Skip to content

Authorize table parameters in CTAS and remove deprecated check methods#10939

Merged
findepi merged 3 commits intotrinodb:masterfrom
findepi:findepi/check-create-with-properties
Feb 5, 2022
Merged

Authorize table parameters in CTAS and remove deprecated check methods#10939
findepi merged 3 commits intotrinodb:masterfrom
findepi:findepi/check-create-with-properties

Conversation

@findepi
Copy link
Member

@findepi findepi commented Feb 3, 2022
edited
Loading

Access controls interfaces allow implementor to inspect new table's
properties. This is done for CREATE TABLE, but was not done for CREATE TABLE AS.
Instead, a deprecated access control method was called.

Follows #9401

@findepi
Remove redundant String.toString call
b59d34e
@findepi
Authorize table parameters in CTAS
db9bcff 
Access controls interfaces allow implementor to inspect new table's
properties. This is done for CREATE TABLE`, but was not done for `CREATE
TABLE AS`. Instead, a deprecated access control method was called.
@findepi
Remove create access checks without properties
d0399ad 
Remove `ConnectorAccessControl` and `SystemAccessControl`'s
`checkCanCreateTable` and `checkCanCreateMaterializedView` checks that
do not take properties that were deprecated some time ago. Remove
associated fallback configuration toggle.

Among other things, this forces plugin implementors to implement the
correct method. This is important, because the old method did not
delegate to the new, nor vice versa.
@cla-bot cla-bot bot added the cla-signed label Feb 3, 2022
dain
dain requested changes Feb 3, 2022
View reviewed changes
Copy link
Member

@dain dain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great find!

I suggest we leave the deprecated methods in connector and system access control, and have the new methods pass through to them. This way we don't break someone who did not realize we changed the signature.

core/trino-spi/src/main/java/io/trino/spi/connector/ConnectorAccessControl.java
* @deprecated use {@link #checkCanCreateTable(ConnectorSecurityContext context, SchemaTableName tableName, Map properties)} instead
*/
@Deprecated
default void checkCanCreateTable(ConnectorSecurityContext context, SchemaTableName tableName)
Copy link
Member

@dain dain Feb 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest we leave the deprecated methods in connector and system access control, and have the new methods pass through to them. This way we don't break someone who did not realize we changed the signature.

Copy link
Member Author

@findepi findepi Feb 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree this is how this should be implemented in the first place, in 364 when the new methods were added.
But now, it's not worthwhile to fix it, and we want to remove the deprecated methods at some point in time anyway. IMO the time is now.

Copy link
Member

@dain dain Feb 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow, didn't realize it was that long ago. I guess we have what we have

@findepi findepi requested a review from dain February 4, 2022 08:43
dain
dain approved these changes Feb 4, 2022
View reviewed changes
core/trino-spi/src/main/java/io/trino/spi/connector/ConnectorAccessControl.java
* @deprecated use {@link #checkCanCreateTable(ConnectorSecurityContext context, SchemaTableName tableName, Map properties)} instead
*/
@Deprecated
default void checkCanCreateTable(ConnectorSecurityContext context, SchemaTableName tableName)
Copy link
Member

@dain dain Feb 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow, didn't realize it was that long ago. I guess we have what we have

@findepi findepi merged commit 72ca4dc into trinodb:master Feb 5, 2022
@findepi findepi deleted the findepi/check-create-with-properties branch February 5, 2022 17:58
@findepi findepi mentioned this pull request Feb 5, 2022
Closed
@github-actions github-actions bot added this to the 371 milestone Feb 5, 2022
@mosabua mosabua mentioned this pull request Feb 7, 2022
Merged
@maltesander maltesander mentioned this pull request Apr 12, 2022
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dain dain dain approved these changes

@electrum electrum Awaiting requested review from electrum

@losipiuk losipiuk Awaiting requested review from losipiuk

@sopel39 sopel39 Awaiting requested review from sopel39

@ebyhr ebyhr Awaiting requested review from ebyhr

@kokosing kokosing Awaiting requested review from kokosing

Assignees

No one assigned

Labels

cla-signed

Milestone

371

Development

Successfully merging this pull request may close these issues.

2 participants

@findepi @dain