From db186556cfda89208c771e0a135f0ae4d2307871 Mon Sep 17 00:00:00 2001
From: Utkarsh Saxena <utkarsh.saxena@razorpay.com>
Date: Tue, 19 Jul 2022 13:49:12 +0530
Subject: [PATCH] [trino] Update spi to v388

Incorporate following changes

Remove obsolete row filter and column mask methods
https://github.com/trinodb/trino/pull/12998
https://github.com/trinodb/trino/commit/ac8d2d472201eef7c9a3129bd72835f57f2c3faa
---
 .../authorizer/RangerSystemAccessControl.java |  8 +++----
 .../RangerSystemAccessControlTest.java        | 15 ++++++------
 pom.xml                                       |  2 +-
 .../authorizer/RangerSystemAccessControl.java | 24 -------------------
 4 files changed, 13 insertions(+), 36 deletions(-)

diff --git a/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java b/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
index 37797e814e..b2de5cbd83 100644
--- a/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
+++ b/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
@@ -159,8 +159,7 @@ private boolean isRowFilterEnabled(RangerAccessResult result) {
     return result != null && result.isRowFilterEnabled();
   }
 
-  @Override
-  public Optional<ViewExpression> getRowFilter(SystemSecurityContext context, CatalogSchemaTableName tableName) {
+  private Optional<ViewExpression> getRowFilter(SystemSecurityContext context, CatalogSchemaTableName tableName) {
     RangerTrinoAccessRequest request = createAccessRequest(createResource(tableName), context, TrinoAccessType.SELECT);
     RangerAccessResult result = getRowFilterResult(request);
 
@@ -180,13 +179,13 @@ public Optional<ViewExpression> getRowFilter(SystemSecurityContext context, Cata
   @Override
   public List<ViewExpression> getRowFilters(SystemSecurityContext context, CatalogSchemaTableName tableName)
   {
+    // TODO{utk}: add implementation for multiple row filters
     return getRowFilter(context, tableName)
             .map(Collections::singletonList)
             .orElse(Collections.emptyList());
   }
 
-  @Override
-  public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type) {
+  private Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type) {
     RangerTrinoAccessRequest request = createAccessRequest(
       createResource(tableName.getCatalogName(), tableName.getSchemaTableName().getSchemaName(),
         tableName.getSchemaTableName().getTableName(), Optional.of(columnName)),
@@ -237,6 +236,7 @@ public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, Cat
   @Override
   public List<ViewExpression> getColumnMasks(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type)
   {
+    // TODO{utk}: add implementation for multiple column masks
     return getColumnMask(context, tableName, columnName, type)
             .map(Collections::singletonList)
             .orElse(Collections.emptyList());
diff --git a/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java b/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
index 9465ec8035..8186620464 100644
--- a/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
+++ b/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
@@ -39,6 +39,7 @@
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
@@ -175,15 +176,15 @@ public void testMisc()
     // check {type} / {col} replacement
     final VarcharType varcharType = VarcharType.createVarcharType(20);
 
-    Optional<ViewExpression> ret = accessControlManager.getColumnMask(context(alice), aliceTable, "cast_me", varcharType);
-    assertNotNull(ret.get());
-    assertEquals(ret.get().getExpression(), "cast cast_me as varchar(20)");
+    List<ViewExpression> ret = accessControlManager.getColumnMasks(context(alice), aliceTable, "cast_me", varcharType);
+    assertFalse(ret.isEmpty());
+    assertEquals(ret.get(0).getExpression(), "cast cast_me as varchar(20)");
 
-    ret = accessControlManager.getColumnMask(context(alice), aliceTable,"do-not-cast-me", varcharType);
-    assertFalse(ret.isPresent());
+    ret = accessControlManager.getColumnMasks(context(alice), aliceTable,"do-not-cast-me", varcharType);
+    assertTrue(ret.isEmpty());
 
-    ret = accessControlManager.getRowFilter(context(alice), aliceTable);
-    assertFalse(ret.isPresent());
+    ret = accessControlManager.getRowFilters(context(alice), aliceTable);
+    assertTrue(ret.isEmpty());
 
     accessControlManager.checkCanExecuteFunction(context(alice), functionName);
     accessControlManager.checkCanGrantExecuteFunctionPrivilege(context(alice), functionName, new TrinoPrincipal(USER, "grantee"), true);
diff --git a/pom.xml b/pom.xml
index c12cae57b4..a42431b8f6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -169,7 +169,7 @@
         <noggit.version>0.8</noggit.version>
         <owasp-java-html-sanitizer.version>r239</owasp-java-html-sanitizer.version>
         <paranamer.version>2.3</paranamer.version>
-        <trino.version>386</trino.version>
+        <trino.version>388</trino.version>
         <poi.version>4.1.2</poi.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <protobuf-java.version>2.5.0</protobuf-java.version>
diff --git a/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java b/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
index 81d88e1a52..1b9e5803b0 100644
--- a/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
+++ b/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
@@ -486,18 +486,6 @@ public void checkCanRevokeTablePrivilege(SystemSecurityContext context, Privileg
     }
   }
 
-  @Override
-  public Optional<ViewExpression> getRowFilter(SystemSecurityContext context, CatalogSchemaTableName tableName) {
-    Optional<ViewExpression> viewExpression;
-    try {
-      activatePluginClassLoader();
-      viewExpression = systemAccessControlImpl.getRowFilter(context, tableName);
-    } finally {
-      deactivatePluginClassLoader();
-    }
-    return viewExpression;
-  }
-
   @Override
   public List<ViewExpression> getRowFilters(SystemSecurityContext context, CatalogSchemaTableName tableName) {
     List<ViewExpression> viewExpression;
@@ -510,18 +498,6 @@ public List<ViewExpression> getRowFilters(SystemSecurityContext context, Catalog
     return viewExpression;
   }
 
-  @Override
-  public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type) {
-    Optional<ViewExpression> viewExpression;
-    try {
-      activatePluginClassLoader();
-      viewExpression = systemAccessControlImpl.getColumnMask(context, tableName, columnName, type);
-    } finally {
-      deactivatePluginClassLoader();
-    }
-    return viewExpression;
-  }
-
 
   @Override
   public List<ViewExpression> getColumnMasks(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type) {