Remove deprecated SystemAccessControl#checkCanSetSystemSessionProperty

It was deprecated in 445 when a replacement method was added; I guess 10 versions is long enough for a transition period.
trinodb · Nov 8, 2024 · 71a0b9d · 71a0b9d
1 parent 3f5df6f
commit 71a0b9d
Show file tree

Hide file tree

Showing 6 changed files with 4 additions and 31 deletions.
diff --git a/core/trino-spi/src/main/java/io/trino/spi/security/SystemAccessControl.java b/core/trino-spi/src/main/java/io/trino/spi/security/SystemAccessControl.java
@@ -191,26 +191,14 @@ default void checkCanWriteSystemInformation(Identity identity)
         denyWriteSystemInformationAccess();
     }
 
-    /**
-     * Check if identity is allowed to set the specified system property.
-     *
-     * @throws AccessDeniedException if not allowed
-     * @deprecated use {@link #checkCanSetSystemSessionProperty(Identity, QueryId, String)}
-     */
-    @Deprecated
-    default void checkCanSetSystemSessionProperty(Identity identity, String propertyName)
-    {
-        denySetSystemSessionProperty(propertyName);
-    }
-
     /**
      * Check if identity is allowed to set the specified system property.
      *
      * @throws AccessDeniedException if not allowed
      */
     default void checkCanSetSystemSessionProperty(Identity identity, QueryId queryId, String propertyName)
     {
-        checkCanSetSystemSessionProperty(identity, propertyName);
+        denySetSystemSessionProperty(propertyName);
     }
 
     /**

diff --git a/...ugin-toolkit/src/main/java/io/trino/plugin/base/security/AllowAllSystemAccessControl.java b/...ugin-toolkit/src/main/java/io/trino/plugin/base/security/AllowAllSystemAccessControl.java
@@ -95,9 +95,6 @@ public Collection<Identity> filterViewQueryOwnedBy(Identity identity, Collection
         return queryOwners;
     }
 
-    @Override
-    public void checkCanSetSystemSessionProperty(Identity identity, String propertyName) {}
-
     @Override
     public void checkCanSetSystemSessionProperty(Identity identity, QueryId queryId, String propertyName) {}
 

diff --git a/...gin-toolkit/src/main/java/io/trino/plugin/base/security/FileBasedSystemAccessControl.java b/...gin-toolkit/src/main/java/io/trino/plugin/base/security/FileBasedSystemAccessControl.java
@@ -380,7 +380,7 @@ private boolean checkCanSystemInformation(Identity identity, SystemInformationRu
     }
 
     @Override
-    public void checkCanSetSystemSessionProperty(Identity identity, String propertyName)
+    public void checkCanSetSystemSessionProperty(Identity identity, QueryId queryId, String propertyName)
     {
         boolean allowed = sessionPropertyRules.stream()
                 .map(rule -> rule.match(identity.getUser(), identity.getEnabledRoles(), identity.getGroups(), propertyName))
@@ -392,12 +392,6 @@ public void checkCanSetSystemSessionProperty(Identity identity, String propertyN
         }
     }
 
-    @Override
-    public void checkCanSetSystemSessionProperty(Identity identity, QueryId queryId, String propertyName)
-    {
-        checkCanSetSystemSessionProperty(identity, propertyName);
-    }
-
     @Override
     public boolean canAccessCatalog(SystemSecurityContext context, String catalogName)
     {

diff --git a/...in-toolkit/src/main/java/io/trino/plugin/base/security/ForwardingSystemAccessControl.java b/...in-toolkit/src/main/java/io/trino/plugin/base/security/ForwardingSystemAccessControl.java
@@ -107,12 +107,6 @@ public void checkCanKillQueryOwnedBy(Identity identity, Identity queryOwner)
         delegate().checkCanKillQueryOwnedBy(identity, queryOwner);
     }
 
-    @Override
-    public void checkCanSetSystemSessionProperty(Identity identity, String propertyName)
-    {
-        delegate().checkCanSetSystemSessionProperty(identity, propertyName);
-    }
-
     @Override
     public void checkCanSetSystemSessionProperty(Identity identity, QueryId queryId, String propertyName)
     {

diff --git a/plugin/trino-opa/src/main/java/io/trino/plugin/opa/OpaAccessControl.java b/plugin/trino-opa/src/main/java/io/trino/plugin/opa/OpaAccessControl.java
@@ -157,7 +157,7 @@ public void checkCanWriteSystemInformation(Identity identity)
     }
 
     @Override
-    public void checkCanSetSystemSessionProperty(Identity identity, String propertyName)
+    public void checkCanSetSystemSessionProperty(Identity identity, QueryId queryId, String propertyName)
     {
         opaHighLevelClient.queryAndEnforce(
                 buildQueryContext(identity),

diff --git a/plugin/trino-opa/src/test/java/io/trino/plugin/opa/TestOpaAccessControl.java b/plugin/trino-opa/src/test/java/io/trino/plugin/opa/TestOpaAccessControl.java
@@ -243,7 +243,7 @@ private void testIdentityResourceActions(
     @Test
     public void testStringResourceAction()
     {
-        testStringResourceAction("SetSystemSessionProperty", "systemSessionProperty", (accessControl, systemSecurityContext, argument) -> accessControl.checkCanSetSystemSessionProperty(systemSecurityContext.getIdentity(), argument));
+        testStringResourceAction("SetSystemSessionProperty", "systemSessionProperty", (accessControl, systemSecurityContext, argument) -> accessControl.checkCanSetSystemSessionProperty(systemSecurityContext.getIdentity(), TEST_QUERY_ID, argument));
         testStringResourceAction("CreateCatalog", "catalog", OpaAccessControl::checkCanCreateCatalog);
         testStringResourceAction("DropCatalog", "catalog", OpaAccessControl::checkCanDropCatalog);
         testStringResourceAction("ShowSchemas", "catalog", OpaAccessControl::checkCanShowSchemas);