[trino] Update spi to v388

Incorporate following changes

Remove obsolete row filter and column mask methods
trinodb/trino#12998
trinodb/trino@ac8d2d4

plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java

@@ -159,8 +159,7 @@ private boolean isRowFilterEnabled(RangerAccessResult result) {
     return result != null && result.isRowFilterEnabled();
   }
 
-  @Override
-  public Optional<ViewExpression> getRowFilter(SystemSecurityContext context, CatalogSchemaTableName tableName) {
+  private Optional<ViewExpression> getRowFilter(SystemSecurityContext context, CatalogSchemaTableName tableName) {
     RangerTrinoAccessRequest request = createAccessRequest(createResource(tableName), context, TrinoAccessType.SELECT);
     RangerAccessResult result = getRowFilterResult(request);
 
@@ -180,13 +179,13 @@ public Optional<ViewExpression> getRowFilter(SystemSecurityContext context, Cata
   @Override
   public List<ViewExpression> getRowFilters(SystemSecurityContext context, CatalogSchemaTableName tableName)
   {
+    // TODO{utk}: add implementation for multiple row filters
     return getRowFilter(context, tableName)
             .map(Collections::singletonList)
             .orElse(Collections.emptyList());
   }
 
-  @Override
-  public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type) {
+  private Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type) {
     RangerTrinoAccessRequest request = createAccessRequest(
       createResource(tableName.getCatalogName(), tableName.getSchemaTableName().getSchemaName(),
         tableName.getSchemaTableName().getTableName(), Optional.of(columnName)),
@@ -237,6 +236,7 @@ public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, Cat
   @Override
   public List<ViewExpression> getColumnMasks(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type)
   {
+    // TODO{utk}: add implementation for multiple column masks
     return getColumnMask(context, tableName, columnName, type)
             .map(Collections::singletonList)
             .orElse(Collections.emptyList());

plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java

@@ -39,6 +39,7 @@
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
@@ -175,15 +176,15 @@ public void testMisc()
     // check {type} / {col} replacement
     final VarcharType varcharType = VarcharType.createVarcharType(20);
 
-    Optional<ViewExpression> ret = accessControlManager.getColumnMask(context(alice), aliceTable, "cast_me", varcharType);
-    assertNotNull(ret.get());
-    assertEquals(ret.get().getExpression(), "cast cast_me as varchar(20)");
+    List<ViewExpression> ret = accessControlManager.getColumnMasks(context(alice), aliceTable, "cast_me", varcharType);
+    assertFalse(ret.isEmpty());
+    assertEquals(ret.get(0).getExpression(), "cast cast_me as varchar(20)");
 
-    ret = accessControlManager.getColumnMask(context(alice), aliceTable,"do-not-cast-me", varcharType);
-    assertFalse(ret.isPresent());
+    ret = accessControlManager.getColumnMasks(context(alice), aliceTable,"do-not-cast-me", varcharType);
+    assertTrue(ret.isEmpty());
 
-    ret = accessControlManager.getRowFilter(context(alice), aliceTable);
-    assertFalse(ret.isPresent());
+    ret = accessControlManager.getRowFilters(context(alice), aliceTable);
+    assertTrue(ret.isEmpty());
 
     accessControlManager.checkCanExecuteFunction(context(alice), functionName);
     accessControlManager.checkCanGrantExecuteFunctionPrivilege(context(alice), functionName, new TrinoPrincipal(USER, "grantee"), true);

pom.xml

@@ -169,7 +169,7 @@
         <noggit.version>0.8</noggit.version>
         <owasp-java-html-sanitizer.version>r239</owasp-java-html-sanitizer.version>
         <paranamer.version>2.3</paranamer.version>
-        <trino.version>386</trino.version>
+        <trino.version>388</trino.version>
         <poi.version>4.1.2</poi.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <protobuf-java.version>2.5.0</protobuf-java.version>

ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java

@@ -486,18 +486,6 @@ public void checkCanRevokeTablePrivilege(SystemSecurityContext context, Privileg
     }
   }
 
-  @Override
-  public Optional<ViewExpression> getRowFilter(SystemSecurityContext context, CatalogSchemaTableName tableName) {
-    Optional<ViewExpression> viewExpression;
-    try {
-      activatePluginClassLoader();
-      viewExpression = systemAccessControlImpl.getRowFilter(context, tableName);
-    } finally {
-      deactivatePluginClassLoader();
-    }
-    return viewExpression;
-  }
-
   @Override
   public List<ViewExpression> getRowFilters(SystemSecurityContext context, CatalogSchemaTableName tableName) {
     List<ViewExpression> viewExpression;
@@ -510,18 +498,6 @@ public List<ViewExpression> getRowFilters(SystemSecurityContext context, Catalog
     return viewExpression;
   }
 
-  @Override
-  public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type) {
-    Optional<ViewExpression> viewExpression;
-    try {
-      activatePluginClassLoader();
-      viewExpression = systemAccessControlImpl.getColumnMask(context, tableName, columnName, type);
-    } finally {
-      deactivatePluginClassLoader();
-    }
-    return viewExpression;
-  }
-
 
   @Override
   public List<ViewExpression> getColumnMasks(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type) {