Remove deprecated and obsolete access control methods

core/trino-main/src/main/java/io/trino/security/InjectedConnectorAccessControl.java

@@ -494,12 +494,6 @@ public Optional<ViewExpression> getColumnMask(ConnectorSecurityContext context,
         throw new TrinoException(NOT_SUPPORTED, "Column masking not supported");
     }
 
-    @Override
-    public List<ViewExpression> getColumnMasks(ConnectorSecurityContext context, SchemaTableName tableName, String columnName, Type type)
-    {
-        throw new UnsupportedOperationException();
-    }
-
     private QualifiedObjectName getQualifiedObjectName(SchemaTableName schemaTableName)
     {
         return new QualifiedObjectName(catalogName, schemaTableName.getSchemaName(), schemaTableName.getTableName());

core/trino-main/src/test/java/io/trino/connector/MockConnectorAccessControl.java

@@ -135,12 +135,6 @@ public Optional<ViewExpression> getColumnMask(ConnectorSecurityContext context,
         return Optional.ofNullable(columnMasks.apply(tableName, columnName));
     }
 
-    @Override
-    public List<ViewExpression> getColumnMasks(ConnectorSecurityContext context, SchemaTableName tableName, String columnName, Type type)
-    {
-        throw new UnsupportedOperationException();
-    }
-
     public void grantSchemaPrivileges(String schemaName, Set<Privilege> privileges, TrinoPrincipal grantee, boolean grantOption)
     {
         schemaGrants.grant(grantee, schemaName, privileges, grantOption);

core/trino-main/src/test/java/io/trino/security/TestAccessControlManager.java

@@ -229,9 +229,9 @@ public SystemAccessControl create(Map<String, String> config)
                     return new SystemAccessControl()
                     {
                         @Override
-                        public List<ViewExpression> getColumnMasks(SystemSecurityContext context, CatalogSchemaTableName tableName, String column, Type type)
+                        public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String column, Type type)
                         {
-                            return ImmutableList.of(new ViewExpression(Optional.of("user"), Optional.empty(), Optional.empty(), "system mask"));
+                            return Optional.of(new ViewExpression(Optional.of("user"), Optional.empty(), Optional.empty(), "system mask"));
                         }
 
                         @Override
@@ -247,9 +247,9 @@ public void checkCanSetSystemSessionProperty(SystemSecurityContext context, Stri
             accessControlManager.setConnectorAccessControlProvider(CatalogServiceProvider.singleton(queryRunner.getCatalogHandle(TEST_CATALOG_NAME), Optional.of(new ConnectorAccessControl()
             {
                 @Override
-                public List<ViewExpression> getColumnMasks(ConnectorSecurityContext context, SchemaTableName tableName, String column, Type type)
+                public Optional<ViewExpression> getColumnMask(ConnectorSecurityContext context, SchemaTableName tableName, String column, Type type)
                 {
-                    return ImmutableList.of(new ViewExpression(Optional.of("user"), Optional.empty(), Optional.empty(), "connector mask"));
+                    return Optional.of(new ViewExpression(Optional.of("user"), Optional.empty(), Optional.empty(), "connector mask"));
                 }
 
                 @Override

core/trino-spi/src/main/java/io/trino/spi/connector/ConnectorAccessControl.java

@@ -657,17 +657,6 @@ default List<ViewExpression> getRowFilters(ConnectorSecurityContext context, Sch
      */
     default Optional<ViewExpression> getColumnMask(ConnectorSecurityContext context, SchemaTableName tableName, String columnName, Type type)
     {
-        List<ViewExpression> masks = getColumnMasks(context, tableName, columnName, type);
-        if (masks.size() > 1) {
-            throw new UnsupportedOperationException("Multiple masks on a single column are no longer supported");
-        }
-
-        return masks.stream().findFirst();
-    }
-
-    @Deprecated
-    default List<ViewExpression> getColumnMasks(ConnectorSecurityContext context, SchemaTableName tableName, String columnName, Type type)
-    {
-        return emptyList();
+        return Optional.empty();
     }
 }

core/trino-spi/src/main/java/io/trino/spi/security/SystemAccessControl.java

@@ -28,7 +28,6 @@
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
-import java.util.stream.Collectors;
 
 import static io.trino.spi.security.AccessDeniedException.denyAddColumn;
 import static io.trino.spi.security.AccessDeniedException.denyAlterColumn;
@@ -136,19 +135,6 @@ default void checkCanExecuteQuery(SystemSecurityContext context)
      * @throws AccessDeniedException if not allowed
      */
     default void checkCanViewQueryOwnedBy(SystemSecurityContext context, Identity queryOwner)
-    {
-        checkCanViewQueryOwnedBy(context, queryOwner.getUser());
-    }
-
-    /**
-     * Checks if identity can view a query owned by the specified user.  The method
-     * will not be called when the current user is the query owner.
-     *
-     * @throws AccessDeniedException if not allowed
-     * @deprecated Implement {@link #checkCanViewQueryOwnedBy(SystemSecurityContext, Identity)} instead.
-     */
-    @Deprecated
-    default void checkCanViewQueryOwnedBy(SystemSecurityContext context, String queryOwner)
     {
         denyViewQuery();
     }
@@ -158,24 +144,6 @@ default void checkCanViewQueryOwnedBy(SystemSecurityContext context, String quer
      * will not be called with the current user in the set.
      */
     default Collection<Identity> filterViewQueryOwnedBy(SystemSecurityContext context, Collection<Identity> queryOwners)
-    {
-        Set<String> ownerUsers = queryOwners.stream()
-                .map(Identity::getUser)
-                .collect(Collectors.toSet());
-        Set<String> allowedUsers = filterViewQueryOwnedBy(context, ownerUsers);
-        return queryOwners.stream()
-                .filter(owner -> allowedUsers.contains(owner.getUser()))
-                .collect(Collectors.toList());
-    }
-
-    /**
-     * Filter the list of users to those the identity view query owned by the user.  The method
-     * will not be called with the current user in the set.
-     *
-     * @deprecated Implement {@link #filterViewQueryOwnedBy(SystemSecurityContext, Collection)} instead.
-     */
-    @Deprecated
-    default Set<String> filterViewQueryOwnedBy(SystemSecurityContext context, Set<String> queryOwners)
     {
         return emptySet();
     }
@@ -187,19 +155,6 @@ default Set<String> filterViewQueryOwnedBy(SystemSecurityContext context, Set<St
      * @throws AccessDeniedException if not allowed
      */
     default void checkCanKillQueryOwnedBy(SystemSecurityContext context, Identity queryOwner)
-    {
-        checkCanKillQueryOwnedBy(context, queryOwner.getUser());
-    }
-
-    /**
-     * Checks if identity can kill a query owned by the specified user.  The method
-     * will not be called when the current user is the query owner.
-     *
-     * @throws AccessDeniedException if not allowed
-     * @deprecated Implement {@link #checkCanKillQueryOwnedBy(SystemSecurityContext, Identity)} instead.
-     */
-    @Deprecated
-    default void checkCanKillQueryOwnedBy(SystemSecurityContext context, String queryOwner)
     {
         denyKillQuery();
     }
@@ -895,18 +850,7 @@ default List<ViewExpression> getRowFilters(SystemSecurityContext context, Catalo
      */
     default Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type)
     {
-        List<ViewExpression> masks = getColumnMasks(context, tableName, columnName, type);
-        if (masks.size() > 1) {
-            throw new UnsupportedOperationException("Multiple masks on a single column are no longer supported");
-        }
-
-        return masks.stream().findFirst();
-    }
-
-    @Deprecated
-    default List<ViewExpression> getColumnMasks(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type)
-    {
-        return List.of();
+        return Optional.empty();
     }
 
     /**

lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/classloader/ClassLoaderSafeConnectorAccessControl.java

@@ -532,12 +532,4 @@ public Optional<ViewExpression> getColumnMask(ConnectorSecurityContext context,
             return delegate.getColumnMask(context, tableName, columnName, type);
         }
     }
-
-    @Override
-    public List<ViewExpression> getColumnMasks(ConnectorSecurityContext context, SchemaTableName tableName, String columnName, Type type)
-    {
-        try (ThreadContextClassLoader ignored = new ThreadContextClassLoader(classLoader)) {
-            return delegate.getColumnMasks(context, tableName, columnName, type);
-        }
-    }
 }

lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/security/AllowAllAccessControl.java

@@ -344,10 +344,4 @@ public Optional<ViewExpression> getColumnMask(ConnectorSecurityContext context,
     {
         return Optional.empty();
     }
-
-    @Override
-    public List<ViewExpression> getColumnMasks(ConnectorSecurityContext context, SchemaTableName tableName, String columnName, Type type)
-    {
-        return ImmutableList.of();
-    }
 }

lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/security/AllowAllSystemAccessControl.java

@@ -93,33 +93,17 @@ public void checkCanViewQueryOwnedBy(SystemSecurityContext context, Identity que
     {
     }
 
-    @Override
-    public void checkCanViewQueryOwnedBy(SystemSecurityContext context, String queryOwner)
-    {
-    }
-
     @Override
     public void checkCanKillQueryOwnedBy(SystemSecurityContext context, Identity queryOwner)
     {
     }
 
-    @Override
-    public void checkCanKillQueryOwnedBy(SystemSecurityContext context, String queryOwner)
-    {
-    }
-
     @Override
     public Collection<Identity> filterViewQueryOwnedBy(SystemSecurityContext context, Collection<Identity> queryOwners)
     {
         return queryOwners;
     }
 
-    @Override
-    public Set<String> filterViewQueryOwnedBy(SystemSecurityContext context, Set<String> queryOwners)
-    {
-        return queryOwners;
-    }
-
     @Override
     public void checkCanSetSystemSessionProperty(SystemSecurityContext context, String propertyName)
     {
@@ -471,10 +455,4 @@ public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, Cat
     {
         return Optional.empty();
     }
-
-    @Override
-    public List<ViewExpression> getColumnMasks(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type)
-    {
-        return emptyList();
-    }
 }

lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/security/FileBasedAccessControl.java

@@ -684,12 +684,6 @@ public Optional<ViewExpression> getColumnMask(ConnectorSecurityContext context,
         return masks.stream().findFirst();
     }
 
-    @Override
-    public List<ViewExpression> getColumnMasks(ConnectorSecurityContext context, SchemaTableName tableName, String columnName, Type type)
-    {
-        throw new UnsupportedOperationException();
-    }
-
     private boolean canSetSessionProperty(ConnectorSecurityContext context, String property)
     {
         ConnectorIdentity identity = context.getIdentity();

lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/security/FileBasedSystemAccessControl.java

@@ -36,6 +36,7 @@
 import io.trino.spi.type.Type;
 
 import java.security.Principal;
+import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@@ -288,29 +289,29 @@ public void checkCanExecuteQuery(SystemSecurityContext context)
     }
 
     @Override
-    public void checkCanViewQueryOwnedBy(SystemSecurityContext context, String queryOwner)
+    public void checkCanViewQueryOwnedBy(SystemSecurityContext context, Identity queryOwner)
     {
-        if (!canAccessQuery(context.getIdentity(), Optional.of(queryOwner), QueryAccessRule.AccessMode.VIEW)) {
+        if (!canAccessQuery(context.getIdentity(), Optional.of(queryOwner.getUser()), QueryAccessRule.AccessMode.VIEW)) {
             denyViewQuery();
         }
     }
 
     @Override
-    public Set<String> filterViewQueryOwnedBy(SystemSecurityContext context, Set<String> queryOwners)
+    public Collection<Identity> filterViewQueryOwnedBy(SystemSecurityContext context, Collection<Identity> queryOwners)
     {
         if (queryAccessRules.isEmpty()) {
             return queryOwners;
         }
         Identity identity = context.getIdentity();
         return queryOwners.stream()
-                .filter(owner -> canAccessQuery(identity, Optional.of(owner), QueryAccessRule.AccessMode.VIEW))
+                .filter(owner -> canAccessQuery(identity, Optional.of(owner.getUser()), QueryAccessRule.AccessMode.VIEW))
                 .collect(toImmutableSet());
     }
 
     @Override
-    public void checkCanKillQueryOwnedBy(SystemSecurityContext context, String queryOwner)
+    public void checkCanKillQueryOwnedBy(SystemSecurityContext context, Identity queryOwner)
     {
-        if (!canAccessQuery(context.getIdentity(), Optional.of(queryOwner), QueryAccessRule.AccessMode.KILL)) {
+        if (!canAccessQuery(context.getIdentity(), Optional.of(queryOwner.getUser()), QueryAccessRule.AccessMode.KILL)) {
             denyViewQuery();
         }
     }
@@ -1003,12 +1004,6 @@ public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, Cat
         return masks.stream().findFirst();
     }
 
-    @Override
-    public List<ViewExpression> getColumnMasks(SystemSecurityContext context, CatalogSchemaTableName table, String columnName, Type type)
-    {
-        throw new UnsupportedOperationException();
-    }
-
     private boolean checkAnyCatalogAccess(SystemSecurityContext context, String catalogName)
     {
         if (canAccessCatalog(context, catalogName, OWNER)) {

lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/security/ForwardingConnectorAccessControl.java

@@ -416,10 +416,4 @@ public Optional<ViewExpression> getColumnMask(ConnectorSecurityContext context,
     {
         return delegate().getColumnMask(context, tableName, columnName, type);
     }
-
-    @Override
-    public List<ViewExpression> getColumnMasks(ConnectorSecurityContext context, SchemaTableName tableName, String columnName, Type type)
-    {
-        return delegate().getColumnMasks(context, tableName, columnName, type);
-    }
 }

lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/security/ForwardingSystemAccessControl.java

@@ -91,36 +91,18 @@ public void checkCanViewQueryOwnedBy(SystemSecurityContext context, Identity que
         delegate().checkCanViewQueryOwnedBy(context, queryOwner);
     }
 
-    @Override
-    public void checkCanViewQueryOwnedBy(SystemSecurityContext context, String queryOwner)
-    {
-        delegate().checkCanViewQueryOwnedBy(context, queryOwner);
-    }
-
     @Override
     public Collection<Identity> filterViewQueryOwnedBy(SystemSecurityContext context, Collection<Identity> queryOwners)
     {
         return delegate().filterViewQueryOwnedBy(context, queryOwners);
     }
 
-    @Override
-    public Set<String> filterViewQueryOwnedBy(SystemSecurityContext context, Set<String> queryOwners)
-    {
-        return delegate().filterViewQueryOwnedBy(context, queryOwners);
-    }
-
     @Override
     public void checkCanKillQueryOwnedBy(SystemSecurityContext context, Identity queryOwner)
     {
         delegate().checkCanKillQueryOwnedBy(context, queryOwner);
     }
 
-    @Override
-    public void checkCanKillQueryOwnedBy(SystemSecurityContext context, String queryOwner)
-    {
-        delegate().checkCanKillQueryOwnedBy(context, queryOwner);
-    }
-
     @Override
     public void checkCanSetSystemSessionProperty(SystemSecurityContext context, String propertyName)
     {
@@ -522,10 +504,4 @@ public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, Cat
     {
         return delegate().getColumnMask(context, tableName, columnName, type);
     }
-
-    @Override
-    public List<ViewExpression> getColumnMasks(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type)
-    {
-        return delegate().getColumnMasks(context, tableName, columnName, type);
-    }
 }

lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/security/ReadOnlySystemAccessControl.java

@@ -18,12 +18,14 @@
 import io.trino.spi.connector.CatalogSchemaTableName;
 import io.trino.spi.connector.SchemaTableName;
 import io.trino.spi.function.FunctionKind;
+import io.trino.spi.security.Identity;
 import io.trino.spi.security.SystemAccessControl;
 import io.trino.spi.security.SystemAccessControlFactory;
 import io.trino.spi.security.SystemSecurityContext;
 import io.trino.spi.security.TrinoPrincipal;
 
 import java.security.Principal;
+import java.util.Collection;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
@@ -68,12 +70,12 @@ public void checkCanExecuteQuery(SystemSecurityContext context)
     }
 
     @Override
-    public void checkCanViewQueryOwnedBy(SystemSecurityContext context, String queryOwner)
+    public void checkCanViewQueryOwnedBy(SystemSecurityContext context, Identity queryOwner)
     {
     }
 
     @Override
-    public Set<String> filterViewQueryOwnedBy(SystemSecurityContext context, Set<String> queryOwners)
+    public Collection<Identity> filterViewQueryOwnedBy(SystemSecurityContext context, Collection<Identity> queryOwners)
     {
         return queryOwners;
     }