Add EXTERNAL resource type. (#12896)

This is used to control access to the EXTERN function, which allows
reading external data in SQL. The EXTERN function is not usable in
production as of today, but it is used by the task-based SQL engine
contemplated in #12262.
This commit is contained in:
Gian Merlino 2022-08-12 10:57:30 -07:00 committed by GitHub
parent 3a3271eddc
commit 836430019a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 4 deletions

View File

@ -34,6 +34,7 @@ public class ResourceType
public static final String STATE = "STATE"; public static final String STATE = "STATE";
public static final String SYSTEM_TABLE = "SYSTEM_TABLE"; public static final String SYSTEM_TABLE = "SYSTEM_TABLE";
public static final String QUERY_CONTEXT = "QUERY_CONTEXT"; public static final String QUERY_CONTEXT = "QUERY_CONTEXT";
public static final String EXTERNAL = "EXTERNAL";
private static final Set<String> KNOWN_TYPES = Sets.newConcurrentHashSet(); private static final Set<String> KNOWN_TYPES = Sets.newConcurrentHashSet();
@ -45,6 +46,7 @@ public class ResourceType
registerResourceType(STATE); registerResourceType(STATE);
registerResourceType(SYSTEM_TABLE); registerResourceType(SYSTEM_TABLE);
registerResourceType(QUERY_CONTEXT); registerResourceType(QUERY_CONTEXT);
registerResourceType(EXTERNAL);
} }
/** /**

View File

@ -35,6 +35,7 @@ import org.apache.druid.segment.column.RowSignature;
import org.apache.druid.server.security.Action; import org.apache.druid.server.security.Action;
import org.apache.druid.server.security.Resource; import org.apache.druid.server.security.Resource;
import org.apache.druid.server.security.ResourceAction; import org.apache.druid.server.security.ResourceAction;
import org.apache.druid.server.security.ResourceType;
import org.apache.druid.sql.calcite.expression.AuthorizableOperator; import org.apache.druid.sql.calcite.expression.AuthorizableOperator;
import org.apache.druid.sql.calcite.expression.DruidExpression; import org.apache.druid.sql.calcite.expression.DruidExpression;
import org.apache.druid.sql.calcite.expression.SqlOperatorConversion; import org.apache.druid.sql.calcite.expression.SqlOperatorConversion;
@ -55,11 +56,9 @@ public class ExternalOperatorConversion implements SqlOperatorConversion
{ {
public static final String FUNCTION_NAME = "EXTERN"; public static final String FUNCTION_NAME = "EXTERN";
// EXTERNAL is not an "official" resource type (it doesn't appear as a constant in the ResourceType class). // Resource that allows reading external data via SQL.
// It is here so we can write tests that check that authorization works as expected, like CalciteInsertDmlTest.
// This should be rethought before the functionality is exposed to end users.
public static final ResourceAction EXTERNAL_RESOURCE_ACTION = public static final ResourceAction EXTERNAL_RESOURCE_ACTION =
new ResourceAction(new Resource("EXTERNAL", "EXTERNAL"), Action.READ); new ResourceAction(new Resource("EXTERNAL", ResourceType.EXTERNAL), Action.READ);
private static final RelDataTypeFactory TYPE_FACTORY = new SqlTypeFactoryImpl(DruidTypeSystem.INSTANCE); private static final RelDataTypeFactory TYPE_FACTORY = new SqlTypeFactoryImpl(DruidTypeSystem.INSTANCE);