Always provision required Stackable Trino policies e.g. for graceful shutdown #574
Description
We want to provision some policies by Stackable and merge the user-provided ones on top.
This is needed e.g. for graceful shutdown, where the user admin needs the permission to initiate a graceful shutdown of workers. If the users does not allow this, graceful shutdown is broken.
We don't want to rely only on documentation ("Please allow this, please allow that" sprinkled all over the documentation), but instead make some assumptions and hard-roll those roles. E.g. we know that a.) graceful shutdown is always used b.) It's always the user admin issuing the graceful shutdown.
So the plan is something like
stackable_default_policies := { "system_information": [{"user": "admin", "allow": ["read", "write"]}], ... }
user_provided_policies := data.trino_policies.policies
policies := stackable_default_policies.union(user_provided_policies)The Stackable default policies can be easily documented. Changes in various places in our code cannot.
If there are problematic edge cases with union then we can create our own merge function. This wouldn't be too hard because we know exactly how the structure of policies looks like.
### Tasks
- [x] https://github.com/stackabletech/trino-operator/pull/573 is updated with what we implemented and merged
- [x] The end-to-end-security is checked for graceful shutdown. It is updated to pull in the new rego rules -> https://github.com/stackabletech/demos/pull/41