RANGER-4640: Trino ranger plugin for 433 snapshot

agents-common/pom.xml

@@ -123,6 +123,11 @@
             <artifactId>ranger-plugins-audit</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.openjdk.nashorn</groupId>
+            <artifactId>nashorn-core</artifactId>
+            <version>15.4</version>
+        </dependency>
         <dependency>
             <groupId>net.java.dev.jna</groupId>
             <artifactId>jna</artifactId>

agents-common/src/main/java/org/apache/ranger/plugin/util/NashornScriptEngineCreator.java

@@ -23,8 +23,8 @@
 import org.slf4j.LoggerFactory;
 
 import javax.script.ScriptEngine;
-import jdk.nashorn.api.scripting.ClassFilter;
-import jdk.nashorn.api.scripting.NashornScriptEngineFactory;
+import org.openjdk.nashorn.api.scripting.ClassFilter;
+import org.openjdk.nashorn.api.scripting.NashornScriptEngineFactory;
 
 public class NashornScriptEngineCreator implements ScriptEngineCreator {
     private static final Logger LOG = LoggerFactory.getLogger(NashornScriptEngineCreator.class);

plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/RecordFilterJavaScript.java

@@ -20,8 +20,8 @@
 
 package org.apache.ranger.authorization.nestedstructure.authorizer;
 
-import jdk.nashorn.api.scripting.ClassFilter;
-import jdk.nashorn.api.scripting.NashornScriptEngineFactory;
+import org.openjdk.nashorn.api.scripting.ClassFilter;
+import org.openjdk.nashorn.api.scripting.NashornScriptEngineFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java

@@ -18,6 +18,7 @@
 package org.apache.ranger.authorization.trino.authorizer;
 
 import com.google.common.collect.ImmutableSet;
+import io.trino.spi.QueryId;
 import io.trino.spi.connector.CatalogSchemaName;
 import io.trino.spi.connector.CatalogSchemaRoutineName;
 import io.trino.spi.connector.CatalogSchemaTableName;
@@ -37,11 +38,13 @@
 import org.junit.Test;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
+import java.time.Instant;
 
 public class RangerSystemAccessControlTest {
   static RangerSystemAccessControl accessControlManager = null;
@@ -56,14 +59,17 @@ public class RangerSystemAccessControlTest {
   //private static final Identity nonAsciiUser = Identity.ofUser("\u0194\u0194\u0194");
 
   private static final Set<String> allCatalogs = ImmutableSet.of("open-to-all", "all-allowed", "alice-catalog");
-  private static final Set<String> queryOwners = ImmutableSet.of("bob", "alice", "frank");
+  private static final Collection<Identity> queryOwners = ImmutableSet.of(Identity.ofUser("bob"), Identity.ofUser("alice"), Identity.ofUser("frank"));
   private static final String aliceCatalog = "alice-catalog";
   private static final CatalogSchemaName aliceSchema = new CatalogSchemaName("alice-catalog", "schema");
   private static final CatalogSchemaTableName aliceTable = new CatalogSchemaTableName("alice-catalog", "schema","table");
   private static final CatalogSchemaTableName aliceView = new CatalogSchemaTableName("alice-catalog", "schema","view");
 
   private static final CatalogSchemaRoutineName aliceProcedure = new CatalogSchemaRoutineName("alice-catalog", "schema", "procedure");
-  private static final String functionName = new String("function");
+  private static final CatalogSchemaRoutineName bobFunction = new CatalogSchemaRoutineName("alice-catalog", "default", "function");
+
+  private static final QueryId queryId = new QueryId("test_query");
+  private static final Instant queryStart = Instant.now();
 
   @BeforeClass
   public static void setUpBeforeClass() throws Exception {
@@ -75,16 +81,16 @@ public static void setUpBeforeClass() throws Exception {
   @SuppressWarnings("PMD")
   public void testCanSetUserOperations() {
     try {
-      accessControlManager.checkCanImpersonateUser(context(alice), bob.getUser());
+      accessControlManager.checkCanImpersonateUser(context(alice).getIdentity(), bob.getUser());
       throw new AssertionError("expected AccessDeniedExeption");
     }
     catch (AccessDeniedException expected) {
     }
 
-    accessControlManager.checkCanImpersonateUser(context(admin), bob.getUser());
+    accessControlManager.checkCanImpersonateUser(context(admin).getIdentity(), bob.getUser());
 
     try {
-      accessControlManager.checkCanImpersonateUser(context(kerberosInvalidAlice), bob.getUser());
+      accessControlManager.checkCanImpersonateUser(context(kerberosInvalidAlice).getIdentity(), bob.getUser());
       throw new AssertionError("expected AccessDeniedExeption");
     }
     catch (AccessDeniedException expected) {
@@ -111,13 +117,13 @@ public void testSchemaOperations()
     assertEquals(accessControlManager.filterSchemas(context(alice), aliceCatalog, aliceSchemas), aliceSchemas);
     assertEquals(accessControlManager.filterSchemas(context(bob), "alice-catalog", aliceSchemas), ImmutableSet.of());
 
-    accessControlManager.checkCanCreateSchema(context(alice), aliceSchema);
+    accessControlManager.checkCanCreateSchema(context(alice), aliceSchema, Map.of());
     accessControlManager.checkCanDropSchema(context(alice), aliceSchema);
     accessControlManager.checkCanRenameSchema(context(alice), aliceSchema, "new-schema");
     accessControlManager.checkCanShowSchemas(context(alice), aliceCatalog);
 
     try {
-      accessControlManager.checkCanCreateSchema(context(bob), aliceSchema);
+      accessControlManager.checkCanCreateSchema(context(bob), aliceSchema, Map.of());
     } catch (AccessDeniedException expected) {
     }
 
@@ -133,7 +139,7 @@ public void testTableOperations()
     assertEquals(accessControlManager.filterTables(context(alice), aliceCatalog, aliceTables), aliceTables);
     assertEquals(accessControlManager.filterTables(context(bob), "alice-catalog", aliceTables), ImmutableSet.of());
 
-    accessControlManager.checkCanCreateTable(context(alice), aliceTable,Map.of());
+    accessControlManager.checkCanCreateTable(context(alice), aliceTable, Map.of());
     accessControlManager.checkCanDropTable(context(alice), aliceTable);
     accessControlManager.checkCanSelectFromColumns(context(alice), aliceTable, ImmutableSet.of());
     accessControlManager.checkCanInsertIntoTable(context(alice), aliceTable);
@@ -142,7 +148,7 @@ public void testTableOperations()
 
 
     try {
-      accessControlManager.checkCanCreateTable(context(bob), aliceTable,Map.of());
+      accessControlManager.checkCanCreateTable(context(bob), aliceTable, Map.of());
     } catch (AccessDeniedException expected) {
     }
   }
@@ -170,34 +176,28 @@ public void testViewOperations()
   @SuppressWarnings("PMD")
   public void testMisc()
   {
-    assertEquals(accessControlManager.filterViewQueryOwnedBy(context(alice), queryOwners), queryOwners);
+    assertEquals(accessControlManager.filterViewQueryOwnedBy(context(alice).getIdentity(), queryOwners), queryOwners);
 
     // check {type} / {col} replacement
     final VarcharType varcharType = VarcharType.createVarcharType(20);
 
     Optional<ViewExpression> ret = accessControlManager.getColumnMask(context(alice), aliceTable, "cast_me", varcharType);
-    List<ViewExpression> retArray = accessControlManager.getColumnMasks(context(alice), aliceTable, "cast_me", varcharType);
     assertNotNull(ret.get());
     assertEquals(ret.get().getExpression(), "cast cast_me as varchar(20)");
-    assertEquals(1, retArray.size());
-    assertEquals("cast cast_me as varchar(20)", retArray.get(0).getExpression());
 
     ret = accessControlManager.getColumnMask(context(alice), aliceTable,"do-not-cast-me", varcharType);
-    retArray = accessControlManager.getColumnMasks(context(alice), aliceTable,"do-not-cast-me", varcharType);
     assertFalse(ret.isPresent());
-    assertTrue(retArray.isEmpty());
 
     ret = accessControlManager.getRowFilter(context(alice), aliceTable);
-    retArray = accessControlManager.getRowFilters(context(alice), aliceTable);
+    List<ViewExpression> retArray = accessControlManager.getRowFilters(context(alice), aliceTable);
     assertFalse(ret.isPresent());
     assertTrue(retArray.isEmpty());
 
-    accessControlManager.checkCanExecuteFunction(context(alice), functionName);
-    accessControlManager.checkCanGrantExecuteFunctionPrivilege(context(alice), functionName, new TrinoPrincipal(USER, "grantee"), true);
+    accessControlManager.canExecuteFunction(context(alice), bobFunction);
     accessControlManager.checkCanExecuteProcedure(context(alice), aliceProcedure);
   }
 
   private SystemSecurityContext context(Identity id) {
-    return new SystemSecurityContext(id, Optional.empty());
+    return new SystemSecurityContext(id, queryId, queryStart);
   }
 }

pom.xml

@@ -115,7 +115,7 @@
         <dnsjava.version>2.1.7</dnsjava.version>
         <eclipse.jpa.version>2.7.12</eclipse.jpa.version>
         <elasticsearch.version>7.10.2</elasticsearch.version>
-        <enunciate.version>2.13.2</enunciate.version>
+        <enunciate.version>2.15.1</enunciate.version>
         <spotbugs.plugin.version>4.7.3.5</spotbugs.plugin.version>
         <google.guava.version>27.0-jre</google.guava.version>
         <googlecode.log4jdbc.version>1.2</googlecode.log4jdbc.version>
@@ -184,7 +184,7 @@
         <owasp-java-html-sanitizer.version>20211018.2</owasp-java-html-sanitizer.version>
         <paranamer.version>2.3</paranamer.version>
         <presto.version>333</presto.version>
-        <trino.version>377</trino.version>
+        <trino.version>433</trino.version>
         <poi.version>5.2.2</poi.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <protobuf-java.version>3.19.3</protobuf-java.version>
@@ -277,7 +277,7 @@
                 <module>agents-installer</module>
                 <module>credentialbuilder</module>
                 <module>embeddedwebserver</module>
-		<module>ranger-common-ha</module>
+		            <module>ranger-common-ha</module>
                 <module>kms</module>
                 <module>hbase-agent</module>
                 <module>hdfs-agent</module>
@@ -347,7 +347,7 @@
                 <module>agents-installer</module>
                 <module>credentialbuilder</module>
                 <module>embeddedwebserver</module>
-		<module>ranger-common-ha</module>
+                <module>ranger-common-ha</module>
                 <module>kms</module>
                 <module>hbase-agent</module>
                 <module>hdfs-agent</module>
@@ -363,7 +363,8 @@
                 <module>plugin-nifi</module>
                 <module>plugin-nifi-registry</module>
                 <module>plugin-presto</module>
-                <module>plugin-trino</module>
+<!--                Trino 433 supports Java 17 and above-->
+<!--                <module>plugin-trino</module>-->
                 <module>plugin-kudu</module>
                 <module>ugsync-util</module>
                 <module>ugsync</module>
@@ -387,6 +388,79 @@
                 <module>ranger-atlas-plugin-shim</module>
                 <module>ranger-kms-plugin-shim</module>
                 <module>ranger-presto-plugin-shim</module>
+<!--                Trino 433 supports Java 17 and above-->
+<!--                <module>ranger-trino-plugin-shim</module>-->
+                <module>ranger-examples</module>
+                <module>ranger-tools</module>
+                <module>plugin-atlas</module>
+                <module>plugin-schema-registry</module>
+                <module>plugin-sqoop</module>
+                <module>ranger-sqoop-plugin-shim</module>
+                <module>plugin-kylin</module>
+                <module>ranger-kylin-plugin-shim</module>
+                <module>plugin-elasticsearch</module>
+                <module>ranger-elasticsearch-plugin-shim</module>
+                <module>ranger-authn</module>
+                <module>ranger-metrics</module>
+                <!--
+                   'distro' should be the last module. If a module gets inserted after
+                   ranger-elasticsearch-plugin-shim, make sure to update dependency in distro/pom.xml
+                -->
+                <module>distro</module>
+            </modules>
+        </profile>
+        <profile>
+            <id>ranger-jdk17</id>
+            <activation>
+                <jdk>17</jdk>
+            </activation>
+            <modules>
+                <module>jisql</module>
+                <module>agents-audit</module>
+                <module>agents-common</module>
+                <module>agents-cred</module>
+                <module>intg</module>
+                <module>agents-installer</module>
+                <module>credentialbuilder</module>
+                <module>embeddedwebserver</module>
+                <module>kms</module>
+                <module>hbase-agent</module>
+                <module>hdfs-agent</module>
+                <module>hive-agent</module>
+                <module>knox-agent</module>
+                <module>storm-agent</module>
+                <module>plugin-yarn</module>
+                <module>plugin-ozone</module>
+                <module>security-admin</module>
+                <module>plugin-kafka</module>
+                <module>plugin-solr</module>
+                <module>plugin-nestedstructure</module>
+                <module>plugin-nifi</module>
+                <module>plugin-nifi-registry</module>
+                <module>plugin-presto</module>
+                <module>plugin-trino</module>
+                <module>plugin-kudu</module>
+                <module>ugsync-util</module>
+                <module>ugsync</module>
+                <module>ugsync/ldapconfigchecktool/ldapconfigcheck</module>
+                <module>unixauthclient</module>
+                <module>unixauthservice</module>
+                <module>ranger-util</module>
+                <module>plugin-kms</module>
+                <module>tagsync</module>
+                <module>ranger-hdfs-plugin-shim</module>
+                <module>ranger-plugin-classloader</module>
+                <module>ranger-hive-plugin-shim</module>
+                <module>ranger-hbase-plugin-shim</module>
+                <module>ranger-knox-plugin-shim</module>
+                <module>ranger-yarn-plugin-shim</module>
+                <module>ranger-ozone-plugin-shim</module>
+                <module>ranger-storm-plugin-shim</module>
+                <module>ranger-kafka-plugin-shim</module>
+                <module>ranger-solr-plugin-shim</module>
+                <module>ranger-atlas-plugin-shim</module>
+                <module>ranger-kms-plugin-shim</module>
+                <module>ranger-presto-plugin-shim</module>
                 <module>ranger-trino-plugin-shim</module>
                 <module>ranger-examples</module>
                 <module>ranger-tools</module>
@@ -636,6 +710,7 @@
             </modules>
         </profile>
         <profile>
+            <!-- Please use -Pprofile=ranger-jdk17 with build-->
             <id>ranger-trino-plugin</id>
             <modules>
                 <module>agents-audit</module>
@@ -677,7 +752,7 @@
                 <module>agents-installer</module>
                 <module>credentialbuilder</module>
                 <module>embeddedwebserver</module>
-		<module>ranger-common-ha</module>
+		            <module>ranger-common-ha</module>
                 <module>kms</module>
                 <module>hbase-agent</module>
                 <module>hdfs-agent</module>
@@ -765,7 +840,7 @@
                 <module>agents-installer</module>
                 <module>credentialbuilder</module>
                 <module>embeddedwebserver</module>
-		<module>ranger-common-ha</module>
+		            <module>ranger-common-ha</module>
                 <module>kms</module>
                 <module>hbase-agent</module>
                 <module>hdfs-agent</module>

ranger-examples/distro/src/main/assembly/plugin-sampleapp.xml

@@ -66,4 +66,11 @@
         <fileMode>644</fileMode>
     </fileSet>
    </fileSets>
+  <dependencySets>
+    <dependencySet>
+      <useProjectArtifact>true</useProjectArtifact>
+      <outputDirectory>lib</outputDirectory>
+      <scope>runtime</scope>
+    </dependencySet>
+  </dependencySets>
 </assembly>

ranger-examples/distro/src/main/assembly/sampleapp.xml

@@ -53,4 +53,11 @@
         <fileMode>644</fileMode>
     </fileSet>
    </fileSets>
+  <dependencySets>
+    <dependencySet>
+      <useProjectArtifact>true</useProjectArtifact>
+      <outputDirectory>lib</outputDirectory>
+      <scope>runtime</scope>
+    </dependencySet>
+  </dependencySets>
 </assembly>