diff --git a/core/trino-main/src/main/java/io/trino/execution/AddColumnTask.java b/core/trino-main/src/main/java/io/trino/execution/AddColumnTask.java index 850517ad6260..3ff5fec98f3f 100644 --- a/core/trino-main/src/main/java/io/trino/execution/AddColumnTask.java +++ b/core/trino-main/src/main/java/io/trino/execution/AddColumnTask.java @@ -91,7 +91,8 @@ public ListenableFuture execute( TableHandle tableHandle = redirectionAwareTableHandle.getTableHandle().get(); CatalogHandle catalogHandle = tableHandle.getCatalogHandle(); - accessControl.checkCanAddColumns(session.toSecurityContext(), redirectionAwareTableHandle.getRedirectedTableName().orElse(originalTableName)); + QualifiedObjectName qualifiedTableName = redirectionAwareTableHandle.getRedirectedTableName().orElse(originalTableName); + accessControl.checkCanAddColumns(session.toSecurityContext(), qualifiedTableName); Map columnHandles = plannerContext.getMetadata().getColumnHandles(session, tableHandle); @@ -133,7 +134,7 @@ public ListenableFuture execute( .setProperties(columnProperties) .build(); - plannerContext.getMetadata().addColumn(session, tableHandle, column); + plannerContext.getMetadata().addColumn(session, tableHandle, qualifiedTableName.asCatalogSchemaTableName(), column); return immediateVoidFuture(); } diff --git a/core/trino-main/src/main/java/io/trino/execution/DropColumnTask.java b/core/trino-main/src/main/java/io/trino/execution/DropColumnTask.java index 9dacadd6ef84..88d403643827 100644 --- a/core/trino-main/src/main/java/io/trino/execution/DropColumnTask.java +++ b/core/trino-main/src/main/java/io/trino/execution/DropColumnTask.java @@ -84,7 +84,8 @@ public ListenableFuture execute( // Use getParts method because the column name should be lowercase String column = statement.getField().getParts().get(0); - accessControl.checkCanDropColumn(session.toSecurityContext(), redirectionAwareTableHandle.getRedirectedTableName().orElse(tableName)); + QualifiedObjectName qualifiedTableName = redirectionAwareTableHandle.getRedirectedTableName().orElse(tableName); + accessControl.checkCanDropColumn(session.toSecurityContext(), qualifiedTableName); ColumnHandle columnHandle = metadata.getColumnHandles(session, tableHandle).get(column); if (columnHandle == null) { @@ -107,7 +108,7 @@ public ListenableFuture execute( .filter(info -> !info.isHidden()).count() <= 1) { throw semanticException(NOT_SUPPORTED, statement, "Cannot drop the only column in a table"); } - metadata.dropColumn(session, tableHandle, columnHandle); + metadata.dropColumn(session, tableHandle, qualifiedTableName.asCatalogSchemaTableName(), columnHandle); } else { RowType containingType = null; diff --git a/core/trino-main/src/main/java/io/trino/execution/RenameColumnTask.java b/core/trino-main/src/main/java/io/trino/execution/RenameColumnTask.java index b5d98dc8aaac..8bc380585938 100644 --- a/core/trino-main/src/main/java/io/trino/execution/RenameColumnTask.java +++ b/core/trino-main/src/main/java/io/trino/execution/RenameColumnTask.java @@ -80,7 +80,8 @@ public ListenableFuture execute( String source = statement.getSource().getValue().toLowerCase(ENGLISH); String target = statement.getTarget().getValue().toLowerCase(ENGLISH); - accessControl.checkCanRenameColumn(session.toSecurityContext(), redirectionAwareTableHandle.getRedirectedTableName().orElse(originalTableName)); + QualifiedObjectName qualifiedTableName = redirectionAwareTableHandle.getRedirectedTableName().orElse(originalTableName); + accessControl.checkCanRenameColumn(session.toSecurityContext(), qualifiedTableName); Map columnHandles = metadata.getColumnHandles(session, tableHandle); ColumnHandle columnHandle = columnHandles.get(source); @@ -99,7 +100,7 @@ public ListenableFuture execute( throw semanticException(NOT_SUPPORTED, statement, "Cannot rename hidden column"); } - metadata.renameColumn(session, tableHandle, columnHandle, target); + metadata.renameColumn(session, tableHandle, qualifiedTableName.asCatalogSchemaTableName(), columnHandle, target); return immediateVoidFuture(); } diff --git a/core/trino-main/src/main/java/io/trino/metadata/DisabledSystemSecurityMetadata.java b/core/trino-main/src/main/java/io/trino/metadata/DisabledSystemSecurityMetadata.java index efedd3b9e545..a41ebc776e38 100644 --- a/core/trino-main/src/main/java/io/trino/metadata/DisabledSystemSecurityMetadata.java +++ b/core/trino-main/src/main/java/io/trino/metadata/DisabledSystemSecurityMetadata.java @@ -184,6 +184,15 @@ public void tableRenamed(Session session, CatalogSchemaTableName sourceTable, Ca @Override public void tableDropped(Session session, CatalogSchemaTableName table) {} + @Override + public void columnCreated(Session session, CatalogSchemaTableName table, String column) {} + + @Override + public void columnRenamed(Session session, CatalogSchemaTableName table, String oldName, String newName) {} + + @Override + public void columnDropped(Session session, CatalogSchemaTableName table, String column) {} + private static TrinoException notSupportedException(String catalogName) { return new TrinoException(NOT_SUPPORTED, "Catalog does not support permission management: " + catalogName); diff --git a/core/trino-main/src/main/java/io/trino/metadata/Metadata.java b/core/trino-main/src/main/java/io/trino/metadata/Metadata.java index 8c6838fd1449..9727bc8457a7 100644 --- a/core/trino-main/src/main/java/io/trino/metadata/Metadata.java +++ b/core/trino-main/src/main/java/io/trino/metadata/Metadata.java @@ -233,12 +233,12 @@ Optional getTableHandleForExecute( /** * Rename the specified column. */ - void renameColumn(Session session, TableHandle tableHandle, ColumnHandle source, String target); + void renameColumn(Session session, TableHandle tableHandle, CatalogSchemaTableName table, ColumnHandle source, String target); /** * Add the specified column to the table. */ - void addColumn(Session session, TableHandle tableHandle, ColumnMetadata column); + void addColumn(Session session, TableHandle tableHandle, CatalogSchemaTableName table, ColumnMetadata column); /** * Set the specified type to the column. @@ -253,7 +253,7 @@ Optional getTableHandleForExecute( /** * Drop the specified column. */ - void dropColumn(Session session, TableHandle tableHandle, ColumnHandle column); + void dropColumn(Session session, TableHandle tableHandle, CatalogSchemaTableName table, ColumnHandle column); /** * Drop the specified field from the column. diff --git a/core/trino-main/src/main/java/io/trino/metadata/MetadataManager.java b/core/trino-main/src/main/java/io/trino/metadata/MetadataManager.java index dc1436a04e3b..1f5752a431dd 100644 --- a/core/trino-main/src/main/java/io/trino/metadata/MetadataManager.java +++ b/core/trino-main/src/main/java/io/trino/metadata/MetadataManager.java @@ -735,27 +735,41 @@ public void setColumnComment(Session session, TableHandle tableHandle, ColumnHan } @Override - public void renameColumn(Session session, TableHandle tableHandle, ColumnHandle source, String target) + public void renameColumn(Session session, TableHandle tableHandle, CatalogSchemaTableName table, ColumnHandle source, String target) { CatalogHandle catalogHandle = tableHandle.getCatalogHandle(); + CatalogMetadata catalogMetadata = getCatalogMetadataForWrite(session, catalogHandle.getCatalogName()); ConnectorMetadata metadata = getMetadataForWrite(session, catalogHandle); metadata.renameColumn(session.toConnectorSession(catalogHandle), tableHandle.getConnectorHandle(), source, target.toLowerCase(ENGLISH)); + if (catalogMetadata.getSecurityManagement() == SYSTEM) { + ColumnMetadata columnMetadata = getColumnMetadata(session, tableHandle, source); + systemSecurityMetadata.columnRenamed(session, table, columnMetadata.getName(), target); + } } @Override - public void addColumn(Session session, TableHandle tableHandle, ColumnMetadata column) + public void addColumn(Session session, TableHandle tableHandle, CatalogSchemaTableName table, ColumnMetadata column) { CatalogHandle catalogHandle = tableHandle.getCatalogHandle(); + CatalogMetadata catalogMetadata = getCatalogMetadataForWrite(session, catalogHandle.getCatalogName()); ConnectorMetadata metadata = getMetadataForWrite(session, catalogHandle); metadata.addColumn(session.toConnectorSession(catalogHandle), tableHandle.getConnectorHandle(), column); + if (catalogMetadata.getSecurityManagement() == SYSTEM) { + systemSecurityMetadata.columnCreated(session, table, column.getName()); + } } @Override - public void dropColumn(Session session, TableHandle tableHandle, ColumnHandle column) + public void dropColumn(Session session, TableHandle tableHandle, CatalogSchemaTableName table, ColumnHandle column) { CatalogHandle catalogHandle = tableHandle.getCatalogHandle(); + CatalogMetadata catalogMetadata = getCatalogMetadataForWrite(session, catalogHandle.getCatalogName()); ConnectorMetadata metadata = getMetadataForWrite(session, catalogHandle); metadata.dropColumn(session.toConnectorSession(catalogHandle), tableHandle.getConnectorHandle(), column); + if (catalogMetadata.getSecurityManagement() == SYSTEM) { + ColumnMetadata columnMetadata = getColumnMetadata(session, tableHandle, column); + systemSecurityMetadata.columnDropped(session, table, columnMetadata.getName()); + } } @Override diff --git a/core/trino-main/src/main/java/io/trino/metadata/SystemSecurityMetadata.java b/core/trino-main/src/main/java/io/trino/metadata/SystemSecurityMetadata.java index 7faa8d06d795..7296a59e46e8 100644 --- a/core/trino-main/src/main/java/io/trino/metadata/SystemSecurityMetadata.java +++ b/core/trino-main/src/main/java/io/trino/metadata/SystemSecurityMetadata.java @@ -167,4 +167,19 @@ public interface SystemSecurityMetadata * A table or view was dropped */ void tableDropped(Session session, CatalogSchemaTableName table); + + /** + * A column was created + */ + void columnCreated(Session session, CatalogSchemaTableName table, String column); + + /** + * A column was renamed + */ + void columnRenamed(Session session, CatalogSchemaTableName table, String oldName, String newName); + + /** + * A column was dropped + */ + void columnDropped(Session session, CatalogSchemaTableName table, String column); } diff --git a/core/trino-main/src/test/java/io/trino/execution/BaseDataDefinitionTaskTest.java b/core/trino-main/src/test/java/io/trino/execution/BaseDataDefinitionTaskTest.java index 6f51cc93f3db..e27ddf68bd38 100644 --- a/core/trino-main/src/test/java/io/trino/execution/BaseDataDefinitionTaskTest.java +++ b/core/trino-main/src/test/java/io/trino/execution/BaseDataDefinitionTaskTest.java @@ -329,9 +329,9 @@ public void renameTable(Session session, TableHandle tableHandle, CatalogSchemaT } @Override - public void addColumn(Session session, TableHandle tableHandle, ColumnMetadata column) + public void addColumn(Session session, TableHandle tableHandle, CatalogSchemaTableName table, ColumnMetadata column) { - SchemaTableName tableName = getTableName(tableHandle); + SchemaTableName tableName = table.getSchemaTableName(); ConnectorTableMetadata metadata = tables.get(tableName); ImmutableList.Builder columns = ImmutableList.builderWithExpectedSize(metadata.getColumns().size() + 1); @@ -341,9 +341,9 @@ public void addColumn(Session session, TableHandle tableHandle, ColumnMetadata c } @Override - public void dropColumn(Session session, TableHandle tableHandle, ColumnHandle columnHandle) + public void dropColumn(Session session, TableHandle tableHandle, CatalogSchemaTableName table, ColumnHandle columnHandle) { - SchemaTableName tableName = getTableName(tableHandle); + SchemaTableName tableName = table.getSchemaTableName(); ConnectorTableMetadata metadata = tables.get(tableName); String columnName = ((TestingColumnHandle) columnHandle).getName(); @@ -354,9 +354,9 @@ public void dropColumn(Session session, TableHandle tableHandle, ColumnHandle co } @Override - public void renameColumn(Session session, TableHandle tableHandle, ColumnHandle source, String target) + public void renameColumn(Session session, TableHandle tableHandle, CatalogSchemaTableName table, ColumnHandle source, String target) { - SchemaTableName tableName = getTableName(tableHandle); + SchemaTableName tableName = table.getSchemaTableName(); ConnectorTableMetadata metadata = tables.get(tableName); String columnName = ((TestingColumnHandle) source).getName(); diff --git a/core/trino-main/src/test/java/io/trino/metadata/AbstractMockMetadata.java b/core/trino-main/src/test/java/io/trino/metadata/AbstractMockMetadata.java index 29a9a513d2c3..a37e5dcbb442 100644 --- a/core/trino-main/src/test/java/io/trino/metadata/AbstractMockMetadata.java +++ b/core/trino-main/src/test/java/io/trino/metadata/AbstractMockMetadata.java @@ -295,19 +295,19 @@ public void setColumnComment(Session session, TableHandle tableHandle, ColumnHan } @Override - public void renameColumn(Session session, TableHandle tableHandle, ColumnHandle source, String target) + public void renameColumn(Session session, TableHandle tableHandle, CatalogSchemaTableName table, ColumnHandle source, String target) { throw new UnsupportedOperationException(); } @Override - public void addColumn(Session session, TableHandle tableHandle, ColumnMetadata column) + public void addColumn(Session session, TableHandle tableHandle, CatalogSchemaTableName table, ColumnMetadata column) { throw new UnsupportedOperationException(); } @Override - public void dropColumn(Session session, TableHandle tableHandle, ColumnHandle column) + public void dropColumn(Session session, TableHandle tableHandle, CatalogSchemaTableName table, ColumnHandle column) { throw new UnsupportedOperationException(); } diff --git a/core/trino-main/src/test/java/io/trino/metadata/CountingAccessMetadata.java b/core/trino-main/src/test/java/io/trino/metadata/CountingAccessMetadata.java index d296d4034bef..b9be2c413492 100644 --- a/core/trino-main/src/test/java/io/trino/metadata/CountingAccessMetadata.java +++ b/core/trino-main/src/test/java/io/trino/metadata/CountingAccessMetadata.java @@ -305,15 +305,15 @@ public void setColumnType(Session session, TableHandle tableHandle, ColumnHandle } @Override - public void renameColumn(Session session, TableHandle tableHandle, ColumnHandle source, String target) + public void renameColumn(Session session, TableHandle tableHandle, CatalogSchemaTableName table, ColumnHandle source, String target) { - delegate.renameColumn(session, tableHandle, source, target); + delegate.renameColumn(session, tableHandle, table, source, target); } @Override - public void addColumn(Session session, TableHandle tableHandle, ColumnMetadata column) + public void addColumn(Session session, TableHandle tableHandle, CatalogSchemaTableName table, ColumnMetadata column) { - delegate.addColumn(session, tableHandle, column); + delegate.addColumn(session, tableHandle, table, column); } @Override @@ -323,9 +323,9 @@ public void setTableAuthorization(Session session, CatalogSchemaTableName table, } @Override - public void dropColumn(Session session, TableHandle tableHandle, ColumnHandle column) + public void dropColumn(Session session, TableHandle tableHandle, CatalogSchemaTableName table, ColumnHandle column) { - delegate.dropColumn(session, tableHandle, column); + delegate.dropColumn(session, tableHandle, table, column); } @Override diff --git a/testing/trino-tests/src/test/java/io/trino/security/TestingSystemSecurityMetadata.java b/testing/trino-tests/src/test/java/io/trino/security/TestingSystemSecurityMetadata.java index 2e554e14f788..c554c12e52a4 100644 --- a/testing/trino-tests/src/test/java/io/trino/security/TestingSystemSecurityMetadata.java +++ b/testing/trino-tests/src/test/java/io/trino/security/TestingSystemSecurityMetadata.java @@ -259,4 +259,22 @@ public void tableRenamed(Session session, CatalogSchemaTableName sourceTable, Ca @Override public void tableDropped(Session session, CatalogSchemaTableName table) {} + + @Override + public void columnCreated(Session session, CatalogSchemaTableName table, String column) + { + throw new UnsupportedOperationException(); + } + + @Override + public void columnRenamed(Session session, CatalogSchemaTableName table, String oldName, String newName) + { + throw new UnsupportedOperationException(); + } + + @Override + public void columnDropped(Session session, CatalogSchemaTableName table, String column) + { + throw new UnsupportedOperationException(); + } }