diff --git a/core/trino-main/src/main/java/io/trino/connector/CatalogStoreManager.java b/core/trino-main/src/main/java/io/trino/connector/CatalogStoreManager.java index 3456699c01eb..a31b953d9729 100644 --- a/core/trino-main/src/main/java/io/trino/connector/CatalogStoreManager.java +++ b/core/trino-main/src/main/java/io/trino/connector/CatalogStoreManager.java @@ -15,6 +15,8 @@ import com.google.common.annotations.VisibleForTesting; import com.google.common.collect.ImmutableMap; +import com.google.inject.Inject; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.log.Logger; import io.trino.spi.catalog.CatalogName; import io.trino.spi.catalog.CatalogProperties; @@ -46,6 +48,13 @@ public class CatalogStoreManager private static final String CATALOG_STORE_PROPERTY_NAME = "catalog-store.name"; private final Map catalogStoreFactories = new ConcurrentHashMap<>(); private final AtomicReference> configuredCatalogStore = new AtomicReference<>(Optional.empty()); + private final SecretsResolver secretsResolver; + + @Inject + public CatalogStoreManager(SecretsResolver secretsResolver) + { + this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null"); + } public void addCatalogStoreFactory(CatalogStoreFactory catalogStoreFactory) { @@ -91,7 +100,7 @@ protected void setConfiguredCatalogStore(String name, Map proper CatalogStore catalogStore; try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) { - catalogStore = factory.create(ImmutableMap.copyOf(properties)); + catalogStore = factory.create(ImmutableMap.copyOf(secretsResolver.getResolvedConfiguration(properties))); } setConfiguredCatalogStore(catalogStore); diff --git a/core/trino-main/src/main/java/io/trino/connector/DefaultCatalogFactory.java b/core/trino-main/src/main/java/io/trino/connector/DefaultCatalogFactory.java index fae43ce37efe..b9759c83fced 100644 --- a/core/trino-main/src/main/java/io/trino/connector/DefaultCatalogFactory.java +++ b/core/trino-main/src/main/java/io/trino/connector/DefaultCatalogFactory.java @@ -15,6 +15,7 @@ import com.google.errorprone.annotations.ThreadSafe; import com.google.inject.Inject; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.node.NodeInfo; import io.opentelemetry.api.OpenTelemetry; import io.opentelemetry.api.trace.Tracer; @@ -73,6 +74,7 @@ public class DefaultCatalogFactory private final ConcurrentMap connectorFactories = new ConcurrentHashMap<>(); private final LocalMemoryManager localMemoryManager; + private final SecretsResolver secretsResolver; @Inject public DefaultCatalogFactory( @@ -88,7 +90,8 @@ public DefaultCatalogFactory( TypeManager typeManager, NodeSchedulerConfig nodeSchedulerConfig, OptimizerConfig optimizerConfig, - LocalMemoryManager localMemoryManager) + LocalMemoryManager localMemoryManager, + SecretsResolver secretsResolver) { this.metadata = requireNonNull(metadata, "metadata is null"); this.accessControl = requireNonNull(accessControl, "accessControl is null"); @@ -103,6 +106,7 @@ public DefaultCatalogFactory( this.schedulerIncludeCoordinator = nodeSchedulerConfig.isIncludeCoordinator(); this.maxPrefetchedInformationSchemaPrefixes = optimizerConfig.getMaxPrefetchedInformationSchemaPrefixes(); this.localMemoryManager = requireNonNull(localMemoryManager, "localMemoryManager is null"); + this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null"); } @Override @@ -125,7 +129,7 @@ public CatalogConnector createCatalog(CatalogProperties catalogProperties) catalogProperties.catalogHandle().getCatalogName().toString(), catalogProperties.catalogHandle(), connectorFactory, - catalogProperties.properties()); + secretsResolver.getResolvedConfiguration(catalogProperties.properties())); return createCatalog( catalogProperties.catalogHandle(), diff --git a/core/trino-main/src/main/java/io/trino/eventlistener/EventListenerManager.java b/core/trino-main/src/main/java/io/trino/eventlistener/EventListenerManager.java index 88ec185b2663..cbb158b23c52 100644 --- a/core/trino-main/src/main/java/io/trino/eventlistener/EventListenerManager.java +++ b/core/trino-main/src/main/java/io/trino/eventlistener/EventListenerManager.java @@ -16,6 +16,7 @@ import com.google.common.base.Function; import com.google.common.collect.ImmutableList; import com.google.inject.Inject; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.log.Logger; import io.airlift.stats.CounterStat; import io.airlift.stats.TimeStat; @@ -68,12 +69,14 @@ public class EventListenerManager private final TimeStat queryCreatedTime = new TimeStat(MILLISECONDS); private final TimeStat queryCompletedTime = new TimeStat(MILLISECONDS); private final TimeStat splitCompletedTime = new TimeStat(MILLISECONDS); + private final SecretsResolver secretsResolver; @Inject - public EventListenerManager(EventListenerConfig config) + public EventListenerManager(EventListenerConfig config, SecretsResolver secretsResolver) { this.configFiles = ImmutableList.copyOf(config.getEventListenerFiles()); this.maxConcurrentQueryCompletedEvents = config.getMaxConcurrentQueryCompletedEvents(); + this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null"); } public void addEventListenerFactory(EventListenerFactory eventListenerFactory) @@ -130,7 +133,7 @@ private EventListener createEventListener(File configFile) EventListener eventListener; try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) { - eventListener = factory.create(properties); + eventListener = factory.create(secretsResolver.getResolvedConfiguration(properties)); } log.info("-- Loaded event listener %s --", configFile); diff --git a/core/trino-main/src/main/java/io/trino/exchange/ExchangeManagerRegistry.java b/core/trino-main/src/main/java/io/trino/exchange/ExchangeManagerRegistry.java index cc3c44906333..ed66b2149930 100644 --- a/core/trino-main/src/main/java/io/trino/exchange/ExchangeManagerRegistry.java +++ b/core/trino-main/src/main/java/io/trino/exchange/ExchangeManagerRegistry.java @@ -14,6 +14,7 @@ package io.trino.exchange; import com.google.inject.Inject; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.log.Logger; import io.opentelemetry.api.OpenTelemetry; import io.opentelemetry.api.trace.Tracer; @@ -50,14 +51,17 @@ public class ExchangeManagerRegistry private final Map exchangeManagerFactories = new ConcurrentHashMap<>(); private volatile ExchangeManager exchangeManager; + private final SecretsResolver secretsResolver; @Inject public ExchangeManagerRegistry( OpenTelemetry openTelemetry, - Tracer tracer) + Tracer tracer, + SecretsResolver secretsResolver) { this.openTelemetry = requireNonNull(openTelemetry, "openTelemetry is null"); this.tracer = requireNonNull(tracer, "tracer is null"); + this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null"); } public void addExchangeManagerFactory(ExchangeManagerFactory factory) @@ -92,7 +96,7 @@ public synchronized void loadExchangeManager(String name, Map pr ExchangeManager exchangeManager; try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) { - exchangeManager = factory.create(properties, new ExchangeManagerContextInstance(openTelemetry, tracer)); + exchangeManager = factory.create(secretsResolver.getResolvedConfiguration(properties), new ExchangeManagerContextInstance(openTelemetry, tracer)); } log.info("-- Loaded exchange manager %s --", name); diff --git a/core/trino-main/src/main/java/io/trino/execution/resourcegroups/InternalResourceGroupManager.java b/core/trino-main/src/main/java/io/trino/execution/resourcegroups/InternalResourceGroupManager.java index 2623337c5b35..98f95ecaa9a9 100644 --- a/core/trino-main/src/main/java/io/trino/execution/resourcegroups/InternalResourceGroupManager.java +++ b/core/trino-main/src/main/java/io/trino/execution/resourcegroups/InternalResourceGroupManager.java @@ -17,6 +17,7 @@ import com.google.common.collect.ImmutableMap; import com.google.errorprone.annotations.ThreadSafe; import com.google.inject.Inject; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.log.Logger; import io.airlift.node.NodeInfo; import io.trino.execution.ManagedQueryExecution; @@ -80,14 +81,21 @@ public final class InternalResourceGroupManager private final AtomicBoolean started = new AtomicBoolean(); private final AtomicLong lastCpuQuotaGenerationNanos = new AtomicLong(System.nanoTime()); private final Map configurationManagerFactories = new ConcurrentHashMap<>(); + private final SecretsResolver secretsResolver; @Inject - public InternalResourceGroupManager(LegacyResourceGroupConfigurationManager legacyManager, ClusterMemoryManager memoryPoolManager, NodeInfo nodeInfo, MBeanExporter exporter) + public InternalResourceGroupManager( + LegacyResourceGroupConfigurationManager legacyManager, + ClusterMemoryManager memoryPoolManager, + NodeInfo nodeInfo, + MBeanExporter exporter, + SecretsResolver secretsResolver) { this.exporter = requireNonNull(exporter, "exporter is null"); this.configurationManagerContext = new ResourceGroupConfigurationManagerContextInstance(memoryPoolManager::addChangeListener, nodeInfo.getEnvironment()); this.legacyManager = requireNonNull(legacyManager, "legacyManager is null"); this.configurationManager = new AtomicReference<>(cast(legacyManager)); + this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null"); } @Override @@ -159,7 +167,7 @@ public void setConfigurationManager(String name, Map properties) ResourceGroupConfigurationManager configurationManager; try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) { - configurationManager = cast(factory.create(ImmutableMap.copyOf(properties), configurationManagerContext)); + configurationManager = cast(factory.create(ImmutableMap.copyOf(secretsResolver.getResolvedConfiguration(properties)), configurationManagerContext)); } checkState(this.configurationManager.compareAndSet(cast(legacyManager), configurationManager), "configurationManager already set"); diff --git a/core/trino-main/src/main/java/io/trino/security/AccessControlManager.java b/core/trino-main/src/main/java/io/trino/security/AccessControlManager.java index a3860d75a4b5..f6d848d84036 100644 --- a/core/trino-main/src/main/java/io/trino/security/AccessControlManager.java +++ b/core/trino-main/src/main/java/io/trino/security/AccessControlManager.java @@ -19,6 +19,7 @@ import com.google.common.collect.ImmutableSet; import com.google.common.collect.Maps; import com.google.inject.Inject; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.log.Logger; import io.airlift.stats.CounterStat; import io.opentelemetry.api.OpenTelemetry; @@ -114,6 +115,7 @@ public class AccessControlManager private final CounterStat authorizationSuccess = new CounterStat(); private final CounterStat authorizationFail = new CounterStat(); + private final SecretsResolver secretsResolver; @Inject public AccessControlManager( @@ -122,6 +124,7 @@ public AccessControlManager( EventListenerManager eventListenerManager, AccessControlConfig config, OpenTelemetry openTelemetry, + SecretsResolver secretsResolver, @DefaultSystemAccessControlName String defaultAccessControlName) { this.nodeVersion = requireNonNull(nodeVersion, "nodeVersion is null"); @@ -129,6 +132,7 @@ public AccessControlManager( this.eventListenerManager = requireNonNull(eventListenerManager, "eventListenerManager is null"); this.configFiles = ImmutableList.copyOf(config.getAccessControlFiles()); this.openTelemetry = requireNonNull(openTelemetry, "openTelemetry is null"); + this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null"); this.defaultAccessControlName = requireNonNull(defaultAccessControlName, "defaultAccessControl is null"); addSystemAccessControlFactory(new DefaultSystemAccessControl.Factory()); addSystemAccessControlFactory(new AllowAllSystemAccessControl.Factory()); @@ -232,7 +236,7 @@ public void loadSystemAccessControl(String name, Map properties) SystemAccessControl systemAccessControl; try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) { - systemAccessControl = factory.create(ImmutableMap.copyOf(properties), createContext(name)); + systemAccessControl = factory.create(ImmutableMap.copyOf(secretsResolver.getResolvedConfiguration(properties)), createContext(name)); } systemAccessControl.getEventListeners() diff --git a/core/trino-main/src/main/java/io/trino/security/GroupProviderManager.java b/core/trino-main/src/main/java/io/trino/security/GroupProviderManager.java index d23a18730c66..ae2ce87ab17f 100644 --- a/core/trino-main/src/main/java/io/trino/security/GroupProviderManager.java +++ b/core/trino-main/src/main/java/io/trino/security/GroupProviderManager.java @@ -16,6 +16,8 @@ import com.google.common.annotations.VisibleForTesting; import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; +import com.google.inject.Inject; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.log.Logger; import io.trino.spi.classloader.ThreadContextClassLoader; import io.trino.spi.security.GroupProvider; @@ -45,6 +47,13 @@ public class GroupProviderManager private static final String GROUP_PROVIDER_PROPERTY_NAME = "group-provider.name"; private final Map groupProviderFactories = new ConcurrentHashMap<>(); private final AtomicReference> configuredGroupProvider = new AtomicReference<>(Optional.empty()); + private final SecretsResolver secretsResolver; + + @Inject + public GroupProviderManager(SecretsResolver secretsResolver) + { + this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null"); + } public void addGroupProviderFactory(GroupProviderFactory groupProviderFactory) { @@ -90,7 +99,7 @@ protected void setConfiguredGroupProvider(String name, Map prope GroupProvider groupProvider; try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) { - groupProvider = factory.create(ImmutableMap.copyOf(properties)); + groupProvider = factory.create(ImmutableMap.copyOf(secretsResolver.getResolvedConfiguration(properties))); } setConfiguredGroupProvider(groupProvider); diff --git a/core/trino-main/src/main/java/io/trino/server/Server.java b/core/trino-main/src/main/java/io/trino/server/Server.java index 4d242bca6f02..73527d731bf4 100644 --- a/core/trino-main/src/main/java/io/trino/server/Server.java +++ b/core/trino-main/src/main/java/io/trino/server/Server.java @@ -135,7 +135,8 @@ private void doStart(String trinoVersion) modules.addAll(getAdditionalModules()); - Bootstrap app = new Bootstrap(modules.build()); + Bootstrap app = new Bootstrap(modules.build()) + .loadSecretsPlugins(); try { Injector injector = app.initialize(); diff --git a/core/trino-main/src/main/java/io/trino/server/SessionPropertyDefaults.java b/core/trino-main/src/main/java/io/trino/server/SessionPropertyDefaults.java index bc9023c6c444..a260b05fe6b3 100644 --- a/core/trino-main/src/main/java/io/trino/server/SessionPropertyDefaults.java +++ b/core/trino-main/src/main/java/io/trino/server/SessionPropertyDefaults.java @@ -15,6 +15,7 @@ import com.google.common.annotations.VisibleForTesting; import com.google.inject.Inject; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.log.Logger; import io.airlift.node.NodeInfo; import io.trino.Session; @@ -52,12 +53,14 @@ public class SessionPropertyDefaults private final AtomicReference delegate = new AtomicReference<>(); private final AccessControl accessControl; + private final SecretsResolver secretsResolver; @Inject - public SessionPropertyDefaults(NodeInfo nodeInfo, AccessControl accessControl) + public SessionPropertyDefaults(NodeInfo nodeInfo, AccessControl accessControl, SecretsResolver secretsResolver) { this.configurationManagerContext = new SessionPropertyConfigurationManagerContextInstance(nodeInfo.getEnvironment()); this.accessControl = requireNonNull(accessControl, "accessControl is null"); + this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null"); } public void addConfigurationManagerFactory(SessionPropertyConfigurationManagerFactory sessionConfigFactory) @@ -97,7 +100,7 @@ public void setConfigurationManager(String name, Map properties) SessionPropertyConfigurationManager manager; try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) { - manager = factory.create(properties, configurationManagerContext); + manager = factory.create(secretsResolver.getResolvedConfiguration(properties), configurationManagerContext); } checkState(delegate.compareAndSet(null, manager), "sessionPropertyConfigurationManager is already set"); diff --git a/core/trino-main/src/main/java/io/trino/server/security/CertificateAuthenticatorManager.java b/core/trino-main/src/main/java/io/trino/server/security/CertificateAuthenticatorManager.java index 8f9cd716b089..f18aa754a985 100644 --- a/core/trino-main/src/main/java/io/trino/server/security/CertificateAuthenticatorManager.java +++ b/core/trino-main/src/main/java/io/trino/server/security/CertificateAuthenticatorManager.java @@ -14,6 +14,8 @@ package io.trino.server.security; import com.google.common.collect.ImmutableMap; +import com.google.inject.Inject; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.log.Logger; import io.trino.spi.classloader.ThreadContextClassLoader; import io.trino.spi.security.CertificateAuthenticator; @@ -42,6 +44,13 @@ public class CertificateAuthenticatorManager private final AtomicBoolean required = new AtomicBoolean(); private final Map factories = new ConcurrentHashMap<>(); private final AtomicReference authenticator = new AtomicReference<>(); + private final SecretsResolver secretsResolver; + + @Inject + public CertificateAuthenticatorManager(SecretsResolver secretsResolver) + { + this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null"); + } public void setRequired() { @@ -79,7 +88,7 @@ public void loadCertificateAuthenticator() CertificateAuthenticator authenticator; try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) { - authenticator = factory.create(ImmutableMap.copyOf(properties)); + authenticator = factory.create(ImmutableMap.copyOf(secretsResolver.getResolvedConfiguration(properties))); } this.authenticator.set(requireNonNull(authenticator, "authenticator is null")); diff --git a/core/trino-main/src/main/java/io/trino/server/security/HeaderAuthenticatorManager.java b/core/trino-main/src/main/java/io/trino/server/security/HeaderAuthenticatorManager.java index b616c2ba36e2..3cd04fed8ae7 100644 --- a/core/trino-main/src/main/java/io/trino/server/security/HeaderAuthenticatorManager.java +++ b/core/trino-main/src/main/java/io/trino/server/security/HeaderAuthenticatorManager.java @@ -16,6 +16,7 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import com.google.inject.Inject; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.log.Logger; import io.trino.spi.classloader.ThreadContextClassLoader; import io.trino.spi.security.HeaderAuthenticator; @@ -35,6 +36,7 @@ import static com.google.common.base.Preconditions.checkState; import static com.google.common.base.Strings.isNullOrEmpty; import static io.airlift.configuration.ConfigurationLoader.loadPropertiesFrom; +import static java.util.Objects.requireNonNull; public class HeaderAuthenticatorManager { @@ -45,12 +47,14 @@ public class HeaderAuthenticatorManager private final AtomicBoolean required = new AtomicBoolean(); private final Map factories = new ConcurrentHashMap<>(); private final AtomicReference> authenticators = new AtomicReference<>(); + private final SecretsResolver secretsResolver; @Inject - public HeaderAuthenticatorManager(HeaderAuthenticatorConfig config) + public HeaderAuthenticatorManager(HeaderAuthenticatorConfig config, SecretsResolver secretsResolver) { this.configFiles = ImmutableList.copyOf(config.getHeaderAuthenticatorFiles()); checkArgument(!configFiles.isEmpty(), "header authenticator files list is empty"); + this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null"); } public List getAuthenticators() @@ -83,7 +87,7 @@ private HeaderAuthenticator loadAuthenticator(File configFile) { Map properties; try { - properties = new HashMap<>(loadPropertiesFrom(configFile.getPath())); + properties = new HashMap<>(secretsResolver.getResolvedConfiguration(loadPropertiesFrom(configFile.getPath()))); } catch (IOException e) { throw new UncheckedIOException(e); diff --git a/core/trino-main/src/main/java/io/trino/server/security/PasswordAuthenticatorManager.java b/core/trino-main/src/main/java/io/trino/server/security/PasswordAuthenticatorManager.java index 0985c114e3b7..133654e40765 100644 --- a/core/trino-main/src/main/java/io/trino/server/security/PasswordAuthenticatorManager.java +++ b/core/trino-main/src/main/java/io/trino/server/security/PasswordAuthenticatorManager.java @@ -17,6 +17,7 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import com.google.inject.Inject; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.log.Logger; import io.trino.spi.classloader.ThreadContextClassLoader; import io.trino.spi.security.PasswordAuthenticator; @@ -36,6 +37,7 @@ import static com.google.common.base.Preconditions.checkState; import static com.google.common.base.Strings.isNullOrEmpty; import static io.airlift.configuration.ConfigurationLoader.loadPropertiesFrom; +import static java.util.Objects.requireNonNull; public class PasswordAuthenticatorManager { @@ -47,12 +49,14 @@ public class PasswordAuthenticatorManager private final AtomicBoolean required = new AtomicBoolean(); private final Map factories = new ConcurrentHashMap<>(); private final AtomicReference> authenticators = new AtomicReference<>(); + private final SecretsResolver secretsResolver; @Inject - public PasswordAuthenticatorManager(PasswordAuthenticatorConfig config) + public PasswordAuthenticatorManager(PasswordAuthenticatorConfig config, SecretsResolver secretsResolver) { this.configFiles = ImmutableList.copyOf(config.getPasswordAuthenticatorFiles()); checkArgument(!configFiles.isEmpty(), "password authenticator files list is empty"); + this.secretsResolver = requireNonNull(secretsResolver, "secretsResolver is null"); } public void setRequired() @@ -104,7 +108,7 @@ private PasswordAuthenticator loadAuthenticator(File configFile) PasswordAuthenticator authenticator; try (ThreadContextClassLoader _ = new ThreadContextClassLoader(factory.getClass().getClassLoader())) { - authenticator = factory.create(ImmutableMap.copyOf(properties)); + authenticator = factory.create(ImmutableMap.copyOf(secretsResolver.getResolvedConfiguration(properties))); } log.info("-- Loaded password authenticator %s --", name); diff --git a/core/trino-main/src/main/java/io/trino/testing/PlanTester.java b/core/trino-main/src/main/java/io/trino/testing/PlanTester.java index 188a9bb8a2c8..11bdd2b8ec42 100644 --- a/core/trino-main/src/main/java/io/trino/testing/PlanTester.java +++ b/core/trino-main/src/main/java/io/trino/testing/PlanTester.java @@ -17,6 +17,7 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import com.google.common.io.Closer; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.node.NodeInfo; import io.airlift.units.Duration; import io.opentelemetry.api.OpenTelemetry; @@ -342,6 +343,7 @@ private PlanTester(Session defaultSession, int nodeCountForStats) TypeRegistry typeRegistry = new TypeRegistry(typeOperators, new FeaturesConfig()); TypeManager typeManager = new InternalTypeManager(typeRegistry); InternalBlockEncodingSerde blockEncodingSerde = new InternalBlockEncodingSerde(blockEncodingManager, typeManager); + SecretsResolver secretsResolver = new SecretsResolver(ImmutableMap.of()); this.globalFunctionCatalog = new GlobalFunctionCatalog( () -> getPlannerContext().getMetadata(), @@ -360,8 +362,8 @@ private PlanTester(Session defaultSession, int nodeCountForStats) this.joinCompiler = new JoinCompiler(typeOperators); this.hashStrategyCompiler = new FlatHashStrategyCompiler(typeOperators); PageIndexerFactory pageIndexerFactory = new GroupByHashPageIndexerFactory(hashStrategyCompiler); - EventListenerManager eventListenerManager = new EventListenerManager(new EventListenerConfig()); - this.accessControl = new TestingAccessControlManager(transactionManager, eventListenerManager); + EventListenerManager eventListenerManager = new EventListenerManager(new EventListenerConfig(), secretsResolver); + this.accessControl = new TestingAccessControlManager(transactionManager, eventListenerManager, secretsResolver); accessControl.loadSystemAccessControl(AllowAllSystemAccessControl.NAME, ImmutableMap.of()); NodeInfo nodeInfo = new NodeInfo("test"); @@ -378,7 +380,8 @@ private PlanTester(Session defaultSession, int nodeCountForStats) typeManager, nodeSchedulerConfig, optimizerConfig, - new LocalMemoryManager(new NodeMemoryConfig()))); + new LocalMemoryManager(new NodeMemoryConfig()), + secretsResolver)); this.splitManager = new SplitManager(createSplitManagerProvider(catalogManager), tracer, new QueryManagerConfig()); this.pageSourceManager = new PageSourceManager(createPageSourceProviderFactory(catalogManager)); this.pageSinkManager = new PageSinkManager(createPageSinkProvider(catalogManager)); @@ -444,7 +447,7 @@ private PlanTester(Session defaultSession, int nodeCountForStats) ImmutableSet.of(), ImmutableSet.of(new ExcludeColumnsFunction())); - exchangeManagerRegistry = new ExchangeManagerRegistry(OpenTelemetry.noop(), noopTracer()); + exchangeManagerRegistry = new ExchangeManagerRegistry(OpenTelemetry.noop(), noopTracer(), secretsResolver); this.pluginManager = new PluginManager( (loader, createClassLoader) -> {}, Optional.empty(), @@ -452,12 +455,12 @@ private PlanTester(Session defaultSession, int nodeCountForStats) globalFunctionCatalog, new NoOpResourceGroupManager(), accessControl, - Optional.of(new PasswordAuthenticatorManager(new PasswordAuthenticatorConfig())), - new CertificateAuthenticatorManager(), - Optional.of(new HeaderAuthenticatorManager(new HeaderAuthenticatorConfig())), + Optional.of(new PasswordAuthenticatorManager(new PasswordAuthenticatorConfig(), secretsResolver)), + new CertificateAuthenticatorManager(secretsResolver), + Optional.of(new HeaderAuthenticatorManager(new HeaderAuthenticatorConfig(), secretsResolver)), eventListenerManager, - new GroupProviderManager(), - new SessionPropertyDefaults(nodeInfo, accessControl), + new GroupProviderManager(secretsResolver), + new SessionPropertyDefaults(nodeInfo, accessControl, secretsResolver), typeRegistry, blockEncodingManager, new HandleResolver(), diff --git a/core/trino-main/src/main/java/io/trino/testing/TestingAccessControlManager.java b/core/trino-main/src/main/java/io/trino/testing/TestingAccessControlManager.java index 2e20082bce94..bf32694cd5c1 100644 --- a/core/trino-main/src/main/java/io/trino/testing/TestingAccessControlManager.java +++ b/core/trino-main/src/main/java/io/trino/testing/TestingAccessControlManager.java @@ -15,6 +15,7 @@ import com.google.common.collect.ImmutableSet; import com.google.inject.Inject; +import io.airlift.configuration.secrets.SecretsResolver; import io.opentelemetry.api.OpenTelemetry; import io.trino.client.NodeVersion; import io.trino.eventlistener.EventListenerManager; @@ -147,14 +148,15 @@ public TestingAccessControlManager( TransactionManager transactionManager, EventListenerManager eventListenerManager, AccessControlConfig accessControlConfig, + SecretsResolver secretsResolver, OpenTelemetry openTelemetry) { - super(NodeVersion.UNKNOWN, transactionManager, eventListenerManager, accessControlConfig, openTelemetry, DefaultSystemAccessControl.NAME); + super(NodeVersion.UNKNOWN, transactionManager, eventListenerManager, accessControlConfig, openTelemetry, secretsResolver, DefaultSystemAccessControl.NAME); } - public TestingAccessControlManager(TransactionManager transactionManager, EventListenerManager eventListenerManager) + public TestingAccessControlManager(TransactionManager transactionManager, EventListenerManager eventListenerManager, SecretsResolver secretsResolver) { - this(transactionManager, eventListenerManager, new AccessControlConfig(), OpenTelemetry.noop()); + this(transactionManager, eventListenerManager, new AccessControlConfig(), secretsResolver, OpenTelemetry.noop()); } public static TestingPrivilege privilege(String entityName, TestingPrivilegeType type) diff --git a/core/trino-main/src/main/java/io/trino/testing/TestingEventListenerManager.java b/core/trino-main/src/main/java/io/trino/testing/TestingEventListenerManager.java index c914d5a0362c..17c0f0da14a1 100644 --- a/core/trino-main/src/main/java/io/trino/testing/TestingEventListenerManager.java +++ b/core/trino-main/src/main/java/io/trino/testing/TestingEventListenerManager.java @@ -17,6 +17,7 @@ import com.google.common.base.Function; import com.google.common.collect.ImmutableMap; import com.google.inject.Inject; +import io.airlift.configuration.secrets.SecretsResolver; import io.trino.eventlistener.EventListenerConfig; import io.trino.eventlistener.EventListenerManager; import io.trino.spi.eventlistener.EventListener; @@ -34,15 +35,15 @@ public class TestingEventListenerManager { public static TestingEventListenerManager emptyEventListenerManager() { - return new TestingEventListenerManager(new EventListenerConfig()); + return new TestingEventListenerManager(new EventListenerConfig(), new SecretsResolver(ImmutableMap.of())); } private final Set configuredEventListeners = Collections.synchronizedSet(new HashSet<>()); @Inject - public TestingEventListenerManager(EventListenerConfig config) + public TestingEventListenerManager(EventListenerConfig config, SecretsResolver secretsResolver) { - super(config); + super(config, secretsResolver); } @Override diff --git a/core/trino-main/src/main/java/io/trino/testing/TestingGroupProviderManager.java b/core/trino-main/src/main/java/io/trino/testing/TestingGroupProviderManager.java index 2977016c310b..f6b39e743b1b 100644 --- a/core/trino-main/src/main/java/io/trino/testing/TestingGroupProviderManager.java +++ b/core/trino-main/src/main/java/io/trino/testing/TestingGroupProviderManager.java @@ -13,6 +13,8 @@ */ package io.trino.testing; +import com.google.common.collect.ImmutableMap; +import io.airlift.configuration.secrets.SecretsResolver; import io.trino.security.GroupProviderManager; import io.trino.spi.security.GroupProvider; @@ -21,6 +23,11 @@ public class TestingGroupProviderManager extends GroupProviderManager { + public TestingGroupProviderManager() + { + super(new SecretsResolver(ImmutableMap.of())); + } + @Override public void setConfiguredGroupProvider(String name, Map properties) { diff --git a/core/trino-main/src/test/java/io/trino/connector/TestCatalogStoreManager.java b/core/trino-main/src/test/java/io/trino/connector/TestCatalogStoreManager.java index c5b0baeaae15..747244355e40 100644 --- a/core/trino-main/src/test/java/io/trino/connector/TestCatalogStoreManager.java +++ b/core/trino-main/src/test/java/io/trino/connector/TestCatalogStoreManager.java @@ -14,6 +14,8 @@ package io.trino.connector; import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableMap; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.testing.TempFile; import io.trino.spi.catalog.CatalogName; import io.trino.spi.catalog.CatalogProperties; @@ -37,7 +39,7 @@ void testCatalogStoreIsLoaded() { try (TempFile tempFile = new TempFile()) { Files.writeString(tempFile.path(), "catalog-store.name=test"); - CatalogStoreManager catalogStoreManager = new CatalogStoreManager(); + CatalogStoreManager catalogStoreManager = new CatalogStoreManager(new SecretsResolver(ImmutableMap.of())); catalogStoreManager.addCatalogStoreFactory(new TestingCatalogStoreFactory()); catalogStoreManager.loadConfiguredCatalogStore(tempFile.file()); assertThat(catalogStoreManager.getCatalogs()).containsExactly(TestingCatalogStore.STORED_CATALOG); diff --git a/core/trino-main/src/test/java/io/trino/dispatcher/TestLocalDispatchQuery.java b/core/trino-main/src/test/java/io/trino/dispatcher/TestLocalDispatchQuery.java index 316c872531ea..d08ccccce622 100644 --- a/core/trino-main/src/test/java/io/trino/dispatcher/TestLocalDispatchQuery.java +++ b/core/trino-main/src/test/java/io/trino/dispatcher/TestLocalDispatchQuery.java @@ -18,6 +18,7 @@ import com.google.common.collect.ImmutableSet; import com.google.common.util.concurrent.Futures; import com.google.common.util.concurrent.ListenableFuture; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.json.JsonCodec; import io.airlift.node.NodeInfo; import io.airlift.units.Duration; @@ -102,6 +103,7 @@ public void testSubmittedForDispatchedQuery() emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), + new SecretsResolver(ImmutableMap.of()), DefaultSystemAccessControl.NAME); accessControl.setSystemAccessControls(List.of(AllowAllSystemAccessControl.INSTANCE)); QueryStateMachine queryStateMachine = QueryStateMachine.begin( @@ -126,7 +128,7 @@ public void testSubmittedForDispatchedQuery() JsonCodec.jsonCodec(OperatorStats.class), JsonCodec.jsonCodec(ExecutionFailureInfo.class), JsonCodec.jsonCodec(StatsAndCosts.class), - new EventListenerManager(new EventListenerConfig()), + new EventListenerManager(new EventListenerConfig(), new SecretsResolver(ImmutableMap.of())), new NodeInfo("node"), new NodeVersion("version"), new SessionPropertyManager(), diff --git a/core/trino-main/src/test/java/io/trino/eventlistener/TestEventListenerManager.java b/core/trino-main/src/test/java/io/trino/eventlistener/TestEventListenerManager.java index f3fbcd1f0006..78811900bbb5 100644 --- a/core/trino-main/src/test/java/io/trino/eventlistener/TestEventListenerManager.java +++ b/core/trino-main/src/test/java/io/trino/eventlistener/TestEventListenerManager.java @@ -13,6 +13,8 @@ */ package io.trino.eventlistener; +import com.google.common.collect.ImmutableMap; +import io.airlift.configuration.secrets.SecretsResolver; import io.trino.spi.eventlistener.EventListener; import io.trino.spi.eventlistener.QueryCompletedEvent; import io.trino.spi.eventlistener.QueryContext; @@ -150,7 +152,7 @@ class TestEventListenerManager @Test public void testShutdownIsForwardedToListeners() { - EventListenerManager eventListenerManager = new EventListenerManager(new EventListenerConfig()); + EventListenerManager eventListenerManager = new EventListenerManager(new EventListenerConfig(), new SecretsResolver(ImmutableMap.of())); AtomicBoolean wasCalled = new AtomicBoolean(false); EventListener listener = new EventListener() { @@ -172,7 +174,7 @@ public void shutdown() public void testMaxConcurrentQueryCompletedEvents() throws InterruptedException { - EventListenerManager eventListenerManager = new EventListenerManager(new EventListenerConfig().setMaxConcurrentQueryCompletedEvents(1)); + EventListenerManager eventListenerManager = new EventListenerManager(new EventListenerConfig().setMaxConcurrentQueryCompletedEvents(1), new SecretsResolver(ImmutableMap.of())); eventListenerManager.addEventListener(new BlockingEventListener()); eventListenerManager.loadEventListeners(); ExecutorService executor = newFixedThreadPool(2); diff --git a/core/trino-main/src/test/java/io/trino/exchange/TestLazyExchangeDataSource.java b/core/trino-main/src/test/java/io/trino/exchange/TestLazyExchangeDataSource.java index 1e33461ed8b1..39a8823e7c5b 100644 --- a/core/trino-main/src/test/java/io/trino/exchange/TestLazyExchangeDataSource.java +++ b/core/trino-main/src/test/java/io/trino/exchange/TestLazyExchangeDataSource.java @@ -13,7 +13,9 @@ */ package io.trino.exchange; +import com.google.common.collect.ImmutableMap; import com.google.common.util.concurrent.ListenableFuture; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.tracing.Tracing; import io.opentelemetry.api.OpenTelemetry; import io.opentelemetry.api.trace.Span; @@ -43,7 +45,7 @@ public void testIsBlockedCancellationIsolationInInitializationPhase() throw new UnsupportedOperationException(); }, RetryPolicy.NONE, - new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer()))) { + new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer(), new SecretsResolver(ImmutableMap.of())))) { ListenableFuture first = source.isBlocked(); ListenableFuture second = source.isBlocked(); assertThat(first) diff --git a/core/trino-main/src/test/java/io/trino/execution/BaseTestSqlTaskManager.java b/core/trino-main/src/test/java/io/trino/execution/BaseTestSqlTaskManager.java index eb849bd74ab6..2fc4476fb9b9 100644 --- a/core/trino-main/src/test/java/io/trino/execution/BaseTestSqlTaskManager.java +++ b/core/trino-main/src/test/java/io/trino/execution/BaseTestSqlTaskManager.java @@ -16,6 +16,7 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.node.NodeInfo; import io.airlift.stats.TestingGcMonitor; import io.airlift.tracing.Tracing; @@ -337,7 +338,7 @@ private SqlTaskManager createSqlTaskManager(TaskManagerConfig taskManagerConfig, new NodeSpillConfig(), new TestingGcMonitor(), noopTracer(), - new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer())); + new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer(), new SecretsResolver(ImmutableMap.of()))); } private TaskInfo createTask(SqlTaskManager sqlTaskManager, TaskId taskId, ImmutableSet splits, OutputBuffers outputBuffers) diff --git a/core/trino-main/src/test/java/io/trino/execution/MockRemoteTaskFactory.java b/core/trino-main/src/test/java/io/trino/execution/MockRemoteTaskFactory.java index ca9f8e4d0e73..63bc99de3167 100644 --- a/core/trino-main/src/test/java/io/trino/execution/MockRemoteTaskFactory.java +++ b/core/trino-main/src/test/java/io/trino/execution/MockRemoteTaskFactory.java @@ -22,6 +22,7 @@ import com.google.common.util.concurrent.ListenableFuture; import com.google.common.util.concurrent.SettableFuture; import com.google.errorprone.annotations.concurrent.GuardedBy; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.stats.TestingGcMonitor; import io.airlift.tracing.Tracing; import io.airlift.units.DataSize; @@ -229,7 +230,7 @@ public MockRemoteTask( DataSize.ofBytes(1), () -> new SimpleLocalMemoryContext(newSimpleAggregatedMemoryContext(), "test"), () -> {}, - new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer())); + new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer(), new SecretsResolver(ImmutableMap.of()))); this.fragment = requireNonNull(fragment, "fragment is null"); this.nodeId = requireNonNull(nodeId, "nodeId is null"); diff --git a/core/trino-main/src/test/java/io/trino/execution/TaskTestUtils.java b/core/trino-main/src/test/java/io/trino/execution/TaskTestUtils.java index 31d4e8c68ee3..ada597f53fc6 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TaskTestUtils.java +++ b/core/trino-main/src/test/java/io/trino/execution/TaskTestUtils.java @@ -16,6 +16,7 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.json.ObjectMapperProvider; import io.airlift.tracing.Tracing; import io.opentelemetry.api.OpenTelemetry; @@ -183,7 +184,7 @@ public static LocalExecutionPlanner createTestingPlanner() blockTypeOperators, PLANNER_CONTEXT.getTypeOperators(), new TableExecuteContextManager(), - new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer()), + new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer(), new SecretsResolver(ImmutableMap.of())), new NodeVersion("test"), new CompilerConfig()); } @@ -196,7 +197,7 @@ public static TaskInfo updateTask(SqlTask sqlTask, List splitAs public static SplitMonitor createTestSplitMonitor() { return new SplitMonitor( - new EventListenerManager(new EventListenerConfig()), + new EventListenerManager(new EventListenerConfig(), new SecretsResolver(ImmutableMap.of())), new ObjectMapperProvider().get()); } } diff --git a/core/trino-main/src/test/java/io/trino/execution/TestCallTask.java b/core/trino-main/src/test/java/io/trino/execution/TestCallTask.java index f605cd76966b..2bda2431f814 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TestCallTask.java +++ b/core/trino-main/src/test/java/io/trino/execution/TestCallTask.java @@ -15,6 +15,7 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; +import io.airlift.configuration.secrets.SecretsResolver; import io.trino.client.NodeVersion; import io.trino.connector.CatalogServiceProvider; import io.trino.connector.MockConnectorFactory; @@ -116,7 +117,7 @@ public void testExecuteNoPermission() @Test public void testExecuteNoPermissionOnInsert() { - TestingAccessControlManager accessControl = new TestingAccessControlManager(queryRunner.getTransactionManager(), emptyEventListenerManager()); + TestingAccessControlManager accessControl = new TestingAccessControlManager(queryRunner.getTransactionManager(), emptyEventListenerManager(), new SecretsResolver(ImmutableMap.of())); accessControl.loadSystemAccessControl(AllowAllSystemAccessControl.NAME, ImmutableMap.of()); accessControl.deny(privilege("testing_table", INSERT_TABLE)); diff --git a/core/trino-main/src/test/java/io/trino/execution/TestCommitTask.java b/core/trino-main/src/test/java/io/trino/execution/TestCommitTask.java index f494b10fbde8..c6ebacb72f1b 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TestCommitTask.java +++ b/core/trino-main/src/test/java/io/trino/execution/TestCommitTask.java @@ -14,6 +14,8 @@ */ package io.trino.execution; +import com.google.common.collect.ImmutableMap; +import io.airlift.configuration.secrets.SecretsResolver; import io.opentelemetry.api.OpenTelemetry; import io.trino.Session; import io.trino.Session.SessionBuilder; @@ -137,7 +139,7 @@ private QueryStateMachine createQueryStateMachine(String query, Session session, new ResourceGroupId("test"), true, transactionManager, - new AccessControlManager(NodeVersion.UNKNOWN, transactionManager, emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), DefaultSystemAccessControl.NAME), + new AccessControlManager(NodeVersion.UNKNOWN, transactionManager, emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), new SecretsResolver(ImmutableMap.of()), DefaultSystemAccessControl.NAME), executor, metadata, WarningCollector.NOOP, diff --git a/core/trino-main/src/test/java/io/trino/execution/TestDeallocateTask.java b/core/trino-main/src/test/java/io/trino/execution/TestDeallocateTask.java index 9d425fb30bc6..208d0ebbfda0 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TestDeallocateTask.java +++ b/core/trino-main/src/test/java/io/trino/execution/TestDeallocateTask.java @@ -13,7 +13,9 @@ */ package io.trino.execution; +import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; +import io.airlift.configuration.secrets.SecretsResolver; import io.opentelemetry.api.OpenTelemetry; import io.trino.Session; import io.trino.client.NodeVersion; @@ -94,6 +96,7 @@ private Set executeDeallocate(String statementName, String sqlString, Se emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), + new SecretsResolver(ImmutableMap.of()), DefaultSystemAccessControl.NAME); accessControl.setSystemAccessControls(List.of(AllowAllSystemAccessControl.INSTANCE)); QueryStateMachine stateMachine = QueryStateMachine.begin( diff --git a/core/trino-main/src/test/java/io/trino/execution/TestMemoryRevokingScheduler.java b/core/trino-main/src/test/java/io/trino/execution/TestMemoryRevokingScheduler.java index 8d2466096734..e88748e4fa98 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TestMemoryRevokingScheduler.java +++ b/core/trino-main/src/test/java/io/trino/execution/TestMemoryRevokingScheduler.java @@ -16,8 +16,10 @@ import com.google.common.base.Ticker; import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import com.google.common.collect.Sets; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.stats.CounterStat; import io.airlift.stats.TestingGcMonitor; import io.airlift.tracing.Tracing; @@ -282,7 +284,7 @@ private SqlTask newSqlTask(QueryId queryId) sqlTask -> {}, DataSize.of(32, MEGABYTE), DataSize.of(200, MEGABYTE), - new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer()), + new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer(), new SecretsResolver(ImmutableMap.of())), new CounterStat()); } diff --git a/core/trino-main/src/test/java/io/trino/execution/TestPrepareTask.java b/core/trino-main/src/test/java/io/trino/execution/TestPrepareTask.java index c9ab042caf10..7ef6dfa342d8 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TestPrepareTask.java +++ b/core/trino-main/src/test/java/io/trino/execution/TestPrepareTask.java @@ -14,6 +14,7 @@ package io.trino.execution; import com.google.common.collect.ImmutableMap; +import io.airlift.configuration.secrets.SecretsResolver; import io.opentelemetry.api.OpenTelemetry; import io.trino.Session; import io.trino.client.NodeVersion; @@ -118,6 +119,7 @@ private Map executePrepare(String statementName, Statement state emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), + new SecretsResolver(ImmutableMap.of()), DefaultSystemAccessControl.NAME); accessControl.setSystemAccessControls(List.of(AllowAllSystemAccessControl.INSTANCE)); QueryStateMachine stateMachine = QueryStateMachine.begin( diff --git a/core/trino-main/src/test/java/io/trino/execution/TestQueryStateMachine.java b/core/trino-main/src/test/java/io/trino/execution/TestQueryStateMachine.java index 54e75e633b4e..9c740b3f970a 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TestQueryStateMachine.java +++ b/core/trino-main/src/test/java/io/trino/execution/TestQueryStateMachine.java @@ -18,6 +18,7 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import com.google.errorprone.annotations.CanIgnoreReturnValue; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.testing.TestingTicker; import io.airlift.units.DataSize; import io.airlift.units.Duration; @@ -846,6 +847,7 @@ public QueryStateMachine build() emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), + new SecretsResolver(ImmutableMap.of()), DefaultSystemAccessControl.NAME); accessControl.setSystemAccessControls(List.of(AllowAllSystemAccessControl.INSTANCE)); QueryStateMachine stateMachine = QueryStateMachine.beginWithTicker( diff --git a/core/trino-main/src/test/java/io/trino/execution/TestSqlTask.java b/core/trino-main/src/test/java/io/trino/execution/TestSqlTask.java index 927b962b4813..a9f325cf926f 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TestSqlTask.java +++ b/core/trino-main/src/test/java/io/trino/execution/TestSqlTask.java @@ -19,6 +19,7 @@ import com.google.common.collect.ImmutableSet; import com.google.common.util.concurrent.Futures; import com.google.common.util.concurrent.ListenableFuture; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.stats.CounterStat; import io.airlift.stats.TestingGcMonitor; import io.airlift.tracing.Tracing; @@ -455,7 +456,7 @@ private SqlTask createInitialTask() sqlTask -> {}, DataSize.of(32, MEGABYTE), DataSize.of(200, MEGABYTE), - new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer()), + new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer(), new SecretsResolver(ImmutableMap.of())), new CounterStat()); } } diff --git a/core/trino-main/src/test/java/io/trino/execution/TestSqlTaskManagerRaceWithCatalogPrune.java b/core/trino-main/src/test/java/io/trino/execution/TestSqlTaskManagerRaceWithCatalogPrune.java index 4bf9d0409ce5..10fcae8fc3c5 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TestSqlTaskManagerRaceWithCatalogPrune.java +++ b/core/trino-main/src/test/java/io/trino/execution/TestSqlTaskManagerRaceWithCatalogPrune.java @@ -18,6 +18,7 @@ import com.google.common.collect.ImmutableSet; import com.google.common.util.concurrent.Futures; import com.google.common.util.concurrent.ListenableFuture; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.node.NodeInfo; import io.airlift.stats.TestingGcMonitor; import io.airlift.tracing.Tracing; @@ -269,7 +270,7 @@ private static SqlTaskManager getWorkerTaskManagerWithConnectorServiceProvider(C new NodeSpillConfig(), new TestingGcMonitor(), noopTracer(), - new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer()), + new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer(), new SecretsResolver(ImmutableMap.of())), ignore -> true); } diff --git a/core/trino-main/src/test/java/io/trino/execution/TestStartTransactionTask.java b/core/trino-main/src/test/java/io/trino/execution/TestStartTransactionTask.java index 2c18ba939f9f..bfd3cb90ad65 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TestStartTransactionTask.java +++ b/core/trino-main/src/test/java/io/trino/execution/TestStartTransactionTask.java @@ -14,6 +14,8 @@ package io.trino.execution; import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableMap; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.units.Duration; import io.opentelemetry.api.OpenTelemetry; import io.trino.Session; @@ -258,7 +260,7 @@ private QueryStateMachine createQueryStateMachine(String query, Session session, new ResourceGroupId("test"), true, transactionManager, - new AccessControlManager(NodeVersion.UNKNOWN, transactionManager, emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), DefaultSystemAccessControl.NAME), + new AccessControlManager(NodeVersion.UNKNOWN, transactionManager, emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), new SecretsResolver(ImmutableMap.of()), DefaultSystemAccessControl.NAME), executor, metadata, WarningCollector.NOOP, diff --git a/core/trino-main/src/test/java/io/trino/execution/TestTaskExecutorStuckSplits.java b/core/trino-main/src/test/java/io/trino/execution/TestTaskExecutorStuckSplits.java index fdbc42461b26..1e0f6e4853a4 100644 --- a/core/trino-main/src/test/java/io/trino/execution/TestTaskExecutorStuckSplits.java +++ b/core/trino-main/src/test/java/io/trino/execution/TestTaskExecutorStuckSplits.java @@ -14,9 +14,11 @@ package io.trino.execution; import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableMap; import com.google.common.util.concurrent.ListenableFuture; import com.google.common.util.concurrent.SettableFuture; import com.google.errorprone.annotations.concurrent.GuardedBy; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.node.NodeInfo; import io.airlift.stats.TestingGcMonitor; import io.airlift.testing.TestingTicker; @@ -137,7 +139,7 @@ private SqlTaskManager createSqlTaskManager( new NodeSpillConfig(), new TestingGcMonitor(), noopTracer(), - new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer()), + new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer(), new SecretsResolver(ImmutableMap.of())), stuckSplitStackTracePredicate); } diff --git a/core/trino-main/src/test/java/io/trino/operator/TestDeduplicatingDirectExchangeBuffer.java b/core/trino-main/src/test/java/io/trino/operator/TestDeduplicatingDirectExchangeBuffer.java index 6b4ca3c67fef..f0fa2746fa61 100644 --- a/core/trino-main/src/test/java/io/trino/operator/TestDeduplicatingDirectExchangeBuffer.java +++ b/core/trino-main/src/test/java/io/trino/operator/TestDeduplicatingDirectExchangeBuffer.java @@ -19,6 +19,7 @@ import com.google.common.collect.Multimap; import com.google.common.collect.Sets; import com.google.common.util.concurrent.ListenableFuture; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.slice.Slice; import io.airlift.slice.Slices; import io.airlift.tracing.Tracing; @@ -67,7 +68,7 @@ public class TestDeduplicatingDirectExchangeBuffer @BeforeAll public void beforeClass() { - exchangeManagerRegistry = new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer()); + exchangeManagerRegistry = new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer(), new SecretsResolver(ImmutableMap.of())); exchangeManagerRegistry.addExchangeManagerFactory(new FileSystemExchangeManagerFactory()); exchangeManagerRegistry.loadExchangeManager("filesystem", ImmutableMap.of( "exchange.base-directories", System.getProperty("java.io.tmpdir") + "/trino-local-file-system-exchange-manager")); @@ -448,7 +449,7 @@ public void testExchangeManagerNotConfigured() directExecutor(), DataSize.of(100, BYTE), RetryPolicy.QUERY, - new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer()), + new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer(), new SecretsResolver(ImmutableMap.of())), new QueryId("query"), Span.getInvalid(), createRandomExchangeId())) { @@ -472,7 +473,7 @@ public void testExchangeManagerNotConfigured() directExecutor(), DataSize.of(100, BYTE), RetryPolicy.QUERY, - new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer()), + new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer(), new SecretsResolver(ImmutableMap.of())), new QueryId("query"), Span.getInvalid(), createRandomExchangeId())) { diff --git a/core/trino-main/src/test/java/io/trino/operator/TestDirectExchangeClient.java b/core/trino-main/src/test/java/io/trino/operator/TestDirectExchangeClient.java index d273ac377907..8e67b5e1042e 100644 --- a/core/trino-main/src/test/java/io/trino/operator/TestDirectExchangeClient.java +++ b/core/trino-main/src/test/java/io/trino/operator/TestDirectExchangeClient.java @@ -19,6 +19,7 @@ import com.google.common.collect.ListMultimap; import com.google.common.util.concurrent.Futures; import com.google.common.util.concurrent.ListenableFuture; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.http.client.HttpStatus; import io.airlift.http.client.Request; import io.airlift.http.client.Response; @@ -492,7 +493,7 @@ public void testDeduplicationTaskFailure() scheduler, DataSize.of(1, Unit.MEGABYTE), RetryPolicy.QUERY, - new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer()), + new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer(), new SecretsResolver(ImmutableMap.of())), new QueryId("query"), Span.getInvalid(), createRandomExchangeId()); @@ -553,7 +554,7 @@ public void testDeduplication() scheduler, DataSize.of(1, Unit.KILOBYTE), RetryPolicy.QUERY, - new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer()), + new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer(), new SecretsResolver(ImmutableMap.of())), new QueryId("query"), Span.getInvalid(), createRandomExchangeId()), diff --git a/core/trino-main/src/test/java/io/trino/operator/TestExchangeOperator.java b/core/trino-main/src/test/java/io/trino/operator/TestExchangeOperator.java index ae755f16bcd4..ca3b23d1f7cf 100644 --- a/core/trino-main/src/test/java/io/trino/operator/TestExchangeOperator.java +++ b/core/trino-main/src/test/java/io/trino/operator/TestExchangeOperator.java @@ -17,6 +17,8 @@ import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableMap; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.http.client.HttpClient; import io.airlift.http.client.testing.TestingHttpClient; import io.airlift.tracing.Tracing; @@ -267,7 +269,7 @@ private SourceOperator createExchangeOperator() directExchangeClientSupplier, SERDE_FACTORY, RetryPolicy.NONE, - new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer())); + new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer(), new SecretsResolver(ImmutableMap.of()))); DriverContext driverContext = createTaskContext(scheduler, scheduledExecutor, TEST_SESSION) .addPipelineContext(0, true, true, false) diff --git a/core/trino-main/src/test/java/io/trino/operator/TestMergeOperator.java b/core/trino-main/src/test/java/io/trino/operator/TestMergeOperator.java index c3f13e5f3716..a51ac83239d6 100644 --- a/core/trino-main/src/test/java/io/trino/operator/TestMergeOperator.java +++ b/core/trino-main/src/test/java/io/trino/operator/TestMergeOperator.java @@ -17,6 +17,8 @@ import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableMap; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.http.client.HttpClient; import io.airlift.http.client.HttpClientConfig; import io.airlift.http.client.testing.TestingHttpClient; @@ -98,7 +100,7 @@ public void setUp() httpClient, new HttpClientConfig(), executor, - new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer())); + new ExchangeManagerRegistry(OpenTelemetry.noop(), Tracing.noopTracer(), new SecretsResolver(ImmutableMap.of()))); orderingCompiler = new OrderingCompiler(new TypeOperators()); } diff --git a/core/trino-main/src/test/java/io/trino/security/TestAccessControlManager.java b/core/trino-main/src/test/java/io/trino/security/TestAccessControlManager.java index 5af5ab760fc7..473b4b1b313e 100644 --- a/core/trino-main/src/test/java/io/trino/security/TestAccessControlManager.java +++ b/core/trino-main/src/test/java/io/trino/security/TestAccessControlManager.java @@ -16,6 +16,7 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; +import io.airlift.configuration.secrets.SecretsResolver; import io.opentelemetry.api.OpenTelemetry; import io.trino.client.NodeVersion; import io.trino.connector.CatalogServiceProvider; @@ -397,17 +398,17 @@ private static AccessControlManager createAccessControlManager(TestingEventListe private static AccessControlManager createAccessControlManager(TransactionManager testTransactionManager) { - return new AccessControlManager(NodeVersion.UNKNOWN, testTransactionManager, emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), DefaultSystemAccessControl.NAME); + return new AccessControlManager(NodeVersion.UNKNOWN, testTransactionManager, emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), new SecretsResolver(ImmutableMap.of()), DefaultSystemAccessControl.NAME); } private static AccessControlManager createAccessControlManager(EventListenerManager eventListenerManager, AccessControlConfig config) { - return new AccessControlManager(NodeVersion.UNKNOWN, createTestTransactionManager(), eventListenerManager, config, OpenTelemetry.noop(), DefaultSystemAccessControl.NAME); + return new AccessControlManager(NodeVersion.UNKNOWN, createTestTransactionManager(), eventListenerManager, config, OpenTelemetry.noop(), new SecretsResolver(ImmutableMap.of()), DefaultSystemAccessControl.NAME); } private static AccessControlManager createAccessControlManager(EventListenerManager eventListenerManager, String defaultAccessControlName) { - return new AccessControlManager(NodeVersion.UNKNOWN, createTestTransactionManager(), eventListenerManager, new AccessControlConfig(), OpenTelemetry.noop(), defaultAccessControlName); + return new AccessControlManager(NodeVersion.UNKNOWN, createTestTransactionManager(), eventListenerManager, new AccessControlConfig(), OpenTelemetry.noop(), new SecretsResolver(ImmutableMap.of()), defaultAccessControlName); } private static SystemAccessControlFactory eventListeningSystemAccessControlFactory(String name, EventListener... eventListeners) diff --git a/core/trino-main/src/test/java/io/trino/security/TestFileBasedSystemAccessControl.java b/core/trino-main/src/test/java/io/trino/security/TestFileBasedSystemAccessControl.java index 2cb2f6533d9d..84f6ba3b61e8 100644 --- a/core/trino-main/src/test/java/io/trino/security/TestFileBasedSystemAccessControl.java +++ b/core/trino-main/src/test/java/io/trino/security/TestFileBasedSystemAccessControl.java @@ -16,6 +16,7 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import com.google.inject.CreationException; +import io.airlift.configuration.secrets.SecretsResolver; import io.opentelemetry.api.OpenTelemetry; import io.trino.client.NodeVersion; import io.trino.metadata.Metadata; @@ -145,6 +146,7 @@ public void testDocsExample() emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), + new SecretsResolver(ImmutableMap.of()), DefaultSystemAccessControl.NAME); accessControlManager.loadSystemAccessControl( FileBasedSystemAccessControl.NAME, @@ -805,6 +807,7 @@ public void testRefreshing() emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), + new SecretsResolver(ImmutableMap.of()), DefaultSystemAccessControl.NAME); File configFile = newTemporaryFile(); configFile.deleteOnExit(); @@ -871,6 +874,7 @@ private AccessControlManager newAccessControlManager(TransactionManager transact emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), + new SecretsResolver(ImmutableMap.of()), DefaultSystemAccessControl.NAME); accessControlManager.loadSystemAccessControl(FileBasedSystemAccessControl.NAME, ImmutableMap.of("security.config-file", getResourcePath(resourceName))); diff --git a/core/trino-main/src/test/java/io/trino/security/TestGroupProviderManager.java b/core/trino-main/src/test/java/io/trino/security/TestGroupProviderManager.java index 6173db8196fa..923b6451f849 100644 --- a/core/trino-main/src/test/java/io/trino/security/TestGroupProviderManager.java +++ b/core/trino-main/src/test/java/io/trino/security/TestGroupProviderManager.java @@ -13,7 +13,9 @@ */ package io.trino.security; +import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.testing.TempFile; import io.trino.spi.security.GroupProvider; import io.trino.spi.security.GroupProviderFactory; @@ -50,7 +52,7 @@ public void testGroupProviderIsLoaded() { try (TempFile tempFile = new TempFile()) { Files.write(tempFile.path(), "group-provider.name=testGroupProvider".getBytes(UTF_8)); - GroupProviderManager groupProviderManager = new GroupProviderManager(); + GroupProviderManager groupProviderManager = new GroupProviderManager(new SecretsResolver(ImmutableMap.of())); groupProviderManager.addGroupProviderFactory(TEST_GROUP_PROVIDER_FACTORY); groupProviderManager.loadConfiguredGroupProvider(tempFile.file()); assertThat(groupProviderManager.getGroups("alice")).isEqualTo(ImmutableSet.of("test", "alice")); diff --git a/core/trino-main/src/test/java/io/trino/server/TestSessionPropertyDefaults.java b/core/trino-main/src/test/java/io/trino/server/TestSessionPropertyDefaults.java index a945b0e35ff3..cfba00cc1e4b 100644 --- a/core/trino-main/src/test/java/io/trino/server/TestSessionPropertyDefaults.java +++ b/core/trino-main/src/test/java/io/trino/server/TestSessionPropertyDefaults.java @@ -17,6 +17,7 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import com.google.common.collect.Maps; +import io.airlift.configuration.secrets.SecretsResolver; import io.airlift.node.NodeInfo; import io.trino.Session; import io.trino.SystemSessionProperties; @@ -49,7 +50,7 @@ public class TestSessionPropertyDefaults @Test public void testApplyDefaultProperties() { - SessionPropertyDefaults sessionPropertyDefaults = new SessionPropertyDefaults(TEST_NODE_INFO, new AllowAllAccessControl()); + SessionPropertyDefaults sessionPropertyDefaults = new SessionPropertyDefaults(TEST_NODE_INFO, new AllowAllAccessControl(), new SecretsResolver(ImmutableMap.of())); ImmutableList> catalogProperties = ImmutableList.of( PropertyMetadata.stringProperty("explicit_set", "Test property", null, false), diff --git a/core/trino-main/src/test/java/io/trino/server/security/TestHeaderAuthenticatorManager.java b/core/trino-main/src/test/java/io/trino/server/security/TestHeaderAuthenticatorManager.java index d71f0b15541e..aa9798bd66ca 100644 --- a/core/trino-main/src/test/java/io/trino/server/security/TestHeaderAuthenticatorManager.java +++ b/core/trino-main/src/test/java/io/trino/server/security/TestHeaderAuthenticatorManager.java @@ -15,6 +15,7 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; +import io.airlift.configuration.secrets.SecretsResolver; import io.trino.spi.security.AccessDeniedException; import io.trino.spi.security.BasicPrincipal; import io.trino.spi.security.HeaderAuthenticator; @@ -47,8 +48,10 @@ public void testMultipleConfigFiles() ImmutableMap> validRequestTwo = ImmutableMap.of(trustedHeaderTwo, ImmutableList.of("cat", "dog")); ImmutableMap> invalidRequestOne = ImmutableMap.of("try-hard-authn", ImmutableList.of("foo", "bar")); - HeaderAuthenticatorManager manager = new HeaderAuthenticatorManager(new HeaderAuthenticatorConfig() - .setHeaderAuthenticatorFiles(ImmutableList.of(config1.toAbsolutePath().toString(), config2.toAbsolutePath().toString()))); + HeaderAuthenticatorManager manager = new HeaderAuthenticatorManager( + new HeaderAuthenticatorConfig() + .setHeaderAuthenticatorFiles(ImmutableList.of(config1.toAbsolutePath().toString(), config2.toAbsolutePath().toString())), + new SecretsResolver(ImmutableMap.of())); manager.setRequired(); manager.addHeaderAuthenticatorFactory(new TestingHeaderAuthenticatorFactory("type1", trustedHeaderOne)); diff --git a/core/trino-main/src/test/java/io/trino/server/security/TestPasswordAuthenticatorManager.java b/core/trino-main/src/test/java/io/trino/server/security/TestPasswordAuthenticatorManager.java index 09ff0acaca71..cad6c5699b7a 100644 --- a/core/trino-main/src/test/java/io/trino/server/security/TestPasswordAuthenticatorManager.java +++ b/core/trino-main/src/test/java/io/trino/server/security/TestPasswordAuthenticatorManager.java @@ -14,6 +14,8 @@ package io.trino.server.security; import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableMap; +import io.airlift.configuration.secrets.SecretsResolver; import io.trino.spi.security.AccessDeniedException; import io.trino.spi.security.BasicPrincipal; import io.trino.spi.security.PasswordAuthenticator; @@ -40,8 +42,10 @@ public void testMultipleConfigFiles() Files.write(config1, ImmutableList.of("password-authenticator.name=type1")); Files.write(config2, ImmutableList.of("password-authenticator.name=type2")); - PasswordAuthenticatorManager manager = new PasswordAuthenticatorManager(new PasswordAuthenticatorConfig() - .setPasswordAuthenticatorFiles(ImmutableList.of(config1.toAbsolutePath().toString(), config2.toAbsolutePath().toString()))); + PasswordAuthenticatorManager manager = new PasswordAuthenticatorManager( + new PasswordAuthenticatorConfig() + .setPasswordAuthenticatorFiles(ImmutableList.of(config1.toAbsolutePath().toString(), config2.toAbsolutePath().toString())), + new SecretsResolver(ImmutableMap.of())); manager.setRequired(); manager.addPasswordAuthenticatorFactory(new TestingPasswordAuthenticatorFactory("type1", "password1")); manager.addPasswordAuthenticatorFactory(new TestingPasswordAuthenticatorFactory("type2", "password2")); diff --git a/core/trino-main/src/test/java/io/trino/sql/analyzer/TestAnalyzer.java b/core/trino-main/src/test/java/io/trino/sql/analyzer/TestAnalyzer.java index 23eadd50f17c..ff5170289d75 100644 --- a/core/trino-main/src/test/java/io/trino/sql/analyzer/TestAnalyzer.java +++ b/core/trino-main/src/test/java/io/trino/sql/analyzer/TestAnalyzer.java @@ -18,6 +18,7 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import com.google.common.io.Closer; +import io.airlift.configuration.secrets.SecretsResolver; import io.opentelemetry.api.OpenTelemetry; import io.trino.FeaturesConfig; import io.trino.Session; @@ -5754,7 +5755,7 @@ public void testAnalyzeInvalidFreshMaterializedView() @Test public void testAnalyzeMaterializedViewWithAccessControl() { - TestingAccessControlManager accessControlManager = new TestingAccessControlManager(transactionManager, emptyEventListenerManager()); + TestingAccessControlManager accessControlManager = new TestingAccessControlManager(transactionManager, emptyEventListenerManager(), new SecretsResolver(ImmutableMap.of())); accessControlManager.setSystemAccessControls(List.of(AllowAllSystemAccessControl.INSTANCE)); analyze("SELECT * FROM fresh_materialized_view"); @@ -7323,6 +7324,7 @@ public void setup() emptyEventListenerManager(), new AccessControlConfig(), OpenTelemetry.noop(), + new SecretsResolver(ImmutableMap.of()), DefaultSystemAccessControl.NAME); accessControlManager.setSystemAccessControls(List.of(AllowAllSystemAccessControl.INSTANCE)); this.accessControl = accessControlManager; diff --git a/core/trino-server/src/main/provisio/trino.xml b/core/trino-server/src/main/provisio/trino.xml index c247d04184d7..6e86a8fb0d77 100644 --- a/core/trino-server/src/main/provisio/trino.xml +++ b/core/trino-server/src/main/provisio/trino.xml @@ -25,6 +25,13 @@ + + + + + + + diff --git a/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/common/Standard.java b/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/common/Standard.java index ce04d07dc9c2..455016f066c4 100644 --- a/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/common/Standard.java +++ b/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/common/Standard.java @@ -72,6 +72,7 @@ public final class Standard public static final String CONTAINER_CONF_ROOT = "/docker/presto-product-tests/"; public static final String CONTAINER_TRINO_ETC = CONTAINER_CONF_ROOT + "conf/presto/etc"; public static final String CONTAINER_TRINO_JVM_CONFIG = CONTAINER_TRINO_ETC + "/jvm.config"; + public static final String CONTAINER_TRINO_SECRETS_CONFIG = CONTAINER_TRINO_ETC + "/secrets.toml"; public static final String CONTAINER_TRINO_ACCESS_CONTROL_PROPERTIES = CONTAINER_TRINO_ETC + "/access-control.properties"; public static final String CONTAINER_TRINO_CONFIG_PROPERTIES = CONTAINER_TRINO_ETC + "/config.properties"; /** @@ -193,6 +194,7 @@ public static DockerContainer createTrinoContainer(DockerFiles dockerFiles, File .withExposedLogPaths("/var/trino/var/log", "/var/log/container-health.log") .withCopyFileToContainer(forHostPath(dockerFiles.getDockerFilesHostPath()), "/docker/presto-product-tests") .withCopyFileToContainer(forHostPath(dockerFiles.getDockerFilesHostPath("conf/presto/etc/jvm.config")), CONTAINER_TRINO_JVM_CONFIG) + .withCopyFileToContainer(forHostPath(dockerFiles.getDockerFilesHostPath("conf/presto/etc/secrets.toml")), CONTAINER_TRINO_SECRETS_CONFIG) .withCopyFileToContainer(forHostPath(dockerFiles.getDockerFilesHostPath("health-checks/trino-health-check.sh")), CONTAINER_HEALTH_D + "trino-health-check.sh") // the server package is hundreds MB and file system bind is much more efficient .withFileSystemBind(serverPackage.getPath(), "/docker/presto-server.tar.gz", READ_ONLY) diff --git a/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/environment/EnvMultinodeSecretsProvider.java b/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/environment/EnvMultinodeSecretsProvider.java new file mode 100644 index 000000000000..496ce948d690 --- /dev/null +++ b/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/environment/EnvMultinodeSecretsProvider.java @@ -0,0 +1,109 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.trino.tests.product.launcher.env.environment; + +import com.google.inject.Inject; +import io.trino.tests.product.launcher.docker.DockerFiles; +import io.trino.tests.product.launcher.docker.DockerFiles.ResourceProvider; +import io.trino.tests.product.launcher.env.DockerContainer; +import io.trino.tests.product.launcher.env.Environment; +import io.trino.tests.product.launcher.env.EnvironmentProvider; +import io.trino.tests.product.launcher.env.common.StandardMultinode; +import io.trino.tests.product.launcher.env.common.TestsEnvironment; +import io.trino.tests.product.launcher.testcontainers.PortBinder; +import org.testcontainers.containers.startupcheck.IsRunningStartupCheckStrategy; + +import static io.trino.tests.product.launcher.docker.ContainerUtil.forSelectedPorts; +import static io.trino.tests.product.launcher.env.EnvironmentContainers.COORDINATOR; +import static io.trino.tests.product.launcher.env.EnvironmentContainers.WORKER; +import static io.trino.tests.product.launcher.env.EnvironmentContainers.configureTempto; +import static io.trino.tests.product.launcher.env.common.Standard.CONTAINER_TRINO_CONFIG_PROPERTIES; +import static io.trino.tests.product.launcher.env.common.Standard.CONTAINER_TRINO_ETC; +import static java.util.Objects.requireNonNull; +import static org.testcontainers.utility.MountableFile.forHostPath; + +@TestsEnvironment +public final class EnvMultinodeSecretsProvider + extends EnvironmentProvider +{ + // Use non-default PostgreSQL port to avoid conflicts with locally installed PostgreSQL if any. + public static final int POSTGRESQL_PORT = 15432; + + private final ResourceProvider configDir; + private final PortBinder portBinder; + + @Inject + public EnvMultinodeSecretsProvider(StandardMultinode standardMultinode, DockerFiles dockerFiles, PortBinder portBinder) + { + super(standardMultinode); + this.configDir = requireNonNull(dockerFiles, "dockerFiles is null").getDockerFilesHostDirectory("conf/environment/multinode-secrets-provider/"); + this.portBinder = requireNonNull(portBinder, "portBinder is null"); + } + + @Override + public void extendEnvironment(Environment.Builder builder) + { + builder.configureContainer(COORDINATOR, container -> configureTrinoContainer(container, "master")); + builder.configureContainer(WORKER, container -> configureTrinoContainer(container, "worker")); + + builder.addPasswordAuthenticator( + "file", + forHostPath(configDir.getPath("authenticator.properties")), + CONTAINER_TRINO_ETC + "/authenticator.properties"); + builder.configureContainer( + COORDINATOR, + container -> container + .withCopyFileToContainer( + forHostPath(configDir.getPath("password.db")), + CONTAINER_TRINO_ETC + "/password.db")); + + builder.addContainer(createPostgreSql()); + builder.addConnector( + "postgresql", + forHostPath(configDir.getPath("catalog/postgresql.properties"))); + configureTempto(builder, configDir); + } + + @SuppressWarnings("resource") + private DockerContainer createPostgreSql() + { + // Use the oldest supported PostgreSQL version + DockerContainer container = new DockerContainer("postgres:11", "postgresql") + .withEnv("POSTGRES_PASSWORD", "test") + .withEnv("POSTGRES_USER", "test") + .withEnv("POSTGRES_DB", "test") + .withEnv("PGPORT", Integer.toString(POSTGRESQL_PORT)) + .withStartupCheckStrategy(new IsRunningStartupCheckStrategy()) + .waitingFor(forSelectedPorts(POSTGRESQL_PORT)); + + portBinder.exposePort(container, POSTGRESQL_PORT); + + return container; + } + + private void configureTrinoContainer(DockerContainer container, String role) + { + container + .withCopyFileToContainer( + forHostPath(configDir.getPath("secrets.toml")), + "/docker/presto-product-tests/conf/presto/etc/secrets.toml") + .withCopyFileToContainer( + forHostPath(configDir.getPath("generateSecrets.sh")), + "/docker/presto-init.d/generateSecrets.sh") + .withCopyFileToContainer( + forHostPath(configDir.getPath("config-%s.properties".formatted(role))), + CONTAINER_TRINO_CONFIG_PROPERTIES) + .withCreateContainerCmdModifier(createContainerCmd -> createContainerCmd.withDomainName("docker.cluster")); + } +} diff --git a/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/suite/suites/Suite7NonGeneric.java b/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/suite/suites/Suite7NonGeneric.java index d40189485ac3..d03a385f43d0 100644 --- a/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/suite/suites/Suite7NonGeneric.java +++ b/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/suite/suites/Suite7NonGeneric.java @@ -19,6 +19,7 @@ import io.trino.tests.product.launcher.env.environment.EnvMultinodeKerberosKudu; import io.trino.tests.product.launcher.env.environment.EnvMultinodeMinioDataLakeTaskRetriesFilesystem; import io.trino.tests.product.launcher.env.environment.EnvMultinodePostgresql; +import io.trino.tests.product.launcher.env.environment.EnvMultinodeSecretsProvider; import io.trino.tests.product.launcher.env.environment.EnvMultinodeSqlserver; import io.trino.tests.product.launcher.env.environment.EnvSinglenodeKerberosHdfsImpersonationCrossRealm; import io.trino.tests.product.launcher.env.environment.EnvSinglenodeSparkHive; @@ -57,6 +58,9 @@ public List getTestRuns(EnvironmentConfig config) testOnEnvironment(EnvMultinodePostgresql.class) .withGroups(CONFIGURED_FEATURES, POSTGRESQL) .build(), + testOnEnvironment(EnvMultinodeSecretsProvider.class) + .withGroups(CONFIGURED_FEATURES, POSTGRESQL) + .build(), testOnEnvironment(EnvMultinodeSqlserver.class) .withGroups(CONFIGURED_FEATURES, SQLSERVER) .build(), diff --git a/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-secrets-provider/authenticator.properties b/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-secrets-provider/authenticator.properties new file mode 100644 index 000000000000..70149b68bdd1 --- /dev/null +++ b/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-secrets-provider/authenticator.properties @@ -0,0 +1,2 @@ +password-authenticator.name=file +file.password-file=${keystore:password_db_file} diff --git a/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-secrets-provider/catalog/postgresql.properties b/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-secrets-provider/catalog/postgresql.properties new file mode 100644 index 000000000000..fed48b9a31ab --- /dev/null +++ b/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-secrets-provider/catalog/postgresql.properties @@ -0,0 +1,4 @@ +connector.name=postgresql +connection-url=jdbc:postgresql://postgresql:15432/test +connection-user=test +connection-password=${keystore:postgres_password} diff --git a/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-secrets-provider/config-master.properties b/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-secrets-provider/config-master.properties new file mode 100644 index 000000000000..c929813a2ce1 --- /dev/null +++ b/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-secrets-provider/config-master.properties @@ -0,0 +1,24 @@ +node.id=will-be-overwritten +node.environment=test +node.internal-address-source=FQDN + +coordinator=true +node-scheduler.include-coordinator=false +discovery.uri=https://presto-master.docker.cluster:7778 + +query.max-memory=1GB +query.max-memory-per-node=1GB + +http-server.http.enabled=false +http-server.https.enabled=true +http-server.https.port=7778 +http-server.https.keystore.path=/docker/presto-product-tests/conf/presto/etc/docker.cluster.jks +http-server.https.keystore.key=${keystore:keystore_password} + +http-server.authentication.type=PASSWORD +password-authenticator.config-files=etc/authenticator.properties + +internal-communication.https.required=true +internal-communication.shared-secret=${keystore:shared_secret} +internal-communication.https.keystore.path=/docker/presto-product-tests/conf/presto/etc/docker.cluster.jks +internal-communication.https.keystore.key=${keystore:keystore_password} diff --git a/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-secrets-provider/config-worker.properties b/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-secrets-provider/config-worker.properties new file mode 100644 index 000000000000..805d698268a9 --- /dev/null +++ b/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-secrets-provider/config-worker.properties @@ -0,0 +1,20 @@ +node.id=will-be-overwritten +node.environment=test +node.internal-address-source=FQDN + +coordinator=false +discovery.uri=https://presto-master.docker.cluster:7778 + +query.max-memory=1GB +query.max-memory-per-node=1GB + +http-server.http.enabled=false +http-server.https.enabled=true +http-server.https.port=7778 +http-server.https.keystore.path=/docker/presto-product-tests/conf/presto/etc/docker.cluster.jks +http-server.https.keystore.key=${keystore:keystore_password} + +internal-communication.https.required=true +internal-communication.shared-secret=${keystore:shared_secret} +internal-communication.https.keystore.path=/docker/presto-product-tests/conf/presto/etc/docker.cluster.jks +internal-communication.https.keystore.key=${keystore:keystore_password} diff --git a/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-secrets-provider/generateSecrets.sh b/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-secrets-provider/generateSecrets.sh new file mode 100644 index 000000000000..f377ba95511c --- /dev/null +++ b/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-secrets-provider/generateSecrets.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +# Store password for Trino server Keystore +keytool -importpass -storetype pkcs12 -alias keystore_password \ +-keystore /docker/presto-product-tests/conf/presto/etc/credential.jckes \ +-storepass password<