Verify SQL MERGE access control checks #13664
Conversation
djsstarburst
force-pushed
the
david.stryker/merge-access-control
branch
from
0ecc938
to
ff18825
Compare
testing/trino-testing/src/main/java/io/trino/testing/BaseConnectorTest.java
Outdated
Show resolved
Hide resolved
djsstarburst
force-pushed
the
david.stryker/merge-access-control
branch
from
ff18825
to
4560ff9
Compare
djsstarburst
force-pushed
the
david.stryker/merge-access-control
branch
from
4560ff9
to
c342350
Compare
|
@electrum suggested that I move this test to I added another commit to the start of my PR that moves the MERGE access control checks up to the top of @electrum produced an ersatz implementation of MERGE for Blackhole, and maybe that makes sense as a followup. But at this point, I’m mildly in favor of merging my existing PR, now with the commit that does access checks earlier. |
I don't see how that PR can work, because the body of |
|
It works because the Black Hole connector doesn't store or produce data (unless you ask it to produce nulls), so there is nothing to match or update. You can see that |
djsstarburst
force-pushed
the
david.stryker/merge-access-control
branch
from
c342350
to
fbec671
Compare
|
I rebased on top of tip master, which has @electrum's ersatz implementation of MERGE for the Blackhole connector. That let me remove the test from I think this now satisfies the concerns raised, and is ready to merge. |
| .findFirst() | ||
| .ifPresent(mergeCase -> accessControl.checkCanDeleteFromTable(session.toSecurityContext(), tableName)); | ||
|
|
||
| ImmutableSet.Builder<String> allUpdateColumnNamesBuilder = ImmutableSet.builder(); |
There was a problem hiding this comment.
Nit: we can use HashSet here with the variable named allUpdateColumnNames since we are just building this to pass to a function. Using an immutable builder is overkill and makes the code harder to read.
|
|
||
| assertUpdate(format("CREATE TABLE %s (nation_name VARCHAR, region_name VARCHAR)", targetTable)); | ||
|
|
||
| assertUpdate(format("INSERT INTO %s (nation_name, region_name) VALUES ('FRANCE', 'EUROPE'), ('ALGERIA', 'AFRICA'), ('GERMANY', 'EUROPE')", targetTable), 3); |
There was a problem hiding this comment.
No need to insert data, since we aren't testing the actual merge functionality, and the blackhole connector will discard the data anyway. (so it's confusing to the reader as to why we do it)
| assertUpdate("DROP TABLE " + targetTable); | ||
| } | ||
|
|
||
| private void withPrivilegeDenied(String tableName, TestingPrivilegeType type, Runnable runnable) |
|
|
||
| // Show that without SELECT on the source table, the MERGE fails regardless of which case is included | ||
| for (String mergeCase : ImmutableList.of(deleteCase, updateCase, insertCase)) { | ||
| withPrivilegeDenied(sourceTable, SELECT_COLUMN, () -> |
There was a problem hiding this comment.
Use assertAccessDenied, like the other tests in this class.
|
Blackhole should be able to run the final |
djsstarburst
force-pushed
the
david.stryker/merge-access-control
branch
from
fbec671
to
2574eb0
Compare
Added. |
This commit adds a MERGE test in TestAccessControl that verifies that in order execute a MERGE, you must have appropriate access control rights. Specifically, if there is a source table, you must have SELECT on the table columns referenced; if the MERGE does inserts, you must have INSERT on the target table; if the MERGE does deletes you must have DELETE on the target table; and if the MERGE does updates, you must have UPDATE on the target table.
djsstarburst
force-pushed
the
david.stryker/merge-access-control
branch
from
2574eb0
to
6ddca49
Compare
|
Thanks! |
Description
This commit adds a MERGE test in BaseConnectorTest that verifies
that in order execute a MERGE, you must have appropriate access
control rights. Specifically, if there is a source table, you must
have SELECT on the table columns referenced; if the MERGE does
inserts, you must have INSERT on the target table; if the MERGE
does deletes you must have DELETE on the target table; and if
the MERGE does updates, you must have UPDATE on the target
table.
It is an added test.
None of the above.
Related issues, pull requests, and links
Documentation
(x) No documentation is needed.
( ) Sufficient documentation is included in this PR.
( ) Documentation PR is available with #prnumber.
( ) Documentation issue #issuenumber is filed, and can be handled later.
Release notes
(x) No release notes entries required.
( ) Release notes entries required with the following suggested text: