Add check query integrity unit testing

[kevintang2022]

Description

Motivation and Context

Impact

Test Plan

Contributor checklist

• Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
• PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
• Documented new properties (with its default value), SQL syntax, functions, or other functionality.
• If release notes are required, they follow the release notes guidelines.
• Adequate tests were added if applicable.
• CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

General Changes
* ... 
* ... 

Hive Connector Changes
* ... 
* ... 

If release note is NOT required, use:

== NO RELEASE NOTE ==

[sourcery-ai]

Reviewer's Guide

This PR adds support for denying query integrity checks via a new SystemAccessControl implementation and integrates it into the testing infrastructure, updating the TestingPrestoServer, DistributedQueryRunner, and AccessControlManager to configure and load custom access control settings, and includes a new unit test to verify query integrity enforcement.

Class diagram for new and updated access control classes

classDiagram
    class AccessControlManager {
        +addSystemAccessControlFactory(SystemAccessControlFactory)
        +loadSystemAccessControl()
    }
    class SystemAccessControlFactory {
        <<interface>>
        +getName()
        +create(config)
    }
    class SystemAccessControl {
        <<interface>>
        +checkQueryIntegrity(...)
        +checkCanSetUser(...)
        +checkCanSetSystemSessionProperty(...)
        +checkCanAccessCatalog(...)
        +filterCatalogs(...)
        +filterSchemas(...)
        +checkCanCreateTable(...)
        +checkCanShowCreateTable(...)
    }
    class DenyQueryIntegrityCheckSystemAccessControl {
        +NAME
        +Factory
        +checkQueryIntegrity(...)
        +checkCanSetUser(...)
        +checkCanSetSystemSessionProperty(...)
        +checkCanAccessCatalog(...)
        +filterCatalogs(...)
        +filterSchemas(...)
        +checkCanCreateTable(...)
        +checkCanShowCreateTable(...)
    }
    class TestingAccessControlManager {
        +TestingAccessControlManager(TransactionManager, boolean)
    }
    AccessControlManager --> SystemAccessControlFactory
    DenyQueryIntegrityCheckSystemAccessControl ..|> SystemAccessControl
    DenyQueryIntegrityCheckSystemAccessControl : Factory
    DenyQueryIntegrityCheckSystemAccessControl.Factory ..|> SystemAccessControlFactory
    TestingAccessControlManager ..|> AccessControlManager

Loading

Class diagram for TestingPrestoServer and TestingPrestoServerModule changes

classDiagram
    class TestingPrestoServer {
        +TestingPrestoServer(..., boolean loadDefaultSystemAccessControl, ...)
    }
    class TestingPrestoServerModule {
        +TestingPrestoServerModule(boolean)
        +configure(Binder)
        +createAccessControlManager(TransactionManager)
    }
    TestingPrestoServer --> TestingPrestoServerModule

Loading

Class diagram for new TestingPrestoServerModule bindings

classDiagram
    class TestingPrestoServerModule {
        +configure(Binder)
        +createAccessControlManager(TransactionManager)
    }
    class PrestoAuthenticatorManager
    class TestingEventListenerManager
    class TestingTempStorageManager
    class EventListenerManager
    class EventListenerConfig
    class TempStorageManager
    class AccessControl
    class AccessControlManager
    class GracefulShutdownHandler
    class ProcedureTester
    TestingPrestoServerModule --> PrestoAuthenticatorManager
    TestingPrestoServerModule --> TestingEventListenerManager
    TestingPrestoServerModule --> TestingTempStorageManager
    TestingPrestoServerModule --> EventListenerManager
    TestingPrestoServerModule --> EventListenerConfig
    TestingPrestoServerModule --> TempStorageManager
    TestingPrestoServerModule --> AccessControl
    TestingPrestoServerModule --> AccessControlManager
    TestingPrestoServerModule --> GracefulShutdownHandler
    TestingPrestoServerModule --> ProcedureTester

Loading

File-Level Changes

Change	Details	Files
New DenyQueryIntegrityCheckSystemAccessControl implementation and factory	Added DenyQueryIntegrityCheckSystemAccessControl class implementing SystemAccessControl Provided accompanying Factory and registered it in AccessControlManager checkQueryIntegrity now always throws on this controller	presto-main-base/src/main/java/com/facebook/presto/security/DenyQueryIntegrityCheckSystemAccessControl.java presto-main-base/src/main/java/com/facebook/presto/security/AccessControlManager.java
Conditional default access control support in TestingPrestoServer	Extended TestingPrestoServer constructors to accept loadDefaultSystemAccessControl flag Replaced inline bindings with TestingPrestoServerModule(loadDefaultSystemAccessControl) Updated TestingAccessControlManager to honor the flag when setting default control	presto-main/src/main/java/com/facebook/presto/server/testing/TestingPrestoServer.java presto-main-base/src/main/java/com/facebook/presto/testing/TestingAccessControlManager.java presto-main-base/src/main/java/com/facebook/presto/testing/TestingPrestoServerModule.java
Enhanced DistributedQueryRunner to configure custom access control	Added accessControlProperties field and builder method setAccessControlProperties Propagated loadDefaultSystemAccessControl flag when creating TestingPrestoServer instances Introduced loadSystemAccessControl() to apply properties at runtime	presto-tests/src/main/java/com/facebook/presto/tests/DistributedQueryRunner.java
Robust loading of access control properties	Wrapped loadProperties call in try/catch to throw RuntimeException on I/O error Ensured property name exists before proceeding	presto-main-base/src/main/java/com/facebook/presto/security/AccessControlManager.java
Unit test for query integrity enforcement	Added TestCheckAccessPermissionsForQueryTypes to verify various query types are denied or allowed appropriately Configured DistributedQueryRunner to use the deny-query-integrity access control	presto-tests/src/test/java/com/facebook/presto/tests/TestCheckAccessPermissionsForQueryTypes.java

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.