search

trinodb / trino

Official repository of Trino, the distributed SQL query engine for big data, formerly known as PrestoSQL (https://trino.io)
https://trino.io
Apache License 2.0
10.35k stars 2.98k forks source link

Failed to integration with ranger 2.3 #20384

Closed njalan closed 9 months ago

njalan commented 9 months ago

It is working fine for trino 40.6 but failed for trini 436. Here is cat access-control.properties access-control.name=ranger ranger.use_ugi=true

Below is error message: 2024-01-16T16:03:50.560+0800 ERROR main io.trino.server.Server Access control org.apache.ranger.authorization.trino.authorizer.RangerSystemAccessControl must not implement removed method checkCanAccessCatalog(io.trino.spi.security.SystemSecurityContext, java.lang.String) java.lang.IllegalArgumentException: Access control org.apache.ranger.authorization.trino.authorizer.RangerSystemAccessControl must not implement removed method checkCanAccessCatalog(io.trino.spi.security.SystemSecurityContext, java.lang.String) at io.trino.security.AccessControlManager.mustNotDeclareMethod(AccessControlManager.java:1529) at io.trino.security.AccessControlManager.verifySystemAccessControl(AccessControlManager.java:1518) at com.google.common.collect.ImmutableList.forEach(ImmutableList.java:422)

ksobolew commented 9 months ago

The Ranger plugin is not part of the Trino project and so we can't keep it up-to-date with the changing SPI. If you rely on the plugin from the Ranger project then I'm afraid you're stuck with the Trino version is supports.

njalan commented 9 months ago

@ksobolew Actually it is trino code cause the isse. It is verifySystemAccessControl in AccessControlManager case the error. Why need to call this function? How to avoid this error? private static void verifySystemAccessControl(SystemAccessControl systemAccessControl) { Class<?> clazz = systemAccessControl.getClass(); mustNotDeclareMethod(clazz, "checkCanAccessCatalog", SystemSecurityContext.class, String.class); mustNotDeclareMethod(clazz, "checkCanGrantExecuteFunctionPrivilege", SystemSecurityContext.class, String.class, TrinoPrincipal.class, boolean.class); mustNotDeclareMethod(clazz, "checkCanExecuteFunction", SystemSecurityContext.class, String.class); mustNotDeclareMethod(clazz, "checkCanExecuteFunction", SystemSecurityContext.class, FunctionKind.class, CatalogSchemaRoutineName.class); mustNotDeclareMethod(clazz, "checkCanGrantExecuteFunctionPrivilege", SystemSecurityContext.class, FunctionKind.class, CatalogSchemaRoutineName.class, TrinoPrincipal.class, boolean.class); }

ksobolew commented 9 months ago

Trino is just saying that the Ranger plugin does not implement a compatible version of the SPI and it simply won't work.