Change catalog file access default to allow for no rules

System access control defaults to allow if no rules are defined for table,
schema, and session property

presto-plugin-toolkit/src/main/java/io/prestosql/plugin/base/security/AccessControlRules.java

@@ -33,9 +33,9 @@ public AccessControlRules(
             @JsonProperty("tables") Optional<List<TableAccessControlRule>> tableRules,
             @JsonProperty("session_properties") @JsonAlias("sessionProperties") Optional<List<SessionPropertyAccessControlRule>> sessionPropertyRules)
     {
-        this.schemaRules = schemaRules.orElse(ImmutableList.of());
-        this.tableRules = tableRules.orElse(ImmutableList.of());
-        this.sessionPropertyRules = sessionPropertyRules.orElse(ImmutableList.of());
+        this.schemaRules = schemaRules.orElse(ImmutableList.of(SchemaAccessControlRule.ALLOW_ALL));
+        this.tableRules = tableRules.orElse(ImmutableList.of(TableAccessControlRule.ALLOW_ALL));
+        this.sessionPropertyRules = sessionPropertyRules.orElse(ImmutableList.of(SessionPropertyAccessControlRule.ALLOW_ALL));
     }
 
     public List<SchemaAccessControlRule> getSchemaRules()

presto-plugin-toolkit/src/main/java/io/prestosql/plugin/base/security/SessionPropertyAccessControlRule.java

@@ -24,6 +24,12 @@
 
 public class SessionPropertyAccessControlRule
 {
+    public static final SessionPropertyAccessControlRule ALLOW_ALL = new SessionPropertyAccessControlRule(
+            true,
+            Optional.empty(),
+            Optional.empty(),
+            Optional.empty());
+
     private final boolean allow;
     private final Optional<Pattern> userRegex;
     private final Optional<Pattern> groupRegex;

presto-plugin-toolkit/src/test/java/io/prestosql/plugin/base/security/TestFileBasedAccessControl.java

@@ -43,6 +43,38 @@ public class TestFileBasedAccessControl
     private static final ConnectorSecurityContext BOB = user("bob", ImmutableSet.of("staff"));
     private static final ConnectorSecurityContext CHARLIE = user("charlie", ImmutableSet.of("guests"));
     private static final ConnectorSecurityContext JOE = user("joe", ImmutableSet.of());
+    private static final ConnectorSecurityContext UNKNOWN = user("unknown", ImmutableSet.of());
+
+    @Test
+    public void testEmptyFile()
+    {
+        ConnectorAccessControl accessControl = createAccessControl("empty.json");
+
+        accessControl.checkCanCreateSchema(UNKNOWN, "unknown");
+        accessControl.checkCanDropSchema(UNKNOWN, "unknown");
+        accessControl.checkCanRenameSchema(UNKNOWN, "unknown", "new_unknown");
+        accessControl.checkCanSetSchemaAuthorization(UNKNOWN, "unknown", new PrestoPrincipal(PrincipalType.ROLE, "some_role"));
+        accessControl.checkCanShowCreateSchema(UNKNOWN, "unknown");
+
+        accessControl.checkCanSelectFromColumns(UNKNOWN, new SchemaTableName("unknown", "unknown"), ImmutableSet.of());
+        accessControl.checkCanShowColumns(UNKNOWN, new SchemaTableName("unknown", "unknown"));
+        accessControl.checkCanInsertIntoTable(UNKNOWN, new SchemaTableName("unknown", "unknown"));
+        accessControl.checkCanDeleteFromTable(UNKNOWN, new SchemaTableName("unknown", "unknown"));
+
+        accessControl.checkCanCreateTable(UNKNOWN, new SchemaTableName("unknown", "unknown"));
+        accessControl.checkCanDropTable(UNKNOWN, new SchemaTableName("unknown", "unknown"));
+        accessControl.checkCanRenameTable(UNKNOWN,
+                new SchemaTableName("unknown", "unknown"),
+                new SchemaTableName("unknown", "new_unknown"));
+
+        accessControl.checkCanSetCatalogSessionProperty(UNKNOWN, "anything");
+
+        Set<SchemaTableName> tables = ImmutableSet.<SchemaTableName>builder()
+                .add(new SchemaTableName("secret", "any"))
+                .add(new SchemaTableName("any", "any"))
+                .build();
+        assertEquals(accessControl.filterTables(UNKNOWN, tables), tables);
+    }
 
     @Test
     public void testSchemaRules()

presto-plugin-toolkit/src/test/resources/no-access.json

@@ -1,4 +1,6 @@
 {
+  "schemas": [
+  ],
   "tables": [
   ]
 }