RANGER-2826: updated Presto plugin to support PrestoSQL version 333

Signed-off-by: Madhan Neethiraj <madhan@apache.org>
apache · May 17, 2020 · 454537a · 454537a
1 parent acd7516
commit 454537a
Show file tree

Hide file tree

Showing 7 changed files with 580 additions and 54 deletions.
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-presto.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-presto.json
@@ -113,7 +113,8 @@
       "validationMessage": "",
       "uiHint": "",
       "label": "Presto User",
-      "description": "Presto User"
+      "description": "Presto User",
+      "accessTypeRestrictions": ["impersonate"]
     },
     {
       "itemId": 6,
@@ -134,7 +135,8 @@
       "validationMessage": "",
       "uiHint": "",
       "label": "System Property",
-      "description": "Presto System Property"
+      "description": "Presto System Property",
+      "accessTypeRestrictions": ["alter"]
     },
     {
       "itemId": 7,
@@ -155,7 +157,52 @@
       "validationMessage": "",
       "uiHint": "",
       "label": "Catalog Session Property",
-      "description": "Presto Catalog Session Property"
+      "description": "Presto Catalog Session Property",
+      "accessTypeRestrictions": ["alter"]
+    },
+    {
+      "itemId": 8,
+      "name": "function",
+      "type": "string",
+      "level": 10,
+      "parent": "",
+      "mandatory": true,
+      "lookupSupported": false,
+      "recursiveSupported": false,
+      "excludesSupported": false,
+      "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+      "matcherOptions": {
+        "wildCard": true,
+        "ignoreCase": true
+      },
+      "validationRegEx": "",
+      "validationMessage": "",
+      "uiHint": "",
+      "label": "Presto Function",
+      "description": "Presto Function",
+      "accessTypeRestrictions": ["execute", "grant"]
+    },
+    {
+      "itemId": 9,
+      "name": "procedure",
+      "type": "string",
+      "level": 30,
+      "parent": "schema",
+      "mandatory": true,
+      "lookupSupported": false,
+      "recursiveSupported": false,
+      "excludesSupported": false,
+      "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+      "matcherOptions": {
+        "wildCard": true,
+        "ignoreCase": true
+      },
+      "validationRegEx": "",
+      "validationMessage": "",
+      "uiHint": "",
+      "label": "Schema Procedure",
+      "description": "Schema Procedure",
+      "accessTypeRestrictions": ["execute", "grant"]
     }
   ],
   "accessTypes": [
@@ -229,8 +276,14 @@
         "grant",
         "revoke",
         "show",
-        "impersonate"
+        "impersonate",
+        "execute"
       ]
+    },
+    {
+      "itemId": 13,
+      "name": "execute",
+      "label": "execute"
     }
   ],
   "configs": [

diff --git a/...ain/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java b/...ain/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
diff --git a/...java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControlTest.java b/...java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControlTest.java
@@ -19,6 +19,7 @@
 
 import com.google.common.collect.ImmutableSet;
 import io.prestosql.spi.connector.CatalogSchemaName;
+import io.prestosql.spi.connector.CatalogSchemaRoutineName;
 import io.prestosql.spi.connector.CatalogSchemaTableName;
 import io.prestosql.spi.connector.SchemaTableName;
 import io.prestosql.spi.security.AccessDeniedException;
@@ -60,6 +61,8 @@ public class RangerSystemAccessControlTest {
   private static final CatalogSchemaTableName aliceTable = new CatalogSchemaTableName("alice-catalog", "schema","table");
   private static final CatalogSchemaTableName aliceView = new CatalogSchemaTableName("alice-catalog", "schema","view");
 
+  private static final CatalogSchemaRoutineName aliceProcedure = new CatalogSchemaRoutineName("alice-catalog", "schema", "procedure");
+  private static final String functionName = new String("function");
 
   @BeforeClass
   public static void setUpBeforeClass() throws Exception {
@@ -116,6 +119,9 @@ public void testSchemaOperations()
       accessControlManager.checkCanCreateSchema(context(bob), aliceSchema);
     } catch (AccessDeniedException expected) {
     }
+
+    accessControlManager.checkCanSetSchemaAuthorization(context(alice), aliceSchema, new PrestoPrincipal(USER, "principal"));
+    accessControlManager.checkCanShowCreateSchema(context(alice), aliceSchema);
   }
 
   @Test
@@ -177,9 +183,13 @@ public void testMisc()
 
     ret = accessControlManager.getRowFilter(context(alice), aliceTable);
     assertFalse(ret.isPresent());
+
+    accessControlManager.checkCanExecuteFunction(context(alice), functionName);
+    accessControlManager.checkCanGrantExecuteFunctionPrivilege(context(alice), functionName, new PrestoPrincipal(USER, "grantee"), true);
+    accessControlManager.checkCanExecuteProcedure(context(alice), aliceProcedure);
   }
 
   private SystemSecurityContext context(Identity id) {
-    return new SystemSecurityContext(id);
+    return new SystemSecurityContext(id, Optional.empty());
   }
 }