Use UserNameProvider for ThriftMetastore

lib/trino-hdfs/src/main/java/io/trino/hdfs/authentication/AuthenticationModules.java

@@ -21,13 +21,15 @@
 import io.trino.hdfs.HdfsConfigurationInitializer;
 import io.trino.plugin.base.authentication.KerberosAuthentication;
 import io.trino.plugin.base.authentication.KerberosConfiguration;
+import io.trino.plugin.base.security.UserNameProvider;
 
 import javax.inject.Inject;
 
 import static com.google.inject.Scopes.SINGLETON;
 import static com.google.inject.multibindings.OptionalBinder.newOptionalBinder;
 import static io.airlift.configuration.ConfigBinder.configBinder;
 import static io.trino.hdfs.authentication.KerberosHadoopAuthentication.createKerberosHadoopAuthentication;
+import static io.trino.plugin.base.security.UserNameProvider.SIMPLE_USER_NAME_PROVIDER;
 
 public final class AuthenticationModules
 {
@@ -45,7 +47,7 @@ public static Module simpleImpersonatingHdfsAuthenticationModule()
     {
         return binder -> {
             binder.bind(HadoopAuthentication.class).annotatedWith(ForHdfs.class).to(SimpleHadoopAuthentication.class);
-            newOptionalBinder(binder, Key.get(UserNameProvider.class, ForHdfs.class)).setDefault().to(SimpleUserNameProvider.class).in(SINGLETON);
+            newOptionalBinder(binder, Key.get(UserNameProvider.class, ForHdfs.class)).setDefault().toInstance(SIMPLE_USER_NAME_PROVIDER);
             binder.bind(HdfsAuthentication.class).to(ImpersonatingHdfsAuthentication.class).in(SINGLETON);
         };
     }
@@ -88,8 +90,7 @@ public void configure(Binder binder)
             {
                 newOptionalBinder(binder, Key.get(UserNameProvider.class, ForHdfs.class))
                         .setDefault()
-                        .to(SimpleUserNameProvider.class)
-                        .in(SINGLETON);
+                        .toInstance(SIMPLE_USER_NAME_PROVIDER);
                 binder.bind(HdfsAuthentication.class)
                         .to(ImpersonatingHdfsAuthentication.class)
                         .in(SINGLETON);

lib/trino-hdfs/src/main/java/io/trino/hdfs/authentication/ImpersonatingHdfsAuthentication.java

@@ -13,6 +13,7 @@
  */
 package io.trino.hdfs.authentication;
 
+import io.trino.plugin.base.security.UserNameProvider;
 import io.trino.spi.security.ConnectorIdentity;
 import org.apache.hadoop.security.UserGroupInformation;
 

lib/trino-hdfs/src/test/java/io/trino/hdfs/TestFileSystemCache.java

@@ -17,7 +17,6 @@
 import io.airlift.concurrent.MoreFutures;
 import io.trino.hdfs.authentication.ImpersonatingHdfsAuthentication;
 import io.trino.hdfs.authentication.SimpleHadoopAuthentication;
-import io.trino.hdfs.authentication.SimpleUserNameProvider;
 import io.trino.spi.security.ConnectorIdentity;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.Path;
@@ -36,6 +35,7 @@
 import java.util.concurrent.Executors;
 
 import static io.trino.hadoop.ConfigurationInstantiator.newEmptyConfiguration;
+import static io.trino.plugin.base.security.UserNameProvider.SIMPLE_USER_NAME_PROVIDER;
 import static java.util.Objects.requireNonNull;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.testng.Assert.assertEquals;
@@ -60,7 +60,7 @@ public void testFileSystemCache()
         HdfsEnvironment environment = new HdfsEnvironment(
                 new DynamicHdfsConfiguration(new HdfsConfigurationInitializer(new HdfsConfig()), ImmutableSet.of()),
                 new HdfsConfig(),
-                new ImpersonatingHdfsAuthentication(new SimpleHadoopAuthentication(), new SimpleUserNameProvider()));
+                new ImpersonatingHdfsAuthentication(new SimpleHadoopAuthentication(), SIMPLE_USER_NAME_PROVIDER));
         ConnectorIdentity userId = ConnectorIdentity.ofUser("user");
         ConnectorIdentity otherUserId = ConnectorIdentity.ofUser("other_user");
         FileSystem fs1 = getFileSystem(environment, userId);
@@ -85,7 +85,7 @@ public void testFileSystemCacheException() throws IOException
         HdfsEnvironment environment = new HdfsEnvironment(
                 new DynamicHdfsConfiguration(new HdfsConfigurationInitializer(new HdfsConfig()), ImmutableSet.of()),
                 new HdfsConfig(),
-                new ImpersonatingHdfsAuthentication(new SimpleHadoopAuthentication(), new SimpleUserNameProvider()));
+                new ImpersonatingHdfsAuthentication(new SimpleHadoopAuthentication(), SIMPLE_USER_NAME_PROVIDER));
 
         int maxCacheSize = 1000;
         for (int i = 0; i < maxCacheSize; i++) {
@@ -153,7 +153,7 @@ public static class CreateFileSystemsAndConsume
         private static final HdfsEnvironment environment = new HdfsEnvironment(
                 new DynamicHdfsConfiguration(new HdfsConfigurationInitializer(new HdfsConfig()), ImmutableSet.of()),
                 new HdfsConfig(),
-                new ImpersonatingHdfsAuthentication(new SimpleHadoopAuthentication(), new SimpleUserNameProvider()));
+                new ImpersonatingHdfsAuthentication(new SimpleHadoopAuthentication(), SIMPLE_USER_NAME_PROVIDER));
 
         CreateFileSystemsAndConsume(SplittableRandom random, int numUsers, int numGetCallsPerInvocation, FileSystemConsumer consumer)
         {

lib/trino-hdfs/src/main/java/io/trino/hdfs/authentication/UserNameProvider.java → lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/security/UserNameProvider.java

@@ -11,11 +11,13 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.trino.hdfs.authentication;
+package io.trino.plugin.base.security;
 
 import io.trino.spi.security.ConnectorIdentity;
 
 public interface UserNameProvider
 {
+    UserNameProvider SIMPLE_USER_NAME_PROVIDER = ConnectorIdentity::getUser;
+
     String get(ConnectorIdentity identity);
 }

plugin/trino-delta-lake/src/test/java/io/trino/plugin/deltalake/TestDeltaLakePerTransactionMetastoreCache.java

@@ -21,6 +21,8 @@
 import com.google.inject.Scopes;
 import io.airlift.configuration.AbstractConfigurationAwareModule;
 import io.trino.Session;
+import io.trino.plugin.base.security.UserNameProvider;
+import io.trino.plugin.hive.ForHiveMetastore;
 import io.trino.plugin.hive.containers.HiveMinioDataLake;
 import io.trino.plugin.hive.metastore.HiveMetastore;
 import io.trino.plugin.hive.metastore.HiveMetastoreFactory;
@@ -55,6 +57,7 @@
 import static com.google.inject.multibindings.OptionalBinder.newOptionalBinder;
 import static io.airlift.concurrent.Threads.threadsNamed;
 import static io.airlift.configuration.ConfigBinder.configBinder;
+import static io.trino.plugin.base.security.UserNameProvider.SIMPLE_USER_NAME_PROVIDER;
 import static io.trino.plugin.deltalake.DeltaLakeQueryRunner.DELTA_CATALOG;
 import static io.trino.testing.TestingSession.testSessionBuilder;
 import static io.trino.testing.containers.Minio.MINIO_ACCESS_KEY;
@@ -110,6 +113,9 @@ protected void setup(Binder binder)
                         binder.bind(ThriftMetastoreFactory.class).to(ThriftHiveMetastoreFactory.class).in(Scopes.SINGLETON);
                         newExporter(binder).export(ThriftMetastoreFactory.class)
                                 .as(generator -> generator.generatedNameOf(ThriftHiveMetastore.class));
+                        newOptionalBinder(binder, Key.get(UserNameProvider.class, ForHiveMetastore.class))
+                                .setDefault()
+                                .toInstance(SIMPLE_USER_NAME_PROVIDER);
                         install(new ThriftMetastoreAuthenticationModule());
                         binder.bind(BridgingHiveMetastoreFactory.class).in(Scopes.SINGLETON);
                         binder.bind(Key.get(boolean.class, AllowDeltaLakeManagedTableRename.class)).toInstance(false);

plugin/trino-hive/src/main/java/io/trino/plugin/hive/metastore/thrift/ThriftMetastoreModule.java

@@ -20,16 +20,20 @@
 import com.google.inject.Singleton;
 import com.google.inject.multibindings.OptionalBinder;
 import io.airlift.configuration.AbstractConfigurationAwareModule;
+import io.trino.plugin.base.security.UserNameProvider;
 import io.trino.plugin.hive.AllowHiveTableRename;
+import io.trino.plugin.hive.ForHiveMetastore;
 import io.trino.plugin.hive.metastore.HiveMetastoreFactory;
 import io.trino.plugin.hive.metastore.RawHiveMetastoreFactory;
 
 import javax.annotation.PreDestroy;
 
 import java.util.concurrent.ExecutorService;
 
+import static com.google.inject.multibindings.OptionalBinder.newOptionalBinder;
 import static io.airlift.concurrent.Threads.threadsNamed;
 import static io.airlift.configuration.ConfigBinder.configBinder;
+import static io.trino.plugin.base.security.UserNameProvider.SIMPLE_USER_NAME_PROVIDER;
 import static java.util.concurrent.Executors.newFixedThreadPool;
 import static org.weakref.jmx.guice.ExportBinder.newExporter;
 
@@ -54,6 +58,10 @@ protected void setup(Binder binder)
                 .to(BridgingHiveMetastoreFactory.class)
                 .in(Scopes.SINGLETON);
 
+        newOptionalBinder(binder, Key.get(UserNameProvider.class, ForHiveMetastore.class))
+                .setDefault()
+                .toInstance(SIMPLE_USER_NAME_PROVIDER);
+
         binder.bind(Key.get(boolean.class, AllowHiveTableRename.class)).toInstance(true);
 
         install(new ThriftMetastoreAuthenticationModule());

plugin/trino-hive/src/main/java/io/trino/plugin/hive/metastore/thrift/TokenFetchingMetastoreClientFactory.java

@@ -17,6 +17,8 @@
 import com.google.common.cache.CacheLoader;
 import com.google.common.util.concurrent.UncheckedExecutionException;
 import io.trino.collect.cache.NonEvictableLoadingCache;
+import io.trino.plugin.base.security.UserNameProvider;
+import io.trino.plugin.hive.ForHiveMetastore;
 import io.trino.spi.TrinoException;
 import io.trino.spi.security.ConnectorIdentity;
 import org.apache.thrift.TException;
@@ -36,17 +38,20 @@ public class TokenFetchingMetastoreClientFactory
         implements IdentityAwareMetastoreClientFactory
 {
     private final TokenAwareMetastoreClientFactory clientProvider;
+    private final UserNameProvider userNameProvider;
     private final boolean impersonationEnabled;
     private final NonEvictableLoadingCache<String, DelegationToken> delegationTokenCache;
     private final long refreshPeriod;
 
     @Inject
     public TokenFetchingMetastoreClientFactory(
             TokenAwareMetastoreClientFactory tokenAwareMetastoreClientFactory,
+            @ForHiveMetastore UserNameProvider userNameProvider,
             ThriftMetastoreConfig thriftConfig)
     {
         this.clientProvider = requireNonNull(tokenAwareMetastoreClientFactory, "tokenAwareMetastoreClientFactory is null");
         this.impersonationEnabled = thriftConfig.isImpersonationEnabled();
+        this.userNameProvider = requireNonNull(userNameProvider, "userNameProvider is null");
 
         this.delegationTokenCache = buildNonEvictableCache(
                 CacheBuilder.newBuilder()
@@ -70,7 +75,7 @@ public ThriftMetastoreClient createMetastoreClientFor(Optional<ConnectorIdentity
             return createMetastoreClient();
         }
 
-        String username = identity.map(ConnectorIdentity::getUser)
+        String username = identity.map(userNameProvider::get)
                 .orElseThrow(() -> new IllegalStateException("End-user name should exist when metastore impersonation is enabled"));
 
         DelegationToken cachedDelegationToken = getDelegationToken(username);

plugin/trino-hive/src/main/java/io/trino/plugin/hive/metastore/thrift/UgiBasedMetastoreClientFactory.java

@@ -13,6 +13,8 @@
  */
 package io.trino.plugin.hive.metastore.thrift;
 
+import io.trino.plugin.base.security.UserNameProvider;
+import io.trino.plugin.hive.ForHiveMetastore;
 import io.trino.spi.security.ConnectorIdentity;
 import org.apache.thrift.TException;
 
@@ -28,14 +30,17 @@ public class UgiBasedMetastoreClientFactory
         implements IdentityAwareMetastoreClientFactory
 {
     private final TokenAwareMetastoreClientFactory clientProvider;
+    private final UserNameProvider userNameProvider;
     private final boolean impersonationEnabled;
 
     @Inject
     public UgiBasedMetastoreClientFactory(
             TokenAwareMetastoreClientFactory clientProvider,
+            @ForHiveMetastore UserNameProvider userNameProvider,
             ThriftMetastoreConfig thriftConfig)
     {
         this.clientProvider = requireNonNull(clientProvider, "clientProvider is null");
+        this.userNameProvider = requireNonNull(userNameProvider, "userNameProvider is null");
         this.impersonationEnabled = thriftConfig.isImpersonationEnabled();
     }
 
@@ -46,7 +51,7 @@ public ThriftMetastoreClient createMetastoreClientFor(Optional<ConnectorIdentity
         ThriftMetastoreClient client = clientProvider.createMetastoreClient(Optional.empty());
 
         if (impersonationEnabled) {
-            String username = identity.map(ConnectorIdentity::getUser)
+            String username = identity.map(userNameProvider::get)
                     .orElseThrow(() -> new IllegalStateException("End-user name should exist when metastore impersonation is enabled"));
             setMetastoreUserOrClose(client, username);
         }

plugin/trino-hive/src/test/java/io/trino/plugin/hive/TestingThriftHiveMetastoreBuilder.java

@@ -39,6 +39,7 @@
 import java.util.Optional;
 
 import static com.google.common.base.Preconditions.checkState;
+import static io.trino.plugin.base.security.UserNameProvider.SIMPLE_USER_NAME_PROVIDER;
 import static java.util.Objects.requireNonNull;
 import static java.util.concurrent.Executors.newFixedThreadPool;
 
@@ -116,7 +117,7 @@ public ThriftMetastore build()
     {
         checkState(tokenAwareMetastoreClientFactory != null, "metastore client not set");
         ThriftHiveMetastoreFactory metastoreFactory = new ThriftHiveMetastoreFactory(
-                new UgiBasedMetastoreClientFactory(tokenAwareMetastoreClientFactory, thriftMetastoreConfig),
+                new UgiBasedMetastoreClientFactory(tokenAwareMetastoreClientFactory, SIMPLE_USER_NAME_PROVIDER, thriftMetastoreConfig),
                 new HiveMetastoreConfig().isHideDeltaLakeTables(),
                 hiveConfig.isTranslateHiveViews(),
                 thriftMetastoreConfig,