Slate Alluxio metastore integration for removal

[findepi]

The Alluxio integration does not seem actively maintained and seems to
have quite small user base (for example, searching for Alluxio
over Trino Slack discussions since Jan 2022 didn't return any users
using Alluxio). Yet, as any integration, it causes problems as security
scanners sometimes flag Alluxio shaded client jar as being affected by
some CVE vulnerabilities.

Mark Alluxio integration as deprecated.

[martint]

cc @apc999 @rongrong, thoughts?

[martint]

@findepi, are those reports from scanners real security issues or false positives?

[findepi]

@electrum is probably better positioned to answer this question. I only know some users are concerned, but i don't know whether soundly so.

[rongrong]

Is there other concerns besides the security issues? Our latest release has fixed those issues. We just need to upgrade the dependency. @beinan is working on that.

[findepi]

We just need to upgrade the dependency. @beinan is working on that.

I am aware of #13609 and that it has been merged.

[martint]

There are two separate aspects of Alluxio integration:

• Metastore
• Caching layer

I don't think we should remove the caching layer -- there's evidence of usage in the wild (e.g, https://engineering.razorpay.com/how-trino-and-alluxio-power-analytics-at-razorpay-803d3386daaf), and Alluxio cache is still a supported product with a company behind it.

Regarding the Alluxio Metastore, I would like to hear from @rongrong, @beinan and @apc999 whether that product is still supported and whether there are any Trino users on it.

[beinan]

There are two separate aspects of Alluxio integration:

• Metastore
• Caching layer

I don't think we should remove the caching layer -- there's evidence of usage in the wild (e.g, https://engineering.razorpay.com/how-trino-and-alluxio-power-analytics-at-razorpay-803d3386daaf), and Alluxio cache is still a supported product with a company behind it.

Regarding the Alluxio Metastore, I would like to hear from @rongrong, @beinan and @apc999 whether that product is still supported and whether there are any Trino users on it.

Thank you @martint and @findepi for looking into this! I know a couple of users (e.g. a telecom operator in China) are still use the metastore from Alluixo, though this feature is not actively supported and might be rewrite in the future.

[findepi]

Dropping Alluxio metastore support would resolve #13270.
if Alluxio metastore is not supported by Alluxio itself, this is what we should do. am i hearing you right @beinan?

BTW this PR is about the metastore part. I updated the PR title to reflect that.

[colebow]

Do we want to include a release note for this?

[findepi]

@colebow good idea