[trino] Update spi to v426

Incorporates following changes

trinodb/trino#18911

Remove deprecated filterViewQueryOwnedBy overload
trinodb/trino@dc00946

Remove deprecated getColumnMasks variant
trinodb/trino@221a595

Signed-off-by: Utkarsh Saxena <[email protected]>

Author: utk-spartan

plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java

@@ -50,8 +50,8 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.Collection;
 import java.util.Date;
-import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -235,16 +235,6 @@ public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, Cat
     return Optional.ofNullable(viewExpression);
   }
 
-  @Deprecated
-  @Override
-  public List<ViewExpression> getColumnMasks(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type)
-  {
-    // TODO{utk}: remove, marked as deprecated, Trino no longer supports multiple masks as of v406
-    return getColumnMask(context, tableName, columnName, type)
-            .map(Collections::singletonList)
-            .orElse(Collections.emptyList());
-  }
-
   @Override
   public void checkCanCreateCatalog(SystemSecurityContext context, String catalog)
   {
@@ -688,7 +678,7 @@ public void checkCanViewQueryOwnedBy(SystemSecurityContext context, Identity que
    * This is a NOOP, no filtering is applied
    */
   @Override
-  public Set<String> filterViewQueryOwnedBy(SystemSecurityContext context, Set<String> queryOwners) {
+  public Collection<Identity> filterViewQueryOwnedBy(SystemSecurityContext context, Collection<Identity> queryOwners) {
     return queryOwners;
   }
 

plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java

@@ -28,6 +28,7 @@
 import io.trino.spi.security.TrinoPrincipal;
 import io.trino.spi.security.SystemSecurityContext;
 
+import static com.google.common.collect.ImmutableSet.toImmutableSet;
 import static io.trino.spi.security.PrincipalType.USER;
 import static io.trino.spi.security.Privilege.SELECT;
 import static org.junit.Assert.*;
@@ -171,20 +172,25 @@ public void testViewOperations()
   @SuppressWarnings("PMD")
   public void testMisc()
   {
-    assertEquals(accessControlManager.filterViewQueryOwnedBy(context(alice), queryOwners), queryOwners);
+    assertEquals(
+            accessControlManager.filterViewQueryOwnedBy(
+                    context(alice),
+                    queryOwners.stream().map(Identity::ofUser).collect(toImmutableSet())),
+            queryOwners.stream().map(Identity::ofUser).collect(toImmutableSet())
+    );
 
     // check {type} / {col} replacement
     final VarcharType varcharType = VarcharType.createVarcharType(20);
 
-    List<ViewExpression> ret = accessControlManager.getColumnMasks(context(alice), aliceTable, "cast_me", varcharType);
-    assertFalse(ret.isEmpty());
-    assertEquals(ret.get(0).getExpression(), "cast cast_me as varchar(20)");
+    Optional<ViewExpression> ret = accessControlManager.getColumnMask(context(alice), aliceTable, "cast_me", varcharType);
+    assertTrue(ret.isPresent());
+    assertEquals(ret.get().getExpression(), "cast cast_me as varchar(20)");
 
-    ret = accessControlManager.getColumnMasks(context(alice), aliceTable,"do-not-cast-me", varcharType);
-    assertTrue(ret.isEmpty());
+    ret = accessControlManager.getColumnMask(context(alice), aliceTable,"do-not-cast-me", varcharType);
+    assertFalse(ret.isPresent());
 
-    ret = accessControlManager.getRowFilters(context(alice), aliceTable);
-    assertTrue(ret.isEmpty());
+    List<ViewExpression> ret2 = accessControlManager.getRowFilters(context(alice), aliceTable);
+    assertTrue(ret2.isEmpty());
 
     accessControlManager.checkCanExecuteFunction(context(alice), functionName);
     accessControlManager.checkCanGrantExecuteFunctionPrivilege(context(alice), functionName, new TrinoPrincipal(USER, "grantee"), true);

pom.xml

@@ -169,7 +169,7 @@
         <noggit.version>0.8</noggit.version>
         <owasp-java-html-sanitizer.version>r239</owasp-java-html-sanitizer.version>
         <paranamer.version>2.3</paranamer.version>
-        <trino.version>425</trino.version>
+        <trino.version>426</trino.version>
         <poi.version>4.1.2</poi.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <protobuf-java.version>2.5.0</protobuf-java.version>

ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java

@@ -405,8 +405,8 @@ public void checkCanViewQueryOwnedBy(SystemSecurityContext context, Identity que
   }
 
   @Override
-  public Set<String> filterViewQueryOwnedBy(SystemSecurityContext context, Set<String> queryOwners) {
-    Set<String> filteredQueryOwners;
+  public Collection<Identity> filterViewQueryOwnedBy(SystemSecurityContext context, Collection<Identity> queryOwners) {
+    Collection<Identity> filteredQueryOwners;
     try {
       activatePluginClassLoader();
       filteredQueryOwners = systemAccessControlImpl.filterViewQueryOwnedBy(context, queryOwners);
@@ -553,20 +553,6 @@ public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, Cat
     return viewExpression;
   }
 
-
-  @Deprecated
-  @Override
-  public List<ViewExpression> getColumnMasks(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type) {
-    List<ViewExpression> viewExpression;
-    try {
-      activatePluginClassLoader();
-      viewExpression = systemAccessControlImpl.getColumnMasks(context, tableName, columnName, type);
-    } finally {
-      deactivatePluginClassLoader();
-    }
-    return viewExpression;
-  }
-
   @Override
   public void checkCanSetUser(Optional<Principal> principal, String userName) {
     try {