if (owner.isPresent() && !owner.get().equals(session.getIdentity().getUser())) { identity = new Identity(owner.get(), Optional.empty()); viewAccessControl = new ViewAccessControl(accessControl); identity = session.getIdentity(); viewAccessControl = accessControl; Session viewSession = Session.builder(metadata.getSessionPropertyManager()) .setQueryId(session.getQueryId()) .setTransactionId(session.getTransactionId().orElse(null)) .setIdentity(identity) .setSource(session.getSource().orElse(null)) .setCatalog(catalog.orElse(null)) return queryScope.getRelationType().withAlias(name.getObjectName(), null);
@Override public String toString() { return toStringHelper(this) .add("queryId", queryId) .add("transactionId", transactionId) .add("user", getUser()) .add("principal", getIdentity().getPrincipal().orElse(null)) .add("source", source.orElse(null)) .add("catalog", catalog.orElse(null)) .add("schema", schema.orElse(null)) .add("path", path) .add("traceToken", traceToken.orElse(null)) .add("timeZoneKey", timeZoneKey) .add("locale", locale) .add("remoteUserAddress", remoteUserAddress.orElse(null)) .add("userAgent", userAgent.orElse(null)) .add("clientInfo", clientInfo.orElse(null)) .add("clientTags", clientTags) .add("clientCapabilities", clientCapabilities) .add("resourceEstimates", resourceEstimates) .add("startTime", startTime) .omitNullValues() .toString(); }
public SessionRepresentation toSessionRepresentation() { return new SessionRepresentation( queryId.toString(), transactionId, clientTransactionSupport, identity.getUser(), identity.getPrincipal().map(Principal::toString), source, catalog, schema, path, traceToken, timeZoneKey, locale, remoteUserAddress, userAgent, clientInfo, clientTags, clientCapabilities, resourceEstimates, startTime, systemProperties, connectorProperties, unprocessedCatalogProperties, preparedStatements); }
partitionName = Optional.of(FileUtils.makePartName(partitionColumnNames, partitionValues)); partitionName = Optional.empty(); Optional<Partition> partition = Optional.empty(); if (!partitionValues.isEmpty() && table != null) { partition = pageSinkMetadataProvider.getPartition(partitionValues); nodeManager.getCurrentNode().getVersion(), nodeManager.getCurrentNode().getHttpUri().getHost(), session.getIdentity().getPrincipal().map(Principal::getName).orElse(null), nodeManager.getEnvironment(), sessionProperties,
requireNonNull(query, "query is null"); checkArgument(!query.isEmpty(), "query must not be empty string"); checkArgument(!queryTracker.tryGetQuery(queryId).isPresent(), "query %s already exists", queryId); Optional<String> queryType = getQueryType(preparedQuery.getStatement().getClass()).map(Enum::name); selectionContext = resourceGroupManager.selectGroup(new SelectionCriteria( sessionContext.getIdentity().getPrincipal().isPresent(), sessionContext.getIdentity().getUser(), Optional.ofNullable(sessionContext.getSource()), sessionContext.getClientTags(), queryExecution.getSession().getTransactionId().ifPresent(transactionManager::trySetInactive); session = Session.builder(new SessionPropertyManager()) .setQueryId(queryId) .setIdentity(sessionContext.getIdentity()) .setPath(new SqlPath(Optional.empty())) .build(); QUERY_STATE_LOG.debug(e, "Query %s failed", session.getQueryId());
if (owner.isPresent()) { identity = new Identity(owner.get(), Optional.empty()); viewAccessControl = new ViewAccessControl(accessControl); identity = session.getIdentity(); viewAccessControl = accessControl; Session viewSession = Session.builder(metadata.getSessionPropertyManager()) .setQueryId(session.getQueryId()) .setTransactionId(session.getTransactionId().orElse(null)) .setIdentity(identity) .setSource(session.getSource().orElse(null)) .setCatalog(catalog.orElse(null))
private static ClientSession toClientSession(Session session, URI server, Duration clientRequestTimeout) ImmutableMap.Builder<String, String> properties = ImmutableMap.builder(); properties.putAll(session.getSystemProperties()); for (Entry<String, Map<String, String>> connectorProperties : session.getUnprocessedCatalogProperties().entrySet()) { for (Entry<String, String> entry : connectorProperties.getValue().entrySet()) { properties.put(connectorProperties.getKey() + "." + entry.getKey(), entry.getValue()); ImmutableMap.Builder<String, String> resourceEstimates = ImmutableMap.builder(); ResourceEstimates estimates = session.getResourceEstimates(); estimates.getExecutionTime().ifPresent(e -> resourceEstimates.put(EXECUTION_TIME, e.toString())); estimates.getCpuTime().ifPresent(e -> resourceEstimates.put(CPU_TIME, e.toString())); estimates.getPeakMemory().ifPresent(e -> resourceEstimates.put(PEAK_MEMORY, e.toString())); session.getIdentity().getUser(), session.getSource().orElse(null), session.getTraceToken(),
@Test public void testNoCatalogAccessControl() { TransactionManager transactionManager = createTestTransactionManager(); AccessControlManager accessControlManager = new AccessControlManager(transactionManager); TestSystemAccessControlFactory accessControlFactory = new TestSystemAccessControlFactory("test"); accessControlManager.addSystemAccessControlFactory(accessControlFactory); accessControlManager.setSystemAccessControl("test", ImmutableMap.of()); transaction(transactionManager, accessControlManager) .execute(transactionId -> { accessControlManager.checkCanSelectFromColumns(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new QualifiedObjectName("catalog", "schema", "table"), ImmutableSet.of("column")); }); }
private Session getSession(String user) { return testSessionBuilder() .setCatalog(queryRunner.getDefaultSession().getCatalog().get()) .setSchema(queryRunner.getDefaultSession().getSchema().get()) .setIdentity(new Identity(user, Optional.empty())).build(); } }
public TestingConnectorSession( String user, Optional<String> source, Optional<String> traceToken, TimeZoneKey timeZoneKey, Locale locale, long startTime, List<PropertyMetadata<?>> propertyMetadatas, Map<String, Object> propertyValues, boolean isLegacyTimestamp) { this.queryId = queryIdGenerator.createNextQueryId().toString(); this.identity = new Identity(requireNonNull(user, "user is null"), Optional.empty()); this.source = requireNonNull(source, "source is null"); this.traceToken = requireNonNull(traceToken, "traceToken is null"); this.timeZoneKey = requireNonNull(timeZoneKey, "timeZoneKey is null"); this.locale = requireNonNull(locale, "locale is null"); this.startTime = startTime; this.properties = Maps.uniqueIndex(propertyMetadatas, PropertyMetadata::getName); this.propertyValues = ImmutableMap.copyOf(propertyValues); this.isLegacyTimestamp = isLegacyTimestamp; }
@Test public void testCurrentUserInView() { checkState(getSession().getCatalog().isPresent(), "catalog is not set"); checkState(getSession().getSchema().isPresent(), "schema is not set"); String testAccountsUnqualifiedName = "test_accounts"; String testAccountsViewUnqualifiedName = "test_accounts_view"; String testAccountsViewFullyQualifiedName = format("%s.%s.%s", getSession().getCatalog().get(), getSession().getSchema().get(), testAccountsViewUnqualifiedName); assertUpdate(format("CREATE TABLE %s AS SELECT user_name, account_name" + " FROM (VALUES ('user1', 'account1'), ('user2', 'account2'))" + " t (user_name, account_name)", testAccountsUnqualifiedName), 2); assertUpdate(format("CREATE VIEW %s AS SELECT account_name FROM test_accounts WHERE user_name = CURRENT_USER", testAccountsViewUnqualifiedName)); assertUpdate(format("GRANT SELECT ON %s TO user1", testAccountsViewFullyQualifiedName)); assertUpdate(format("GRANT SELECT ON %s TO user2", testAccountsViewFullyQualifiedName)); Session user1 = testSessionBuilder() .setCatalog(getSession().getCatalog().get()) .setSchema(getSession().getSchema().get()) .setIdentity(new Identity("user1", getSession().getIdentity().getPrincipal())) .build(); Session user2 = testSessionBuilder() .setCatalog(getSession().getCatalog().get()) .setSchema(getSession().getSchema().get()) .setIdentity(new Identity("user2", getSession().getIdentity().getPrincipal())) .build(); assertQuery(user1, "SELECT account_name FROM test_accounts_view", "VALUES 'account1'"); assertQuery(user2, "SELECT account_name FROM test_accounts_view", "VALUES 'account2'"); assertUpdate("DROP VIEW test_accounts_view"); assertUpdate("DROP TABLE test_accounts"); }
accessControl.checkCanSetUser(identity.getPrincipal(), identity.getUser()); SessionBuilder sessionBuilder = Session.builder(sessionPropertyManager) .setQueryId(queryId) .setIdentity(identity) .setSource(context.getSource()) .setCatalog(context.getCatalog()) .setSchema(context.getSchema()) sessionBuilder.setPath(new SqlPath(Optional.of(context.getPath()))); Session session = sessionBuilder.build(); if (context.getTransactionId().isPresent()) { session = session.beginTransactionId(context.getTransactionId().get(), transactionManager, accessControl);
@Test public void testViewAccessControl() .setIdentity(new Identity("test_view_access_owner", Optional.empty())) .setCatalog(getSession().getCatalog().get()) .setSchema(getSession().getSchema().get()) .build(); "SELECT * FROM test_view_access", "View owner 'test_view_access_owner' cannot create view that selects from .*.orders.*", privilege(viewOwnerSession.getUser(), "orders", CREATE_VIEW_WITH_SELECT_COLUMNS)); .setIdentity(new Identity("test_nested_view_access_owner", Optional.empty())) .setCatalog(getSession().getCatalog().get()) .setSchema(getSession().getSchema().get())
@Override public void checkCanDropTable(ConnectorTransactionHandle transaction, Identity identity, SchemaTableName tableName) { if (!allowDropTable) { denyDropTable(tableName.toString()); } Optional<Table> target = metastoreProvider.apply(((HiveTransactionHandle) transaction)).getTable(tableName.getSchemaName(), tableName.getTableName()); if (!target.isPresent()) { denyDropTable(tableName.toString(), "Table not found"); } if (!identity.getUser().equals(target.get().getOwner())) { denyDropTable(tableName.toString(), "Owner of the table is different from session user"); } }
checkArgument(getPrestoQueryId(partition).isPresent()); Map<List<String>, Action<PartitionAndMore>> partitionActionsOfTable = partitionActions.computeIfAbsent(new SchemaTableName(databaseName, tableName), k -> new HashMap<>()); Action<PartitionAndMore> oldPartitionAction = partitionActionsOfTable.get(partition.getValues()); partitionActionsOfTable.put( partition.getValues(), new Action<>(ActionType.ADD, new PartitionAndMore(partition, currentLocation, Optional.empty(), statistics, statistics), context)); return; if (!oldPartitionAction.getContext().getIdentity().getUser().equals(session.getUser())) { throw new PrestoException(TRANSACTION_CONFLICT, "Operation on the same partition with different user in the same transaction is not supported"); new Action<>(ActionType.ALTER, new PartitionAndMore(partition, currentLocation, Optional.empty(), statistics, statistics), context)); break;
@Test public void testApplyDefaultProperties() Session session = Session.builder(new SessionPropertyManager()) .setQueryId(new QueryId("test_query_id")) .setIdentity(new Identity("testUser", Optional.empty())) .setSystemProperty(QUERY_MAX_MEMORY, "1GB") assertEquals(session.getSystemProperties(), ImmutableMap.<String, String>builder() .put(QUERY_MAX_MEMORY, "1GB") .put(JOIN_DISTRIBUTION_TYPE, "partitioned") .build()); assertEquals( session.getUnprocessedCatalogProperties(), .build())); session = sessionPropertyDefaults.newSessionWithDefaultProperties(session, Optional.empty(), TEST_RESOURCE_GROUP_ID);
public ClientSession toClientSession(URI server, boolean debug, Duration clientRequestTimeout) { ImmutableMap.Builder<String, String> properties = ImmutableMap.builder(); properties.putAll(systemProperties); for (Entry<String, Map<String, String>> catalogProperties : this.catalogProperties.entrySet()) { String catalog = catalogProperties.getKey(); for (Entry<String, String> entry : catalogProperties.getValue().entrySet()) { properties.put(catalog + "." + entry.getKey(), entry.getValue()); } } return new ClientSession( requireNonNull(server, "server is null"), identity.getUser(), source.orElse(null), catalog.orElse(null), schema.orElse(null), timeZoneKey.getId(), locale, properties.build(), transactionId.map(TransactionId::toString).orElse(null), debug, clientRequestTimeout); }
public static SessionBuilder testSessionBuilder(SessionPropertyManager sessionPropertyManager) { return Session.builder(sessionPropertyManager) .setQueryId(queryIdGenerator.createNextQueryId()) .setIdentity(new Identity("user", Optional.empty())) .setSource("test") .setCatalog("catalog") .setSchema("schema") .setPath(new SqlPath(Optional.of("path"))) .setTimeZoneKey(DEFAULT_TIME_ZONE_KEY) .setLocale(ENGLISH) .setRemoteUserAddress("address") .setUserAgent("agent"); }
public GlueHiveMetastore(HdfsEnvironment hdfsEnvironment, GlueHiveMetastoreConfig glueConfig, AWSGlueAsync glueClient) { this.hdfsEnvironment = requireNonNull(hdfsEnvironment, "hdfsEnvironment is null"); this.hdfsContext = new HdfsContext(new Identity(DEFAULT_METASTORE_USER, Optional.empty())); this.glueClient = requireNonNull(glueClient, "glueClient is null"); this.defaultDir = glueConfig.getDefaultWarehouseDir(); }