Add tables with authorization information to system.metadata #25907
Conversation
homar
force-pushed
the
homar/add_authorizations_metadata
branch
2 times, most recently
from
a7392e0 to
2ff0516
Compare
homar
changed the title
…25907 Trino supports ALTER (TABLE | FUNCTION | SCHEMA) SET AUTHORIZATION for quite some time. However there is no way to retrieve this information. This commit fixes this by introducing system.metadata.(tables | schemas | functions)_authorization tables.
homar
force-pushed
the
homar/add_authorizations_metadata
branch
from
2ff0516 to
d6e48b8
Compare
| /** | ||
| * Returns list of schemas authorization info | ||
| */ | ||
| Set<SchemaAuthorization> getAllSchemasAuthorizationInfo(Session session, QualifiedTablePrefix prefix); |
There was a problem hiding this comment.
nit: put schema first, then tables and functions last?
| /** | ||
| * Returns all tables authorization information | ||
| */ | ||
| Set<TableAuthorization> getAllTablesAuthorizationInfo(Session session, QualifiedTablePrefix prefix); |
There was a problem hiding this comment.
nit: I'd say All infix is redundant
| .build(); | ||
| } | ||
|
|
||
| private Set<TableAuthorization> getOwnershipInfoInternal(Map<CatalogSchemaTableName, Identity> owners, QualifiedTablePrefix prefix) |
There was a problem hiding this comment.
nit: just combine maps instead of extracting this method?
| @@ -85,6 +86,20 @@ public static List<CatalogInfo> listCatalogs(Session session, Metadata metadata, | |||
| .collect(toImmutableList()); | |||
| } | |||
|
|
|||
| public static Set<CatalogSchemaName> listAllAvailableSchemas( | |||
There was a problem hiding this comment.
Is this method actually needed if all it does is delegating to listCatalogNames and listSchemas?
There was a problem hiding this comment.
it only does delegation BUT i would need to reuse this code in 3 places so I decided it is a good idea to actually extract it to a separated method
| getQueryRunner().execute(tableOwner1, "CREATE TABLE %s (id INT)".formatted(table1)); | ||
| assertQuery( | ||
| "SELECT * FROM system.metadata.tables_authorization", | ||
| "VALUES('blackhole', 'default', '%s', 'USER', '%s')".formatted(table1, tableOwnerName1)); |
There was a problem hiding this comment.
That's the only test using blackhole catalog instead of memory_test, why?
There was a problem hiding this comment.
because I was not able to create a function in blackhole catalog so functions are tested using memory (and memory_test to check that table returns functions from different catalogs).
I can change this to also use memory
| @@ -240,4 +243,19 @@ default void validateEntityKindAndPrivileges(Session session, String entityKind, | |||
| * to be fully qualified, i.e., if the entity is a table, the name is of size three. | |||
| */ | |||
| void setEntityOwner(Session session, EntityKindAndName entityKindAndName, TrinoPrincipal principal); | |||
There was a problem hiding this comment.
Don't we need a generic function like this one? Also I am not a fun that in one place we call it "authorization" and in other "owner". Maybe we should rename setEntityOwner to setEntityAuthorization?
Map<String, TrinoPrincipal> getEntityAuthorizations(Session session, String entityKind);
Optional<TrinoPrincipal> getEntityAuthorization(Session session, EntityKindAndName entityKindAndName);
?
Also, if we would go this path then it means we just need system.metadata.entity_authorization table.
There was a problem hiding this comment.
I see your point, however I am not sure which path to follow now. Both makes sense, I think the generic one may be little more complex and there will be place in the code where finally we will map those generic types to tables + schemas + functions so I am not sure if this is worth the effort.
Your call
| @@ -240,4 +243,19 @@ default void validateEntityKindAndPrivileges(Session session, String entityKind, | |||
| * to be fully qualified, i.e., if the entity is a table, the name is of size three. | |||
| */ | |||
| void setEntityOwner(Session session, EntityKindAndName entityKindAndName, TrinoPrincipal principal); | |||
|
|
|||
| /** | |||
| * Returns all tables authorization information | |||
There was a problem hiding this comment.
nit: This javadocs does not say more that the method name. I would drop it.
| /** | ||
| * Returns all schemas authorization information | ||
| */ | ||
| Set<SchemaAuthorization> getAllSchemasAuthorizationInfo(Session session, QualifiedTablePrefix prefix); |
There was a problem hiding this comment.
It is odd to pass QualifiedTablePrefix as it is not a table. I mean if one passed schema_name parameter then you should return just that schema.
There was a problem hiding this comment.
when schema name is passed then it is easy, but this is an optimization for situation when only catalog is known, instead of returning all schemas from all catalogs when can just get schemas for a specific catalog
…25907 Trino supports ALTER (TABLE | FUNCTION | SCHEMA) SET AUTHORIZATION for quite some time. However there is no way to retrieve this information. This commit fixes this by introducing system.metadata.(tables | schemas | functions)_authorization tables.
homar
force-pushed
the
homar/add_authorizations_metadata
branch
from
d6e48b8 to
4bdaae9
Compare
…25907 Trino supports ALTER (TABLE | FUNCTION | SCHEMA) SET AUTHORIZATION for quite some time. However there is no way to retrieve this information. This commit fixes this by introducing system.metadata.(tables | schemas | functions)_authorization tables.
homar
force-pushed
the
homar/add_authorizations_metadata
branch
from
4bdaae9 to
91ca0d7
Compare
…25907 Trino supports ALTER (TABLE | FUNCTION | SCHEMA) SET AUTHORIZATION for quite some time. However there is no way to retrieve this information. This commit fixes this by introducing system.metadata.(tables | schemas | functions)_authorization tables.
homar
force-pushed
the
homar/add_authorizations_metadata
branch
from
91ca0d7 to
21bc502
Compare
Description
Add tables with authorization information to system.metadata #25907
Trino supports ALTER (TABLE | FUNCTION | SCHEMA) SET AUTHORIZATION for quite some time.
However there is no way to retrieve this information. This commit fixes this by
introducing system.metadata.(tables | schemas | functions)_authorization tables.
Additional context and related issues
Release notes
( ) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required. Please propose a release note for me.
(x) Release notes are required, with the following suggested text: