You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2022/05/10 17:07:52 UTC
[ranger] branch ranger-2.3 updated: Revert "RANGER-3182: Rename Prestosql to Trino"
This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.3 by this push:
new c4923f885 Revert "RANGER-3182: Rename Prestosql to Trino"
c4923f885 is described below
commit c4923f885a8c1a03d7ef81ecd989463593d71851
Author: Ramesh Mani <rm...@cloudera.com>
AuthorDate: Tue May 10 10:07:05 2022 -0700
Revert "RANGER-3182: Rename Prestosql to Trino"
This reverts commit e64833bbd87298e55cf24bf43989eadb08741abf.
---
agents-common/scripts/enable-agent.sh | 34 -
.../plugin/store/EmbeddedServiceDefsUtil.java | 8 +-
.../service-defs/ranger-servicedef-trino.json | 473 --------
distro/pom.xml | 30 -
distro/src/main/assembly/admin-web.xml | 19 -
distro/src/main/assembly/plugin-trino.xml | 222 ----
.../services/presto/client/PrestoClient.java | 12 -
plugin-trino/.gitignore | 1 -
plugin-trino/conf/ranger-policymgr-ssl-changes.cfg | 21 -
plugin-trino/conf/ranger-policymgr-ssl.xml | 49 -
plugin-trino/conf/ranger-trino-audit-changes.cfg | 74 --
plugin-trino/conf/ranger-trino-audit.xml | 216 ----
.../conf/ranger-trino-security-changes.cfg | 28 -
plugin-trino/conf/ranger-trino-security.xml | 74 --
plugin-trino/pom.xml | 136 ---
plugin-trino/scripts/install.properties | 177 ---
.../authorizer/RangerSystemAccessControl.java | 902 ---------------
.../ranger/services/trino/RangerServiceTrino.java | 125 --
.../ranger/services/trino/client/TrinoClient.java | 570 ---------
.../trino/client/TrinoConnectionManager.java | 94 --
.../trino/client/TrinoResourceManager.java | 178 ---
.../trino/authorizer/RangerAdminClientImpl.java | 43 -
.../authorizer/RangerSystemAccessControlTest.java | 195 ----
plugin-trino/src/test/resources/logback.xml | 32 -
.../src/test/resources/ranger-trino-security.xml | 52 -
.../src/test/resources/trino-policies.json | 1214 --------------------
pom.xml | 29 -
ranger-trino-plugin-shim/.gitignore | 1 -
ranger-trino-plugin-shim/pom.xml | 198 ----
.../trino/authorizer/RangerConfig.java | 69 --
.../authorizer/RangerSystemAccessControl.java | 625 ----------
.../RangerSystemAccessControlFactory.java | 61 -
.../trino/authorizer/TrinoRangerPlugin.java | 32 -
.../META-INF/services/io.trino.spi.Plugin | 15 -
34 files changed, 1 insertion(+), 6008 deletions(-)
diff --git a/agents-common/scripts/enable-agent.sh b/agents-common/scripts/enable-agent.sh
index b04f359d9..ad021feee 100755
--- a/agents-common/scripts/enable-agent.sh
+++ b/agents-common/scripts/enable-agent.sh
@@ -218,12 +218,6 @@ elif [ "${HCOMPONENT_NAME}" = "presto" ]; then
echo "INFO: Creating ${HCOMPONENT_LIB_DIR}"
mkdir -p ${HCOMPONENT_LIB_DIR}
fi
-elif [ "${HCOMPONENT_NAME}" = "trino" ]; then
- HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/plugin/ranger
- if [ ! -d "${HCOMPONENT_LIB_DIR}" ]; then
- echo "INFO: Creating ${HCOMPONENT_LIB_DIR}"
- mkdir -p ${HCOMPONENT_LIB_DIR}
- fi
fi
HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/conf
@@ -254,8 +248,6 @@ elif [ "${HCOMPONENT_NAME}" = "elasticsearch" ]; then
fi
elif [ "${HCOMPONENT_NAME}" = "presto" ]; then
HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/etc
-elif [ "${HCOMPONENT_NAME}" = "trino" ]; then
- HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/etc
fi
HCOMPONENT_ARCHIVE_CONF_DIR=${HCOMPONENT_CONF_DIR}/.archive
@@ -816,32 +808,6 @@ then
ln -sf ${HCOMPONENT_CONF_DIR} conf
fi
-if [ "${HCOMPONENT_NAME}" = "trino" ]
-then
- if [ "${action}" = "enable" ]
- then
- controlName="ranger"
- else
- controlName="allow-all"
- fi
- dt=`date '+%Y%m%d%H%M%S'`
- fn=`ls ${HCOMPONENT_CONF_DIR}/access-control.properties 2> /dev/null`
- if [ -f "${fn}" ]
- then
- dn=`dirname ${fn}`
- bn=`basename ${fn}`
- bf=${dn}/.${bn}.${dt}
- echo "backup of ${fn} to ${bf} ..."
- cp ${fn} ${bf}
- else
- fn=${HCOMPONENT_CONF_DIR}/access-control.properties
- fi
- echo "Add or Update properties file: [${fn}] ... "
- addOrUpdatePropertyToFile access-control.name $controlName ${fn}
- echo "Linking config files"
- cd ${HCOMPONENT_LIB_DIR}/ranger-trino-plugin-impl/
- ln -sf ${HCOMPONENT_CONF_DIR} conf
-fi
#
# Set notice to restart the ${HCOMPONENT_NAME}
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
index db629c85d..5ff782f9e 100755
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
@@ -49,7 +49,7 @@ public class EmbeddedServiceDefsUtil {
// following servicedef list should be reviewed/updated whenever a new embedded service-def is added
- public static final String DEFAULT_BOOTSTRAP_SERVICEDEF_LIST = "tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr,atlas,nifi,nifi-registry,sqoop,kylin,elasticsearch,presto,trino,ozone,kudu,schema-registry";
+ public static final String DEFAULT_BOOTSTRAP_SERVICEDEF_LIST = "tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr,atlas,nifi,nifi-registry,sqoop,kylin,elasticsearch,presto,ozone,kudu,schema-registry";
private static final String PROPERTY_SUPPORTED_SERVICE_DEFS = "ranger.supportedcomponents";
private Set<String> supportedServiceDefs;
public static final String EMBEDDED_SERVICEDEF_TAG_NAME = "tag";
@@ -72,7 +72,6 @@ public class EmbeddedServiceDefsUtil {
public static final String EMBEDDED_SERVICEDEF_ABFS_NAME = "abfs";
public static final String EMBEDDED_SERVICEDEF_ELASTICSEARCH_NAME = "elasticsearch";
public static final String EMBEDDED_SERVICEDEF_PRESTO_NAME = "presto";
- public static final String EMBEDDED_SERVICEDEF_TRINO_NAME = "trino";
public static final String EMBEDDED_SERVICEDEF_OZONE_NAME = "ozone";
public static final String EMBEDDED_SERVICEDEF_KUDU_NAME = "kudu";
@@ -91,7 +90,6 @@ public class EmbeddedServiceDefsUtil {
public static final String NIFI_IMPL_CLASS_NAME = "org.apache.ranger.services.nifi.RangerServiceNiFi";
public static final String ATLAS_IMPL_CLASS_NAME = "org.apache.ranger.services.atlas.RangerServiceAtlas";
public static final String PRESTO_IMPL_CLASS_NAME = "org.apache.ranger.services.presto.RangerServicePresto";
- public static final String TRINO_IMPL_CLASS_NAME = "org.apache.ranger.services.trino.RangerServiceTrino";
public static final String OZONE_IMPL_CLASS_NAME = "org.apache.ranger.services.ozone.RangerServiceOzone";
public static final String KUDU_IMPL_CLASS_NAME = "org.apache.ranger.services.kudu.RangerServiceKudu";
@@ -117,7 +115,6 @@ public class EmbeddedServiceDefsUtil {
private RangerServiceDef abfsServiceDef;
private RangerServiceDef elasticsearchServiceDef;
private RangerServiceDef prestoServiceDef;
- private RangerServiceDef trinoServiceDef;
private RangerServiceDef ozoneServiceDef;
private RangerServiceDef kuduServiceDef;
@@ -167,7 +164,6 @@ public class EmbeddedServiceDefsUtil {
kylinServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_KYLIN_NAME);
abfsServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_ABFS_NAME);
elasticsearchServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_ELASTICSEARCH_NAME);
- trinoServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_TRINO_NAME);
prestoServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_PRESTO_NAME);
ozoneServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_OZONE_NAME);
kuduServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_KUDU_NAME);
@@ -250,8 +246,6 @@ public class EmbeddedServiceDefsUtil {
public long getAbfsServiceDefId() { return getId(abfsServiceDef); }
- public long getTrinoServiceDefId() { return getId(trinoServiceDef); }
-
public long getPrestoServiceDefId() { return getId(prestoServiceDef); }
public long getOzoneServiceDefId() { return getId(ozoneServiceDef); }
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-trino.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-trino.json
deleted file mode 100644
index 88a57e1f0..000000000
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-trino.json
+++ /dev/null
@@ -1,473 +0,0 @@
-{
- "id": 203,
- "name": "trino",
- "displayName": "trino",
- "implClass": "org.apache.ranger.services.trino.RangerServiceTrino",
- "label": "Trino",
- "description": "Trino",
- "guid": "379a9fe5-1b6e-4091-a584-4890e245e6c1",
- "resources": [
- {
- "itemId": 1,
- "name": "catalog",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino Catalog",
- "description": "Trino Catalog"
- },
- {
- "itemId": 2,
- "name": "schema",
- "type": "string",
- "level": 20,
- "parent": "catalog",
- "mandatory": true,
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino Schema",
- "description": "Trino Schema"
- },
- {
- "itemId": 3,
- "name": "table",
- "type": "string",
- "level": 30,
- "parent": "schema",
- "mandatory": true,
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino Table",
- "description": "Trino Table"
- },
- {
- "itemId": 4,
- "name": "column",
- "type": "string",
- "level": 40,
- "parent": "table",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino Column",
- "description": "Trino Column"
- },
- {
- "itemId": 5,
- "name": "trinouser",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino User",
- "description": "Trino User",
- "accessTypeRestrictions": ["impersonate"]
- },
- {
- "itemId": 6,
- "name": "systemproperty",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "System Property",
- "description": "Trino System Property",
- "accessTypeRestrictions": ["alter"]
- },
- {
- "itemId": 7,
- "name": "sessionproperty",
- "type": "string",
- "level": 20,
- "parent": "catalog",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Catalog Session Property",
- "description": "Trino Catalog Session Property",
- "accessTypeRestrictions": ["alter"]
- },
- {
- "itemId": 8,
- "name": "function",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino Function",
- "description": "Trino Function",
- "accessTypeRestrictions": ["execute", "grant"]
- },
- {
- "itemId": 9,
- "name": "procedure",
- "type": "string",
- "level": 30,
- "parent": "schema",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Schema Procedure",
- "description": "Schema Procedure",
- "accessTypeRestrictions": ["execute", "grant"]
- }
- ],
- "accessTypes": [
- {
- "itemId": 1,
- "name": "select",
- "label": "Select"
- },
- {
- "itemId": 2,
- "name": "insert",
- "label": "Insert"
- },
- {
- "itemId": 3,
- "name": "create",
- "label": "Create"
- },
- {
- "itemId": 4,
- "name": "drop",
- "label": "Drop"
- },
- {
- "itemId": 5,
- "name": "delete",
- "label": "Delete"
- },
- {
- "itemId": 6,
- "name": "use",
- "label": "Use"
- },
- {
- "itemId": 7,
- "name": "alter",
- "label": "Alter"
- },
- {
- "itemId": 8,
- "name": "grant",
- "label": "Grant"
- },
- {
- "itemId": 9,
- "name": "revoke",
- "label": "Revoke"
- },
- {
- "itemId": 10,
- "name": "show",
- "label": "Show"
- },
- {
- "itemId": 11,
- "name": "impersonate",
- "label": "Impersonate"
- },
- {
- "itemId": 12,
- "name": "all",
- "label": "All",
- "impliedGrants": [
- "select",
- "insert",
- "create",
- "delete",
- "drop",
- "use",
- "alter",
- "grant",
- "revoke",
- "show",
- "impersonate",
- "execute"
- ]
- },
- {
- "itemId": 13,
- "name": "execute",
- "label": "execute"
- }
- ],
- "configs": [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "mandatory": true,
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Username"
- },
- {
- "itemId": 2,
- "name": "password",
- "type": "password",
- "mandatory": false,
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Password"
- },
- {
- "itemId": 3,
- "name": "jdbc.driverClassName",
- "type": "string",
- "mandatory": true,
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "defaultValue": "io.trino.jdbc.TrinoDriver"
- },
- {
- "itemId": 4,
- "name": "jdbc.url",
- "type": "string",
- "mandatory": true,
- "defaultValue": "",
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": ""
- }
- ],
- "enums": [
- ],
- "contextEnrichers": [
- ],
- "policyConditions":
- [
- ],
- "dataMaskDef": {
- "accessTypes": [
- {
- "name": "select"
- }
- ],
- "resources": [
- {
- "name": "catalog",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- },
- {
- "name": "schema",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- },
- {
- "name": "table",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- },
- {
- "name": "column",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- }
- ],
- "maskTypes": [
- {
- "itemId": 1,
- "name": "MASK",
- "label": "Redact",
- "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'",
- "transformer": "cast(regexp_replace(regexp_replace(regexp_replace({col},'([A-Z])', 'X'),'([a-z])','x'),'([0-9])','0') as {type})",
- "dataMaskOptions": {
- }
- },
- {
- "itemId": 2,
- "name": "MASK_SHOW_LAST_4",
- "label": "Partial mask: show last 4",
- "description": "Show last 4 characters; replace rest with 'X'",
- "transformer": "cast(regexp_replace({col}, '(.*)(.{4}$)', x -> regexp_replace(x[1], '.', 'X') || x[2]) as {type})"
- },
- {
- "itemId": 3,
- "name": "MASK_SHOW_FIRST_4",
- "label": "Partial mask: show first 4",
- "description": "Show first 4 characters; replace rest with 'x'",
- "transformer": "cast(regexp_replace({col}, '(^.{4})(.*)', x -> x[1] || regexp_replace(x[2], '.', 'X')) as {type})"
- },
- {
- "itemId": 4,
- "name": "MASK_HASH",
- "label": "Hash",
- "description": "Hash the value of a varchar with sha256",
- "transformer": "cast(to_hex(sha256(to_utf8({col}))) as {type})"
- },
- {
- "itemId": 5,
- "name": "MASK_NULL",
- "label": "Nullify",
- "description": "Replace with NULL"
- },
- {
- "itemId": 6,
- "name": "MASK_NONE",
- "label": "Unmasked (retain original value)",
- "description": "No masking"
- },
- {
- "itemId": 12,
- "name": "MASK_DATE_SHOW_YEAR",
- "label": "Date: show only year",
- "description": "Date: show only year",
- "transformer": "date_trunc('year', {col})"
- },
- {
- "itemId": 13,
- "name": "CUSTOM",
- "label": "Custom",
- "description": "Custom"
- }
- ]
- },
- "rowFilterDef": {
- "accessTypes": [
- {
- "name": "select"
- }
- ],
- "resources": [
- {
- "name": "catalog",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "mandatory": true,
- "uiHint": "{ \"singleValue\":true }"
- },
- {
- "name": "schema",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "mandatory": true,
- "uiHint": "{ \"singleValue\":true }"
- },
- {
- "name": "table",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "mandatory": true,
- "uiHint": "{ \"singleValue\":true }"
- }
- ]
- }
-
-}
\ No newline at end of file
diff --git a/distro/pom.xml b/distro/pom.xml
index 45a2164a6..201b9562f 100644
--- a/distro/pom.xml
+++ b/distro/pom.xml
@@ -75,7 +75,6 @@
<descriptor>src/main/assembly/plugin-elasticsearch.xml</descriptor>
<descriptor>src/main/assembly/plugin-schema-registry.xml</descriptor>
<descriptor>src/main/assembly/plugin-presto.xml</descriptor>
- <descriptor>src/main/assembly/plugin-trino.xml</descriptor>
<descriptor>src/main/assembly/sample-client.xml</descriptor>
</descriptors>
</configuration>
@@ -526,35 +525,6 @@
</plugins>
</build>
</profile>
- <profile>
- <id>ranger-trino-plugin</id>
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-assembly-plugin</artifactId>
- <version>${assembly.plugin.version}</version>
- <configuration>
- <finalName>ranger-${project.version}</finalName>
- <outputDirectory>../target</outputDirectory>
- </configuration>
- <executions>
- <execution>
- <goals>
- <goal>single</goal>
- </goals>
- <phase>package</phase>
- <configuration>
- <skipAssembly>false</skipAssembly>
- <descriptors>
- <descriptor>src/main/assembly/plugin-trino.xml</descriptor>
- </descriptors>
- </configuration>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
- </profile>
<profile>
<id>ranger-presto-plugin</id>
<build>
diff --git a/distro/src/main/assembly/admin-web.xml b/distro/src/main/assembly/admin-web.xml
index 388707a73..9095b3392 100644
--- a/distro/src/main/assembly/admin-web.xml
+++ b/distro/src/main/assembly/admin-web.xml
@@ -480,25 +480,6 @@
</binaries>
</moduleSet>
- <moduleSet>
- <useAllReactorProjects>true</useAllReactorProjects>
- <includes>
- <include>org.apache.ranger:ranger-trino-plugin</include>
- </includes>
- <binaries>
- <outputDirectory>ews/webapp/WEB-INF/classes/ranger-plugins/trino</outputDirectory>
- <includeDependencies>true</includeDependencies>
- <unpack>false</unpack>
- <directoryMode>755</directoryMode>
- <fileMode>644</fileMode>
- <includes>
- <include>org.apache.ranger:ranger-trino-plugin</include>
- <include>io.trino:trino-spi:jar:${trino.version}</include>
- <include>io.trino:trino-jdbc:jar:${trino.version}</include>
- </includes>
- </binaries>
- </moduleSet>
-
<moduleSet>
<useAllReactorProjects>true</useAllReactorProjects>
<includes>
diff --git a/distro/src/main/assembly/plugin-trino.xml b/distro/src/main/assembly/plugin-trino.xml
deleted file mode 100644
index 781c86b11..000000000
--- a/distro/src/main/assembly/plugin-trino.xml
+++ /dev/null
@@ -1,222 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<assembly>
- <id>trino-plugin</id>
- <formats>
- <format>tar.gz</format>
- </formats>
- <baseDirectory>${project.parent.name}-${project.version}-trino-plugin</baseDirectory>
- <includeBaseDirectory>true</includeBaseDirectory>
- <moduleSets>
- <moduleSet>
- <useAllReactorProjects>true</useAllReactorProjects>
- <includes>
- <include>org.apache.ranger:ranger-trino-plugin-shim</include>
- <include>org.apache.ranger:ranger-plugin-classloader</include>
- </includes>
- <binaries>
- <outputDirectory>lib</outputDirectory>
- <includeDependencies>true</includeDependencies>
- <unpack>false</unpack>
- <directoryMode>755</directoryMode>
- <fileMode>644</fileMode>
- <includes>
- <include>com.google.inject:guice:jar:${trino.guice.version}</include>
- <include>com.google.guava:guava:jar:${trino.guava.version}</include>
- <include>io.airlift:bootstrap:jar:${trino.airlift.version}</include>
- <include>io.airlift:log:jar:${trino.airlift.version}</include>
- <include>io.airlift:log-manager:jar:${trino.airlift.version}</include>
- <include>io.airlift:configuration:jar:${trino.airlift.version}</include>
- <include>javax.validation:validation-api:jar:${trino.validation-api.version}</include>
- <include>javax.inject:javax.inject:jar:${javax-inject.version}</include>
- <include>org.apache.bval:bval-jsr:jar:${trino.bval-jsr.version}</include>
- <include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include>
- <include>org.slf4j:slf4j-simple:jar:${slf4j.version}</include>
- <include>javax.annotation:javax.annotation-api:jar:${javax.annotation-api}</include>
- <include>com.fasterxml.jackson.core:jackson-core:jar:${fasterxml.jackson.version}</include>
- </includes>
- </binaries>
- </moduleSet>
-
- <moduleSet>
- <useAllReactorProjects>true</useAllReactorProjects>
- <includes>
- <include>org.apache.ranger:ranger-plugins-audit</include>
- <include>org.apache.ranger:ranger-plugins-cred</include>
- <include>org.apache.ranger:ranger-plugins-common</include>
- <include>org.apache.ranger:ranger-trino-plugin</include>
- </includes>
- <binaries>
- <outputDirectory>lib/ranger-trino-plugin-impl</outputDirectory>
- <includeDependencies>true</includeDependencies>
- <unpack>false</unpack>
- <directoryMode>755</directoryMode>
- <fileMode>644</fileMode>
- <includes>
- <include>com.google.code.gson:gson*</include>
- <include>org.eclipse.jetty:jetty-client:jar:${jetty-client.version}</include>
- <include>org.apache.httpcomponents:httpmime:jar:${httpcomponents.httpmime.version}</include>
- <include>org.apache.httpcomponents:httpclient:jar:${httpcomponents.httpclient.version}</include>
- <include>org.apache.httpcomponents:httpcore:jar:${httpcomponents.httpcore.version}</include>
- <include>org.noggit:noggit:jar:${noggit.version}</include>
- <include>org.apache.solr:solr-solrj:jar:${solr.version}</include>
- <include>com.sun.jersey:jersey-core</include>
- <include>com.sun.jersey:jersey-server</include>
- <include>commons-cli:commons-cli</include>
- <include>commons-collections:commons-collections</include>
- <include>org.apache.commons:commons-configuration2:jar:${commons.configuration.version}</include>
- <include>commons-codec:commons-codec</include>
- <include>commons-io:commons-io:jar:${commons.io.version}</include>
- <include>commons-lang:commons-lang:jar:${commons.lang.version}</include>
- <include>org.apache.commons:commons-lang3:jar:${commons.lang3.version}</include>
- <include>org.apache.htrace:htrace-core4:jar:${htrace-core.version}</include>
- <include>org.apache.commons:commons-compress:jar:${commons.compress.version}</include>
- <include>org.slf4j:jcl-over-slf4j:jar:${slf4j.version}</include>
- <include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include>
- <include>ch.qos.logback:logback-classic:jar:${logback.version}</include>
- <include>ch.qos.logback:logback-core:jar:${logback.version}</include>
- <include>com.google.guava:guava:jar:${google.guava.version}</include>
- <include>com.google.protobuf:protobuf-java:jar:${protobuf-java.version}</include>
- <include>com.google.re2j:re2j:jar:${trino.re2j.version}</include>
- <include>org.apache.commons:commons-configuration2:jar:${commons.configuration.version}</include>
- <include>org.apache.hadoop:hadoop-common:jar:${hadoop.version}</include>
- <include>org.apache.hadoop:hadoop-common-plus:jar:${hadoop.version}</include>
- <include>org.apache.hadoop:hadoop-auth:jar:${hadoop.version}</include>
- <include>org.apache.hadoop:hadoop-hdfs:jar:${hadoop.version}</include>
- <include>org.apache.ranger:ranger-plugins-cred</include>
- <include>org.apache.ranger:credentialbuilder</include>
- <include>org.codehaus.woodstox:stax2-api</include>
- <include>com.fasterxml.woodstox:woodstox-core</include>
- <include>org.apache.htrace:htrace-core4</include>
- <include>com.sun.jersey:jersey-bundle</include>
- <include>com.sun.jersey:jersey-json</include>
- <include>org.codehaus.jackson:jackson-core-asl</include>
- <include>org.codehaus.jackson:jackson-jaxrs</include>
- <include>org.codehaus.jackson:jackson-mapper-asl</include>
- <include>org.codehaus.jackson:jackson-xc</include>
- <include>org.apache.zookeeper:zookeeper:jar:${zookeeper.version}</include>
- <include>net.java.dev.jna:jna</include>
- <include>net.java.dev.jna:jna-platform</include>
- <include>com.kstruct:gethostname4j</include>
- <include>org.elasticsearch:elasticsearch</include>
- <include>org.elasticsearch:elasticsearch-core</include>
- <include>org.elasticsearch:elasticsearch-x-content</include>
- <include>org.elasticsearch.client:elasticsearch-rest-client</include>
- <include>org.elasticsearch.client:elasticsearch-rest-high-level-client</include>
- <include>org.elasticsearch.plugin:rank-eval-client</include>
- <include>org.elasticsearch.plugin:lang-mustache-client</include>
- <include>org.apache.httpcomponents:httpcore-nio:jar:${httpcomponents.httpcore.version}</include>
- <include>org.apache.httpcomponents:httpasyncclient:jar:${httpcomponents.httpasyncclient.version}</include>
- <include>org.apache.lucene:lucene-core</include>
- <include>joda-time:joda-time</include>
- <include>com.carrotsearch:hppc</include>
- </includes>
- </binaries>
- </moduleSet>
-
- <moduleSet>
- <useAllReactorProjects>true</useAllReactorProjects>
- <includes>
- <include>org.apache.ranger:ranger-plugins-installer</include>
- <include>org.apache.ranger:credentialbuilder</include>
- </includes>
- <binaries>
- <outputDirectory>install/lib</outputDirectory>
- <includeDependencies>true</includeDependencies>
- <unpack>false</unpack>
- <includes>
- <include>commons-cli:commons-cli</include>
- <include>commons-collections:commons-collections</include>
- <include>com.google.guava:guava:jar:${trino.guava.version}</include>
- <include>org.apache.commons:commons-configuration2:jar:${commons.configuration.version}</include>
- <include>commons-io:commons-io:jar:${commons.io.version}</include>
- <include>commons-lang:commons-lang</include>
- <include>org.apache.commons:commons-lang3:jar:${commons.lang3.version}</include>
- <include>org.apache.htrace:htrace-core4:jar:${htrace-core.version}</include>
- <include>org.apache.commons:commons-compress:jar:${commons.compress.version}</include>
- <include>commons-logging:commons-logging:jar:${commons.logging.version}</include>
- <include>com.google.guava:guava:jar:${google.guava.version}</include>
- <include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include>
- <include>org.apache.hadoop:hadoop-common:jar:${hadoop.version}</include>
- <include>org.apache.hadoop:hadoop-auth:jar:${hadoop.version}</include>
- <include>org.codehaus.woodstox:stax2-api</include>
- <include>com.fasterxml.woodstox:woodstox-core</include>
- <include>org.apache.htrace:htrace-core4</include>
- </includes>
- </binaries>
- </moduleSet>
- </moduleSets>
-
- <fileSets>
- <!-- conf.templates for enable -->
- <fileSet>
- <outputDirectory>install/conf.templates/enable</outputDirectory>
- <directory>../plugin-trino/conf</directory>
- <excludes>
- <exclude>*.sh</exclude>
- </excludes>
- <fileMode>700</fileMode>
- </fileSet>
- <fileSet>
- <outputDirectory>install/conf.templates/disable</outputDirectory>
- <directory>../plugin-trino/disable-conf</directory>
- <fileMode>700</fileMode>
- </fileSet>
- <fileSet>
- <outputDirectory>install/conf.templates/default</outputDirectory>
- <directory>../plugin-trino/template</directory>
- <fileMode>700</fileMode>
- </fileSet>
- <!-- version file -->
- <fileSet>
- <outputDirectory></outputDirectory>
- <directory>${project.build.outputDirectory}</directory>
- <includes>
- <include>version</include>
- </includes>
- <fileMode>444</fileMode>
- </fileSet>
- </fileSets>
-
- <!-- enable/disable script for Plugin -->
- <files>
- <file>
- <source>${project.parent.basedir}/agents-common/scripts/enable-agent.sh</source>
- <outputDirectory></outputDirectory>
- <destName>enable-trino-plugin.sh</destName>
- <fileMode>755</fileMode>
- </file>
- <file>
- <source>${project.parent.basedir}/agents-common/scripts/enable-agent.sh</source>
- <outputDirectory></outputDirectory>
- <destName>disable-trino-plugin.sh</destName>
- <fileMode>755</fileMode>
- </file>
- <file>
- <source>${project.parent.basedir}/plugin-trino/scripts/install.properties</source>
- <outputDirectory></outputDirectory>
- <destName>install.properties</destName>
- <fileMode>755</fileMode>
- </file>
- <file>
- <source>${project.parent.basedir}/security-admin/scripts/ranger_credential_helper.py</source>
- <outputDirectory></outputDirectory>
- <fileMode>755</fileMode>
- </file>
- </files>
-</assembly>
diff --git a/plugin-presto/src/main/java/org/apache/ranger/services/presto/client/PrestoClient.java b/plugin-presto/src/main/java/org/apache/ranger/services/presto/client/PrestoClient.java
index ee536ed32..87d35af41 100644
--- a/plugin-presto/src/main/java/org/apache/ranger/services/presto/client/PrestoClient.java
+++ b/plugin-presto/src/main/java/org/apache/ranger/services/presto/client/PrestoClient.java
@@ -23,7 +23,6 @@ import org.apache.commons.lang.StringEscapeUtils;
import org.apache.ranger.plugin.client.BaseClient;
import org.apache.ranger.plugin.client.HadoopConfigHolder;
import org.apache.ranger.plugin.client.HadoopException;
-import org.apache.ranger.plugin.util.PasswordUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -80,17 +79,6 @@ public class PrestoClient extends BaseClient implements Closeable {
String url = prop.getProperty("jdbc.url");
Properties prestoProperties = new Properties();
- String decryptedPwd = null;
- try {
- decryptedPwd=PasswordUtils.decryptPassword(getConfigHolder().getPassword());
- } catch (Exception ex) {
- LOG.info("Password decryption failed");
- decryptedPwd = null;
- } finally {
- if (decryptedPwd == null) {
- decryptedPwd = prop.getProperty(HadoopConfigHolder.RANGER_LOGIN_PASSWORD);
- }
- }
prestoProperties.put(PRESTO_USER_NAME_PROP, prop.getProperty(HadoopConfigHolder.RANGER_LOGIN_USER_NAME_PROP));
if (prop.getProperty(HadoopConfigHolder.RANGER_LOGIN_PASSWORD) != null) {
prestoProperties.put(PRESTO_PASSWORD_PROP, prop.getProperty(HadoopConfigHolder.RANGER_LOGIN_PASSWORD));
diff --git a/plugin-trino/.gitignore b/plugin-trino/.gitignore
deleted file mode 100644
index b83d22266..000000000
--- a/plugin-trino/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/target/
diff --git a/plugin-trino/conf/ranger-policymgr-ssl-changes.cfg b/plugin-trino/conf/ranger-policymgr-ssl-changes.cfg
deleted file mode 100644
index ae347e845..000000000
--- a/plugin-trino/conf/ranger-policymgr-ssl-changes.cfg
+++ /dev/null
@@ -1,21 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SSL Params
-#
-xasecure.policymgr.clientssl.keystore %SSL_KEYSTORE_FILE_PATH% mod create-if-not-exists
-xasecure.policymgr.clientssl.keystore.credential.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
-xasecure.policymgr.clientssl.truststore %SSL_TRUSTSTORE_FILE_PATH% mod create-if-not-exists
-xasecure.policymgr.clientssl.truststore.credential.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
diff --git a/plugin-trino/conf/ranger-policymgr-ssl.xml b/plugin-trino/conf/ranger-policymgr-ssl.xml
deleted file mode 100644
index 21cea432a..000000000
--- a/plugin-trino/conf/ranger-policymgr-ssl.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
- <!-- The following properties are used for 2-way SSL client server validation -->
- <property>
- <name>xasecure.policymgr.clientssl.keystore</name>
- <value>trinoservice-clientcert.jks</value>
- <description>
- Java Keystore files
- </description>
- </property>
- <property>
- <name>xasecure.policymgr.clientssl.truststore</name>
- <value>cacerts-xasecure.jks</value>
- <description>
- java truststore file
- </description>
- </property>
- <property>
- <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
- <value>jceks://file/tmp/keystore-trinoservice-ssl.jceks</value>
- <description>
- java keystore credential file
- </description>
- </property>
- <property>
- <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
- <value>jceks://file/tmp/truststore-trinoservice-ssl.jceks</value>
- <description>
- java truststore credential file
- </description>
- </property>
-</configuration>
diff --git a/plugin-trino/conf/ranger-trino-audit-changes.cfg b/plugin-trino/conf/ranger-trino-audit-changes.cfg
deleted file mode 100644
index 94c2d24ca..000000000
--- a/plugin-trino/conf/ranger-trino-audit-changes.cfg
+++ /dev/null
@@ -1,74 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists
-xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists
-xasecure.audit.hdfs.config.destination.file %XAAUDIT.HDFS.DESTINTATION_FILE% mod create-if-not-exists
-xasecure.audit.hdfs.config.destination.flush.interval.seconds %XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS% mod create-if-not-exists
-xasecure.audit.hdfs.config.destination.rollover.interval.seconds %XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS% mod create-if-not-exists
-xasecure.audit.hdfs.config.destination.open.retry.interval.seconds %XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS% mod create-if-not-exists
-xasecure.audit.hdfs.config.local.buffer.directory %XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY% mod create-if-not-exists
-xasecure.audit.hdfs.config.local.buffer.file %XAAUDIT.HDFS.LOCAL_BUFFER_FILE% mod create-if-not-exists
-xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds %XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS% mod create-if-not-exists
-xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds %XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS% mod create-if-not-exists
-xasecure.audit.hdfs.config.local.archive.directory %XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY% mod create-if-not-exists
-xasecure.audit.hdfs.config.local.archive.max.file.count %XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT% mod create-if-not-exists
-
-xasecure.audit.solr.is.enabled %XAAUDIT.SOLR.IS_ENABLED% mod create-if-not-exists
-xasecure.audit.solr.solr_url %XAAUDIT.SOLR.SOLR_URL% mod create-if-not-exists
-
-#V3 configuration
-xasecure.audit.provider.summary.enabled %XAAUDIT.SUMMARY.ENABLE% mod create-if-not-exists
-
-xasecure.audit.destination.solr %XAAUDIT.SOLR.ENABLE% mod create-if-not-exists
-xasecure.audit.destination.solr.urls %XAAUDIT.SOLR.URL% mod create-if-not-exists
-xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exists
-xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists
-xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists
-xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists
-
-xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists
-xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists
-xasecure.audit.destination.elasticsearch.user %XAAUDIT.ELASTICSEARCH.USER% mod create-if-not-exists
-xasecure.audit.destination.elasticsearch.password %XAAUDIT.ELASTICSEARCH.PASSWORD% mod create-if-not-exists
-xasecure.audit.destination.elasticsearch.index %XAAUDIT.ELASTICSEARCH.INDEX% mod create-if-not-exists
-xasecure.audit.destination.elasticsearch.port %XAAUDIT.ELASTICSEARCH.PORT% mod create-if-not-exists
-xasecure.audit.destination.elasticsearch.protocol %XAAUDIT.ELASTICSEARCH.PROTOCOL% mod create-if-not-exists
-
-xasecure.audit.destination.amazon_cloudwatch %XAAUDIT.AMAZON_CLOUDWATCH.ENABLE% mod create-if-not-exists
-xasecure.audit.destination.amazon_cloudwatch.log_group %XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP% mod create-if-not-exists
-xasecure.audit.destination.amazon_cloudwatch.log_stream_prefix %XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX% mod create-if-not-exists
-xasecure.audit.destination.amazon_cloudwatch.batch.filespool.dir %XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR% mod create-if-not-exists
-xasecure.audit.destination.amazon_cloudwatch.region %XAAUDIT.AMAZON_CLOUDWATCH.REGION% mod create-if-not-exists
-
-xasecure.audit.destination.hdfs %XAAUDIT.HDFS.ENABLE% mod create-if-not-exists
-xasecure.audit.destination.hdfs.batch.filespool.dir %XAAUDIT.HDFS.FILE_SPOOL_DIR% mod create-if-not-exists
-xasecure.audit.destination.hdfs.dir %XAAUDIT.HDFS.HDFS_DIR% mod create-if-not-exists
-
-AZURE.ACCOUNTNAME %XAAUDIT.HDFS.AZURE_ACCOUNTNAME% var
-xasecure.audit.destination.hdfs.config.fs.azure.shellkeyprovider.script %XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER% mod create-if-not-exists
-xasecure.audit.destination.hdfs.config.fs.azure.account.key.%AZURE.ACCOUNTNAME%.blob.core.windows.net %XAAUDIT.HDFS.AZURE_ACCOUNTKEY% mod create-if-not-exists
-xasecure.audit.destination.hdfs.config.fs.azure.account.keyprovider.%AZURE.ACCOUNTNAME%.blob.core.windows.net %XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER% mod create-if-not-exists
-
-#xasecure.audit.destination.file %XAAUDIT.FILE.ENABLE% mod create-if-not-exists
-#xasecure.audit.destination.file.dir %XAAUDIT.FILE.DIR% mod create-if-not-exists
-
-#log4j configuration
-xasecure.audit.log4j.is.enabled %XAAUDIT.LOG4J.ENABLE% mod create-if-not-exists
-xasecure.audit.log4j.is.async %XAAUDIT.LOG4J.IS_ASYNC% mod create-if-not-exists
-xasecure.audit.log4j.async.max.queue.size %XAAUDIT.LOG4J.ASYNC.MAX.QUEUE.SIZE% mod create-if-not-exists
-xasecure.audit.log4j.async.max.flush.interval.ms %XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS% mod create-if-not-exists
-xasecure.audit.destination.log4j %XAAUDIT.LOG4J.DESTINATION.LOG4J% mod create-if-not-exists
-xasecure.audit.destination.log4j.logger %XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER% mod create-if-not-exists
diff --git a/plugin-trino/conf/ranger-trino-audit.xml b/plugin-trino/conf/ranger-trino-audit.xml
deleted file mode 100644
index cd5711851..000000000
--- a/plugin-trino/conf/ranger-trino-audit.xml
+++ /dev/null
@@ -1,216 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
- <property>
- <name>xasecure.audit.is.enabled</name>
- <value>true</value>
- </property>
-
- <!-- HDFS audit provider configuration -->
- <property>
- <name>xasecure.audit.hdfs.is.enabled</name>
- <value>false</value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.is.async</name>
- <value>true</value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.async.max.queue.size</name>
- <value>1048576</value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.async.max.flush.interval.ms</name>
- <value>30000</value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.config.encoding</name>
- <value></value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.config.destination.directory</name>
- <value>hdfs://NAMENODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.config.destination.file</name>
- <value>%hostname%-audit.log</value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.config.destination.flush.interval.seconds</name>
- <value>900</value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.config.destination.rollover.interval.seconds</name>
- <value>86400</value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.config.destination.open.retry.interval.seconds</name>
- <value>60</value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.config.local.buffer.directory</name>
- <value>/var/log/trino/audit</value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.config.local.buffer.file</name>
- <value>%time:yyyyMMdd-HHmm.ss%.log</value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.config.local.buffer.file.buffer.size.bytes</name>
- <value>8192</value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds</name>
- <value>60</value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds</name>
- <value>600</value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.config.local.archive.directory</name>
- <value>/var/log/trino/audit/archive</value>
- </property>
-
- <property>
- <name>xasecure.audit.hdfs.config.local.archive.max.file.count</name>
- <value>10</value>
- </property>
-
- <!-- Audit to HDFS on Azure Datastore (WASB) requires v3 style settings. Comment the above and uncomment only the
- following to audit to Azure Blob Datastore via hdfs' WASB schema.
-
- NOTE: If you specify one audit destination in v3 style then other destinations, if any, must also be specified in v3 style
- ====
-
- <property>
- <name>xasecure.audit.destination.hdfs</name>
- <value>enabled</value>
- </property>
-
- <property>
- <name>xasecure.audit.destination.hdfs.dir</name>
- <value>wasb://ranger-audit1@youraccount.blob.core.windows.net</value>
- </property>
-
- the following 3 correspond to the properties with similar name in core-site.xml, i.e.
- - fs.azure.account.key.youraccount.blob.core.windows.net => xasecure.audit.destination.hdfs.config.fs.azure.account.key.youraccount.blob.core.windows.net and
- - fs.azure.account.keyprovider.youraccount.blob.core.windows.net => xasecure.audit.destination.hdfs.config.fs.azure.account.keyprovider.youraccount.blob.core.windows.net,
- - fs.azure.shellkeyprovider.script => xasecure.audit.destination.hdfs.config.fs.azure.shellkeyprovider.script,
-
- <property>
- <name>xasecure.audit.destination.hdfs.config.fs.azure.account.key.youraccount.blob.core.windows.net</name>
- <value>YOUR ENCRYPTED ACCESS KEY</value>
- </property>
-
- <property>
- <name>xasecure.audit.destination.hdfs.config.fs.azure.account.keyprovider.youraccount.blob.core.windows.net</name>
- <value>org.apache.hadoop.fs.azure.ShellDecryptionKeyProvider</value>
- </property>
-
- <property>
- <name>xasecure.audit.destination.hdfs.config.fs.azure.shellkeyprovider.script</name>
- <value>/usr/lib/python2.7/dist-packages/hdinsight_common/decrypt.sh</value>
- </property>
- -->
-
- <!-- Log4j audit provider configuration -->
- <property>
- <name>xasecure.audit.log4j.is.enabled</name>
- <value>false</value>
- </property>
-
- <property>
- <name>xasecure.audit.log4j.is.async</name>
- <value>false</value>
- </property>
-
- <property>
- <name>xasecure.audit.log4j.async.max.queue.size</name>
- <value>10240</value>
- </property>
-
- <property>
- <name>xasecure.audit.log4j.async.max.flush.interval.ms</name>
- <value>30000</value>
- </property>
-
-
- <!-- trino audit provider configuration -->
- <property>
- <name>xasecure.audit.trino.is.enabled</name>
- <value>false</value>
- </property>
-
- <property>
- <name>xasecure.audit.trino.async.max.queue.size</name>
- <value>1</value>
- </property>
-
- <property>
- <name>xasecure.audit.trino.async.max.flush.interval.ms</name>
- <value>1000</value>
- </property>
-
- <property>
- <name>xasecure.audit.trino.broker_list</name>
- <value>localhost:9092</value>
- </property>
-
- <property>
- <name>xasecure.audit.trino.topic_name</name>
- <value>ranger_audits</value>
- </property>
-
- <!-- Ranger audit provider configuration -->
- <property>
- <name>xasecure.audit.solr.is.enabled</name>
- <value>false</value>
- </property>
-
- <property>
- <name>xasecure.audit.solr.async.max.queue.size</name>
- <value>1</value>
- </property>
-
- <property>
- <name>xasecure.audit.solr.async.max.flush.interval.ms</name>
- <value>1000</value>
- </property>
-
- <property>
- <name>xasecure.audit.solr.solr_url</name>
- <value>http://localhost:6083/solr/ranger_audits</value>
- </property>
-</configuration>
diff --git a/plugin-trino/conf/ranger-trino-security-changes.cfg b/plugin-trino/conf/ranger-trino-security-changes.cfg
deleted file mode 100644
index 07e8faab3..000000000
--- a/plugin-trino/conf/ranger-trino-security-changes.cfg
+++ /dev/null
@@ -1,28 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Change the original policy parameter to work with policy manager based.
-#
-#
-ranger.plugin.trino.service.name %REPOSITORY_NAME% mod create-if-not-exists
-
-ranger.plugin.trino.policy.source.impl org.apache.ranger.admin.client.RangerAdminRESTClient mod create-if-not-exists
-
-ranger.plugin.trino.policy.rest.url %POLICY_MGR_URL% mod create-if-not-exists
-ranger.plugin.trino.policy.rest.ssl.config.file %COMPONENT_INSTALL_DIR_NAME%/etc/ranger-policymgr-ssl.xml mod create-if-not-exists
-ranger.plugin.trino.policy.pollIntervalMs 30000 mod create-if-not-exists
-ranger.plugin.trino.policy.cache.dir %POLICY_CACHE_FILE_PATH% mod create-if-not-exists
-ranger.plugin.trino.policy.rest.client.connection.timeoutMs 120000 mod create-if-not-exists
-ranger.plugin.trino.policy.rest.client.read.timeoutMs 30000 mod create-if-not-exists
diff --git a/plugin-trino/conf/ranger-trino-security.xml b/plugin-trino/conf/ranger-trino-security.xml
deleted file mode 100644
index 1b2995a99..000000000
--- a/plugin-trino/conf/ranger-trino-security.xml
+++ /dev/null
@@ -1,74 +0,0 @@
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<configuration>
- <property>
- <name>ranger.plugin.trino.service.name</name>
- <value>trinoservice</value>
- <description>
- Name of the Ranger service containing policies for this Trino instance
- </description>
- </property>
-
- <property>
- <name>ranger.plugin.trino.policy.source.impl</name>
- <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
- <description>
- Class to retrieve policies from the source
- </description>
- </property>
-
- <property>
- <name>ranger.plugin.trino.policy.rest.url</name>
- <value>http://localhost:6080</value>
- <description>
- URL to Ranger Admin
- </description>
- </property>
-
- <property>
- <name>ranger.plugin.trino.policy.rest.ssl.config.file</name>
- <value>/etc/hadoop/conf/ranger-policymgr-ssl.xml</value>
- <description>
- Path to the file containing SSL details to contact Ranger Admin
- </description>
- </property>
-
- <property>
- <name>ranger.plugin.trino.policy.pollIntervalMs</name>
- <value>30000</value>
- <description>
- How often to poll for changes in policies?
- </description>
- </property>
-
- <property>
- <name>ranger.plugin.trino.policy.rest.client.connection.timeoutMs</name>
- <value>30000</value>
- <description>
- S3 Plugin RangerRestClient Connection Timeout in Milli Seconds
- </description>
- </property>
-
- <property>
- <name>ranger.plugin.trino.policy.rest.client.read.timeoutMs</name>
- <value>30000</value>
- <description>
- S3 Plugin RangerRestClient read Timeout in Milli Seconds
- </description>
- </property>
-</configuration>
diff --git a/plugin-trino/pom.xml b/plugin-trino/pom.xml
deleted file mode 100644
index 741ef337e..000000000
--- a/plugin-trino/pom.xml
+++ /dev/null
@@ -1,136 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <artifactId>ranger-trino-plugin</artifactId>
- <name>Trino Security Plugin</name>
- <description>Trino Security Plugin</description>
- <packaging>jar</packaging>
- <properties>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- </properties>
- <parent>
- <groupId>org.apache.ranger</groupId>
- <artifactId>ranger</artifactId>
- <version>2.3.0-SNAPSHOT</version>
- <relativePath>..</relativePath>
- </parent>
- <dependencies>
- <dependency>
- <groupId>io.trino</groupId>
- <artifactId>trino-spi</artifactId>
- <version>${trino.version}</version>
- </dependency>
- <dependency>
- <groupId>io.trino</groupId>
- <artifactId>trino-jdbc</artifactId>
- <version>${trino.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpcore</artifactId>
- <version>${httpcomponents.httpcore.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.zookeeper</groupId>
- <artifactId>zookeeper</artifactId>
- <version>${zookeeper.version}</version>
- <exclusions>
- <exclusion>
- <groupId>io.netty</groupId>
- <artifactId>netty</artifactId>
- </exclusion>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>*</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>*</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>log4j-over-slf4j</artifactId>
- <version>${slf4j.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.ranger</groupId>
- <artifactId>ranger-plugins-common</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.ranger</groupId>
- <artifactId>ranger-plugins-audit</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-lang3</artifactId>
- <version>${commons.lang3.version}</version>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-compress</artifactId>
- <version>${commons.compress.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.htrace</groupId>
- <artifactId>htrace-core4</artifactId>
- <version>${htrace-core.version}</version>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- <version>${slf4j.version}</version>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>jcl-over-slf4j</artifactId>
- <version>${slf4j.version}</version>
- </dependency>
- <dependency>
- <groupId>ch.qos.logback</groupId>
- <artifactId>logback-classic</artifactId>
- <version>${logback.version}</version>
- </dependency>
- <dependency>
- <groupId>ch.qos.logback</groupId>
- <artifactId>logback-core</artifactId>
- <version>${logback.version}</version>
- </dependency>
- </dependencies>
- <build>
- <testResources>
- <testResource>
- <directory>src/test/resources</directory>
- <includes>
- <include>**/*</include>
- </includes>
- <filtering>true</filtering>
- </testResource>
- </testResources>
- </build>
-</project>
diff --git a/plugin-trino/scripts/install.properties b/plugin-trino/scripts/install.properties
deleted file mode 100644
index 3685ed6b4..000000000
--- a/plugin-trino/scripts/install.properties
+++ /dev/null
@@ -1,177 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#
-# Location of Policy Manager URL
-#
-# Example:
-# POLICY_MGR_URL=http://policymanager.xasecure.net:6080
-#
-POLICY_MGR_URL=
-
-#
-# This is the repository name created within policy manager
-#
-# Example:
-# REPOSITORY_NAME=trinodev
-#
-REPOSITORY_NAME=
-
-#
-# Name of the directory where the component's lib and conf directory exist.
-# This location should be relative to the parent of the directory containing
-# the plugin installation files.
-#
-COMPONENT_INSTALL_DIR_NAME=../trino
-
-# Enable audit logs to Solr
-#Example
-#XAAUDIT.SOLR.ENABLE=true
-#XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits
-#XAAUDIT.SOLR.ZOOKEEPER=
-#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/trino/audit/solr/spool
-
-XAAUDIT.SOLR.ENABLE=false
-XAAUDIT.SOLR.URL=NONE
-XAAUDIT.SOLR.USER=NONE
-XAAUDIT.SOLR.PASSWORD=NONE
-XAAUDIT.SOLR.ZOOKEEPER=NONE
-XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/trino/audit/solr/spool
-
-# Enable audit logs to ElasticSearch
-#Example
-#XAAUDIT.ELASTICSEARCH.ENABLE=true
-#XAAUDIT.ELASTICSEARCH.URL=localhost
-#XAAUDIT.ELASTICSEARCH.INDEX=audit
-
-XAAUDIT.ELASTICSEARCH.ENABLE=false
-XAAUDIT.ELASTICSEARCH.URL=NONE
-XAAUDIT.ELASTICSEARCH.USER=NONE
-XAAUDIT.ELASTICSEARCH.PASSWORD=NONE
-XAAUDIT.ELASTICSEARCH.INDEX=NONE
-XAAUDIT.ELASTICSEARCH.PORT=NONE
-XAAUDIT.ELASTICSEARCH.PROTOCOL=NONE
-
-# Enable audit logs to HDFS
-#Example
-#XAAUDIT.HDFS.ENABLE=true
-#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit
-# If using Azure Blob Storage
-#XAAUDIT.HDFS.HDFS_DIR=wasb[s]://<containername>@<accountname>.blob.core.windows.net/<path>
-#XAAUDIT.HDFS.HDFS_DIR=wasb://ranger_audit_container@my-azure-account.blob.core.windows.net/ranger/audit
-#XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/trino/audit/hdfs/spool
-
-XAAUDIT.HDFS.ENABLE=false
-XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit
-XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/trino/audit/hdfs/spool
-
-# Following additional propertis are needed When auditing to Azure Blob Storage via HDFS
-# Get these values from your /etc/hadoop/conf/core-site.xml
-#XAAUDIT.HDFS.HDFS_DIR=wasb[s]://<containername>@<accountname>.blob.core.windows.net/<path>
-XAAUDIT.HDFS.AZURE_ACCOUNTNAME=__REPLACE_AZURE_ACCOUNT_NAME
-XAAUDIT.HDFS.AZURE_ACCOUNTKEY=__REPLACE_AZURE_ACCOUNT_KEY
-XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER=__REPLACE_AZURE_SHELL_KEY_PROVIDER
-XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
-
-#Log4j Audit Provider
-XAAUDIT.LOG4J.ENABLE=false
-XAAUDIT.LOG4J.IS_ASYNC=false
-XAAUDIT.LOG4J.ASYNC.MAX.QUEUE.SIZE=10240
-XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000
-XAAUDIT.LOG4J.DESTINATION.LOG4J=true
-XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
-
-# Enable audit logs to Amazon CloudWatch Logs
-#Example
-#XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=true
-#XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=ranger_audits
-#XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM={instance_id}
-#XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=/var/log/hive/audit/amazon_cloudwatch/spool
-
-XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false
-XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE
-XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE
-XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE
-XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE
-
-# End of V3 properties
-
-
-#
-# Audit to HDFS Configuration
-#
-# If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens
-# that start with __REPLACE__ with appropriate values
-# XAAUDIT.HDFS.IS_ENABLED=true
-# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
-# XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/trino/audit
-# XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/trino/audit/archive
-#
-# Example:
-# XAAUDIT.HDFS.IS_ENABLED=true
-# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://namenode.example.com:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
-# XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/trino/audit
-# XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/trino/audit/archive
-#
-XAAUDIT.HDFS.IS_ENABLED=false
-XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
-XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/trino/audit
-XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/trino/audit/archive
-
-XAAUDIT.HDFS.DESTINTATION_FILE=%hostname%-audit.log
-XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900
-XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400
-XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60
-XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log
-XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
-XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
-XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
-
-#Solr Audit Provider
-XAAUDIT.SOLR.IS_ENABLED=false
-XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
-XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
-XAAUDIT.SOLR.SOLR_URL=http://localhost:6083/solr/ranger_audits
-
-# End of V2 properties
-
-#
-# SSL Client Certificate Information
-#
-# Example:
-# SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
-# SSL_KEYSTORE_PASSWORD=none
-# SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
-# SSL_TRUSTSTORE_PASSWORD=none
-#
-# You do not need use SSL between agent and security admin tool, please leave these sample value as it is.
-#
-SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
-SSL_KEYSTORE_PASSWORD=myKeyFilePassword
-SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
-SSL_TRUSTSTORE_PASSWORD=changeit
-
-#
-# Custom component user
-# CUSTOM_COMPONENT_USER=<custom-user>
-# keep blank if component user is default
-CUSTOM_USER=trino
-
-
-#
-# Custom component group
-# CUSTOM_COMPONENT_GROUP=<custom-group>
-# keep blank if component group is default
-CUSTOM_GROUP=hadoop
diff --git a/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java b/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
deleted file mode 100644
index cc06187f4..000000000
--- a/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
+++ /dev/null
@@ -1,902 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.ranger.authorization.trino.authorizer;
-
-import io.trino.spi.connector.CatalogSchemaName;
-import io.trino.spi.connector.CatalogSchemaRoutineName;
-import io.trino.spi.connector.CatalogSchemaTableName;
-import io.trino.spi.connector.SchemaTableName;
-import io.trino.spi.security.AccessDeniedException;
-import io.trino.spi.security.TrinoPrincipal;
-import io.trino.spi.security.Privilege;
-import io.trino.spi.security.SystemAccessControl;
-import io.trino.spi.security.SystemSecurityContext;
-import io.trino.spi.security.ViewExpression;
-import io.trino.spi.type.Type;
-import org.apache.commons.lang.StringUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
-import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
-import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-import org.apache.ranger.plugin.service.RangerBasePlugin;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.IOException;
-import java.net.URL;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Optional;
-import java.util.Set;
-
-import static java.util.Locale.ENGLISH;
-
-public class RangerSystemAccessControl
- implements SystemAccessControl {
- private static Logger LOG = LoggerFactory.getLogger(RangerSystemAccessControl.class);
-
- final public static String RANGER_CONFIG_KEYTAB = "ranger.keytab";
- final public static String RANGER_CONFIG_PRINCIPAL = "ranger.principal";
- final public static String RANGER_CONFIG_USE_UGI = "ranger.use_ugi";
- final public static String RANGER_CONFIG_HADOOP_CONFIG = "ranger.hadoop_config";
- final public static String RANGER_TRINO_DEFAULT_HADOOP_CONF = "trino-ranger-site.xml";
- final public static String RANGER_TRINO_SERVICETYPE = "trino";
- final public static String RANGER_TRINO_APPID = "trino";
-
- final private RangerBasePlugin rangerPlugin;
-
- private boolean useUgi = false;
-
- public RangerSystemAccessControl(Map<String, String> config) {
- super();
-
- Configuration hadoopConf = new Configuration();
- if (config.get(RANGER_CONFIG_HADOOP_CONFIG) != null) {
- URL url = hadoopConf.getResource(config.get(RANGER_CONFIG_HADOOP_CONFIG));
- if (url == null) {
- LOG.warn("Hadoop config " + config.get(RANGER_CONFIG_HADOOP_CONFIG) + " not found");
- } else {
- hadoopConf.addResource(url);
- }
- } else {
- URL url = hadoopConf.getResource(RANGER_TRINO_DEFAULT_HADOOP_CONF);
- if (LOG.isDebugEnabled()) {
- LOG.debug("Trying to load Hadoop config from " + url + " (can be null)");
- }
- if (url != null) {
- hadoopConf.addResource(url);
- }
- }
- UserGroupInformation.setConfiguration(hadoopConf);
-
- if (config.get(RANGER_CONFIG_KEYTAB) != null && config.get(RANGER_CONFIG_PRINCIPAL) != null) {
- String keytab = config.get(RANGER_CONFIG_KEYTAB);
- String principal = config.get(RANGER_CONFIG_PRINCIPAL);
-
- LOG.info("Performing kerberos login with principal " + principal + " and keytab " + keytab);
-
- try {
- UserGroupInformation.loginUserFromKeytab(principal, keytab);
- } catch (IOException ioe) {
- LOG.error("Kerberos login failed", ioe);
- throw new RuntimeException(ioe);
- }
- }
-
- if (config.getOrDefault(RANGER_CONFIG_USE_UGI, "false").equalsIgnoreCase("true")) {
- useUgi = true;
- }
-
- rangerPlugin = new RangerBasePlugin(RANGER_TRINO_SERVICETYPE, RANGER_TRINO_APPID);
- rangerPlugin.init();
- rangerPlugin.setResultProcessor(new RangerDefaultAuditHandler());
- }
-
-
- /** FILTERING AND DATA MASKING **/
-
- private RangerAccessResult getDataMaskResult(RangerTrinoAccessRequest request) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("==> getDataMaskResult(request=" + request + ")");
- }
-
- RangerAccessResult ret = rangerPlugin.evalDataMaskPolicies(request, null);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== getDataMaskResult(request=" + request + "): ret=" + ret);
- }
-
- return ret;
- }
-
- private RangerAccessResult getRowFilterResult(RangerTrinoAccessRequest request) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> getRowFilterResult(request=" + request + ")");
- }
-
- RangerAccessResult ret = rangerPlugin.evalRowFilterPolicies(request, null);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== getRowFilterResult(request=" + request + "): ret=" + ret);
- }
-
- return ret;
- }
-
- private boolean isDataMaskEnabled(RangerAccessResult result) {
- return result != null && result.isMaskEnabled();
- }
-
- private boolean isRowFilterEnabled(RangerAccessResult result) {
- return result != null && result.isRowFilterEnabled();
- }
-
- @Override
- public Optional<ViewExpression> getRowFilter(SystemSecurityContext context, CatalogSchemaTableName tableName) {
- RangerTrinoAccessRequest request = createAccessRequest(createResource(tableName), context, TrinoAccessType.SELECT);
- RangerAccessResult result = getRowFilterResult(request);
-
- ViewExpression viewExpression = null;
- if (isRowFilterEnabled(result)) {
- String filter = result.getFilterExpr();
- viewExpression = new ViewExpression(
- context.getIdentity().getUser(),
- Optional.of(tableName.getCatalogName()),
- Optional.of(tableName.getSchemaTableName().getSchemaName()),
- filter
- );
- }
- return Optional.ofNullable(viewExpression);
- }
-
- @Override
- public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type) {
- RangerTrinoAccessRequest request = createAccessRequest(
- createResource(tableName.getCatalogName(), tableName.getSchemaTableName().getSchemaName(),
- tableName.getSchemaTableName().getTableName(), Optional.of(columnName)),
- context, TrinoAccessType.SELECT);
- RangerAccessResult result = getDataMaskResult(request);
-
- ViewExpression viewExpression = null;
- if (isDataMaskEnabled(result)) {
- String maskType = result.getMaskType();
- RangerServiceDef.RangerDataMaskTypeDef maskTypeDef = result.getMaskTypeDef();
- String transformer = null;
-
- if (maskTypeDef != null) {
- transformer = maskTypeDef.getTransformer();
- }
-
- if(StringUtils.equalsIgnoreCase(maskType, RangerPolicy.MASK_TYPE_NULL)) {
- transformer = "NULL";
- } else if(StringUtils.equalsIgnoreCase(maskType, RangerPolicy.MASK_TYPE_CUSTOM)) {
- String maskedValue = result.getMaskedValue();
-
- if(maskedValue == null) {
- transformer = "NULL";
- } else {
- transformer = maskedValue;
- }
- }
-
- if(StringUtils.isNotEmpty(transformer)) {
- transformer = transformer.replace("{col}", columnName).replace("{type}", type.getDisplayName());
- }
-
- viewExpression = new ViewExpression(
- context.getIdentity().getUser(),
- Optional.of(tableName.getCatalogName()),
- Optional.of(tableName.getSchemaTableName().getSchemaName()),
- transformer
- );
- if (LOG.isDebugEnabled()) {
- LOG.debug("getColumnMask: user: %s, catalog: %s, schema: %s, transformer: %s");
- }
-
- }
-
- return Optional.ofNullable(viewExpression);
- }
-
- @Override
- public Set<String> filterCatalogs(SystemSecurityContext context, Set<String> catalogs) {
- LOG.debug("==> RangerSystemAccessControl.filterCatalogs("+ catalogs + ")");
- Set<String> filteredCatalogs = new HashSet<>(catalogs.size());
- for (String catalog: catalogs) {
- if (hasPermission(createResource(catalog), context, TrinoAccessType.SELECT)) {
- filteredCatalogs.add(catalog);
- }
- }
- return filteredCatalogs;
- }
-
- @Override
- public Set<String> filterSchemas(SystemSecurityContext context, String catalogName, Set<String> schemaNames) {
- LOG.debug("==> RangerSystemAccessControl.filterSchemas(" + catalogName + ")");
- Set<String> filteredSchemaNames = new HashSet<>(schemaNames.size());
- for (String schemaName: schemaNames) {
- if (hasPermission(createResource(catalogName, schemaName), context, TrinoAccessType.SELECT)) {
- filteredSchemaNames.add(schemaName);
- }
- }
- return filteredSchemaNames;
- }
-
- @Override
- public Set<SchemaTableName> filterTables(SystemSecurityContext context, String catalogName, Set<SchemaTableName> tableNames) {
- LOG.debug("==> RangerSystemAccessControl.filterTables(" + catalogName + ")");
- Set<SchemaTableName> filteredTableNames = new HashSet<>(tableNames.size());
- for (SchemaTableName tableName : tableNames) {
- RangerTrinoResource res = createResource(catalogName, tableName.getSchemaName(), tableName.getTableName());
- if (hasPermission(res, context, TrinoAccessType.SELECT)) {
- filteredTableNames.add(tableName);
- }
- }
- return filteredTableNames;
- }
-
- /** PERMISSION CHECKS ORDERED BY SYSTEM, CATALOG, SCHEMA, TABLE, VIEW, COLUMN, QUERY, FUNCTIONS, PROCEDURES **/
-
- /** SYSTEM **/
-
- @Override
- public void checkCanSetSystemSessionProperty(SystemSecurityContext context, String propertyName) {
- if (!hasPermission(createSystemPropertyResource(propertyName), context, TrinoAccessType.ALTER)) {
- LOG.debug("RangerSystemAccessControl.checkCanSetSystemSessionProperty denied");
- AccessDeniedException.denySetSystemSessionProperty(propertyName);
- }
- }
-
- @Override
- public void checkCanImpersonateUser(SystemSecurityContext context, String userName) {
- if (!hasPermission(createUserResource(userName), context, TrinoAccessType.IMPERSONATE)) {
- LOG.debug("RangerSystemAccessControl.checkCanImpersonateUser(" + userName + ") denied");
- AccessDeniedException.denyImpersonateUser(context.getIdentity().getUser(), userName);
- }
- }
-
- @Override
- public void checkCanSetUser(Optional<Principal> principal, String userName) {
- // pass as it is deprecated
- }
-
- /** CATALOG **/
- @Override
- public void checkCanSetCatalogSessionProperty(SystemSecurityContext context, String catalogName, String propertyName) {
- if (!hasPermission(createCatalogSessionResource(catalogName, propertyName), context, TrinoAccessType.ALTER)) {
- LOG.debug("RangerSystemAccessControl.checkCanSetSystemSessionProperty(" + catalogName + ") denied");
- AccessDeniedException.denySetCatalogSessionProperty(catalogName, propertyName);
- }
- }
-
- @Override
- public void checkCanShowRoles(SystemSecurityContext context) {
- //allow
- }
-
- @Override
- public void checkCanShowCurrentRoles(SystemSecurityContext context) {
- //allow
- }
-
- @Override
- public void checkCanShowRoleGrants(SystemSecurityContext context) {
- //allow
- }
-
- @Override
- public void checkCanAccessCatalog(SystemSecurityContext context, String catalogName) {
- if (!hasPermission(createResource(catalogName), context, TrinoAccessType.USE)) {
- LOG.debug("RangerSystemAccessControl.checkCanAccessCatalog(" + catalogName + ") denied");
- AccessDeniedException.denyCatalogAccess(catalogName);
- }
- }
-
- @Override
- public void checkCanShowSchemas(SystemSecurityContext context, String catalogName) {
- if (!hasPermission(createResource(catalogName), context, TrinoAccessType.SHOW)) {
- LOG.debug("RangerSystemAccessControl.checkCanShowSchemas(" + catalogName + ") denied");
- AccessDeniedException.denyShowSchemas(catalogName);
- }
- }
-
- /** SCHEMA **/
-
- @Override
- public void checkCanSetSchemaAuthorization(SystemSecurityContext context, CatalogSchemaName schema, TrinoPrincipal principal) {
- if (!hasPermission(createResource(schema.getCatalogName(), schema.getSchemaName()), context, TrinoAccessType.GRANT)) {
- LOG.debug("RangerSystemAccessControl.checkCanSetSchemaAuthorization(" + schema.getSchemaName() + ") denied");
- AccessDeniedException.denySetSchemaAuthorization(schema.getSchemaName(), principal);
- }
- }
-
- @Override
- public void checkCanShowCreateSchema(SystemSecurityContext context, CatalogSchemaName schema) {
- if (!hasPermission(createResource(schema.getCatalogName(), schema.getSchemaName()), context, TrinoAccessType.SHOW)) {
- LOG.debug("RangerSystemAccessControl.checkCanShowCreateSchema(" + schema.getSchemaName() + ") denied");
- AccessDeniedException.denyShowCreateSchema(schema.getSchemaName());
- }
- }
-
- /**
- * Create schema is evaluated on the level of the Catalog. This means that it is assumed you have permission
- * to create a schema when you have create rights on the catalog level
- */
- @Override
- public void checkCanCreateSchema(SystemSecurityContext context, CatalogSchemaName schema) {
- if (!hasPermission(createResource(schema.getCatalogName()), context, TrinoAccessType.CREATE)) {
- LOG.debug("RangerSystemAccessControl.checkCanCreateSchema(" + schema.getSchemaName() + ") denied");
- AccessDeniedException.denyCreateSchema(schema.getSchemaName());
- }
- }
-
- /**
- * This is evaluated against the schema name as ownership information is not available
- */
- @Override
- public void checkCanDropSchema(SystemSecurityContext context, CatalogSchemaName schema) {
- if (!hasPermission(createResource(schema.getCatalogName(), schema.getSchemaName()), context, TrinoAccessType.DROP)) {
- LOG.debug("RangerSystemAccessControl.checkCanDropSchema(" + schema.getSchemaName() + ") denied");
- AccessDeniedException.denyDropSchema(schema.getSchemaName());
- }
- }
-
- /**
- * This is evaluated against the schema name as ownership information is not available
- */
- @Override
- public void checkCanRenameSchema(SystemSecurityContext context, CatalogSchemaName schema, String newSchemaName) {
- RangerTrinoResource res = createResource(schema.getCatalogName(), schema.getSchemaName());
- if (!hasPermission(res, context, TrinoAccessType.ALTER)) {
- LOG.debug("RangerSystemAccessControl.checkCanRenameSchema(" + schema.getSchemaName() + ") denied");
- AccessDeniedException.denyRenameSchema(schema.getSchemaName(), newSchemaName);
- }
- }
-
- /** TABLE **/
-
- @Override
- public void checkCanShowTables(SystemSecurityContext context, CatalogSchemaName schema) {
- if (!hasPermission(createResource(schema), context, TrinoAccessType.SHOW)) {
- LOG.debug("RangerSystemAccessControl.checkCanShowTables(" + schema.toString() + ") denied");
- AccessDeniedException.denyShowTables(schema.toString());
- }
- }
-
-
- @Override
- public void checkCanShowCreateTable(SystemSecurityContext context, CatalogSchemaTableName table) {
- if (!hasPermission(createResource(table), context, TrinoAccessType.SHOW)) {
- LOG.debug("RangerSystemAccessControl.checkCanShowTables(" + table.toString() + ") denied");
- AccessDeniedException.denyShowCreateTable(table.toString());
- }
- }
-
- /**
- * Create table is verified on schema level
- */
- @Override
- public void checkCanCreateTable(SystemSecurityContext context, CatalogSchemaTableName table, Map<String, Object> properties) {
- if (!hasPermission(createResource(table.getCatalogName(), table.getSchemaTableName().getSchemaName()), context, TrinoAccessType.CREATE)) {
- LOG.debug("RangerSystemAccessControl.checkCanCreateTable(" + table.getSchemaTableName().getTableName() + ") denied");
- AccessDeniedException.denyCreateTable(table.getSchemaTableName().getTableName());
- }
- }
-
- /**
- * This is evaluated against the table name as ownership information is not available
- */
- @Override
- public void checkCanDropTable(SystemSecurityContext context, CatalogSchemaTableName table) {
- if (!hasPermission(createResource(table), context, TrinoAccessType.DROP)) {
- LOG.debug("RangerSystemAccessControl.checkCanDropTable(" + table.getSchemaTableName().getTableName() + ") denied");
- AccessDeniedException.denyDropTable(table.getSchemaTableName().getTableName());
- }
- }
-
- /**
- * This is evaluated against the table name as ownership information is not available
- */
- @Override
- public void checkCanRenameTable(SystemSecurityContext context, CatalogSchemaTableName table, CatalogSchemaTableName newTable) {
- RangerTrinoResource res = createResource(table);
- if (!hasPermission(res, context, TrinoAccessType.ALTER)) {
- LOG.debug("RangerSystemAccessControl.checkCanRenameTable(" + table.getSchemaTableName().getTableName() + ") denied");
- AccessDeniedException.denyRenameTable(table.getSchemaTableName().getTableName(), newTable.getSchemaTableName().getTableName());
- }
- }
-
- @Override
- public void checkCanInsertIntoTable(SystemSecurityContext context, CatalogSchemaTableName table) {
- RangerTrinoResource res = createResource(table);
- if (!hasPermission(res, context, TrinoAccessType.INSERT)) {
- LOG.debug("RangerSystemAccessControl.checkCanInsertIntoTable(" + table.getSchemaTableName().getTableName() + ") denied");
- AccessDeniedException.denyInsertTable(table.getSchemaTableName().getTableName());
- }
- }
-
- @Override
- public void checkCanDeleteFromTable(SystemSecurityContext context, CatalogSchemaTableName table) {
- if (!hasPermission(createResource(table), context, TrinoAccessType.DELETE)) {
- LOG.debug("RangerSystemAccessControl.checkCanDeleteFromTable(" + table.getSchemaTableName().getTableName() + ") denied");
- AccessDeniedException.denyDeleteTable(table.getSchemaTableName().getTableName());
- }
- }
-
-@Override
- public void checkCanTruncateTable(SystemSecurityContext context, CatalogSchemaTableName table) {
- if (!hasPermission(createResource(table), context, TrinoAccessType.DELETE)) {
- LOG.debug("RangerSystemAccessControl.checkCanTruncateTable(" + table.getSchemaTableName().getTableName() + ") denied");
- AccessDeniedException.denyTruncateTable(table.getSchemaTableName().getTableName());
- }
- }
-
- @Override
- public void checkCanGrantTablePrivilege(SystemSecurityContext context, Privilege privilege, CatalogSchemaTableName table, TrinoPrincipal grantee, boolean withGrantOption) {
- if (!hasPermission(createResource(table), context, TrinoAccessType.GRANT)) {
- LOG.debug("RangerSystemAccessControl.checkCanGrantTablePrivilege(" + table + ") denied");
- AccessDeniedException.denyGrantTablePrivilege(privilege.toString(), table.toString());
- }
- }
-
- @Override
- public void checkCanRevokeTablePrivilege(SystemSecurityContext context, Privilege privilege, CatalogSchemaTableName table, TrinoPrincipal revokee, boolean grantOptionFor) {
- if (!hasPermission(createResource(table), context, TrinoAccessType.REVOKE)) {
- LOG.debug("RangerSystemAccessControl.checkCanRevokeTablePrivilege(" + table + ") denied");
- AccessDeniedException.denyRevokeTablePrivilege(privilege.toString(), table.toString());
- }
- }
-
- @Override
- public void checkCanSetTableComment(SystemSecurityContext context, CatalogSchemaTableName table) {
- if (!hasPermission(createResource(table), context, TrinoAccessType.ALTER)) {
- LOG.debug("RangerSystemAccessControl.checkCanSetTableComment(" + table.toString() + ") denied");
- AccessDeniedException.denyCommentTable(table.toString());
- }
- }
-
- @Override
- public void checkCanSetColumnComment(SystemSecurityContext context, CatalogSchemaTableName table) {
- if (!hasPermission(createResource(table), context, TrinoAccessType.ALTER)) {
- LOG.debug("RangerSystemAccessControl.checkCanSetColumnComment(" + table.toString() + ") denied");
- AccessDeniedException.denyCommentColumn(table.toString());
- }
- }
-
- /**
- * Create view is verified on schema level
- */
- @Override
- public void checkCanCreateView(SystemSecurityContext context, CatalogSchemaTableName view) {
- if (!hasPermission(createResource(view.getCatalogName(), view.getSchemaTableName().getSchemaName()), context, TrinoAccessType.CREATE)) {
- LOG.debug("RangerSystemAccessControl.checkCanCreateView(" + view.getSchemaTableName().getTableName() + ") denied");
- AccessDeniedException.denyCreateView(view.getSchemaTableName().getTableName());
- }
- }
-
- /**
- * This is evaluated against the table name as ownership information is not available
- */
- @Override
- public void checkCanDropView(SystemSecurityContext context, CatalogSchemaTableName view) {
- if (!hasPermission(createResource(view), context, TrinoAccessType.DROP)) {
- LOG.debug("RangerSystemAccessControl.checkCanDropView(" + view.getSchemaTableName().getTableName() + ") denied");
- AccessDeniedException.denyDropView(view.getSchemaTableName().getTableName());
- }
- }
-
- @Override
- public void checkCanSetViewAuthorization(SystemSecurityContext context, CatalogSchemaTableName view, TrinoPrincipal principal){
- if (!hasPermission(createResource(view), context, TrinoAccessType.ALTER)) {
- LOG.debug("RangerSystemAccessControl.checkCanSetViewAuthorization(" + view.getSchemaTableName().getTableName() + ") denied");
- AccessDeniedException.denySetViewAuthorization(view.toString(), principal);
- }
- }
-
- /**
- * This check equals the check for checkCanCreateView
- */
- @Override
- public void checkCanCreateViewWithSelectFromColumns(SystemSecurityContext context, CatalogSchemaTableName table, Set<String> columns) {
- try {
- checkCanCreateView(context, table);
- } catch (AccessDeniedException ade) {
- LOG.debug("RangerSystemAccessControl.checkCanCreateViewWithSelectFromColumns(" + table.getSchemaTableName().getTableName() + ") denied");
- AccessDeniedException.denyCreateViewWithSelect(table.getSchemaTableName().getTableName(), context.getIdentity());
- }
- }
-
- /**
- *
- * check if materialized view can be created
- */
- @Override
- public void checkCanCreateMaterializedView(SystemSecurityContext context, CatalogSchemaTableName materializedView, Map<String, Object> properties) {
- if (!hasPermission(createResource(materializedView), context, TrinoAccessType.CREATE)) {
- LOG.debug("RangerSystemAccessControl.checkCanCreateMaterializedView( " + materializedView.getSchemaTableName().getTableName() + ") denied");
- AccessDeniedException.denyCreateMaterializedView(materializedView.getSchemaTableName().getTableName());
- }
-
- }
-
- @Override
- public void checkCanDropMaterializedView(SystemSecurityContext context, CatalogSchemaTableName materializedView) {
- if(!hasPermission(createResource(materializedView),context,TrinoAccessType.DROP)){
- LOG.debug("RangerSystemAccessControl.checkCanDropMaterializedView(" + materializedView.getSchemaTableName().getTableName() + ") denied");
- AccessDeniedException.denyCreateView(materializedView.getSchemaTableName().getTableName());
- }
- }
-
- /**
- * This is evaluated against the table name as ownership information is not available
- */
- @Override
- public void checkCanRenameView(SystemSecurityContext context, CatalogSchemaTableName view, CatalogSchemaTableName newView) {
- if (!hasPermission(createResource(view), context, TrinoAccessType.ALTER)) {
- LOG.debug("RangerSystemAccessControl.checkCanRenameView(" + view.toString() + ") denied");
- AccessDeniedException.denyRenameView(view.toString(), newView.toString());
- }
- }
-
- /** COLUMN **/
-
- /**
- * This is evaluated on table level
- */
- @Override
- public void checkCanAddColumn(SystemSecurityContext context, CatalogSchemaTableName table) {
- RangerTrinoResource res = createResource(table);
- if (!hasPermission(res, context, TrinoAccessType.ALTER)) {
- AccessDeniedException.denyAddColumn(table.getSchemaTableName().getTableName());
- }
- }
-
- /**
- * This is evaluated on table level
- */
- @Override
- public void checkCanDropColumn(SystemSecurityContext context, CatalogSchemaTableName table) {
- RangerTrinoResource res = createResource(table);
- if (!hasPermission(res, context, TrinoAccessType.DROP)) {
- LOG.debug("RangerSystemAccessControl.checkCanDropColumn(" + table.getSchemaTableName().getTableName() + ") denied");
- AccessDeniedException.denyDropColumn(table.getSchemaTableName().getTableName());
- }
- }
-
- /**
- * This is evaluated on table level
- */
- @Override
- public void checkCanRenameColumn(SystemSecurityContext context, CatalogSchemaTableName table) {
- RangerTrinoResource res = createResource(table);
- if (!hasPermission(res, context, TrinoAccessType.ALTER)) {
- LOG.debug("RangerSystemAccessControl.checkCanRenameColumn(" + table.getSchemaTableName().getTableName() + ") denied");
- AccessDeniedException.denyRenameColumn(table.getSchemaTableName().getTableName());
- }
- }
-
- /**
- * This is evaluated on table level
- */
- @Override
- public void checkCanShowColumns(SystemSecurityContext context, CatalogSchemaTableName table) {
- if (!hasPermission(createResource(table), context, TrinoAccessType.SHOW)) {
- LOG.debug("RangerSystemAccessControl.checkCanShowTables(" + table.toString() + ") denied");
- AccessDeniedException.denyShowColumns(table.toString());
- }
- }
-
- @Override
- public void checkCanSelectFromColumns(SystemSecurityContext context, CatalogSchemaTableName table, Set<String> columns) {
- for (RangerTrinoResource res : createResource(table, columns)) {
- if (!hasPermission(res, context, TrinoAccessType.SELECT)) {
- LOG.debug("RangerSystemAccessControl.checkCanSelectFromColumns(" + table.getSchemaTableName().getTableName() + ") denied");
- AccessDeniedException.denySelectColumns(table.getSchemaTableName().getTableName(), columns);
- }
- }
- }
-
- /**
- * This is a NOOP, no filtering is applied
- */
- @Override
- public Set<String> filterColumns(SystemSecurityContext context, CatalogSchemaTableName table, Set<String> columns) {
- return columns;
- }
-
- /** QUERY **/
-
- /**
- * This is a NOOP. Everyone can execute a query
- * @param context
- */
- @Override
- public void checkCanExecuteQuery(SystemSecurityContext context) {
- }
-
- @Override
- public void checkCanViewQueryOwnedBy(SystemSecurityContext context, String queryOwner) {
- if (!hasPermission(createUserResource(queryOwner), context, TrinoAccessType.IMPERSONATE)) {
- LOG.debug("RangerSystemAccessControl.checkCanViewQueryOwnedBy(" + queryOwner + ") denied");
- AccessDeniedException.denyImpersonateUser(context.getIdentity().getUser(), queryOwner);
- }
- }
-
- /**
- * This is a NOOP, no filtering is applied
- */
- @Override
- public Set<String> filterViewQueryOwnedBy(SystemSecurityContext context, Set<String> queryOwners) {
- return queryOwners;
- }
-
- @Override
- public void checkCanKillQueryOwnedBy(SystemSecurityContext context, String queryOwner) {
- if (!hasPermission(createUserResource(queryOwner), context, TrinoAccessType.IMPERSONATE)) {
- LOG.debug("RangerSystemAccessControl.checkCanKillQueryOwnedBy(" + queryOwner + ") denied");
- AccessDeniedException.denyImpersonateUser(context.getIdentity().getUser(), queryOwner);
- }
- }
-
- /** FUNCTIONS **/
- @Override
- public void checkCanGrantExecuteFunctionPrivilege(SystemSecurityContext context, String function, TrinoPrincipal grantee, boolean grantOption) {
- if (!hasPermission(createFunctionResource(function), context, TrinoAccessType.GRANT)) {
- LOG.debug("RangerSystemAccessControl.checkCanGrantExecuteFunctionPrivilege(" + function + ") denied");
- AccessDeniedException.denyGrantExecuteFunctionPrivilege(function, context.getIdentity(), grantee.getName());
- }
- }
-
- @Override
- public void checkCanExecuteFunction(SystemSecurityContext context, String function) {
- if (!hasPermission(createFunctionResource(function), context, TrinoAccessType.EXECUTE)) {
- LOG.debug("RangerSystemAccessControl.checkCanExecuteFunction(" + function + ") denied");
- AccessDeniedException.denyExecuteFunction(function);
- }
- }
-
- /** PROCEDURES **/
- @Override
- public void checkCanExecuteProcedure(SystemSecurityContext context, CatalogSchemaRoutineName procedure) {
- if (!hasPermission(createProcedureResource(procedure), context, TrinoAccessType.EXECUTE)) {
- LOG.debug("RangerSystemAccessControl.checkCanExecuteFunction(" + procedure.getSchemaRoutineName().getRoutineName() + ") denied");
- AccessDeniedException.denyExecuteProcedure(procedure.getSchemaRoutineName().getRoutineName());
- }
- }
-
- @Override
- public void checkCanExecuteTableProcedure(SystemSecurityContext context, CatalogSchemaTableName catalogSchemaTableName, String procedure)
- {
- if (!hasPermission(createResource(catalogSchemaTableName), context, TrinoAccessType.ALTER)) {
- LOG.debug("RangerSystemAccessControl.checkCanExecuteFunction(" + procedure + ") denied");
- AccessDeniedException.denyExecuteTableProcedure(catalogSchemaTableName.toString(),procedure);
- }
- }
-
- /** HELPER FUNCTIONS **/
-
- private RangerTrinoAccessRequest createAccessRequest(RangerTrinoResource resource, SystemSecurityContext context, TrinoAccessType accessType) {
- Set<String> userGroups = null;
-
- if (useUgi) {
- UserGroupInformation ugi = UserGroupInformation.createRemoteUser(context.getIdentity().getUser());
-
- String[] groups = ugi != null ? ugi.getGroupNames() : null;
-
- if (groups != null && groups.length > 0) {
- userGroups = new HashSet<>(Arrays.asList(groups));
- }
- } else {
- userGroups = context.getIdentity().getGroups();
- }
-
- RangerTrinoAccessRequest request = new RangerTrinoAccessRequest(
- resource,
- context.getIdentity().getUser(),
- userGroups,
- accessType
- );
-
- return request;
- }
-
- private boolean hasPermission(RangerTrinoResource resource, SystemSecurityContext context, TrinoAccessType accessType) {
- boolean ret = false;
-
- RangerTrinoAccessRequest request = createAccessRequest(resource, context, accessType);
-
- RangerAccessResult result = rangerPlugin.isAccessAllowed(request);
- if (result != null && result.getIsAllowed()) {
- ret = true;
- }
-
- return ret;
- }
-
- private static RangerTrinoResource createUserResource(String userName) {
- RangerTrinoResource res = new RangerTrinoResource();
- res.setValue(RangerTrinoResource.KEY_USER, userName);
-
- return res;
- }
-
- private static RangerTrinoResource createFunctionResource(String function) {
- RangerTrinoResource res = new RangerTrinoResource();
- res.setValue(RangerTrinoResource.KEY_FUNCTION, function);
-
- return res;
- }
-
- private static RangerTrinoResource createProcedureResource(CatalogSchemaRoutineName procedure) {
- RangerTrinoResource res = new RangerTrinoResource();
- res.setValue(RangerTrinoResource.KEY_CATALOG, procedure.getCatalogName());
- res.setValue(RangerTrinoResource.KEY_SCHEMA, procedure.getSchemaRoutineName().getSchemaName());
- res.setValue(RangerTrinoResource.KEY_PROCEDURE, procedure.getSchemaRoutineName().getRoutineName());
-
- return res;
- }
-
- private static RangerTrinoResource createCatalogSessionResource(String catalogName, String propertyName) {
- RangerTrinoResource res = new RangerTrinoResource();
- res.setValue(RangerTrinoResource.KEY_CATALOG, catalogName);
- res.setValue(RangerTrinoResource.KEY_SESSION_PROPERTY, propertyName);
-
- return res;
- }
-
- private static RangerTrinoResource createSystemPropertyResource(String property) {
- RangerTrinoResource res = new RangerTrinoResource();
- res.setValue(RangerTrinoResource.KEY_SYSTEM_PROPERTY, property);
-
- return res;
- }
-
- private static RangerTrinoResource createResource(CatalogSchemaName catalogSchemaName) {
- return createResource(catalogSchemaName.getCatalogName(), catalogSchemaName.getSchemaName());
- }
-
- private static RangerTrinoResource createResource(CatalogSchemaTableName catalogSchemaTableName) {
- return createResource(catalogSchemaTableName.getCatalogName(),
- catalogSchemaTableName.getSchemaTableName().getSchemaName(),
- catalogSchemaTableName.getSchemaTableName().getTableName());
- }
-
- private static RangerTrinoResource createResource(String catalogName) {
- return new RangerTrinoResource(catalogName, Optional.empty(), Optional.empty());
- }
-
- private static RangerTrinoResource createResource(String catalogName, String schemaName) {
- return new RangerTrinoResource(catalogName, Optional.of(schemaName), Optional.empty());
- }
-
- private static RangerTrinoResource createResource(String catalogName, String schemaName, final String tableName) {
- return new RangerTrinoResource(catalogName, Optional.of(schemaName), Optional.of(tableName));
- }
-
- private static RangerTrinoResource createResource(String catalogName, String schemaName, final String tableName, final Optional<String> column) {
- return new RangerTrinoResource(catalogName, Optional.of(schemaName), Optional.of(tableName), column);
- }
-
- private static List<RangerTrinoResource> createResource(CatalogSchemaTableName table, Set<String> columns) {
- List<RangerTrinoResource> colRequests = new ArrayList<>();
-
- if (columns.size() > 0) {
- for (String column : columns) {
- RangerTrinoResource rangerTrinoResource = createResource(table.getCatalogName(),
- table.getSchemaTableName().getSchemaName(),
- table.getSchemaTableName().getTableName(), Optional.of(column));
- colRequests.add(rangerTrinoResource);
- }
- } else {
- colRequests.add(createResource(table.getCatalogName(),
- table.getSchemaTableName().getSchemaName(),
- table.getSchemaTableName().getTableName(), Optional.empty()));
- }
- return colRequests;
- }
-}
-
-class RangerTrinoResource
- extends RangerAccessResourceImpl {
-
-
- public static final String KEY_CATALOG = "catalog";
- public static final String KEY_SCHEMA = "schema";
- public static final String KEY_TABLE = "table";
- public static final String KEY_COLUMN = "column";
- public static final String KEY_USER = "trinouser";
- public static final String KEY_FUNCTION = "function";
- public static final String KEY_PROCEDURE = "procedure";
- public static final String KEY_SYSTEM_PROPERTY = "systemproperty";
- public static final String KEY_SESSION_PROPERTY = "sessionproperty";
-
- public RangerTrinoResource() {
- }
-
- public RangerTrinoResource(String catalogName, Optional<String> schema, Optional<String> table) {
- setValue(KEY_CATALOG, catalogName);
- if (schema.isPresent()) {
- setValue(KEY_SCHEMA, schema.get());
- }
- if (table.isPresent()) {
- setValue(KEY_TABLE, table.get());
- }
- }
-
- public RangerTrinoResource(String catalogName, Optional<String> schema, Optional<String> table, Optional<String> column) {
- setValue(KEY_CATALOG, catalogName);
- if (schema.isPresent()) {
- setValue(KEY_SCHEMA, schema.get());
- }
- if (table.isPresent()) {
- setValue(KEY_TABLE, table.get());
- }
- if (column.isPresent()) {
- setValue(KEY_COLUMN, column.get());
- }
- }
-
- public String getCatalogName() {
- return (String) getValue(KEY_CATALOG);
- }
-
- public String getTable() {
- return (String) getValue(KEY_TABLE);
- }
-
- public String getCatalog() {
- return (String) getValue(KEY_CATALOG);
- }
-
- public String getSchema() {
- return (String) getValue(KEY_SCHEMA);
- }
-
- public Optional<SchemaTableName> getSchemaTable() {
- final String schema = getSchema();
- if (StringUtils.isNotEmpty(schema)) {
- return Optional.of(new SchemaTableName(schema, Optional.ofNullable(getTable()).orElse("*")));
- }
- return Optional.empty();
- }
-}
-
-class RangerTrinoAccessRequest
- extends RangerAccessRequestImpl {
- public RangerTrinoAccessRequest(RangerTrinoResource resource,
- String user,
- Set<String> userGroups,
- TrinoAccessType trinoAccessType) {
- super(resource, trinoAccessType.name().toLowerCase(ENGLISH), user, userGroups, null);
- setAccessTime(new Date());
- }
-}
-
-enum TrinoAccessType {
- CREATE, DROP, SELECT, INSERT, DELETE, USE, ALTER, ALL, GRANT, REVOKE, SHOW, IMPERSONATE, EXECUTE;
-}
diff --git a/plugin-trino/src/main/java/org/apache/ranger/services/trino/RangerServiceTrino.java b/plugin-trino/src/main/java/org/apache/ranger/services/trino/RangerServiceTrino.java
deleted file mode 100644
index 936fb7ac8..000000000
--- a/plugin-trino/src/main/java/org/apache/ranger/services/trino/RangerServiceTrino.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.ranger.services.trino;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.ranger.plugin.client.HadoopConfigHolder;
-import org.apache.ranger.plugin.client.HadoopException;
-import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
-import org.apache.ranger.plugin.service.RangerBaseService;
-import org.apache.ranger.plugin.service.ResourceLookupContext;
-import org.apache.ranger.services.trino.client.TrinoResourceManager;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-public class RangerServiceTrino extends RangerBaseService {
- private static final Logger LOG = LoggerFactory.getLogger(RangerServiceTrino.class);
-
- public static final String ACCESS_TYPE_SELECT = "select";
-
- @Override
- public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
- if (LOG.isDebugEnabled()) {
- LOG.debug("==> RangerServiceTrino.getDefaultRangerPolicies()");
- }
-
- List<RangerPolicy> ret = super.getDefaultRangerPolicies();
- for (RangerPolicy defaultPolicy : ret) {
- if (defaultPolicy.getName().contains("all") && StringUtils.isNotBlank(lookUpUser)) {
- List<RangerPolicyItemAccess> accessListForLookupUser = new ArrayList<RangerPolicyItemAccess>();
- accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_SELECT));
- RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
- policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
- policyItemForLookupUser.setAccesses(accessListForLookupUser);
- policyItemForLookupUser.setDelegateAdmin(false);
- defaultPolicy.getPolicyItems().add(policyItemForLookupUser);
- }
- }
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== RangerServiceTrino.getDefaultRangerPolicies()");
- }
- return ret;
- }
-
- @Override
- public Map<String, Object> validateConfig() throws Exception {
- Map<String, Object> ret = new HashMap<String, Object>();
- String serviceName = getServiceName();
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("RangerServiceTrino.validateConfig(): Service: " +
- serviceName);
- }
-
- if (configs != null) {
- try {
- if (!configs.containsKey(HadoopConfigHolder.RANGER_LOGIN_PASSWORD)) {
- configs.put(HadoopConfigHolder.RANGER_LOGIN_PASSWORD, null);
- }
- ret = TrinoResourceManager.connectionTest(serviceName, configs);
- } catch (HadoopException he) {
- LOG.error("<== RangerServiceTrino.validateConfig() Error:" + he);
- throw he;
- }
- }
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("RangerServiceTrino.validateConfig(): Response: " +
- ret);
- }
- return ret;
- }
-
- @Override
- public List<String> lookupResource(ResourceLookupContext context) throws Exception {
-
- List<String> ret = new ArrayList<String>();
- String serviceName = getServiceName();
- String serviceType = getServiceType();
- Map<String,String> configs = getConfigs();
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerServiceTrino.lookupResource() Context: (" + context + ")");
- }
- if (context != null) {
- try {
- if (!configs.containsKey(HadoopConfigHolder.RANGER_LOGIN_PASSWORD)) {
- configs.put(HadoopConfigHolder.RANGER_LOGIN_PASSWORD, null);
- }
- ret = TrinoResourceManager.getTrinoResources(serviceName, serviceType, configs,context);
- } catch (Exception e) {
- LOG.error( "<==RangerServiceTrino.lookupResource() Error : " + e);
- throw e;
- }
- }
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerServiceTrino.lookupResource() Response: (" + ret + ")");
- }
- return ret;
- }
-
-}
diff --git a/plugin-trino/src/main/java/org/apache/ranger/services/trino/client/TrinoClient.java b/plugin-trino/src/main/java/org/apache/ranger/services/trino/client/TrinoClient.java
deleted file mode 100644
index 1567b2d1d..000000000
--- a/plugin-trino/src/main/java/org/apache/ranger/services/trino/client/TrinoClient.java
+++ /dev/null
@@ -1,570 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.ranger.services.trino.client;
-
-import org.apache.commons.io.FilenameUtils;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.ranger.plugin.client.BaseClient;
-import org.apache.ranger.plugin.client.HadoopConfigHolder;
-import org.apache.ranger.plugin.client.HadoopException;
-import org.apache.ranger.plugin.util.PasswordUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.security.auth.Subject;
-import java.io.Closeable;
-import java.security.PrivilegedAction;
-import java.sql.Connection;
-import java.sql.Driver;
-import java.sql.DriverManager;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.SQLTimeoutException;
-import java.sql.Statement;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-
-public class TrinoClient extends BaseClient implements Closeable {
- public static final String TRINO_USER_NAME_PROP = "user";
- public static final String TRINO_PASSWORD_PROP = "password";
-
- private static final Logger LOG = LoggerFactory.getLogger(TrinoClient.class);
-
- private static final String ERR_MSG = "You can still save the repository and start creating "
- + "policies, but you would not be able to use autocomplete for "
- + "resource names. Check ranger_admin.log for more info.";
-
- private Connection con;
-
- public TrinoClient(String serviceName) throws Exception {
- super(serviceName, null);
- init();
- }
-
- public TrinoClient(String serviceName, Map<String, String> properties) throws Exception {
- super(serviceName, properties);
- init();
- }
-
- private void init() throws Exception {
- Subject.doAs(getLoginSubject(), new PrivilegedAction<Void>() {
- public Void run() {
- initConnection();
- return null;
- }
- });
- }
-
- private void initConnection() {
- Properties prop = getConfigHolder().getRangerSection();
- String driverClassName = prop.getProperty("jdbc.driverClassName");
- String url = prop.getProperty("jdbc.url");
-
- Properties trinoProperties = new Properties();
- String decryptedPwd = null;
- try {
- decryptedPwd=PasswordUtils.decryptPassword(getConfigHolder().getPassword());
- } catch (Exception ex) {
- LOG.info("Password decryption failed");
- decryptedPwd = null;
- } finally {
- if (decryptedPwd == null) {
- decryptedPwd = prop.getProperty(HadoopConfigHolder.RANGER_LOGIN_PASSWORD);
- }
- }
- trinoProperties.put(TRINO_USER_NAME_PROP, prop.getProperty(HadoopConfigHolder.RANGER_LOGIN_USER_NAME_PROP));
- if (prop.getProperty(HadoopConfigHolder.RANGER_LOGIN_PASSWORD) != null) {
- trinoProperties.put(TRINO_PASSWORD_PROP, decryptedPwd);
- }
-
- if (driverClassName != null) {
- try {
- Driver driver = (Driver) Class.forName(driverClassName).newInstance();
- DriverManager.registerDriver(driver);
- } catch (SQLException e) {
- String msgDesc = "initConnection: Caught SQLException while registering"
- + " the Trino driver.";
- HadoopException hdpException = new HadoopException(msgDesc, e);
- hdpException.generateResponseDataMap(false, getMessage(e),
- msgDesc + ERR_MSG, null, null);
- throw hdpException;
- } catch (IllegalAccessException ilae) {
- String msgDesc = "initConnection: Class or its nullary constructor might not accessible.";
- HadoopException hdpException = new HadoopException(msgDesc, ilae);
- hdpException.generateResponseDataMap(false, getMessage(ilae),
- msgDesc + ERR_MSG, null, null);
- throw hdpException;
- } catch (InstantiationException ie) {
- String msgDesc = "initConnection: Class may not have its nullary constructor or "
- + "may be the instantiation fails for some other reason.";
- HadoopException hdpException = new HadoopException(msgDesc, ie);
- hdpException.generateResponseDataMap(false, getMessage(ie),
- msgDesc + ERR_MSG, null, null);
- throw hdpException;
- } catch (ExceptionInInitializerError eie) {
- String msgDesc = "initConnection: Got ExceptionInInitializerError, "
- + "The initialization provoked by this method fails.";
- HadoopException hdpException = new HadoopException(msgDesc,
- eie);
- hdpException.generateResponseDataMap(false, getMessage(eie),
- msgDesc + ERR_MSG, null, null);
- throw hdpException;
- } catch (SecurityException se) {
- String msgDesc = "initConnection: unable to initiate connection to Trino instance,"
- + " The caller's class loader is not the same as or an ancestor "
- + "of the class loader for the current class and invocation of "
- + "s.checkPackageAccess() denies access to the package of this class.";
- HadoopException hdpException = new HadoopException(msgDesc, se);
- hdpException.generateResponseDataMap(false, getMessage(se),
- msgDesc + ERR_MSG, null, null);
- throw hdpException;
- } catch (Throwable t) {
- String msgDesc = "initConnection: Unable to connect to Trino instance, "
- + "please provide valid value of field : {jdbc.driverClassName}.";
- HadoopException hdpException = new HadoopException(msgDesc, t);
- hdpException.generateResponseDataMap(false, getMessage(t),
- msgDesc + ERR_MSG, null, null);
- throw hdpException;
- }
- }
-
- try {
- con = DriverManager.getConnection(url, trinoProperties);
- } catch (SQLException e) {
- String msgDesc = "Unable to connect to Trino instance.";
- HadoopException hdpException = new HadoopException(msgDesc, e);
- hdpException.generateResponseDataMap(false, getMessage(e),
- msgDesc + ERR_MSG, null, null);
- throw hdpException;
- } catch (SecurityException se) {
- String msgDesc = "Unable to connect to Trino instance.";
- HadoopException hdpException = new HadoopException(msgDesc, se);
- hdpException.generateResponseDataMap(false, getMessage(se),
- msgDesc + ERR_MSG, null, null);
- throw hdpException;
- } catch (Throwable t) {
- String msgDesc = "initConnection: Unable to connect to Trino instance, ";
- HadoopException hdpException = new HadoopException(msgDesc, t);
- hdpException.generateResponseDataMap(false, getMessage(t),
- msgDesc + ERR_MSG, null, null);
- throw hdpException;
- }
-
- }
-
- private List<String> getCatalogs(String needle, List<String> catalogs) throws HadoopException {
- List<String> ret = new ArrayList<>();
- if (con != null) {
- Statement stat = null;
- ResultSet rs = null;
- String sql = "SHOW CATALOGS";
-
- try {
- if (needle != null && !needle.isEmpty() && !needle.equals("*")) {
- // Cannot use a prepared statement for this as trino does not support that
- sql += " LIKE '" + StringEscapeUtils.escapeSql(needle) + "%'";
- }
- stat = con.createStatement();
- rs = stat.executeQuery(sql);
- while (rs.next()) {
- String catalogName = rs.getString(1);
- if (catalogs != null && catalogs.contains(catalogName)) {
- continue;
- }
- ret.add(catalogName);
- }
- } catch (SQLTimeoutException sqlt) {
- String msgDesc = "Time Out, Unable to execute SQL [" + sql
- + "].";
- HadoopException hdpException = new HadoopException(msgDesc,
- sqlt);
- hdpException.generateResponseDataMap(false, getMessage(sqlt),
- msgDesc + ERR_MSG, null, null);
- } catch (SQLException se) {
- String msg = "Unable to execute SQL [" + sql + "]. ";
- HadoopException he = new HadoopException(msg, se);
- he.generateResponseDataMap(false, getMessage(se), msg + ERR_MSG,
- null, null);
- throw he;
- } finally {
- close(rs);
- close(stat);
- }
- }
- return ret;
- }
-
- public List<String> getCatalogList(String needle, final List<String> catalogs) throws HadoopException {
- final String ndl = needle;
- final List<String> catList = catalogs;
-
- List<String> dbs = Subject.doAs(getLoginSubject(), new PrivilegedAction<List<String>>() {
- @Override
- public List<String> run() {
- List<String> ret = null;
- try {
- ret = getCatalogs(ndl, catList);
- } catch (HadoopException he) {
- LOG.error("<== TrinoClient.getCatalogList() :Unable to get the Database List", he);
- throw he;
- }
- return ret;
- }
- });
-
- return dbs;
- }
-
- private List<String> getSchemas(String needle, List<String> catalogs, List<String> schemas) throws HadoopException {
- List<String> ret = new ArrayList<>();
- if (con != null) {
- Statement stat = null;
- ResultSet rs = null;
- String sql = null;
-
- try {
- if (catalogs != null && !catalogs.isEmpty()) {
- for (String catalog : catalogs) {
- sql = "SHOW SCHEMAS FROM \"" + StringEscapeUtils.escapeSql(catalog) + "\"";
-
- try {
- if (needle != null && !needle.isEmpty() && !needle.equals("*")) {
- sql += " LIKE '" + StringEscapeUtils.escapeSql(needle) + "%'";
- }
- stat = con.createStatement();
- rs = stat.executeQuery(sql);
- while (rs.next()) {
- String schema = rs.getString(1);
- if (schemas != null && schemas.contains(schema)) {
- continue;
- }
- ret.add(schema);
- }
- } finally {
- close(rs);
- close(stat);
- rs = null;
- stat = null;
- }
- }
- }
- } catch (SQLTimeoutException sqlt) {
- String msgDesc = "Time Out, Unable to execute SQL [" + sql
- + "].";
- HadoopException hdpException = new HadoopException(msgDesc,
- sqlt);
- hdpException.generateResponseDataMap(false, getMessage(sqlt),
- msgDesc + ERR_MSG, null, null);
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== TrinoClient.getSchemas() Error : ", sqlt);
- }
- throw hdpException;
- } catch (SQLException sqle) {
- String msgDesc = "Unable to execute SQL [" + sql + "].";
- HadoopException hdpException = new HadoopException(msgDesc,
- sqle);
- hdpException.generateResponseDataMap(false, getMessage(sqle),
- msgDesc + ERR_MSG, null, null);
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== TrinoClient.getSchemas() Error : ", sqle);
- }
- throw hdpException;
- }
- }
-
- return ret;
- }
-
- public List<String> getSchemaList(String needle, List<String> catalogs, List<String> schemas) throws HadoopException {
- final String ndl = needle;
- final List<String> cats = catalogs;
- final List<String> shms = schemas;
-
- List<String> schemaList = Subject.doAs(getLoginSubject(), new PrivilegedAction<List<String>>() {
- @Override
- public List<String> run() {
- List<String> ret = null;
- try {
- ret = getSchemas(ndl, cats, shms);
- } catch (HadoopException he) {
- LOG.error("<== TrinoClient.getSchemaList() :Unable to get the Schema List", he);
- }
- return ret;
- }
- });
-
- return schemaList;
- }
-
- private List<String> getTables(String needle, List<String> catalogs, List<String> schemas, List<String> tables) throws HadoopException {
- List<String> ret = new ArrayList<>();
- if (con != null) {
- Statement stat = null;
- ResultSet rs = null;
- String sql = null;
-
- if (catalogs != null && !catalogs.isEmpty()
- && schemas != null && !schemas.isEmpty()) {
- try {
- for (String catalog : catalogs) {
- for (String schema : schemas) {
- sql = "SHOW tables FROM \"" + StringEscapeUtils.escapeSql(catalog) + "\".\"" + StringEscapeUtils.escapeSql(schema) + "\"";
- try {
- if (needle != null && !needle.isEmpty() && !needle.equals("*")) {
- sql += " LIKE '" + StringEscapeUtils.escapeSql(needle) + "%'";
- }
- stat = con.createStatement();
- rs = stat.executeQuery(sql);
- while (rs.next()) {
- String table = rs.getString(1);
- if (tables != null && tables.contains(table)) {
- continue;
- }
- ret.add(table);
- }
- } finally {
- close(rs);
- close(stat);
- rs = null;
- stat = null;
- }
- }
- }
- } catch (SQLTimeoutException sqlt) {
- String msgDesc = "Time Out, Unable to execute SQL [" + sql
- + "].";
- HadoopException hdpException = new HadoopException(msgDesc,
- sqlt);
- hdpException.generateResponseDataMap(false, getMessage(sqlt),
- msgDesc + ERR_MSG, null, null);
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== TrinoClient.getTables() Error : ", sqlt);
- }
- throw hdpException;
- } catch (SQLException sqle) {
- String msgDesc = "Unable to execute SQL [" + sql + "].";
- HadoopException hdpException = new HadoopException(msgDesc,
- sqle);
- hdpException.generateResponseDataMap(false, getMessage(sqle),
- msgDesc + ERR_MSG, null, null);
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== TrinoClient.getTables() Error : ", sqle);
- }
- throw hdpException;
- }
- }
- }
- return ret;
- }
-
- public List<String> getTableList(String needle, List<String> catalogs, List<String> schemas, List<String> tables) throws HadoopException {
- final String ndl = needle;
- final List<String> cats = catalogs;
- final List<String> shms = schemas;
- final List<String> tbls = tables;
-
- List<String> tableList = Subject.doAs(getLoginSubject(), new PrivilegedAction<List<String>>() {
- @Override
- public List<String> run() {
- List<String> ret = null;
- try {
- ret = getTables(ndl, cats, shms, tbls);
- } catch (HadoopException he) {
- LOG.error("<== TrinoClient.getTableList() :Unable to get the Column List", he);
- throw he;
- }
- return ret;
- }
- });
-
- return tableList;
- }
-
- private List<String> getColumns(String needle, List<String> catalogs, List<String> schemas, List<String> tables, List<String> columns) throws HadoopException {
- List<String> ret = new ArrayList<>();
- if (con != null) {
- String regex = null;
- ResultSet rs = null;
- String sql = null;
- Statement stat = null;
-
- if (needle != null && !needle.isEmpty()) {
- regex = needle;
- }
-
- if (catalogs != null && !catalogs.isEmpty()
- && schemas != null && !schemas.isEmpty()
- && tables != null && !tables.isEmpty()) {
- try {
- for (String catalog : catalogs) {
- for (String schema : schemas) {
- for (String table : tables) {
- sql = "SHOW COLUMNS FROM \"" + StringEscapeUtils.escapeSql(catalog) + "\"." +
- "\"" + StringEscapeUtils.escapeSql(schema) + "\"." +
- "\"" + StringEscapeUtils.escapeSql(table) + "\"";
-
- try {
- stat = con.createStatement();
- rs = stat.executeQuery(sql);
- while (rs.next()) {
- String column = rs.getString(1);
- if (columns != null && columns.contains(column)) {
- continue;
- }
- if (regex == null) {
- ret.add(column);
- } else if (FilenameUtils.wildcardMatch(column, regex)) {
- ret.add(column);
- }
- }
- } finally {
- close(rs);
- close(stat);
- stat = null;
- rs = null;
- }
- }
- }
- }
- } catch (SQLTimeoutException sqlt) {
- String msgDesc = "Time Out, Unable to execute SQL [" + sql
- + "].";
- HadoopException hdpException = new HadoopException(msgDesc,
- sqlt);
- hdpException.generateResponseDataMap(false, getMessage(sqlt),
- msgDesc + ERR_MSG, null, null);
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== TrinoClient.getColumns() Error : ", sqlt);
- }
- throw hdpException;
- } catch (SQLException sqle) {
- String msgDesc = "Unable to execute SQL [" + sql + "].";
- HadoopException hdpException = new HadoopException(msgDesc,
- sqle);
- hdpException.generateResponseDataMap(false, getMessage(sqle),
- msgDesc + ERR_MSG, null, null);
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== TrinoClient.getColumns() Error : ", sqle);
- }
- throw hdpException;
- }
- }
- }
- return ret;
- }
-
- public List<String> getColumnList(String needle, List<String> catalogs, List<String> schemas, List<String> tables, List<String> columns) throws HadoopException {
- final String ndl = needle;
- final List<String> cats = catalogs;
- final List<String> shms = schemas;
- final List<String> tbls = tables;
- final List<String> cols = columns;
-
- List<String> columnList = Subject.doAs(getLoginSubject(), new PrivilegedAction<List<String>>() {
- @Override
- public List<String> run() {
- List<String> ret = null;
- try {
- ret = getColumns(ndl, cats, shms, tbls, cols);
- } catch (HadoopException he) {
- LOG.error("<== TrinoClient.getColumnList() :Unable to get the Column List", he);
- throw he;
- }
- return ret;
- }
- });
- return columnList;
- }
-
- public static Map<String, Object> connectionTest(String serviceName,
- Map<String, String> connectionProperties)
- throws Exception {
- TrinoClient client = null;
- Map<String, Object> resp = new HashMap<String, Object>();
-
- boolean status = false;
-
- List<String> testResult = null;
-
- try {
- client = new TrinoClient(serviceName, connectionProperties);
- if (client != null) {
- testResult = client.getCatalogList("*", null);
- if (testResult != null && testResult.size() != 0) {
- status = true;
- }
- }
-
- if (status) {
- String msg = "Connection test successful";
- generateResponseDataMap(status, msg, msg, null, null, resp);
- }
- } catch (Exception e) {
- throw e;
- } finally {
- if (client != null) {
- client.close();
- }
- }
-
- return resp;
- }
-
- public void close() {
- Subject.doAs(getLoginSubject(), new PrivilegedAction<Void>() {
- public Void run() {
- close(con);
- return null;
- }
- });
- }
-
- private void close(Connection con) {
- try {
- if (con != null) {
- con.close();
- }
- } catch (SQLException e) {
- LOG.error("Unable to close Trino SQL connection", e);
- }
- }
-
- public void close(Statement stat) {
- try {
- if (stat != null) {
- stat.close();
- }
- } catch (SQLException e) {
- LOG.error("Unable to close SQL statement", e);
- }
- }
-
- public void close(ResultSet rs) {
- try {
- if (rs != null) {
- rs.close();
- }
- } catch (SQLException e) {
- LOG.error("Unable to close ResultSet", e);
- }
- }
-}
diff --git a/plugin-trino/src/main/java/org/apache/ranger/services/trino/client/TrinoConnectionManager.java b/plugin-trino/src/main/java/org/apache/ranger/services/trino/client/TrinoConnectionManager.java
deleted file mode 100644
index 6afd8f417..000000000
--- a/plugin-trino/src/main/java/org/apache/ranger/services/trino/client/TrinoConnectionManager.java
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.ranger.services.trino.client;
-
-import org.apache.ranger.plugin.util.TimedEventUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.util.Map;
-import java.util.concurrent.Callable;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
-import java.util.concurrent.TimeUnit;
-
-public class TrinoConnectionManager {
- private static final Logger LOG = LoggerFactory.getLogger(TrinoConnectionManager.class);
-
- protected ConcurrentMap<String, TrinoClient> trinoConnectionCache;
- protected ConcurrentMap<String, Boolean> repoConnectStatusMap;
-
- public TrinoConnectionManager() {
- trinoConnectionCache = new ConcurrentHashMap<>();
- repoConnectStatusMap = new ConcurrentHashMap<>();
- }
-
- public TrinoClient getTrinoConnection(final String serviceName, final String serviceType, final Map<String, String> configs) {
- TrinoClient trinoClient = null;
-
- if (serviceType != null) {
- trinoClient = trinoConnectionCache.get(serviceName);
- if (trinoClient == null) {
- if (configs != null) {
- final Callable<TrinoClient> connectTrino = new Callable<TrinoClient>() {
- @Override
- public TrinoClient call() throws Exception {
- return new TrinoClient(serviceName, configs);
- }
- };
- try {
- trinoClient = TimedEventUtil.timedTask(connectTrino, 5, TimeUnit.SECONDS);
- } catch (Exception e) {
- LOG.error("Error connecting to Trino repository: " +
- serviceName + " using config: " + configs, e);
- }
-
- TrinoClient oldClient = null;
- if (trinoClient != null) {
- oldClient = trinoConnectionCache.putIfAbsent(serviceName, trinoClient);
- } else {
- oldClient = trinoConnectionCache.get(serviceName);
- }
-
- if (oldClient != null) {
- if (trinoClient != null) {
- trinoClient.close();
- }
- trinoClient = oldClient;
- }
- repoConnectStatusMap.put(serviceName, true);
- } else {
- LOG.error("Connection Config not defined for asset :"
- + serviceName, new Throwable());
- }
- } else {
- try {
- trinoClient.getCatalogList("*", null);
- } catch (Exception e) {
- trinoConnectionCache.remove(serviceName);
- trinoClient.close();
- trinoClient = getTrinoConnection(serviceName, serviceType, configs);
- }
- }
- } else {
- LOG.error("Asset not found with name " + serviceName, new Throwable());
- }
- return trinoClient;
- }
-}
diff --git a/plugin-trino/src/main/java/org/apache/ranger/services/trino/client/TrinoResourceManager.java b/plugin-trino/src/main/java/org/apache/ranger/services/trino/client/TrinoResourceManager.java
deleted file mode 100644
index 2d32068a6..000000000
--- a/plugin-trino/src/main/java/org/apache/ranger/services/trino/client/TrinoResourceManager.java
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.ranger.services.trino.client;
-
-import org.apache.ranger.plugin.service.ResourceLookupContext;
-import org.apache.ranger.plugin.util.TimedEventUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.util.List;
-import java.util.Map;
-import java.util.concurrent.Callable;
-import java.util.concurrent.TimeUnit;
-
-public class TrinoResourceManager {
- private static final Logger LOG = LoggerFactory.getLogger(TrinoResourceManager.class);
-
- private static final String CATALOG = "catalog";
- private static final String SCHEMA = "schema";
- private static final String TABLE = "table";
- private static final String COLUMN = "column";
-
-
- public static Map<String, Object> connectionTest(String serviceName, Map<String, String> configs) throws Exception {
- Map<String, Object> ret = null;
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("==> TrinoResourceManager.connectionTest() ServiceName: " + serviceName + " Configs: " + configs);
- }
-
- try {
- ret = TrinoClient.connectionTest(serviceName, configs);
- } catch (Exception e) {
- LOG.error("<== TrinoResourceManager.connectionTest() Error: " + e);
- throw e;
- }
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== TrinoResourceManager.connectionTest() Result : " + ret);
- }
-
- return ret;
- }
-
- public static List<String> getTrinoResources(String serviceName, String serviceType, Map<String, String> configs, ResourceLookupContext context) throws Exception {
-
- String userInput = context.getUserInput();
- String resource = context.getResourceName();
- Map<String, List<String>> resourceMap = context.getResources();
- List<String> resultList = null;
- List<String> catalogList = null;
- List<String> schemaList = null;
- List<String> tableList = null;
- List<String> columnList = null;
- String catalogName = null;
- String schemaName = null;
- String tableName = null;
- String columnName = null;
-
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("<== TrinoResourceMgr.getTrinoResources() UserInput: \"" + userInput + "\" resource : " + resource + " resourceMap: " + resourceMap);
- }
-
- if (userInput != null && resource != null) {
- if (resourceMap != null && !resourceMap.isEmpty()) {
- catalogList = resourceMap.get(CATALOG);
- schemaList = resourceMap.get(SCHEMA);
- tableList = resourceMap.get(TABLE);
- columnList = resourceMap.get(COLUMN);
- }
- switch (resource.trim().toLowerCase()) {
- case CATALOG:
- catalogName = userInput;
- break;
- case SCHEMA:
- schemaName = userInput;
- case TABLE:
- tableName = userInput;
- break;
- case COLUMN:
- columnName = userInput;
- break;
- default:
- break;
- }
- }
-
- if (serviceName != null && userInput != null) {
- try {
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("==> TrinoResourceManager.getTrinoResources() UserInput: \"" + userInput + "\" configs: " + configs + " catalogList: " + catalogList + " tableList: "
- + tableList + " columnList: " + columnList);
- }
-
- final TrinoClient trinoClient = new TrinoConnectionManager().getTrinoConnection(serviceName, serviceType, configs);
-
- Callable<List<String>> callableObj = null;
-
- final String finalCatalogName;
- final String finalSchemaName;
- final String finalTableName;
- final String finalColumnName;
-
- final List<String> finalCatalogList = catalogList;
- final List<String> finalSchemaList = schemaList;
- final List<String> finalTableList = tableList;
- final List<String> finalColumnList = columnList;
-
- if (trinoClient != null) {
- if (catalogName != null && !catalogName.isEmpty()) {
- finalCatalogName = catalogName;
- callableObj = new Callable<List<String>>() {
- @Override
- public List<String> call() throws Exception {
- return trinoClient.getCatalogList(finalCatalogName, finalCatalogList);
- }
- };
- } else if (schemaName != null && !schemaName.isEmpty()) {
- finalSchemaName = schemaName;
- callableObj = new Callable<List<String>>() {
- @Override
- public List<String> call() throws Exception {
- return trinoClient.getSchemaList(finalSchemaName, finalCatalogList, finalSchemaList);
- }
- };
- } else if (tableName != null && !tableName.isEmpty()) {
- finalTableName = tableName;
- callableObj = new Callable<List<String>>() {
- @Override
- public List<String> call() throws Exception {
- return trinoClient.getTableList(finalTableName, finalCatalogList, finalSchemaList, finalTableList);
- }
- };
- } else if (columnName != null && !columnName.isEmpty()) {
- // Column names are matched by the wildcardmatcher
- columnName += "*";
- finalColumnName = columnName;
- callableObj = new Callable<List<String>>() {
- @Override
- public List<String> call() throws Exception {
- return trinoClient.getColumnList(finalColumnName, finalCatalogList, finalSchemaList, finalTableList, finalColumnList);
- }
- };
- }
- if (callableObj != null) {
- synchronized (trinoClient) {
- resultList = TimedEventUtil.timedTask(callableObj, 5, TimeUnit.SECONDS);
- }
- } else {
- LOG.error("Could not initiate a TrinoClient timedTask");
- }
- }
- } catch (Exception e) {
- LOG.error("Unable to get Trino resource", e);
- throw e;
- }
- }
- return resultList;
- }
-}
diff --git a/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerAdminClientImpl.java b/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerAdminClientImpl.java
deleted file mode 100644
index af74fc642..000000000
--- a/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerAdminClientImpl.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ranger.authorization.trino.authorizer;
-
-import org.apache.ranger.admin.client.AbstractRangerAdminClient;
-import org.apache.ranger.plugin.util.ServicePolicies;
-
-import java.io.File;
-import java.nio.file.FileSystems;
-import java.nio.file.Files;
-
-public class RangerAdminClientImpl extends AbstractRangerAdminClient {
- private final static String cacheFilename = "trino-policies.json";
-
- public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception {
-
- String basedir = System.getProperty("basedir");
- if (basedir == null) {
- basedir = new File(".").getCanonicalPath();
- }
-
- java.nio.file.Path cachePath = FileSystems.getDefault().getPath(basedir, "/src/test/resources/" + cacheFilename);
- byte[] cacheBytes = Files.readAllBytes(cachePath);
-
- return gson.fromJson(new String(cacheBytes), ServicePolicies.class);
- }
-
-}
\ No newline at end of file
diff --git a/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java b/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
deleted file mode 100644
index d6c637e5a..000000000
--- a/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ranger.authorization.trino.authorizer;
-
-import com.google.common.collect.ImmutableSet;
-import io.trino.spi.connector.CatalogSchemaName;
-import io.trino.spi.connector.CatalogSchemaRoutineName;
-import io.trino.spi.connector.CatalogSchemaTableName;
-import io.trino.spi.connector.SchemaTableName;
-import io.trino.spi.security.AccessDeniedException;
-import io.trino.spi.security.Identity;
-import io.trino.spi.security.TrinoPrincipal;
-import io.trino.spi.security.SystemSecurityContext;
-
-import static io.trino.spi.security.PrincipalType.USER;
-import static io.trino.spi.security.Privilege.SELECT;
-import static org.junit.Assert.*;
-
-import io.trino.spi.security.ViewExpression;
-import io.trino.spi.type.VarcharType;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import javax.security.auth.kerberos.KerberosPrincipal;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Optional;
-import java.util.Set;
-
-public class RangerSystemAccessControlTest {
- static RangerSystemAccessControl accessControlManager = null;
-
- private static final Identity alice = Identity.ofUser("alice");
- private static final Identity admin = Identity.ofUser("admin");
- //private static final Identity aliceWithGroups = Identity.from(alice).withGroups(new HashSet(Arrays.asList("users", "friends"))).build();
- //private static final Identity kerberosValidAlice = Identity.from(alice).withPrincipal(new KerberosPrincipal("alice/example.com@EXAMPLE.COM")).build();
- //private static final Identity kerberosValidNonAsciiUser = Identity.forUser("\u0194\u0194\u0194").withPrincipal(new KerberosPrincipal("\u0194\u0194\u0194/example.com@EXAMPLE.COM")).build();
- private static final Identity kerberosInvalidAlice = Identity.from(alice).withPrincipal(new KerberosPrincipal("mallory/example.com@EXAMPLE.COM")).build();
- private static final Identity bob = Identity.ofUser("bob");
- //private static final Identity nonAsciiUser = Identity.ofUser("\u0194\u0194\u0194");
-
- private static final Set<String> allCatalogs = ImmutableSet.of("open-to-all", "all-allowed", "alice-catalog");
- private static final Set<String> queryOwners = ImmutableSet.of("bob", "alice", "frank");
- private static final String aliceCatalog = "alice-catalog";
- private static final CatalogSchemaName aliceSchema = new CatalogSchemaName("alice-catalog", "schema");
- private static final CatalogSchemaTableName aliceTable = new CatalogSchemaTableName("alice-catalog", "schema","table");
- private static final CatalogSchemaTableName aliceView = new CatalogSchemaTableName("alice-catalog", "schema","view");
-
- private static final CatalogSchemaRoutineName aliceProcedure = new CatalogSchemaRoutineName("alice-catalog", "schema", "procedure");
- private static final String functionName = new String("function");
-
- @BeforeClass
- public static void setUpBeforeClass() throws Exception {
- Map<String, String> config = new HashMap<>();
- accessControlManager = new RangerSystemAccessControl(config);
- }
-
- @Test
- @SuppressWarnings("PMD")
- public void testCanSetUserOperations() {
- try {
- accessControlManager.checkCanImpersonateUser(context(alice), bob.getUser());
- throw new AssertionError("expected AccessDeniedExeption");
- }
- catch (AccessDeniedException expected) {
- }
-
- accessControlManager.checkCanImpersonateUser(context(admin), bob.getUser());
-
- try {
- accessControlManager.checkCanImpersonateUser(context(kerberosInvalidAlice), bob.getUser());
- throw new AssertionError("expected AccessDeniedExeption");
- }
- catch (AccessDeniedException expected) {
- }
-
- }
-
- @Test
- public void testCatalogOperations()
- {
- assertEquals(accessControlManager.filterCatalogs(context(alice), allCatalogs), allCatalogs);
- Set<String> bobCatalogs = ImmutableSet.of("open-to-all", "all-allowed");
- assertEquals(accessControlManager.filterCatalogs(context(bob), allCatalogs), bobCatalogs);
- //Set<String> nonAsciiUserCatalogs = ImmutableSet.of("open-to-all", "all-allowed", "\u0200\u0200\u0200");
- //assertEquals(accessControlManager.filterCatalogs(context(nonAsciiUser), allCatalogs), nonAsciiUserCatalogs);
- }
-
- @Test
- @SuppressWarnings("PMD")
- public void testSchemaOperations()
- {
-
- Set<String> aliceSchemas = ImmutableSet.of("schema");
- assertEquals(accessControlManager.filterSchemas(context(alice), aliceCatalog, aliceSchemas), aliceSchemas);
- assertEquals(accessControlManager.filterSchemas(context(bob), "alice-catalog", aliceSchemas), ImmutableSet.of());
-
- accessControlManager.checkCanCreateSchema(context(alice), aliceSchema);
- accessControlManager.checkCanDropSchema(context(alice), aliceSchema);
- accessControlManager.checkCanRenameSchema(context(alice), aliceSchema, "new-schema");
- accessControlManager.checkCanShowSchemas(context(alice), aliceCatalog);
-
- try {
- accessControlManager.checkCanCreateSchema(context(bob), aliceSchema);
- } catch (AccessDeniedException expected) {
- }
-
- accessControlManager.checkCanSetSchemaAuthorization(context(alice), aliceSchema, new TrinoPrincipal(USER, "principal"));
- accessControlManager.checkCanShowCreateSchema(context(alice), aliceSchema);
- }
-
- @Test
- @SuppressWarnings("PMD")
- public void testTableOperations()
- {
- Set<SchemaTableName> aliceTables = ImmutableSet.of(new SchemaTableName("schema", "table"));
- assertEquals(accessControlManager.filterTables(context(alice), aliceCatalog, aliceTables), aliceTables);
- assertEquals(accessControlManager.filterTables(context(bob), "alice-catalog", aliceTables), ImmutableSet.of());
-
- accessControlManager.checkCanCreateTable(context(alice), aliceTable,Map.of());
- accessControlManager.checkCanDropTable(context(alice), aliceTable);
- accessControlManager.checkCanSelectFromColumns(context(alice), aliceTable, ImmutableSet.of());
- accessControlManager.checkCanInsertIntoTable(context(alice), aliceTable);
- accessControlManager.checkCanDeleteFromTable(context(alice), aliceTable);
- accessControlManager.checkCanRenameColumn(context(alice), aliceTable);
-
-
- try {
- accessControlManager.checkCanCreateTable(context(bob), aliceTable,Map.of());
- } catch (AccessDeniedException expected) {
- }
- }
-
- @Test
- @SuppressWarnings("PMD")
- public void testViewOperations()
- {
- accessControlManager.checkCanCreateView(context(alice), aliceView);
- accessControlManager.checkCanDropView(context(alice), aliceView);
- accessControlManager.checkCanSelectFromColumns(context(alice), aliceView, ImmutableSet.of());
- accessControlManager.checkCanCreateViewWithSelectFromColumns(context(alice), aliceTable, ImmutableSet.of());
- accessControlManager.checkCanCreateViewWithSelectFromColumns(context(alice), aliceView, ImmutableSet.of());
- accessControlManager.checkCanSetCatalogSessionProperty(context(alice), aliceCatalog, "property");
- accessControlManager.checkCanGrantTablePrivilege(context(alice), SELECT, aliceTable, new TrinoPrincipal(USER, "grantee"), true);
- accessControlManager.checkCanRevokeTablePrivilege(context(alice), SELECT, aliceTable, new TrinoPrincipal(USER, "revokee"), true);
-
- try {
- accessControlManager.checkCanCreateView(context(bob), aliceView);
- } catch (AccessDeniedException expected) {
- }
- }
-
- @Test
- @SuppressWarnings("PMD")
- public void testMisc()
- {
- assertEquals(accessControlManager.filterViewQueryOwnedBy(context(alice), queryOwners), queryOwners);
-
- // check {type} / {col} replacement
- final VarcharType varcharType = VarcharType.createVarcharType(20);
-
- Optional<ViewExpression> ret = accessControlManager.getColumnMask(context(alice), aliceTable, "cast_me", varcharType);
- assertNotNull(ret.get());
- assertEquals(ret.get().getExpression(), "cast cast_me as varchar(20)");
-
- ret = accessControlManager.getColumnMask(context(alice), aliceTable,"do-not-cast-me", varcharType);
- assertFalse(ret.isPresent());
-
- ret = accessControlManager.getRowFilter(context(alice), aliceTable);
- assertFalse(ret.isPresent());
-
- accessControlManager.checkCanExecuteFunction(context(alice), functionName);
- accessControlManager.checkCanGrantExecuteFunctionPrivilege(context(alice), functionName, new TrinoPrincipal(USER, "grantee"), true);
- accessControlManager.checkCanExecuteProcedure(context(alice), aliceProcedure);
- }
-
- private SystemSecurityContext context(Identity id) {
- return new SystemSecurityContext(id, Optional.empty());
- }
-}
\ No newline at end of file
diff --git a/plugin-trino/src/test/resources/logback.xml b/plugin-trino/src/test/resources/logback.xml
deleted file mode 100644
index 4e991c3f2..000000000
--- a/plugin-trino/src/test/resources/logback.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<configuration>
- <appender name="console" class="ch.qos.logback.core.ConsoleAppender">
- <Target>System.out</Target>
- <encoder>
- <pattern>%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p - %m%n</pattern>
- </encoder>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- </appender>
- <root level="INFO">
- <appender-ref ref="console"/>
- </root>
-</configuration>
diff --git a/plugin-trino/src/test/resources/ranger-trino-security.xml b/plugin-trino/src/test/resources/ranger-trino-security.xml
deleted file mode 100644
index ecc467b32..000000000
--- a/plugin-trino/src/test/resources/ranger-trino-security.xml
+++ /dev/null
@@ -1,52 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
- <property>
- <name>ranger.plugin.trino.service.name</name>
- <value>cl1_trino</value>
- <description>
- Name of the Ranger service containing policies for this SampleApp instance
- </description>
- </property>
-
- <property>
- <name>ranger.plugin.trino.policy.source.impl</name>
- <value>org.apache.ranger.authorization.trino.authorizer.RangerAdminClientImpl</value>
- <description>
- Policy source.
- </description>
- </property>
-
- <property>
- <name>ranger.plugin.trino.policy.pollIntervalMs</name>
- <value>30000</value>
- <description>
- How often to poll for changes in policies?
- </description>
- </property>
-
- <property>
- <name>ranger.plugin.trino.policy.cache.dir</name>
- <value>${project.build.directory}</value>
- <description>
- Directory where Ranger policies are cached after successful retrieval from the source
- </description>
- </property>
-
-</configuration>
diff --git a/plugin-trino/src/test/resources/trino-policies.json b/plugin-trino/src/test/resources/trino-policies.json
deleted file mode 100644
index 14f16887d..000000000
--- a/plugin-trino/src/test/resources/trino-policies.json
+++ /dev/null
@@ -1,1214 +0,0 @@
-{
- "serviceName": "cl1_trino",
- "serviceId": 203,
- "policyUpdateTime": "20180304-09:49:38.000-+0000",
- "policies": [
- {
- "service": "cl1_trino",
- "name": "checkCanImpersonateUser",
- "policyType": 0,
- "policyPriority": 0,
- "description": "",
- "isAuditEnabled": true,
- "resources": {
- "trinouser": {
- "values": [
- "bob"
- ],
- "isExcludes": false,
- "isRecursive": false
- }
- },
- "policyItems": [
- {
- "accesses": [
- {
- "type": "impersonate",
- "isAllowed": true
- }
- ],
- "users": [
- "admin"
- ],
- "groups": [],
- "roles": [],
- "conditions": [],
- "delegateAdmin": false
- }
- ],
- "denyPolicyItems": [],
- "allowExceptions": [],
- "denyExceptions": [],
- "dataMaskPolicyItems": [],
- "rowFilterPolicyItems": [],
- "serviceType": "trino",
- "options": {},
- "validitySchedules": [],
- "policyLabels": [],
- "zoneName": "",
- "isDenyAllElse": false,
- "id": 51,
- "guid": "7ab96b62-6fd3-4193-bf49-af462c25784d",
- "isEnabled": true,
- "version": 1
- },
- {
- "service": "cl1_trino",
- "name": "checkFunction",
- "policyType": 0,
- "policyPriority": 0,
- "description": "",
- "isAuditEnabled": true,
- "resources": {
- "function": {
- "values": [
- "function"
- ],
- "isExcludes": false,
- "isRecursive": false
- }
- },
- "policyItems": [
- {
- "accesses": [
- {
- "type": "execute",
- "isAllowed": true
- },
- {
- "type": "grant",
- "isAllowed": true
- }
- ],
- "users": [
- "alice"
- ],
- "groups": [],
- "roles": [],
- "conditions": [],
- "delegateAdmin": false
- }
- ],
- "denyPolicyItems": [],
- "allowExceptions": [],
- "denyExceptions": [],
- "dataMaskPolicyItems": [],
- "rowFilterPolicyItems": [],
- "serviceType": "trino",
- "options": {},
- "validitySchedules": [],
- "policyLabels": [],
- "zoneName": "",
- "isDenyAllElse": false,
- "id": 51,
- "guid": "7ab96b62-6fd3-4193-bf49-af462c25784d",
- "isEnabled": true,
- "version": 1
- },
- {
- "service": "cl1_trino",
- "name": "alice-schema",
- "policyType": 0,
- "policyPriority": 0,
- "description": "",
- "isAuditEnabled": true,
- "resources": {
- "schema": {
- "values": [
- "schema"
- ],
- "isExcludes": false,
- "isRecursive": false
- },
- "catalog": {
- "values": [
- "alice-catalog"
- ],
- "isExcludes": false,
- "isRecursive": false
- }
- },
- "policyItems": [
- {
- "accesses": [
- {
- "type": "select",
- "isAllowed": true
- },
- {
- "type": "insert",
- "isAllowed": true
- },
- {
- "type": "create",
- "isAllowed": true
- },
- {
- "type": "drop",
- "isAllowed": true
- },
- {
- "type": "alter",
- "isAllowed": true
- },
- {
- "type": "show",
- "isAllowed": true
- },
- {
- "type": "grant",
- "isAllowed": true
- }
- ],
- "users": [
- "alice"
- ],
- "groups": [],
- "roles": [],
- "conditions": [],
- "delegateAdmin": false
- }
- ],
- "denyPolicyItems": [],
- "allowExceptions": [],
- "denyExceptions": [],
- "dataMaskPolicyItems": [],
- "rowFilterPolicyItems": [],
- "serviceType": "trino",
- "options": {},
- "validitySchedules": [],
- "policyLabels": [],
- "zoneName": "",
- "isDenyAllElse": false,
- "id": 52,
- "guid": "11b10138-34c3-4e11-8beb-56a10334a375",
- "isEnabled": true,
- "version": 1
- },
- {
- "service": "cl1_trino",
- "name": "alice-catalog",
- "policyType": 0,
- "policyPriority": 0,
- "description": "",
- "isAuditEnabled": true,
- "resources": {
- "catalog": {
- "values": [
- "alice-catalog"
- ],
- "isExcludes": false,
- "isRecursive": false
- }
- },
- "policyItems": [
- {
- "accesses": [
- {
- "type": "select",
- "isAllowed": true
- },
- {
- "type": "insert",
- "isAllowed": true
- },
- {
- "type": "create",
- "isAllowed": true
- },
- {
- "type": "drop",
- "isAllowed": true
- },
- {
- "type": "use",
- "isAllowed": true
- },
- {
- "type": "alter",
- "isAllowed": true
- },
- {
- "type": "show",
- "isAllowed": true
- }
- ],
- "users": [
- "alice"
- ],
- "groups": [],
- "roles": [],
- "conditions": [],
- "delegateAdmin": false
- }
- ],
- "denyPolicyItems": [],
- "allowExceptions": [],
- "denyExceptions": [],
- "dataMaskPolicyItems": [],
- "rowFilterPolicyItems": [],
- "serviceType": "trino",
- "options": {},
- "validitySchedules": [],
- "policyLabels": [],
- "zoneName": "",
- "isDenyAllElse": false,
- "id": 53,
- "guid": "60207d91-7fd7-424e-8e6f-88d803297b6a",
- "isEnabled": true,
- "version": 2
- },
- {
- "service": "cl1_trino",
- "name": "alice-table",
- "policyType": 0,
- "policyPriority": 0,
- "description": "",
- "isAuditEnabled": true,
- "resources": {
- "schema": {
- "values": [
- "schema"
- ],
- "isExcludes": false,
- "isRecursive": false
- },
- "catalog": {
- "values": [
- "alice-catalog"
- ],
- "isExcludes": false,
- "isRecursive": false
- },
- "table": {
- "values": [
- "table",
- "alice"
- ],
- "isExcludes": false,
- "isRecursive": false
- }
- },
- "policyItems": [
- {
- "accesses": [
- {
- "type": "select",
- "isAllowed": true
- },
- {
- "type": "insert",
- "isAllowed": true
- },
- {
- "type": "drop",
- "isAllowed": true
- },
- {
- "type": "delete",
- "isAllowed": true
- },
- {
- "type": "alter",
- "isAllowed": true
- },
- {
- "type": "grant",
- "isAllowed": true
- },
- {
- "type": "revoke",
- "isAllowed": true
- }
- ],
- "users": [
- "alice"
- ],
- "groups": [],
- "roles": [],
- "conditions": [],
- "delegateAdmin": false
- }
- ],
- "denyPolicyItems": [],
- "allowExceptions": [],
- "denyExceptions": [],
- "dataMaskPolicyItems": [],
- "rowFilterPolicyItems": [],
- "serviceType": "trino",
- "options": {},
- "validitySchedules": [],
- "policyLabels": [],
- "zoneName": "",
- "isDenyAllElse": false,
- "id": 55,
- "guid": "b47e1c19-a05f-41f8-94ef-f86c14076ad9",
- "isEnabled": true,
- "version": 2
- },
- {
- "service": "cl1_trino",
- "name": "alice-procedure",
- "policyType": 0,
- "policyPriority": 0,
- "description": "",
- "isAuditEnabled": true,
- "resources": {
- "schema": {
- "values": [
- "schema"
- ],
- "isExcludes": false,
- "isRecursive": false
- },
- "catalog": {
- "values": [
- "alice-catalog"
- ],
- "isExcludes": false,
- "isRecursive": false
- },
- "procedure": {
- "values": [
- "procedure"
- ],
- "isExcludes": false,
- "isRecursive": false
- }
- },
- "policyItems": [
- {
- "accesses": [
- {
- "type": "execute",
- "isAllowed": true
- }
- ],
- "users": [
- "alice"
- ],
- "groups": [],
- "roles": [],
- "conditions": [],
- "delegateAdmin": false
- }
- ],
- "denyPolicyItems": [],
- "allowExceptions": [],
- "denyExceptions": [],
- "dataMaskPolicyItems": [],
- "rowFilterPolicyItems": [],
- "serviceType": "trino",
- "options": {},
- "validitySchedules": [],
- "policyLabels": [],
- "zoneName": "",
- "isDenyAllElse": false,
- "id": 55,
- "guid": "b47e1c19-a05f-41f8-94ef-f86c14076ad9",
- "isEnabled": true,
- "version": 2
- },
- {
- "service": "cl1_trino",
- "name": "alice-view",
- "policyType": 0,
- "policyPriority": 0,
- "description": "",
- "isAuditEnabled": true,
- "resources": {
- "schema": {
- "values": [
- "schema"
- ],
- "isExcludes": false,
- "isRecursive": false
- },
- "catalog": {
- "values": [
- "alice-catalog"
- ],
- "isExcludes": false,
- "isRecursive": false
- },
- "table": {
- "values": [
- "view"
- ],
- "isExcludes": false,
- "isRecursive": false
- }
- },
- "policyItems": [
- {
- "accesses": [
- {
- "type": "select",
- "isAllowed": true
- },
- {
- "type": "drop",
- "isAllowed": true
- }
- ],
- "users": [
- "alice"
- ],
- "groups": [],
- "roles": [],
- "conditions": [],
- "delegateAdmin": false
- }
- ],
- "denyPolicyItems": [],
- "allowExceptions": [],
- "denyExceptions": [],
- "dataMaskPolicyItems": [],
- "rowFilterPolicyItems": [],
- "serviceType": "trino",
- "options": {},
- "validitySchedules": [],
- "policyLabels": [],
- "zoneName": "",
- "isDenyAllElse": false,
- "id": 56,
- "guid": "91335d40-0bcf-4515-89ed-74531df970c7",
- "isEnabled": true,
- "version": 1
- },
- {
- "service": "cl1_trino",
- "name": "alice-session-property",
- "policyType": 0,
- "policyPriority": 0,
- "description": "",
- "isAuditEnabled": true,
- "resources": {
- "sessionproperty": {
- "values": [
- "property"
- ],
- "isExcludes": false,
- "isRecursive": false
- },
- "catalog": {
- "values": [
- "alice-catalog"
- ],
- "isExcludes": false,
- "isRecursive": false
- }
- },
- "policyItems": [
- {
- "accesses": [
- {
- "type": "show",
- "isAllowed": true
- },
- {
- "type": "alter",
- "isAllowed": true
- }
- ],
- "users": [
- "alice"
- ],
- "groups": [],
- "roles": [],
- "conditions": [],
- "delegateAdmin": false
- }
- ],
- "denyPolicyItems": [],
- "allowExceptions": [],
- "denyExceptions": [],
- "dataMaskPolicyItems": [],
- "rowFilterPolicyItems": [],
- "serviceType": "trino",
- "options": {},
- "validitySchedules": [],
- "policyLabels": [],
- "zoneName": "",
- "isDenyAllElse": false,
- "id": 57,
- "guid": "b5a30229-89b2-456a-83d4-7d64e8b8b6bf",
- "isEnabled": true,
- "version": 1
- },
- {
- "service": "cl1_trino",
- "name": "open-to-all",
- "policyType": 0,
- "policyPriority": 0,
- "description": "",
- "isAuditEnabled": true,
- "resources": {
- "catalog": {
- "values": [
- "open-to-all",
- "all-allowed"
- ],
- "isExcludes": false,
- "isRecursive": false
- }
- },
- "policyItems": [
- {
- "accesses": [
- {
- "type": "select",
- "isAllowed": true
- }
- ],
- "users": [
- "{USER}"
- ],
- "groups": [],
- "roles": [],
- "conditions": [],
- "delegateAdmin": false
- }
- ],
- "denyPolicyItems": [],
- "allowExceptions": [],
- "denyExceptions": [],
- "dataMaskPolicyItems": [],
- "rowFilterPolicyItems": [],
- "serviceType": "trino",
- "options": {},
- "validitySchedules": [],
- "policyLabels": [],
- "zoneName": "",
- "isDenyAllElse": false,
- "id": 67,
- "guid": "370d3e54-0428-4fcb-b0b5-ad1f5dfdd7db",
- "isEnabled": true,
- "version": 1
- },
- {
- "service": "cl1_trino",
- "name": "test-mask",
- "policyType": 1,
- "policyPriority": 0,
- "description": "",
- "isAuditEnabled": true,
- "resources": {
- "schema": {
- "values": [
- "schema"
- ],
- "isExcludes": false,
- "isRecursive": false
- },
- "catalog": {
- "values": [
- "alice-catalog"
- ],
- "isExcludes": false,
- "isRecursive": false
- },
- "column": {
- "values": [
- "only_first_4"
- ],
- "isExcludes": false,
- "isRecursive": false
- },
- "table": {
- "values": [
- "table"
- ],
- "isExcludes": false,
- "isRecursive": false
- }
- },
- "policyItems": [],
- "denyPolicyItems": [],
- "allowExceptions": [],
- "denyExceptions": [],
- "dataMaskPolicyItems": [
- {
- "dataMaskInfo": {
- "dataMaskType": "MASK_SHOW_FIRST_4"
- },
- "accesses": [
- {
- "type": "select",
- "isAllowed": true
- }
- ],
- "users": [
- "{USER}"
- ],
- "groups": [],
- "roles": [],
- "conditions": [],
- "delegateAdmin": false
- }
- ],
- "rowFilterPolicyItems": [],
- "serviceType": "trino",
- "options": {},
- "validitySchedules": [],
- "policyLabels": [],
- "zoneName": "",
- "isDenyAllElse": false,
- "id": 68,
- "guid": "6ec12d33-4d5d-46f0-9a05-b31d78281b02",
- "isEnabled": true,
- "version": 1
- },
- {
- "service": "cl1_trino",
- "name": "test-mask-cast",
- "policyType": 1,
- "policyPriority": 0,
- "description": "",
- "isAuditEnabled": true,
- "resources": {
- "schema": {
- "values": [
- "schema"
- ],
- "isExcludes": false,
- "isRecursive": false
- },
- "catalog": {
- "values": [
- "alice-catalog"
- ],
- "isExcludes": false,
- "isRecursive": false
- },
- "column": {
- "values": [
- "cast_me"
- ],
- "isExcludes": false,
- "isRecursive": false
- },
- "table": {
- "values": [
- "table"
- ],
- "isExcludes": false,
- "isRecursive": false
- }
- },
- "policyItems": [],
- "denyPolicyItems": [],
- "allowExceptions": [],
- "denyExceptions": [],
- "dataMaskPolicyItems": [
- {
- "dataMaskInfo": {
- "dataMaskType": "CUSTOM",
- "valueExpr": "cast {col} as {type}"
- },
- "accesses": [
- {
- "type": "select",
- "isAllowed": true
- }
- ],
- "users": [
- "{USER}"
- ],
- "groups": [],
- "roles": [],
- "conditions": [],
- "delegateAdmin": false
- }
- ],
- "rowFilterPolicyItems": [],
- "serviceType": "trino",
- "options": {},
- "validitySchedules": [],
- "policyLabels": [],
- "zoneName": "",
- "isDenyAllElse": false,
- "id": 69,
- "guid": "50e855fb-8dc2-42cd-99d3-16e8df8de774",
- "isEnabled": true,
- "version": 1
- }
- ],
- "startIndex": 0,
- "pageSize": 0,
- "totalCount": 0,
- "resultSize": 0,
- "queryTimeMS": 1585212824007,
- "serviceDef": {
- "id": 17,
- "name": "trino",
- "displayName": "trino",
- "implClass": "org.apache.ranger.services.trino.RangerServiceTrino",
- "label": "Trino",
- "description": "Trino",
- "guid": "379a9fe5-1b6e-4091-a584-4890e245e6c1",
- "resources": [
- {
- "itemId": 1,
- "name": "catalog",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino Catalog",
- "description": "Trino Catalog"
- },
- {
- "itemId": 2,
- "name": "schema",
- "type": "string",
- "level": 20,
- "parent": "catalog",
- "mandatory": true,
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino Schema",
- "description": "Trino Schema"
- },
- {
- "itemId": 3,
- "name": "table",
- "type": "string",
- "level": 30,
- "parent": "schema",
- "mandatory": true,
- "isValidLeaf": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino Table",
- "description": "Trino Table"
- },
- {
- "itemId": 4,
- "name": "column",
- "type": "string",
- "level": 40,
- "parent": "table",
- "mandatory": true,
- "lookupSupported": true,
- "recursiveSupported": false,
- "excludesSupported": true,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino Column",
- "description": "Trino Column"
- },
- {
- "itemId": 5,
- "name": "trinouser",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino User",
- "description": "Trino User",
- "accessTypeRestrictions": ["impersonate"]
- },
- {
- "itemId": 6,
- "name": "systemproperty",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "System Property",
- "description": "Trino System Property",
- "accessTypeRestrictions": ["alter"]
- },
- {
- "itemId": 7,
- "name": "sessionproperty",
- "type": "string",
- "level": 20,
- "parent": "catalog",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Catalog Session Property",
- "description": "Trino Catalog Session Property",
- "accessTypeRestrictions": ["alter"]
- },
- {
- "itemId": 8,
- "name": "function",
- "type": "string",
- "level": 10,
- "parent": "",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Trino Function",
- "description": "Trino Function",
- "accessTypeRestrictions": ["execute", "grant"]
- },
- {
- "itemId": 9,
- "name": "procedure",
- "type": "string",
- "level": 30,
- "parent": "schema",
- "mandatory": true,
- "lookupSupported": false,
- "recursiveSupported": false,
- "excludesSupported": false,
- "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
- "matcherOptions": {
- "wildCard": true,
- "ignoreCase": true
- },
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Schema Procedure",
- "description": "Schema Procedure",
- "accessTypeRestrictions": ["execute", "grant"]
- }
- ],
- "accessTypes": [
- {
- "itemId": 1,
- "name": "select",
- "label": "Select"
- },
- {
- "itemId": 2,
- "name": "insert",
- "label": "Insert"
- },
- {
- "itemId": 3,
- "name": "create",
- "label": "Create"
- },
- {
- "itemId": 4,
- "name": "drop",
- "label": "Drop"
- },
- {
- "itemId": 5,
- "name": "delete",
- "label": "Delete"
- },
- {
- "itemId": 6,
- "name": "use",
- "label": "Use"
- },
- {
- "itemId": 7,
- "name": "alter",
- "label": "Alter"
- },
- {
- "itemId": 8,
- "name": "grant",
- "label": "Grant"
- },
- {
- "itemId": 9,
- "name": "revoke",
- "label": "Revoke"
- },
- {
- "itemId": 10,
- "name": "show",
- "label": "Show"
- },
- {
- "itemId": 11,
- "name": "impersonate",
- "label": "Impersonate"
- },
- {
- "itemId": 12,
- "name": "execute",
- "label": "execute"
- },
- {
- "itemId": 13,
- "name": "all",
- "label": "All",
- "impliedGrants": [
- "select",
- "insert",
- "create",
- "delete",
- "drop",
- "use",
- "alter",
- "grant",
- "revoke",
- "show",
- "impersonate",
- "execute"
- ]
- }
- ],
- "configs": [
- {
- "itemId": 1,
- "name": "username",
- "type": "string",
- "mandatory": true,
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Username"
- },
- {
- "itemId": 2,
- "name": "password",
- "type": "password",
- "mandatory": false,
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "label": "Password"
- },
- {
- "itemId": 3,
- "name": "jdbc.driverClassName",
- "type": "string",
- "mandatory": true,
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": "",
- "defaultValue": "io.trino.jdbc.TrinoDriver"
- },
- {
- "itemId": 4,
- "name": "jdbc.url",
- "type": "string",
- "mandatory": true,
- "defaultValue": "",
- "validationRegEx": "",
- "validationMessage": "",
- "uiHint": ""
- }
- ],
- "enums": [
- ],
- "contextEnrichers": [
- ],
- "policyConditions":
- [
- ],
- "dataMaskDef": {
- "accessTypes": [
- {
- "name": "select"
- }
- ],
- "resources": [
- {
- "name": "catalog",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- },
- {
- "name": "schema",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- },
- {
- "name": "table",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- },
- {
- "name": "column",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "uiHint":"{ \"singleValue\":true }"
- }
- ],
- "maskTypes": [
- {
- "itemId": 1,
- "name": "MASK",
- "label": "Redact",
- "description": "Replace lowercase with 'x', uppercase with 'X', digits with '0'",
- "transformer": "cast(regexp_replace(regexp_replace(regexp_replace({col},'([A-Z])', 'X'),'([a-z])','x'),'([0-9])','0') as {type})",
- "dataMaskOptions": {
- }
- },
- {
- "itemId": 2,
- "name": "MASK_SHOW_LAST_4",
- "label": "Partial mask: show last 4",
- "description": "Show last 4 characters; replace rest with 'X'",
- "transformer": "cast(regexp_replace({col}, '(.*)(.{4}$)', x -> regexp_replace(x[1], '.', 'X') || x[2]) as {type})"
- },
- {
- "itemId": 3,
- "name": "MASK_SHOW_FIRST_4",
- "label": "Partial mask: show first 4",
- "description": "Show first 4 characters; replace rest with 'x'",
- "transformer": "cast(regexp_replace({col}, '(^.{4})(.*)', x -> x[1] || regexp_replace(x[2], '.', 'X')) as {type})"
- },
- {
- "itemId": 4,
- "name": "MASK_HASH",
- "label": "Hash",
- "description": "Hash the value of a varchar with sha256",
- "transformer": "cast(to_hex(sha256(to_utf8({col}))) as {type})"
- },
- {
- "itemId": 5,
- "name": "MASK_NULL",
- "label": "Nullify",
- "description": "Replace with NULL"
- },
- {
- "itemId": 6,
- "name": "MASK_NONE",
- "label": "Unmasked (retain original value)",
- "description": "No masking"
- },
- {
- "itemId": 12,
- "name": "MASK_DATE_SHOW_YEAR",
- "label": "Date: show only year",
- "description": "Date: show only year",
- "transformer": "date_trunc('year', {col})"
- },
- {
- "itemId": 13,
- "name": "CUSTOM",
- "label": "Custom",
- "description": "Custom"
- }
- ]
- },
- "rowFilterDef": {
- "accessTypes": [
- {
- "name": "select"
- }
- ],
- "resources": [
- {
- "name": "catalog",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "mandatory": true,
- "uiHint": "{ \"singleValue\":true }"
- },
- {
- "name": "schema",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "mandatory": true,
- "uiHint": "{ \"singleValue\":true }"
- },
- {
- "name": "table",
- "matcherOptions": {
- "wildCard": "true"
- },
- "lookupSupported": true,
- "mandatory": true,
- "uiHint": "{ \"singleValue\":true }"
- }
- ]
- }
- }
-}
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index cc62a6fa4..dfca1b455 100644
--- a/pom.xml
+++ b/pom.xml
@@ -177,7 +177,6 @@
<owasp-java-html-sanitizer.version>r239</owasp-java-html-sanitizer.version>
<paranamer.version>2.3</paranamer.version>
<presto.version>333</presto.version>
- <trino.version>377</trino.version>
<poi.version>5.2.2</poi.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<protobuf-java.version>3.19.3</protobuf-java.version>
@@ -216,14 +215,6 @@
<presto.validation-api.version>2.0.1.Final</presto.validation-api.version>
<presto.re2j.version>1.1</presto.re2j.version>
- <!-- trino plugin deps -->
- <trino.airlift.version>0.192</trino.airlift.version>
- <trino.bval-jsr.version>2.0.0</trino.bval-jsr.version>
- <trino.guice.version>4.2.2</trino.guice.version>
- <trino.guava.version>26.0-jre</trino.guava.version>
- <trino.validation-api.version>2.0.1.Final</trino.validation-api.version>
- <trino.re2j.version>1.1</trino.re2j.version>
-
<!-- Azure Key Vault dependencies -->
<com.microsoft.azure.version>1.22.0</com.microsoft.azure.version>
<com.microsoft.azure.azure-keyvault.version>1.2.1</com.microsoft.azure.azure-keyvault.version>
@@ -283,7 +274,6 @@
<module>plugin-nifi</module>
<module>plugin-nifi-registry</module>
<module>plugin-presto</module>
- <module>plugin-trino</module>
<module>plugin-kudu</module>
<module>ugsync-util</module>
<module>ugsync</module>
@@ -306,7 +296,6 @@
<module>ranger-atlas-plugin-shim</module>
<module>ranger-kms-plugin-shim</module>
<module>ranger-presto-plugin-shim</module>
- <module>ranger-trino-plugin-shim</module>
<module>ranger-examples</module>
<module>ranger-tools</module>
<module>plugin-atlas</module>
@@ -551,20 +540,6 @@
<module>ranger-presto-plugin-shim</module>
</modules>
</profile>
- <profile>
- <id>ranger-trino-plugin</id>
- <modules>
- <module>agents-audit</module>
- <module>agents-common</module>
- <module>agents-cred</module>
- <module>agents-installer</module>
- <module>credentialbuilder</module>
- <module>ranger-plugin-classloader</module>
- <module>ranger-util</module>
- <module>plugin-trino</module>
- <module>ranger-trino-plugin-shim</module>
- </modules>
- </profile>
<profile>
<id>linux</id>
<activation>
@@ -626,8 +601,6 @@
<module>ranger-kylin-plugin-shim</module>
<module>plugin-presto</module>
<module>ranger-presto-plugin-shim</module>
- <module>plugin-trino</module>
- <module>ranger-trino-plugin-shim</module>
<module>plugin-elasticsearch</module>
<module>ranger-elasticsearch-plugin-shim</module>
<!--
@@ -682,7 +655,6 @@
<module>plugin-nifi</module>
<module>plugin-nifi-registry</module>
<module>plugin-presto</module>
- <module>plugin-trino</module>
<module>ugsync-util</module>
<module>ugsync</module>
<module>ugsync/ldapconfigchecktool/ldapconfigcheck</module>
@@ -704,7 +676,6 @@
<module>ranger-atlas-plugin-shim</module>
<module>ranger-kms-plugin-shim</module>
<module>ranger-presto-plugin-shim</module>
- <module>ranger-trino-plugin-shim</module>
<module>ranger-examples</module>
<module>ranger-tools</module>
<module>plugin-atlas</module>
diff --git a/ranger-trino-plugin-shim/.gitignore b/ranger-trino-plugin-shim/.gitignore
deleted file mode 100644
index b83d22266..000000000
--- a/ranger-trino-plugin-shim/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/target/
diff --git a/ranger-trino-plugin-shim/pom.xml b/ranger-trino-plugin-shim/pom.xml
deleted file mode 100644
index 1689ff5a2..000000000
--- a/ranger-trino-plugin-shim/pom.xml
+++ /dev/null
@@ -1,198 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <artifactId>ranger-trino-plugin-shim</artifactId>
- <name>Trino Security Plugin Shim</name>
- <description>Trino Security Plugin Shim</description>
- <packaging>jar</packaging>
- <properties>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- </properties>
- <parent>
- <groupId>org.apache.ranger</groupId>
- <artifactId>ranger</artifactId>
- <version>2.3.0-SNAPSHOT</version>
- <relativePath>..</relativePath>
- </parent>
- <dependencies>
- <dependency>
- <groupId>org.apache.ranger</groupId>
- <artifactId>ranger-plugins-common</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>io.trino</groupId>
- <artifactId>trino-spi</artifactId>
- <version>${trino.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.ranger</groupId>
- <artifactId>ranger-plugin-classloader</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>io.airlift</groupId>
- <artifactId>bootstrap</artifactId>
- <version>${trino.airlift.version}</version>
- </dependency>
-
- <dependency>
- <groupId>io.airlift</groupId>
- <artifactId>log</artifactId>
- <version>${trino.airlift.version}</version>
- </dependency>
-
- <dependency>
- <groupId>io.airlift</groupId>
- <artifactId>configuration</artifactId>
- <version>${trino.airlift.version}</version>
- </dependency>
-
- <!-- for the assembly -->
- <dependency>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- <version>${trino.guava.version}</version>
- </dependency>
-
- <dependency>
- <groupId>com.google.inject</groupId>
- <artifactId>guice</artifactId>
- <version>${trino.guice.version}</version>
- </dependency>
-
- <dependency>
- <groupId>javax.validation</groupId>
- <artifactId>validation-api</artifactId>
- <version>${trino.validation-api.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.apache.bval</groupId>
- <artifactId>bval-jsr</artifactId>
- <version>${trino.bval-jsr.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.apache.hadoop</groupId>
- <artifactId>hadoop-hdfs</artifactId>
- <version>${hadoop.version}</version>
- <exclusions>
- <exclusion>
- <groupId>io.netty</groupId>
- <artifactId>netty-all</artifactId>
- </exclusion>
- <exclusion>
- <groupId>io.netty</groupId>
- <artifactId>netty</artifactId>
- </exclusion>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>*</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>*</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
-
- <dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpcore</artifactId>
- <version>${httpcomponents.httpcore.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.apache.zookeeper</groupId>
- <artifactId>zookeeper</artifactId>
- <version>${zookeeper.version}</version>
- <exclusions>
- <exclusion>
- <groupId>io.netty</groupId>
- <artifactId>netty</artifactId>
- </exclusion>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>*</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>*</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
-
- <dependency>
- <groupId>net.java.dev.jna</groupId>
- <artifactId>jna</artifactId>
- <version>${jna.version}</version>
- </dependency>
-
- <dependency>
- <groupId>net.java.dev.jna</groupId>
- <artifactId>jna-platform</artifactId>
- <version>${jna-platform.version}</version>
- </dependency>
-
- <dependency>
- <groupId>commons-codec</groupId>
- <artifactId>commons-codec</artifactId>
- <version>${commons.codec.version}</version>
- </dependency>
-
- <dependency>
- <groupId>com.kstruct</groupId>
- <artifactId>gethostname4j</artifactId>
- <version>${kstruct.gethostname4j.version}</version>
- </dependency>
-
- <dependency>
- <groupId>com.google.protobuf</groupId>
- <artifactId>protobuf-java</artifactId>
- <version>${protobuf-java.version}</version>
- </dependency>
-
- <dependency>
- <groupId>javax.annotation</groupId>
- <artifactId>javax.annotation-api</artifactId>
- <version>${javax.annotation-api}</version>
- </dependency>
-
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>log4j-over-slf4j</artifactId>
- <version>${slf4j.version}</version>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-simple</artifactId>
- <version>${slf4j.version}</version>
- </dependency>
-
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-core</artifactId>
- <version>${fasterxml.jackson.version}</version>
- </dependency>
-
- </dependencies>
-</project>
diff --git a/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerConfig.java b/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerConfig.java
deleted file mode 100644
index 8fc6d5c1b..000000000
--- a/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerConfig.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.ranger.authorization.trino.authorizer;
-
-import io.airlift.configuration.Config;
-import io.airlift.configuration.ConfigDescription;
-
-public class RangerConfig {
- private String keytab;
- private String principal;
- private boolean useUgi = false;
- private String hadoopConfigPath;
-
- public String getKeytab() { return keytab; }
-
- @Config("ranger.keytab")
- @ConfigDescription("Keytab for authentication against Ranger")
- @SuppressWarnings("unused")
- public RangerConfig setKeytab(String keytab) {
- this.keytab = keytab;
- return this;
- }
-
- public String getPrincipal() { return principal; }
-
- @Config("ranger.principal")
- @ConfigDescription("Principal for authentication against Ranger with keytab")
- @SuppressWarnings("unused")
- public RangerConfig setPrincipal(String principal) {
- this.principal = principal;
- return this;
- }
-
- public boolean isUseUgi() { return useUgi; }
-
- @Config("ranger.use_ugi")
- @ConfigDescription("Use Hadoop User Group Information instead of Trino groups")
- @SuppressWarnings("unused")
- public RangerConfig setUseUgi(boolean useUgi) {
- this.useUgi = useUgi;
- return this;
- }
-
- @Config("ranger.hadoop_config")
- @ConfigDescription("Path to hadoop configuration. Defaults to trino-ranger-site.xml in classpath")
- @SuppressWarnings("unused")
- public RangerConfig setHadoopConfigPath(String hadoopConfigPath) {
- this.hadoopConfigPath = hadoopConfigPath;
- return this;
- }
-
- public String getHadoopConfigPath() { return hadoopConfigPath; }
-}
diff --git a/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java b/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
deleted file mode 100644
index c6b234dc2..000000000
--- a/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
+++ /dev/null
@@ -1,625 +0,0 @@
-/*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.ranger.authorization.trino.authorizer;
-
-import io.trino.spi.connector.CatalogSchemaName;
-import io.trino.spi.connector.CatalogSchemaRoutineName;
-import io.trino.spi.connector.CatalogSchemaTableName;
-import io.trino.spi.connector.SchemaTableName;
-import io.trino.spi.security.TrinoPrincipal;
-import io.trino.spi.security.Privilege;
-import io.trino.spi.security.SystemAccessControl;
-import io.trino.spi.security.SystemSecurityContext;
-import io.trino.spi.security.ViewExpression;
-import io.trino.spi.type.Type;
-import org.apache.ranger.plugin.classloader.RangerPluginClassLoader;
-
-import javax.inject.Inject;
-import java.security.Principal;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Optional;
-import java.util.Set;
-
-public class RangerSystemAccessControl
- implements SystemAccessControl {
- private static final String RANGER_PLUGIN_TYPE = "trino";
- private static final String RANGER_TRINO_AUTHORIZER_IMPL_CLASSNAME = "org.apache.ranger.authorization.trino.authorizer.RangerSystemAccessControl";
-
- final private RangerPluginClassLoader rangerPluginClassLoader;
- final private SystemAccessControl systemAccessControlImpl;
-
- @Inject
- public RangerSystemAccessControl(RangerConfig config) {
- try {
- rangerPluginClassLoader = RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, this.getClass());
-
- @SuppressWarnings("unchecked")
- Class<SystemAccessControl> cls = (Class<SystemAccessControl>) Class.forName(RANGER_TRINO_AUTHORIZER_IMPL_CLASSNAME, true, rangerPluginClassLoader);
-
- activatePluginClassLoader();
-
- Map<String, String> configMap = new HashMap<>();
- if (config.getKeytab() != null && config.getPrincipal() != null) {
- configMap.put("ranger.keytab", config.getKeytab());
- configMap.put("ranger.principal", config.getPrincipal());
- }
-
- configMap.put("ranger.use_ugi", Boolean.toString(config.isUseUgi()));
-
- if (config.getHadoopConfigPath() != null) {
- configMap.put("ranger.hadoop_config", config.getHadoopConfigPath());
- }
-
- systemAccessControlImpl = cls.getDeclaredConstructor(Map.class).newInstance(configMap);
- } catch (Exception e) {
- throw new RuntimeException(e);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanSetSystemSessionProperty(SystemSecurityContext context, String propertyName) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanSetSystemSessionProperty(context, propertyName);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanAccessCatalog(SystemSecurityContext context, String catalogName) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanAccessCatalog(context, catalogName);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public Set<String> filterCatalogs(SystemSecurityContext context, Set<String> catalogs) {
- Set<String> filteredCatalogs;
- try {
- activatePluginClassLoader();
- filteredCatalogs = systemAccessControlImpl.filterCatalogs(context, catalogs);
- } finally {
- deactivatePluginClassLoader();
- }
- return filteredCatalogs;
- }
-
- @Override
- public void checkCanCreateSchema(SystemSecurityContext context, CatalogSchemaName schema) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanCreateSchema(context, schema);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanDropSchema(SystemSecurityContext context, CatalogSchemaName schema) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanDropSchema(context, schema);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanRenameSchema(SystemSecurityContext context, CatalogSchemaName schema, String newSchemaName) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanRenameSchema(context, schema, newSchemaName);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanShowSchemas(SystemSecurityContext context, String catalogName) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanShowSchemas(context, catalogName);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public Set<String> filterSchemas(SystemSecurityContext context, String catalogName, Set<String> schemaNames) {
- Set<String> filteredSchemas;
- try {
- activatePluginClassLoader();
- filteredSchemas = systemAccessControlImpl.filterSchemas(context, catalogName, schemaNames);
- } finally {
- deactivatePluginClassLoader();
- }
- return filteredSchemas;
- }
-
- @Override
- public void checkCanCreateTable(SystemSecurityContext context, CatalogSchemaTableName table, Map<String, Object> properties) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanCreateTable(context, table, properties);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanDropTable(SystemSecurityContext context, CatalogSchemaTableName table) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanDropTable(context, table);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanRenameTable(SystemSecurityContext context, CatalogSchemaTableName table, CatalogSchemaTableName newTable) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanRenameTable(context, table, newTable);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public Set<SchemaTableName> filterTables(SystemSecurityContext context, String catalogName, Set<SchemaTableName> tableNames) {
- Set<SchemaTableName> filteredTableNames;
- try {
- activatePluginClassLoader();
- filteredTableNames = systemAccessControlImpl.filterTables(context, catalogName, tableNames);
- } finally {
- deactivatePluginClassLoader();
- }
- return filteredTableNames;
- }
-
- @Override
- public void checkCanAddColumn(SystemSecurityContext context, CatalogSchemaTableName table) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanAddColumn(context, table);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanDropColumn(SystemSecurityContext context, CatalogSchemaTableName table) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanDropColumn(context, table);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanRenameColumn(SystemSecurityContext context, CatalogSchemaTableName table) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanRenameColumn(context, table);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanSelectFromColumns(SystemSecurityContext context, CatalogSchemaTableName table, Set<String> columns) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanSelectFromColumns(context, table, columns);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanInsertIntoTable(SystemSecurityContext context, CatalogSchemaTableName table) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanInsertIntoTable(context, table);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanDeleteFromTable(SystemSecurityContext context, CatalogSchemaTableName table) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanDeleteFromTable(context, table);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
-@Override
- public void checkCanTruncateTable(SystemSecurityContext context, CatalogSchemaTableName table)
- {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanTruncateTable(context, table);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanCreateView(SystemSecurityContext context, CatalogSchemaTableName view) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanCreateView(context, view);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanCreateMaterializedView(SystemSecurityContext context, CatalogSchemaTableName materializedView, Map<String, Object> properties) {
- try{
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanCreateMaterializedView(context,materializedView,properties);
- }
- finally {
- deactivatePluginClassLoader();
- }
-
- }
-
- @Override
- public void checkCanDropMaterializedView(SystemSecurityContext context, CatalogSchemaTableName materializedView) {
- try{
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanDropMaterializedView(context,materializedView);
- }
- finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanDropView(SystemSecurityContext context, CatalogSchemaTableName view) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanDropView(context, view);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanSetViewAuthorization(SystemSecurityContext context, CatalogSchemaTableName view, TrinoPrincipal principal)
- {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanSetViewAuthorization(context, view, principal);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanCreateViewWithSelectFromColumns(SystemSecurityContext context, CatalogSchemaTableName table, Set<String> columns) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanCreateViewWithSelectFromColumns(context, table, columns);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanSetCatalogSessionProperty(SystemSecurityContext context, String catalogName, String propertyName) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanSetCatalogSessionProperty(context, catalogName, propertyName);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanImpersonateUser(SystemSecurityContext context, String userName) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanImpersonateUser(context, userName);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanExecuteQuery(SystemSecurityContext context) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanExecuteQuery(context);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanViewQueryOwnedBy(SystemSecurityContext context, String queryOwner) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanViewQueryOwnedBy(context, queryOwner);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public Set<String> filterViewQueryOwnedBy(SystemSecurityContext context, Set<String> queryOwners) {
- Set<String> filteredQueryOwners;
- try {
- activatePluginClassLoader();
- filteredQueryOwners = systemAccessControlImpl.filterViewQueryOwnedBy(context, queryOwners);
- } finally {
- deactivatePluginClassLoader();
- }
- return filteredQueryOwners;
- }
-
- @Override
- public void checkCanKillQueryOwnedBy(SystemSecurityContext context, String queryOwner) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanKillQueryOwnedBy(context, queryOwner);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanShowCreateTable(SystemSecurityContext context, CatalogSchemaTableName table) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanShowCreateTable(context, table);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanSetTableComment(SystemSecurityContext context, CatalogSchemaTableName table) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanSetTableComment(context, table);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanSetColumnComment(SystemSecurityContext context, CatalogSchemaTableName table)
- {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanSetColumnComment(context, table);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanShowTables(SystemSecurityContext context, CatalogSchemaName schema) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanShowTables(context, schema);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanShowColumns(SystemSecurityContext context, CatalogSchemaTableName table) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanShowColumns(context, table);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public Set<String> filterColumns(SystemSecurityContext context, CatalogSchemaTableName table, Set<String> columns) {
- Set<String> filteredColumns;
- try {
- activatePluginClassLoader();
- filteredColumns = systemAccessControlImpl.filterColumns(context, table, columns);
- } finally {
- deactivatePluginClassLoader();
- }
- return filteredColumns;
- }
-
- @Override
- public void checkCanRenameView(SystemSecurityContext context, CatalogSchemaTableName view, CatalogSchemaTableName newView) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanRenameView(context, view, newView);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanGrantTablePrivilege(SystemSecurityContext context, Privilege privilege, CatalogSchemaTableName table, TrinoPrincipal grantee, boolean withGrantOption) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanGrantTablePrivilege(context, privilege, table, grantee, withGrantOption);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanRevokeTablePrivilege(SystemSecurityContext context, Privilege privilege, CatalogSchemaTableName table, TrinoPrincipal revokee, boolean grantOptionFor) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanRevokeTablePrivilege(context, privilege, table, revokee, grantOptionFor);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanShowRoles(SystemSecurityContext context) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanShowRoles(context);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanShowCurrentRoles(SystemSecurityContext context) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanShowCurrentRoles(context);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanShowRoleGrants(SystemSecurityContext context) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanShowRoleGrants(context);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public Optional<ViewExpression> getRowFilter(SystemSecurityContext context, CatalogSchemaTableName tableName) {
- Optional<ViewExpression> viewExpression;
- try {
- activatePluginClassLoader();
- viewExpression = systemAccessControlImpl.getRowFilter(context, tableName);
- } finally {
- deactivatePluginClassLoader();
- }
- return viewExpression;
- }
-
- @Override
- public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type) {
- Optional<ViewExpression> viewExpression;
- try {
- activatePluginClassLoader();
- viewExpression = systemAccessControlImpl.getColumnMask(context, tableName, columnName, type);
- } finally {
- deactivatePluginClassLoader();
- }
- return viewExpression;
- }
-
- @Override
- public void checkCanSetUser(Optional<Principal> principal, String userName) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanSetUser(principal, userName);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanGrantExecuteFunctionPrivilege(SystemSecurityContext context, String functionName, TrinoPrincipal grantee, boolean grantOption) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanGrantExecuteFunctionPrivilege(context, functionName, grantee, grantOption);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanSetSchemaAuthorization(SystemSecurityContext context, CatalogSchemaName schema, TrinoPrincipal principal) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanSetSchemaAuthorization(context, schema, principal);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanShowCreateSchema(SystemSecurityContext context, CatalogSchemaName schemaName) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanShowCreateSchema(context, schemaName);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanExecuteProcedure(SystemSecurityContext systemSecurityContext, CatalogSchemaRoutineName procedure) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanExecuteProcedure(systemSecurityContext, procedure);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanExecuteTableProcedure(SystemSecurityContext systemSecurityContext, CatalogSchemaTableName catalogSchemaTableName, String procedure)
- {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanExecuteTableProcedure(systemSecurityContext, catalogSchemaTableName, procedure);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- @Override
- public void checkCanExecuteFunction(SystemSecurityContext systemSecurityContext, String functionName) {
- try {
- activatePluginClassLoader();
- systemAccessControlImpl.checkCanExecuteFunction(systemSecurityContext, functionName);
- } finally {
- deactivatePluginClassLoader();
- }
- }
-
- private void activatePluginClassLoader() {
- if (rangerPluginClassLoader != null) {
- rangerPluginClassLoader.activate();
- }
- }
-
- private void deactivatePluginClassLoader() {
- if (rangerPluginClassLoader != null) {
- rangerPluginClassLoader.deactivate();
- }
- }
-}
diff --git a/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlFactory.java b/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlFactory.java
deleted file mode 100644
index 2d694ac17..000000000
--- a/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlFactory.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.ranger.authorization.trino.authorizer;
-
-import com.google.inject.Injector;
-import com.google.inject.Scopes;
-import io.airlift.bootstrap.Bootstrap;
-import io.trino.spi.security.SystemAccessControl;
-import io.trino.spi.security.SystemAccessControlFactory;
-
-import java.util.Map;
-
-import static com.google.common.base.Throwables.throwIfUnchecked;
-import static io.airlift.configuration.ConfigBinder.configBinder;
-import static java.util.Objects.requireNonNull;
-
-public class RangerSystemAccessControlFactory
- implements SystemAccessControlFactory {
- private static final String NAME = "ranger";
-
- @Override
- public String getName() {
- return NAME;
- }
-
- @Override
- public SystemAccessControl create(Map<String, String> config) {
- requireNonNull(config, "config is null");
-
- try {
- Bootstrap app = new Bootstrap(
- binder -> {
- configBinder(binder).bindConfig(RangerConfig.class);
- binder.bind(RangerSystemAccessControl.class).in(Scopes.SINGLETON);
- }
- );
-
- Injector injector = app
- .strictConfig()
- .doNotInitializeLogging()
- .setRequiredConfigurationProperties(config)
- .initialize();
-
- return injector.getInstance(RangerSystemAccessControl.class);
- } catch (Exception e) {
- throwIfUnchecked(e);
- throw new RuntimeException(e);
- }
- }
-}
diff --git a/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/TrinoRangerPlugin.java b/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/TrinoRangerPlugin.java
deleted file mode 100644
index aa6ce8620..000000000
--- a/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/TrinoRangerPlugin.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.ranger.authorization.trino.authorizer;
-
-import io.trino.spi.Plugin;
-import io.trino.spi.security.SystemAccessControlFactory;
-
-import java.util.ArrayList;
-
-public class TrinoRangerPlugin
- implements Plugin
-{
- @Override
- public Iterable<SystemAccessControlFactory> getSystemAccessControlFactories()
- {
- ArrayList<SystemAccessControlFactory> list = new ArrayList<>();
- SystemAccessControlFactory factory = new RangerSystemAccessControlFactory();
- list.add(factory);
- return list;
- }
-}
diff --git a/ranger-trino-plugin-shim/src/main/resources/META-INF/services/io.trino.spi.Plugin b/ranger-trino-plugin-shim/src/main/resources/META-INF/services/io.trino.spi.Plugin
deleted file mode 100644
index c5ebc146a..000000000
--- a/ranger-trino-plugin-shim/src/main/resources/META-INF/services/io.trino.spi.Plugin
+++ /dev/null
@@ -1,15 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-org.apache.ranger.authorization.trino.authorizer.TrinoRangerPlugin