueryMetadataException(QueryPlugin.Event.TEIID31129, e, QueryPlugin.Util.gs(QueryPlugin.Event.TEIID31129, dpm.getName(), fullName));
}
} else {
mask = (Expression) mask.clone();
}
if (group.getDefinition() != null) {
PreOrPostOrderNavigator.doVisit(mask, emv, PreOrPostOrderNavigator.PRE_ORDER, true);
}
if (cases == null) {
cases = new ArrayList<ColumnMaskingHelper.WhenThen>();
}
cases.add(new WhenThen(pmd.getOrder(), condition, mask));
}
if (cases == null) {
return col;
}
Collections.sort(cases);
List<Criteria> whens = new ArrayList<Criteria>();
List<Expression> thens = new ArrayList<Expression>();
for (WhenThen whenThen : cases) {
whens.add(whenThen.when);
thens.add(whenThen.then);
}
SearchedCaseExpression sce = new SearchedCaseExpression(whens, thens);
sce.setElseExpression(col);
sce.setType(expectedType);
Expression mask = QueryRewriter.rewriteExpression(sce, cc, metadata, true);
return mask;
}
Also used :
ValidationVisitor(org.teiid.query.validator.ValidationVisitor)
ArrayList(java.util.ArrayList)
Criteria(org.teiid.query.sql.lang.Criteria)
ValidatorFailure(org.teiid.query.validator.ValidatorFailure)
DataPolicyMetadata(org.teiid.adminapi.impl.DataPolicyMetadata)
DataPolicy(org.teiid.adminapi.DataPolicy)
SubqueryContainer(org.teiid.query.sql.lang.SubqueryContainer)
QueryMetadataException(org.teiid.api.exception.query.QueryMetadataException)
ValidatorReport(org.teiid.query.validator.ValidatorReport)
TeiidException(org.teiid.core.TeiidException)
SearchedCaseExpression(org.teiid.query.sql.symbol.SearchedCaseExpression)
SearchedCaseExpression(org.teiid.query.sql.symbol.SearchedCaseExpression)
Expression(org.teiid.query.sql.symbol.Expression)
GroupSymbol(org.teiid.query.sql.symbol.GroupSymbol)
Map(java.util.Map)
PermissionMetaData(org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)
Example 5 with ValidatorFailure
use of org.teiid.query.validator.ValidatorFailure in project teiid by teiid.
the class TestProcedurePlanner method helpPlanProcedure.
// ################ getReplacementClause tests ###################
private ProcessorPlan helpPlanProcedure(String userQuery, String procedure, TriggerEvent procedureType) throws TeiidComponentException, QueryMetadataException, TeiidProcessingException {
QueryMetadataInterface metadata = RealMetadataFactory.exampleUpdateProc(procedureType, procedure);
QueryParser parser = QueryParser.getQueryParser();
Command userCommand = userQuery != null ? parser.parseCommand(userQuery) : parser.parseCommand(procedure);
if (userCommand instanceof CreateProcedureCommand) {
GroupSymbol gs = new GroupSymbol("proc");
gs.setMetadataID(new TempMetadataID("proc", Collections.EMPTY_LIST));
((CreateProcedureCommand) userCommand).setVirtualGroup(gs);
}
QueryResolver.resolveCommand(userCommand, metadata);
ValidatorReport report = Validator.validate(userCommand, metadata);
if (report.hasItems()) {
ValidatorFailure firstFailure = report.getItems().iterator().next();
throw new QueryValidatorException(firstFailure.getMessage());
}
userCommand = QueryRewriter.rewrite(userCommand, metadata, null);
AnalysisRecord analysisRecord = new AnalysisRecord(false, DEBUG);
try {
return QueryOptimizer.optimizePlan(userCommand, metadata, null, new DefaultCapabilitiesFinder(), analysisRecord, null);
} finally {
if (DEBUG) {
System.out.println(analysisRecord.getDebugLog());
}
}
}
Also used :
QueryParser(org.teiid.query.parser.QueryParser)
AnalysisRecord(org.teiid.query.analysis.AnalysisRecord)
CreateProcedureCommand(org.teiid.query.sql.proc.CreateProcedureCommand)
CreateProcedureCommand(org.teiid.query.sql.proc.CreateProcedureCommand)
Command(org.teiid.query.sql.lang.Command)
ValidatorFailure(org.teiid.query.validator.ValidatorFailure)
QueryValidatorException(org.teiid.api.exception.query.QueryValidatorException)
GroupSymbol(org.teiid.query.sql.symbol.GroupSymbol)
TempMetadataID(org.teiid.query.metadata.TempMetadataID)
QueryMetadataInterface(org.teiid.query.metadata.QueryMetadataInterface)
DefaultCapabilitiesFinder(org.teiid.query.optimizer.capabilities.DefaultCapabilitiesFinder)
ValidatorReport(org.teiid.query.validator.ValidatorReport)
Aggregations
ValidatorFailure (org.teiid.query.validator.ValidatorFailure)7
ValidatorReport (org.teiid.query.validator.ValidatorReport)6
Command (org.teiid.query.sql.lang.Command)3
GroupSymbol (org.teiid.query.sql.symbol.GroupSymbol)3
QueryMetadataException (org.teiid.api.exception.query.QueryMetadataException)2
QueryValidatorException (org.teiid.api.exception.query.QueryValidatorException)2
TeiidException (org.teiid.core.TeiidException)2
AnalysisRecord (org.teiid.query.analysis.AnalysisRecord)2
DefaultCapabilitiesFinder (org.teiid.query.optimizer.capabilities.DefaultCapabilitiesFinder)2
QueryParser (org.teiid.query.parser.QueryParser)2
ValidationVisitor (org.teiid.query.validator.ValidationVisitor)2
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
Map (java.util.Map)1
DataPolicy (org.teiid.adminapi.DataPolicy)1
DataPolicyMetadata (org.teiid.adminapi.impl.DataPolicyMetadata)1
PermissionMetaData (org.teiid.adminapi.impl.DataPolicyMetadata.PermissionMetaData)1
VDBMetaData (org.teiid.adminapi.impl.VDBMetaData)1
MetadataException (org.teiid.metadata.MetadataException)1
MetadataStore (org.teiid.metadata.MetadataStore)1
