diff --git a/core/trino-main/src/main/java/io/trino/security/AccessControlManager.java b/core/trino-main/src/main/java/io/trino/security/AccessControlManager.java index 9df9c6c9dd4a..c8fab9ce9663 100644 --- a/core/trino-main/src/main/java/io/trino/security/AccessControlManager.java +++ b/core/trino-main/src/main/java/io/trino/security/AccessControlManager.java @@ -20,6 +20,8 @@ import com.google.inject.Inject; import io.airlift.log.Logger; import io.airlift.stats.CounterStat; +import io.opentelemetry.api.OpenTelemetry; +import io.opentelemetry.api.trace.Tracer; import io.trino.connector.CatalogServiceProvider; import io.trino.eventlistener.EventListenerManager; import io.trino.metadata.QualifiedObjectName; @@ -43,6 +45,7 @@ import io.trino.spi.security.Privilege; import io.trino.spi.security.SystemAccessControl; import io.trino.spi.security.SystemAccessControlFactory; +import io.trino.spi.security.SystemAccessControlFactory.SystemAccessControlContext; import io.trino.spi.security.SystemSecurityContext; import io.trino.spi.security.TrinoPrincipal; import io.trino.spi.security.ViewExpression; @@ -88,6 +91,7 @@ public class AccessControlManager private final TransactionManager transactionManager; private final EventListenerManager eventListenerManager; private final List configFiles; + private final OpenTelemetry openTelemetry; private final String defaultAccessControlName; private final Map systemAccessControlFactories = new ConcurrentHashMap<>(); private final AtomicReference>> connectorAccessControlProvider = new AtomicReference<>(); @@ -102,11 +106,13 @@ public AccessControlManager( TransactionManager transactionManager, EventListenerManager eventListenerManager, AccessControlConfig config, + OpenTelemetry openTelemetry, @DefaultSystemAccessControlName String defaultAccessControlName) { this.transactionManager = requireNonNull(transactionManager, "transactionManager is null"); this.eventListenerManager = requireNonNull(eventListenerManager, "eventListenerManager is null"); this.configFiles = ImmutableList.copyOf(config.getAccessControlFiles()); + this.openTelemetry = requireNonNull(openTelemetry, "openTelemetry is null"); this.defaultAccessControlName = requireNonNull(defaultAccessControlName, "defaultAccessControl is null"); addSystemAccessControlFactory(new DefaultSystemAccessControl.Factory()); addSystemAccessControlFactory(new AllowAllSystemAccessControl.Factory()); @@ -178,7 +184,7 @@ private SystemAccessControl createSystemAccessControl(File configFile) SystemAccessControl systemAccessControl; try (ThreadContextClassLoader ignored = new ThreadContextClassLoader(factory.getClass().getClassLoader())) { - systemAccessControl = factory.create(ImmutableMap.copyOf(properties)); + systemAccessControl = factory.create(ImmutableMap.copyOf(properties), createContext(name)); } log.info("-- Loaded system access control %s --", name); @@ -196,7 +202,7 @@ public void loadSystemAccessControl(String name, Map properties) SystemAccessControl systemAccessControl; try (ThreadContextClassLoader ignored = new ThreadContextClassLoader(factory.getClass().getClassLoader())) { - systemAccessControl = factory.create(ImmutableMap.copyOf(properties)); + systemAccessControl = factory.create(ImmutableMap.copyOf(properties), createContext(name)); } systemAccessControl.getEventListeners() @@ -205,6 +211,26 @@ public void loadSystemAccessControl(String name, Map properties) setSystemAccessControls(ImmutableList.of(systemAccessControl)); } + private SystemAccessControlContext createContext(String systemAccessControlName) + { + return new SystemAccessControlContext() + { + private final Tracer tracer = openTelemetry.getTracer("trino.system-access-control." + systemAccessControlName); + + @Override + public OpenTelemetry getOpenTelemetry() + { + return openTelemetry; + } + + @Override + public Tracer getTracer() + { + return tracer; + } + }; + } + @VisibleForTesting public void addSystemAccessControl(SystemAccessControl systemAccessControl) { diff --git a/core/trino-main/src/main/java/io/trino/testing/TestingAccessControlManager.java b/core/trino-main/src/main/java/io/trino/testing/TestingAccessControlManager.java index 77ab8c5dc824..1386eddaa296 100644 --- a/core/trino-main/src/main/java/io/trino/testing/TestingAccessControlManager.java +++ b/core/trino-main/src/main/java/io/trino/testing/TestingAccessControlManager.java @@ -15,6 +15,7 @@ import com.google.common.collect.ImmutableSet; import com.google.inject.Inject; +import io.opentelemetry.api.OpenTelemetry; import io.trino.eventlistener.EventListenerManager; import io.trino.metadata.QualifiedObjectName; import io.trino.plugin.base.security.DefaultSystemAccessControl; @@ -141,14 +142,18 @@ public class TestingAccessControlManager private BiPredicate denyIdentityTable = IDENTITY_TABLE_TRUE; @Inject - public TestingAccessControlManager(TransactionManager transactionManager, EventListenerManager eventListenerManager, AccessControlConfig accessControlConfig) + public TestingAccessControlManager( + TransactionManager transactionManager, + EventListenerManager eventListenerManager, + AccessControlConfig accessControlConfig, + OpenTelemetry openTelemetry) { - super(transactionManager, eventListenerManager, accessControlConfig, DefaultSystemAccessControl.NAME); + super(transactionManager, eventListenerManager, accessControlConfig, openTelemetry, DefaultSystemAccessControl.NAME); } public TestingAccessControlManager(TransactionManager transactionManager, EventListenerManager eventListenerManager) { - this(transactionManager, eventListenerManager, new AccessControlConfig()); + this(transactionManager, eventListenerManager, new AccessControlConfig(), OpenTelemetry.noop()); } public static TestingPrivilege privilege(String entityName, TestingPrivilegeType type) diff --git a/core/trino-main/src/test/java/io/trino/dispatcher/TestLocalDispatchQuery.java b/core/trino-main/src/test/java/io/trino/dispatcher/TestLocalDispatchQuery.java index b0e4f778626f..b08340f69722 100644 --- a/core/trino-main/src/test/java/io/trino/dispatcher/TestLocalDispatchQuery.java +++ b/core/trino-main/src/test/java/io/trino/dispatcher/TestLocalDispatchQuery.java @@ -21,6 +21,7 @@ import io.airlift.json.JsonCodec; import io.airlift.node.NodeInfo; import io.airlift.units.Duration; +import io.opentelemetry.api.OpenTelemetry; import io.trino.Session; import io.trino.client.NodeVersion; import io.trino.connector.CatalogProperties; @@ -98,6 +99,7 @@ public void testSubmittedForDispatchedQuery() transactionManager, emptyEventListenerManager(), new AccessControlConfig(), + OpenTelemetry.noop(), DefaultSystemAccessControl.NAME); accessControl.setSystemAccessControls(List.of(AllowAllSystemAccessControl.INSTANCE)); QueryStateMachine queryStateMachine = QueryStateMachine.begin( diff --git a/core/trino-main/src/test/java/io/trino/execution/TestCommitTask.java b/core/trino-main/src/test/java/io/trino/execution/TestCommitTask.java index 5281ff4ecd89..bf86872e5659 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TestCommitTask.java +++ b/core/trino-main/src/test/java/io/trino/execution/TestCommitTask.java @@ -14,6 +14,7 @@ */ package io.trino.execution; +import io.opentelemetry.api.OpenTelemetry; import io.trino.Session; import io.trino.Session.SessionBuilder; import io.trino.client.NodeVersion; @@ -132,7 +133,7 @@ private QueryStateMachine createQueryStateMachine(String query, Session session, new ResourceGroupId("test"), true, transactionManager, - new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), DefaultSystemAccessControl.NAME), + new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), DefaultSystemAccessControl.NAME), executor, metadata, WarningCollector.NOOP, diff --git a/core/trino-main/src/test/java/io/trino/execution/TestDeallocateTask.java b/core/trino-main/src/test/java/io/trino/execution/TestDeallocateTask.java index 1b57024c21c1..edc5b2e56aeb 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TestDeallocateTask.java +++ b/core/trino-main/src/test/java/io/trino/execution/TestDeallocateTask.java @@ -14,6 +14,7 @@ package io.trino.execution; import com.google.common.collect.ImmutableSet; +import io.opentelemetry.api.OpenTelemetry; import io.trino.Session; import io.trino.client.NodeVersion; import io.trino.execution.warnings.WarningCollector; @@ -84,7 +85,7 @@ public void testDeallocateNoSuchStatement() private Set executeDeallocate(String statementName, String sqlString, Session session) { TransactionManager transactionManager = createTestTransactionManager(); - AccessControlManager accessControl = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), DefaultSystemAccessControl.NAME); + AccessControlManager accessControl = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), DefaultSystemAccessControl.NAME); accessControl.setSystemAccessControls(List.of(AllowAllSystemAccessControl.INSTANCE)); QueryStateMachine stateMachine = QueryStateMachine.begin( Optional.empty(), diff --git a/core/trino-main/src/test/java/io/trino/execution/TestPrepareTask.java b/core/trino-main/src/test/java/io/trino/execution/TestPrepareTask.java index bb90e4f4ff30..fd2081845952 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TestPrepareTask.java +++ b/core/trino-main/src/test/java/io/trino/execution/TestPrepareTask.java @@ -14,6 +14,7 @@ package io.trino.execution; import com.google.common.collect.ImmutableMap; +import io.opentelemetry.api.OpenTelemetry; import io.trino.Session; import io.trino.client.NodeVersion; import io.trino.execution.warnings.WarningCollector; @@ -104,7 +105,7 @@ public void testPrepareInvalidStatement() private Map executePrepare(String statementName, Statement statement, String sqlString, Session session) { TransactionManager transactionManager = createTestTransactionManager(); - AccessControlManager accessControl = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), DefaultSystemAccessControl.NAME); + AccessControlManager accessControl = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), DefaultSystemAccessControl.NAME); accessControl.setSystemAccessControls(List.of(AllowAllSystemAccessControl.INSTANCE)); QueryStateMachine stateMachine = QueryStateMachine.begin( Optional.empty(), diff --git a/core/trino-main/src/test/java/io/trino/execution/TestQueryStateMachine.java b/core/trino-main/src/test/java/io/trino/execution/TestQueryStateMachine.java index a0a79eed8d8c..507fa5356f85 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TestQueryStateMachine.java +++ b/core/trino-main/src/test/java/io/trino/execution/TestQueryStateMachine.java @@ -18,6 +18,7 @@ import com.google.common.collect.ImmutableMap; import io.airlift.testing.TestingTicker; import io.airlift.units.Duration; +import io.opentelemetry.api.OpenTelemetry; import io.trino.Session; import io.trino.client.FailureInfo; import io.trino.client.NodeVersion; @@ -522,6 +523,7 @@ private QueryStateMachine createQueryStateMachineWithTicker(Ticker ticker) transactionManager, emptyEventListenerManager(), new AccessControlConfig(), + OpenTelemetry.noop(), DefaultSystemAccessControl.NAME); accessControl.setSystemAccessControls(List.of(AllowAllSystemAccessControl.INSTANCE)); QueryStateMachine stateMachine = QueryStateMachine.beginWithTicker( diff --git a/core/trino-main/src/test/java/io/trino/execution/TestStartTransactionTask.java b/core/trino-main/src/test/java/io/trino/execution/TestStartTransactionTask.java index 94634cb4bc86..5464d6b4833b 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TestStartTransactionTask.java +++ b/core/trino-main/src/test/java/io/trino/execution/TestStartTransactionTask.java @@ -15,6 +15,7 @@ import com.google.common.collect.ImmutableList; import io.airlift.units.Duration; +import io.opentelemetry.api.OpenTelemetry; import io.trino.Session; import io.trino.Session.SessionBuilder; import io.trino.client.NodeVersion; @@ -253,7 +254,7 @@ private QueryStateMachine createQueryStateMachine(String query, Session session, new ResourceGroupId("test"), true, transactionManager, - new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), DefaultSystemAccessControl.NAME), + new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), DefaultSystemAccessControl.NAME), executor, metadata, WarningCollector.NOOP, diff --git a/core/trino-main/src/test/java/io/trino/security/TestAccessControlManager.java b/core/trino-main/src/test/java/io/trino/security/TestAccessControlManager.java index af1c2534a755..29592c8e072e 100644 --- a/core/trino-main/src/test/java/io/trino/security/TestAccessControlManager.java +++ b/core/trino-main/src/test/java/io/trino/security/TestAccessControlManager.java @@ -16,6 +16,7 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; +import io.opentelemetry.api.OpenTelemetry; import io.trino.connector.CatalogServiceProvider; import io.trino.connector.MockConnectorFactory; import io.trino.eventlistener.EventListenerManager; @@ -490,17 +491,17 @@ private AccessControlManager createAccessControlManager(TestingEventListenerMana private AccessControlManager createAccessControlManager(TransactionManager testTransactionManager) { - return new AccessControlManager(testTransactionManager, emptyEventListenerManager(), new AccessControlConfig(), DefaultSystemAccessControl.NAME); + return new AccessControlManager(testTransactionManager, emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), DefaultSystemAccessControl.NAME); } private AccessControlManager createAccessControlManager(EventListenerManager eventListenerManager, AccessControlConfig config) { - return new AccessControlManager(createTestTransactionManager(), eventListenerManager, config, DefaultSystemAccessControl.NAME); + return new AccessControlManager(createTestTransactionManager(), eventListenerManager, config, OpenTelemetry.noop(), DefaultSystemAccessControl.NAME); } private AccessControlManager createAccessControlManager(EventListenerManager eventListenerManager, String defaultAccessControlName) { - return new AccessControlManager(createTestTransactionManager(), eventListenerManager, new AccessControlConfig(), defaultAccessControlName); + return new AccessControlManager(createTestTransactionManager(), eventListenerManager, new AccessControlConfig(), OpenTelemetry.noop(), defaultAccessControlName); } private SystemAccessControlFactory eventListeningSystemAccessControlFactory(String name, EventListener... eventListeners) diff --git a/core/trino-main/src/test/java/io/trino/security/TestFileBasedSystemAccessControl.java b/core/trino-main/src/test/java/io/trino/security/TestFileBasedSystemAccessControl.java index 45af9ff7ddd1..d60caf798fc9 100644 --- a/core/trino-main/src/test/java/io/trino/security/TestFileBasedSystemAccessControl.java +++ b/core/trino-main/src/test/java/io/trino/security/TestFileBasedSystemAccessControl.java @@ -16,6 +16,7 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import com.google.inject.CreationException; +import io.opentelemetry.api.OpenTelemetry; import io.trino.metadata.QualifiedObjectName; import io.trino.plugin.base.security.DefaultSystemAccessControl; import io.trino.plugin.base.security.FileBasedSystemAccessControl; @@ -133,7 +134,7 @@ public void testCanImpersonateUserOperations() public void testDocsExample() { TransactionManager transactionManager = createTestTransactionManager(); - AccessControlManager accessControlManager = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), DefaultSystemAccessControl.NAME); + AccessControlManager accessControlManager = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), DefaultSystemAccessControl.NAME); accessControlManager.loadSystemAccessControl( FileBasedSystemAccessControl.NAME, ImmutableMap.of("security.config-file", new File("../../docs/src/main/sphinx/security/user-impersonation.json").getAbsolutePath())); @@ -775,7 +776,7 @@ public void testRefreshing() throws Exception { TransactionManager transactionManager = createTestTransactionManager(); - AccessControlManager accessControlManager = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), DefaultSystemAccessControl.NAME); + AccessControlManager accessControlManager = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), DefaultSystemAccessControl.NAME); File configFile = newTemporaryFile(); configFile.deleteOnExit(); copy(new File(getResourcePath("catalog.json")), configFile); @@ -835,7 +836,7 @@ public void testAllowModeInvalidValue() private AccessControlManager newAccessControlManager(TransactionManager transactionManager, String resourceName) { - AccessControlManager accessControlManager = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), DefaultSystemAccessControl.NAME); + AccessControlManager accessControlManager = new AccessControlManager(transactionManager, emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), DefaultSystemAccessControl.NAME); accessControlManager.loadSystemAccessControl(FileBasedSystemAccessControl.NAME, ImmutableMap.of("security.config-file", getResourcePath(resourceName))); diff --git a/core/trino-main/src/test/java/io/trino/sql/analyzer/TestAnalyzer.java b/core/trino-main/src/test/java/io/trino/sql/analyzer/TestAnalyzer.java index c5d1900a23ef..312f7e8641cd 100644 --- a/core/trino-main/src/test/java/io/trino/sql/analyzer/TestAnalyzer.java +++ b/core/trino-main/src/test/java/io/trino/sql/analyzer/TestAnalyzer.java @@ -18,6 +18,7 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import com.google.common.io.Closer; +import io.opentelemetry.api.OpenTelemetry; import io.trino.FeaturesConfig; import io.trino.Session; import io.trino.SystemSessionProperties; @@ -6730,6 +6731,7 @@ public void setup() transactionManager, emptyEventListenerManager(), new AccessControlConfig(), + OpenTelemetry.noop(), DefaultSystemAccessControl.NAME); accessControlManager.setSystemAccessControls(List.of(AllowAllSystemAccessControl.INSTANCE)); this.accessControl = accessControlManager; diff --git a/core/trino-spi/src/main/java/io/trino/spi/security/SystemAccessControlFactory.java b/core/trino-spi/src/main/java/io/trino/spi/security/SystemAccessControlFactory.java index de6e2d69eb3a..e86c97168299 100644 --- a/core/trino-spi/src/main/java/io/trino/spi/security/SystemAccessControlFactory.java +++ b/core/trino-spi/src/main/java/io/trino/spi/security/SystemAccessControlFactory.java @@ -13,11 +13,27 @@ */ package io.trino.spi.security; +import io.opentelemetry.api.OpenTelemetry; +import io.opentelemetry.api.trace.Tracer; + import java.util.Map; public interface SystemAccessControlFactory { String getName(); + @Deprecated SystemAccessControl create(Map config); + + default SystemAccessControl create(Map config, SystemAccessControlContext context) + { + return create(config); + } + + interface SystemAccessControlContext + { + OpenTelemetry getOpenTelemetry(); + + Tracer getTracer(); + } }