Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorize table parameters in CTAS and remove deprecated check methods #10939

Merged
merged 3 commits into from
Feb 5, 2022
Merged

Authorize table parameters in CTAS and remove deprecated check methods #10939

merged 3 commits into from
Feb 5, 2022

Conversation

findepi
Copy link
Member

@findepi findepi commented Feb 3, 2022
edited
Loading

Access controls interfaces allow implementor to inspect new table's
properties. This is done for CREATE TABLE, but was not done for CREATE TABLE AS.
Instead, a deprecated access control method was called.

Follows #9401

@findepi
Remove redundant String.toString call
b59d34e
@findepi
Authorize table parameters in CTAS
db9bcff 
Access controls interfaces allow implementor to inspect new table's
properties. This is done for CREATE TABLE`, but was not done for `CREATE
TABLE AS`. Instead, a deprecated access control method was called.
@findepi
Remove create access checks without properties
d0399ad 
Remove `ConnectorAccessControl` and `SystemAccessControl`'s
`checkCanCreateTable` and `checkCanCreateMaterializedView` checks that
do not take properties that were deprecated some time ago. Remove
associated fallback configuration toggle.

Among other things, this forces plugin implementors to implement the
correct method. This is important, because the old method did not
delegate to the new, nor vice versa.
@cla-bot cla-bot bot added the cla-signed label Feb 3, 2022
dain
dain requested changes Feb 3, 2022
View reviewed changes
Copy link
Member

@dain dain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great find!

I suggest we leave the deprecated methods in connector and system access control, and have the new methods pass through to them. This way we don't break someone who did not realize we changed the signature.

core/trino-spi/src/main/java/io/trino/spi/connector/ConnectorAccessControl.java
* @deprecated use {@link #checkCanCreateTable(ConnectorSecurityContext context, SchemaTableName tableName, Map properties)} instead
*/
@Deprecated
default void checkCanCreateTable(ConnectorSecurityContext context, SchemaTableName tableName)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest we leave the deprecated methods in connector and system access control, and have the new methods pass through to them. This way we don't break someone who did not realize we changed the signature.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree this is how this should be implemented in the first place, in 364 when the new methods were added.
But now, it's not worthwhile to fix it, and we want to remove the deprecated methods at some point in time anyway. IMO the time is now.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow, didn't realize it was that long ago. I guess we have what we have

@findepi findepi requested a review from dain February 4, 2022 08:43
dain
dain approved these changes Feb 4, 2022
View reviewed changes
core/trino-spi/src/main/java/io/trino/spi/connector/ConnectorAccessControl.java
* @deprecated use {@link #checkCanCreateTable(ConnectorSecurityContext context, SchemaTableName tableName, Map properties)} instead
*/
@Deprecated
default void checkCanCreateTable(ConnectorSecurityContext context, SchemaTableName tableName)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow, didn't realize it was that long ago. I guess we have what we have

@findepi findepi merged commit 72ca4dc into trinodb:master Feb 5, 2022
@findepi findepi deleted the findepi/check-create-with-properties branch February 5, 2022 17:58
@findepi findepi mentioned this pull request Feb 5, 2022
Closed
@github-actions github-actions bot added this to the 371 milestone Feb 5, 2022
@mosabua mosabua mentioned this pull request Feb 7, 2022
Merged
@maltesander maltesander mentioned this pull request Apr 12, 2022
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dain dain dain approved these changes

@electrum electrum Awaiting requested review from electrum

@losipiuk losipiuk Awaiting requested review from losipiuk

@sopel39 sopel39 Awaiting requested review from sopel39

@ebyhr ebyhr Awaiting requested review from ebyhr

@kokosing kokosing Awaiting requested review from kokosing

Assignees
No one assigned
Labels
cla-signed
Milestone
371
Development

Successfully merging this pull request may close these issues.
2 participants
@findepi @dain