Add support for ALTER MATERIALIZED VIEW .. SET AUTHORIZATION

This commit adds support for `SET AUTHORIZATION` on a materialized view.
Previously, this was only available on views.

Author: codyzwief

core/trino-grammar/src/main/antlr4/io/trino/grammar/sql/SqlBase.g4

@@ -953,7 +953,7 @@ grantObject
     ;
 
 ownedEntityKind
-    : TABLE | SCHEMA | VIEW | identifier
+    : TABLE | SCHEMA | VIEW | MATERIALIZED VIEW | identifier
     ;
 
 qualifiedName

core/trino-main/src/main/java/io/trino/execution/SetAuthorizationTask.java

@@ -104,6 +104,13 @@ private void setEntityAuthorization(Session session, SetAuthorizationStatement s
                     throw semanticException(TABLE_NOT_FOUND, statement, "View '%s' does not exist", viewName);
                 }
             }
+            case "MATERIALIZED VIEW" -> {
+                QualifiedObjectName viewName = new QualifiedObjectName(name.get(0), name.get(1), name.get(2));
+                getRequiredCatalogHandle(metadata, session, statement, viewName.catalogName());
+                if (!metadata.isMaterializedView(session, viewName)) {
+                    throw semanticException(TABLE_NOT_FOUND, statement, "Materialized view '%s' does not exist", viewName);
+                }
+            }
         }
 
         TrinoPrincipal principal = createPrincipal(statement.getPrincipal());

core/trino-main/src/main/java/io/trino/metadata/MetadataManager.java

@@ -180,7 +180,7 @@
 public final class MetadataManager
         implements Metadata
 {
-    private static final Set<String> ENTITY_KINDS_WITH_CATALOG = ImmutableSet.of("SCHEMA", "TABLE", "VIEW");
+    private static final Set<String> ENTITY_KINDS_WITH_CATALOG = ImmutableSet.of("SCHEMA", "TABLE", "VIEW", "MATERIALIZED VIEW");
     private static final Logger log = Logger.get(MetadataManager.class);
 
     @VisibleForTesting
@@ -2860,7 +2860,7 @@ public void setEntityAuthorization(Session session, EntityKindAndName entityKind
             if (catalogMetadata.getSecurityManagement() != SYSTEM) {
                 switch (ownedKind) {
                     case "TABLE" -> metadata.setTableAuthorization(session.toConnectorSession(catalogHandle), new SchemaTableName(name.get(1), name.get(2)), principal);
-                    case "VIEW" -> metadata.setViewAuthorization(session.toConnectorSession(catalogHandle), new SchemaTableName(name.get(1), name.get(2)), principal);
+                    case "VIEW", "MATERIALIZED VIEW" -> metadata.setViewAuthorization(session.toConnectorSession(catalogHandle), new SchemaTableName(name.get(1), name.get(2)), principal);
                     case "SCHEMA" -> metadata.setSchemaAuthorization(session.toConnectorSession(catalogHandle), name.get(1), principal);
                     default -> throw new IllegalArgumentException("Unsupported owned kind: " + ownedKind);
                 }

core/trino-main/src/main/java/io/trino/metadata/MetadataUtil.java

@@ -133,7 +133,7 @@ public static List<String> fillInNameParts(Session session, Node node, String en
                         throw new TrinoException(GENERIC_USER_ERROR, "Invalid entity %s for entity kind %s".formatted(joinName(name), entityKind));
                 }
                 break;
-            case "TABLE", "VIEW":
+            case "TABLE", "VIEW", "MATERIALIZED VIEW":
                 switch (name.size()) {
                     case 1:
                         if (session.getCatalog().isPresent() && session.getSchema().isPresent()) {

core/trino-main/src/main/java/io/trino/security/AccessControlManager.java

@@ -1413,7 +1413,7 @@ public void checkCanSetEntityAuthorization(SecurityContext securityContext, Enti
                 case "TABLE":
                     control.checkCanSetTableAuthorization(context, new SchemaTableName(name.get(1), name.get(2)), principal);
                     break;
-                case "VIEW":
+                case "VIEW", "MATERIALIZED VIEW":
                     control.checkCanSetViewAuthorization(context, new SchemaTableName(name.get(1), name.get(2)), principal);
                     break;
                 default:

core/trino-parser/src/main/java/io/trino/sql/parser/AstBuilder.java

@@ -22,6 +22,7 @@
 import io.trino.grammar.sql.SqlBaseParser.CorrespondingContext;
 import io.trino.grammar.sql.SqlBaseParser.CreateCatalogContext;
 import io.trino.grammar.sql.SqlBaseParser.DropCatalogContext;
+import io.trino.grammar.sql.SqlBaseParser.OwnedEntityKindContext;
 import io.trino.sql.tree.AddColumn;
 import io.trino.sql.tree.AliasedRelation;
 import io.trino.sql.tree.AllColumns;
@@ -321,6 +322,7 @@
 import java.util.Optional;
 import java.util.Set;
 import java.util.function.Function;
+import java.util.stream.IntStream;
 import java.util.stream.Stream;
 
 import static com.google.common.base.Preconditions.checkArgument;
@@ -511,9 +513,13 @@ public Node visitRenameSchema(SqlBaseParser.RenameSchemaContext context)
     @Override
     public Node visitSetAuthorization(SqlBaseParser.SetAuthorizationContext context)
     {
+        OwnedEntityKindContext ownedEntityKindContext = context.ownedEntityKind();
+        String ownedEntityKind = IntStream.range(0, ownedEntityKindContext.getChildCount())
+                .mapToObj(i -> ownedEntityKindContext.getChild(i).getText())
+                .reduce("", (a, b) -> String.format("%s %s", a, b).trim());
         return new SetAuthorizationStatement(
                 getLocation(context),
-                context.ownedEntityKind().getText().toUpperCase(ENGLISH),
+                ownedEntityKind.toUpperCase(ENGLISH),
                 getQualifiedName(context.qualifiedName()),
                 getPrincipalSpecification(context.principal()));
     }

core/trino-parser/src/test/java/io/trino/sql/parser/TestSqlParser.java

@@ -3556,6 +3556,29 @@ public void testAlterViewSetAuthorization()
                         new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier(location(1, 47), "qux", false))));
     }
 
+    @Test
+    public void testAlterMaterializedViewSetAuthorization()
+    {
+        assertThat(statement("ALTER MATERIALIZED VIEW foo.bar.baz SET AUTHORIZATION qux")).isEqualTo(
+                new SetAuthorizationStatement(
+                        location(1, 1),
+                        "MATERIALIZED VIEW",
+                        QualifiedName.of(ImmutableList.of(new Identifier(location(1, 25), "foo", false), new Identifier(location(1, 29), "bar", false), new Identifier(location(1, 33), "baz", false))),
+                        new PrincipalSpecification(PrincipalSpecification.Type.UNSPECIFIED, new Identifier(location(1, 55), "qux", false))));
+        assertThat(statement("ALTER MATERIALIZED VIEW foo.bar.baz SET AUTHORIZATION USER qux")).isEqualTo(
+                new SetAuthorizationStatement(
+                        location(1, 1),
+                        "MATERIALIZED VIEW",
+                        QualifiedName.of(ImmutableList.of(new Identifier(location(1, 25), "foo", false), new Identifier(location(1, 29), "bar", false), new Identifier(location(1, 33), "baz", false))),
+                        new PrincipalSpecification(PrincipalSpecification.Type.USER, new Identifier(location(1, 60), "qux", false))));
+        assertThat(statement("ALTER MATERIALIZED VIEW foo.bar.baz SET AUTHORIZATION ROLE qux")).isEqualTo(
+                new SetAuthorizationStatement(
+                        location(1, 1),
+                        "MATERIALIZED VIEW",
+                        QualifiedName.of(ImmutableList.of(new Identifier(location(1, 25), "foo", false), new Identifier(location(1, 29), "bar", false), new Identifier(location(1, 33), "baz", false))),
+                        new PrincipalSpecification(PrincipalSpecification.Type.ROLE, new Identifier(location(1, 60), "qux", false))));
+    }
+
     @Test
     public void testTableExecute()
     {

core/trino-spi/src/main/java/io/trino/spi/security/SystemAccessControl.java

@@ -959,9 +959,9 @@ default void checkCanSetEntityAuthorization(SystemSecurityContext context, Entit
                 }
                 checkCanSetTableAuthorization(context, new CatalogSchemaTableName(name.get(0), name.get(1), name.get(2)), principal);
                 break;
-            case "VIEW":
+            case "VIEW", "MATERIALIZED VIEW":
                 if (name.size() != 3) {
-                    throw new TrinoException(StandardErrorCode.INVALID_ARGUMENTS, "The view name %s must have three elements".formatted(name));
+                    throw new TrinoException(StandardErrorCode.INVALID_ARGUMENTS, "The %s name %s must have three elements".formatted(kind.toLowerCase(Locale.ROOT), name));
                 }
                 checkCanSetViewAuthorization(context, new CatalogSchemaTableName(name.get(0), name.get(1), name.get(2)), principal);
                 break;

lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/security/FileBasedSystemAccessControl.java

@@ -1100,7 +1100,7 @@ public void checkCanSetEntityAuthorization(SystemSecurityContext context, Entity
                 CatalogSchemaName schema = new CatalogSchemaName(name.get(0), name.get(1));
                 denied = !isSchemaOwner(context, schema) || !checkCanSetAuthorization(context, principal);
                 break;
-            case "TABLE", "VIEW":
+            case "TABLE", "VIEW", "MATERIALIZED VIEW":
                 CatalogSchemaTableName table = new CatalogSchemaTableName(name.get(0), name.get(1), name.get(2));
                 denied = !checkTablePermission(context, table, OWNERSHIP) || !checkCanSetAuthorization(context, principal);
                 break;