Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
/*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.trino.plugin.hive.security;
import io.trino.plugin.hive.authentication.HiveIdentity;
import io.trino.plugin.hive.metastore.Table;
import io.trino.spi.connector.ConnectorAccessControl;
import io.trino.spi.connector.ConnectorSecurityContext;
import io.trino.spi.connector.SchemaRoutineName;
import io.trino.spi.connector.SchemaTableName;
import io.trino.spi.security.Privilege;
import io.trino.spi.security.TrinoPrincipal;
import io.trino.spi.security.ViewExpression;
import io.trino.spi.type.Type;
import javax.inject.Inject;
import java.util.Optional;
import java.util.Set;
import static io.trino.spi.security.AccessDeniedException.denyAddColumn;
import static io.trino.spi.security.AccessDeniedException.denyCommentColumn;
import static io.trino.spi.security.AccessDeniedException.denyCommentTable;
import static io.trino.spi.security.AccessDeniedException.denyDropColumn;
import static io.trino.spi.security.AccessDeniedException.denyDropTable;
import static io.trino.spi.security.AccessDeniedException.denyRenameColumn;
import static io.trino.spi.security.AccessDeniedException.denyRenameTable;
import static java.lang.String.format;
import static java.util.Objects.requireNonNull;
public class LegacyAccessControl
implements ConnectorAccessControl
{
private final LegacyAccessControlMetastore accessControlMetastore;
private final boolean allowDropTable;
private final boolean allowRenameTable;
private final boolean allowCommentTable;
private final boolean allowCommentColumn;
private final boolean allowAddColumn;
private final boolean allowDropColumn;
private final boolean allowRenameColumn;
@Inject
public LegacyAccessControl(
LegacyAccessControlMetastore accessControlMetastore,
LegacySecurityConfig securityConfig)
{
this.accessControlMetastore = requireNonNull(accessControlMetastore, "accessControlMetastore is null");
requireNonNull(securityConfig, "securityConfig is null");
allowDropTable = securityConfig.getAllowDropTable();
allowRenameTable = securityConfig.getAllowRenameTable();
allowCommentTable = securityConfig.getAllowCommentTable();
allowCommentColumn = securityConfig.getAllowCommentColumn();
allowAddColumn = securityConfig.getAllowAddColumn();
allowDropColumn = securityConfig.getAllowDropColumn();
allowRenameColumn = securityConfig.getAllowRenameColumn();
}
@Override
public void checkCanCreateSchema(ConnectorSecurityContext context, String schemaName)
{
}
@Override
public void checkCanDropSchema(ConnectorSecurityContext context, String schemaName)
{
}
@Override
public void checkCanRenameSchema(ConnectorSecurityContext context, String schemaName, String newSchemaName)
{
}
@Override
public void checkCanSetSchemaAuthorization(ConnectorSecurityContext context, String schemaName, TrinoPrincipal principal)
{
}
@Override
public void checkCanShowSchemas(ConnectorSecurityContext context)
{
}
@Override
public Set filterSchemas(ConnectorSecurityContext context, Set schemaNames)
{
return schemaNames;
}
@Override
public void checkCanShowCreateSchema(ConnectorSecurityContext context, String schemaName)
{
}
@Override
public void checkCanShowCreateTable(ConnectorSecurityContext context, SchemaTableName tableName)
{
}
@Override
public void checkCanCreateTable(ConnectorSecurityContext context, SchemaTableName tableName)
{
}
@Override
public void checkCanDropTable(ConnectorSecurityContext context, SchemaTableName tableName)
{
if (!allowDropTable) {
denyDropTable(tableName.toString());
}
Optional
target = accessControlMetastore.getTable(context, new HiveIdentity(context.getIdentity()), tableName.getSchemaName(), tableName.getTableName());
if (target.isEmpty()) {
denyDropTable(tableName.toString(), "Table not found");
}
if (!context.getIdentity().getUser().equals(target.get().getOwner())) {
denyDropTable(tableName.toString(), format("Owner of the table ('%s') is different from session user ('%s')", target.get().getOwner(), context.getIdentity().getUser()));
}
}
@Override
public void checkCanRenameTable(ConnectorSecurityContext context, SchemaTableName tableName, SchemaTableName newTableName)
{
if (!allowRenameTable) {
denyRenameTable(tableName.toString(), newTableName.toString());
}
}
@Override
public void checkCanSetTableComment(ConnectorSecurityContext context, SchemaTableName tableName)
{
if (!allowCommentTable) {
denyCommentTable(tableName.toString());
}
}
@Override
public void checkCanSetColumnComment(ConnectorSecurityContext context, SchemaTableName tableName)
{
if (!allowCommentColumn) {
denyCommentColumn(tableName.toString());
}
}
@Override
public void checkCanShowTables(ConnectorSecurityContext context, String schemaName)
{
}
@Override
public Set filterTables(ConnectorSecurityContext context, Set tableNames)
{
return tableNames;
}
@Override
public void checkCanShowColumns(ConnectorSecurityContext context, SchemaTableName tableName)
{
}
@Override
public Set filterColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set columns)
{
return columns;
}
@Override
public void checkCanAddColumn(ConnectorSecurityContext context, SchemaTableName tableName)
{
if (!allowAddColumn) {
denyAddColumn(tableName.toString());
}
}
@Override
public void checkCanDropColumn(ConnectorSecurityContext context, SchemaTableName tableName)
{
if (!allowDropColumn) {
denyDropColumn(tableName.toString());
}
}
@Override
public void checkCanRenameColumn(ConnectorSecurityContext context, SchemaTableName tableName)
{
if (!allowRenameColumn) {
denyRenameColumn(tableName.toString());
}
}
@Override
public void checkCanSetTableAuthorization(ConnectorSecurityContext context, SchemaTableName tableName, TrinoPrincipal principal)
{
}
@Override
public void checkCanSelectFromColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set columnNames)
{
}
@Override
public void checkCanInsertIntoTable(ConnectorSecurityContext context, SchemaTableName tableName)
{
}
@Override
public void checkCanDeleteFromTable(ConnectorSecurityContext context, SchemaTableName tableName)
{
}
@Override
public void checkCanUpdateTableColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set updatedColumns)
{
}
@Override
public void checkCanCreateView(ConnectorSecurityContext context, SchemaTableName viewName)
{
}
@Override
public void checkCanRenameView(ConnectorSecurityContext context, SchemaTableName viewName, SchemaTableName newViewName)
{
}
@Override
public void checkCanSetViewAuthorization(ConnectorSecurityContext context, SchemaTableName viewName, TrinoPrincipal principal)
{
}
@Override
public void checkCanDropView(ConnectorSecurityContext context, SchemaTableName viewName)
{
}
@Override
public void checkCanCreateViewWithSelectFromColumns(ConnectorSecurityContext context, SchemaTableName tableName, Set columnNames)
{
}
@Override
public void checkCanCreateMaterializedView(ConnectorSecurityContext context, SchemaTableName materializedViewName)
{
}
@Override
public void checkCanRefreshMaterializedView(ConnectorSecurityContext context, SchemaTableName materializedViewName)
{
}
@Override
public void checkCanDropMaterializedView(ConnectorSecurityContext context, SchemaTableName materializedViewName)
{
}
@Override
public void checkCanSetCatalogSessionProperty(ConnectorSecurityContext context, String propertyName)
{
}
@Override
public void checkCanGrantSchemaPrivilege(ConnectorSecurityContext context, Privilege privilege, String schemaName, TrinoPrincipal grantee, boolean grantOption)
{
}
@Override
public void checkCanRevokeSchemaPrivilege(ConnectorSecurityContext context, Privilege privilege, String schemaName, TrinoPrincipal revokee, boolean grantOption)
{
}
@Override
public void checkCanGrantTablePrivilege(ConnectorSecurityContext context, Privilege privilege, SchemaTableName tableName, TrinoPrincipal grantee, boolean grantOption)
{
}
@Override
public void checkCanRevokeTablePrivilege(ConnectorSecurityContext context, Privilege privilege, SchemaTableName tableName, TrinoPrincipal revokee, boolean grantOption)
{
}
@Override
public void checkCanCreateRole(ConnectorSecurityContext context, String role, Optional grantor)
{
}
@Override
public void checkCanDropRole(ConnectorSecurityContext context, String role)
{
}
@Override
public void checkCanGrantRoles(ConnectorSecurityContext context, Set roles, Set grantees, boolean adminOption, Optional grantor, String catalogName)
{
}
@Override
public void checkCanRevokeRoles(ConnectorSecurityContext context, Set roles, Set grantees, boolean adminOption, Optional grantor, String catalogName)
{
}
@Override
public void checkCanSetRole(ConnectorSecurityContext context, String role, String catalogName)
{
}
@Override
public void checkCanShowRoleAuthorizationDescriptors(ConnectorSecurityContext context, String catalogName)
{
}
@Override
public void checkCanShowRoles(ConnectorSecurityContext context, String catalogName)
{
}
@Override
public void checkCanShowCurrentRoles(ConnectorSecurityContext context, String catalogName)
{
}
@Override
public void checkCanShowRoleGrants(ConnectorSecurityContext context, String catalogName)
{
}
@Override
public void checkCanExecuteProcedure(ConnectorSecurityContext context, SchemaRoutineName procedure)
{
}
@Override
public Optional getRowFilter(ConnectorSecurityContext context, SchemaTableName tableName)
{
return Optional.empty();
}
@Override
public Optional getColumnMask(ConnectorSecurityContext context, SchemaTableName tableName, String columnName, Type type)
{
return Optional.empty();
}
}
