This is an automated email from the ASF dual-hosted git repository.
chengpan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-kyuubi.git
The following commit(s) were added to refs/heads/master by this push:
new c23af957e [KYUUBI #3672][Subtask] Get table owner for DDL/DML v1
commands
c23af957e is described below
commit c23af957e9fd8863ee198bc64659f71c03f43838
Author: zhouyifan279 <[email protected]>
AuthorDate: Sun Oct 23 22:09:59 2022 +0800
[KYUUBI #3672][Subtask] Get table owner for DDL/DML v1 commands
### _Why are the changes needed?_
Subtask of #3607
### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including
negative and positive cases if possible
- [ ] Add screenshots for manual tests if appropriate
- [x] [Run
test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests)
locally before make a pull request
Closes #3678 from zhouyifan279/3672.
Closes #3672
c621db77 [zhouyifan279] Query in AlterViewAsCommand can not be resolved
before SPARK-34698
93cb02cc [zhouyifan279] Table may not exist
59215969 [zhouyifan279] [KYUUBI #3672][Subtask] Get table owner for DDL/DML
v1 commands
6359525c [zhouyifan279] [KYUUBI #3672][Subtask] Get table owner for DDL/DML
v1 commands
Authored-by: zhouyifan279 <[email protected]>
Signed-off-by: Cheng Pan <[email protected]>
---
.../plugin/spark/authz/PrivilegesBuilder.scala | 96 ++++++++++++++--------
.../plugin/spark/authz/util/AuthZUtils.scala | 25 ++++--
.../spark/authz/PrivilegesBuilderSuite.scala | 81 +++++++++++++-----
3 files changed, 142 insertions(+), 60 deletions(-)
diff --git
a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
index 56a32be74..c77792803 100644
---
a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
+++
b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -21,7 +21,7 @@ import scala.collection.mutable.ArrayBuffer
import org.apache.spark.sql.SparkSession
import org.apache.spark.sql.catalyst.{FunctionIdentifier, TableIdentifier}
-import org.apache.spark.sql.catalyst.analysis.{PersistedView, ViewType}
+import org.apache.spark.sql.catalyst.analysis.{NoSuchTableException,
PersistedView, ViewType}
import org.apache.spark.sql.catalyst.catalog.CatalogTable
import org.apache.spark.sql.catalyst.catalog.CatalogTypes.TablePartitionSpec
import org.apache.spark.sql.catalyst.expressions.{Expression, ExpressionInfo,
NamedExpression}
@@ -108,7 +108,7 @@ object PrivilegesBuilder {
conditionList: Seq[NamedExpression] = Nil): Unit = {
def mergeProjection(table: CatalogTable, plan: LogicalPlan): Unit = {
- val tableOwner = Option(table.owner).filter(_.nonEmpty)
+ val tableOwner = extractTableOwner(table)
if (projectionList.isEmpty) {
privilegeObjects += tablePrivileges(
table.identifier,
@@ -227,6 +227,22 @@ object PrivilegesBuilder {
getPlanField[LogicalPlan]("query")
}
+ def tablePrivilegesWithOwner(
+ tableId: TableIdentifier,
+ columns: Seq[String] = Nil,
+ actionType: PrivilegeObjectActionType =
PrivilegeObjectActionType.OTHER)
+ : PrivilegeObject = {
+ val owner =
+ try {
+ val table = spark.sessionState.catalog.getTableMetadata(tableId)
+ extractTableOwner(table)
+ } catch {
+ case _: NoSuchTableException =>
+ None
+ }
+ tablePrivileges(tableId, columns, owner, actionType)
+ }
+
plan.nodeName match {
case v2Cmd if v2Commands.accept(v2Cmd) =>
v2Commands.withName(v2Cmd).buildPrivileges(plan, inputObjs, outputObjs)
@@ -244,63 +260,65 @@ object PrivilegesBuilder {
case "AlterTableAddColumnsCommand" =>
val table = getPlanField[TableIdentifier]("table")
val cols = getPlanField[Seq[StructField]]("colsToAdd").map(_.name)
- outputObjs += tablePrivileges(table, cols)
+ outputObjs += tablePrivilegesWithOwner(table, cols)
case "AlterTableAddPartitionCommand" =>
val table = getTableName
val cols = getPlanField[Seq[(TablePartitionSpec,
Option[String])]]("partitionSpecsAndLocs")
.flatMap(_._1.keySet).distinct
- outputObjs += tablePrivileges(table, cols)
+ outputObjs += tablePrivilegesWithOwner(table, cols)
case "AlterTableChangeColumnCommand" =>
val table = getTableName
val cols = getPlanField[String]("columnName") :: Nil
- outputObjs += tablePrivileges(table, cols)
+ outputObjs += tablePrivilegesWithOwner(table, cols)
case "AlterTableDropPartitionCommand" =>
val table = getTableName
val cols =
getPlanField[Seq[TablePartitionSpec]]("specs").flatMap(_.keySet).distinct
- outputObjs += tablePrivileges(table, cols)
+ outputObjs += tablePrivilegesWithOwner(table, cols)
case "AlterTableRenameCommand" =>
val oldTable = getPlanField[TableIdentifier]("oldName")
val newTable = getPlanField[TableIdentifier]("newName")
if (!isTempView(oldTable, spark)) {
- outputObjs += tablePrivileges(oldTable, actionType =
PrivilegeObjectActionType.DELETE)
+ outputObjs += tablePrivilegesWithOwner(
+ oldTable,
+ actionType = PrivilegeObjectActionType.DELETE)
outputObjs += tablePrivileges(newTable)
}
// this is for spark 3.1 or below
case "AlterTableRecoverPartitionsCommand" =>
val table = getTableName
- outputObjs += tablePrivileges(table)
+ outputObjs += tablePrivilegesWithOwner(table)
case "AlterTableRenamePartitionCommand" =>
val table = getTableName
val cols =
getPlanField[TablePartitionSpec]("oldPartition").keySet.toSeq
- outputObjs += tablePrivileges(table, cols)
+ outputObjs += tablePrivilegesWithOwner(table, cols)
case "AlterTableSerDePropertiesCommand" =>
val table = getTableName
val cols = getPlanField[Option[TablePartitionSpec]]("partSpec")
.toSeq.flatMap(_.keySet)
- outputObjs += tablePrivileges(table, cols)
+ outputObjs += tablePrivilegesWithOwner(table, cols)
case "AlterTableSetLocationCommand" =>
val table = getTableName
val cols = getPlanField[Option[TablePartitionSpec]]("partitionSpec")
.toSeq.flatMap(_.keySet)
- outputObjs += tablePrivileges(table, cols)
+ outputObjs += tablePrivilegesWithOwner(table, cols)
case "AlterTableSetPropertiesCommand" |
"AlterTableUnsetPropertiesCommand" =>
val table = getTableName
- outputObjs += tablePrivileges(table)
+ outputObjs += tablePrivilegesWithOwner(table)
case "AlterViewAsCommand" =>
val view = getPlanField[TableIdentifier]("name")
if (!isTempView(view, spark)) {
- outputObjs += tablePrivileges(view)
+ outputObjs += tablePrivilegesWithOwner(view)
}
buildQuery(getQuery, inputObjs)
@@ -314,18 +332,18 @@ object PrivilegesBuilder {
} else {
getPlanField[Seq[String]]("columnNames")
}
- inputObjs += tablePrivileges(table, cols)
+ inputObjs += tablePrivilegesWithOwner(table, cols)
case "AnalyzePartitionCommand" =>
val table = getTableIdent
val cols = getPlanField[Map[String, Option[String]]]("partitionSpec")
.keySet.toSeq
- inputObjs += tablePrivileges(table, cols)
+ inputObjs += tablePrivilegesWithOwner(table, cols)
case "AnalyzeTableCommand" |
"RefreshTableCommand" |
"RefreshTable" =>
- inputObjs += tablePrivileges(getTableIdent)
+ inputObjs += tablePrivilegesWithOwner(getTableIdent)
case "AnalyzeTablesCommand" =>
val db = getPlanField[Option[String]]("databaseName")
@@ -390,7 +408,7 @@ object PrivilegesBuilder {
case "CreateTableLikeCommand" =>
val target =
setCurrentDBIfNecessary(getPlanField[TableIdentifier]("targetTable"), spark)
val source =
setCurrentDBIfNecessary(getPlanField[TableIdentifier]("sourceTable"), spark)
- inputObjs += tablePrivileges(source)
+ inputObjs += tablePrivilegesWithOwner(source)
outputObjs += tablePrivileges(target)
case "CreateTempViewUsing" =>
@@ -398,11 +416,11 @@ object PrivilegesBuilder {
case "DescribeColumnCommand" =>
val table = getPlanField[TableIdentifier]("table")
val cols = getPlanField[Seq[String]]("colNameParts").takeRight(1)
- inputObjs += tablePrivileges(table, cols)
+ inputObjs += tablePrivilegesWithOwner(table, cols)
case "DescribeTableCommand" =>
val table =
setCurrentDBIfNecessary(getPlanField[TableIdentifier]("table"), spark)
- inputObjs += tablePrivileges(table)
+ inputObjs += tablePrivilegesWithOwner(table)
case "DescribeDatabaseCommand" | "SetDatabaseCommand" =>
val database = getPlanField[String]("databaseName")
@@ -429,7 +447,7 @@ object PrivilegesBuilder {
case "DropTableCommand" =>
if (!isTempView(getPlanField[TableIdentifier]("tableName"), spark)) {
- outputObjs += tablePrivileges(getTableName)
+ outputObjs += tablePrivilegesWithOwner(getTableName)
}
case "ExplainCommand" =>
@@ -441,7 +459,10 @@ object PrivilegesBuilder {
logicalRelation.catalogTable.foreach { t =>
val overwrite = getPlanField[Boolean]("overwrite")
val actionType = if (overwrite) INSERT_OVERWRITE else INSERT
- outputObjs += tablePrivileges(t.identifier, actionType = actionType)
+ outputObjs += tablePrivileges(
+ t.identifier,
+ owner = extractTableOwner(t),
+ actionType = actionType)
}
buildQuery(getQuery, inputObjs)
@@ -453,10 +474,11 @@ object PrivilegesBuilder {
buildQuery(getQuery, inputObjs)
case "InsertIntoHiveTable" =>
- val table = getPlanField[CatalogTable]("table").identifier
+ val table = getPlanField[CatalogTable]("table")
val overwrite = getPlanField[Boolean]("overwrite")
val actionType = if (overwrite) INSERT_OVERWRITE else INSERT
- outputObjs += tablePrivileges(table, actionType = actionType)
+ val owner = extractTableOwner(table)
+ outputObjs += tablePrivileges(table.identifier, owner = owner,
actionType = actionType)
buildQuery(getQuery, inputObjs)
case "LoadDataCommand" =>
@@ -465,16 +487,16 @@ object PrivilegesBuilder {
val actionType = if (overwrite) INSERT_OVERWRITE else INSERT
val cols = getPlanField[Option[TablePartitionSpec]]("partition")
.map(_.keySet).getOrElse(Nil)
- outputObjs += tablePrivileges(table, cols.toSeq, actionType =
actionType)
+ outputObjs += tablePrivilegesWithOwner(table, cols.toSeq, actionType =
actionType)
case "RepairTableCommand" =>
val enableAddPartitions = getPlanField[Boolean]("enableAddPartitions")
if (enableAddPartitions) {
- outputObjs += tablePrivileges(getTableName, actionType = INSERT)
+ outputObjs += tablePrivilegesWithOwner(getTableName, actionType =
INSERT)
} else if (getPlanField[Boolean]("enableDropPartitions")) {
- outputObjs += tablePrivileges(getTableName, actionType = DELETE)
+ outputObjs += tablePrivilegesWithOwner(getTableName, actionType =
DELETE)
} else {
- inputObjs += tablePrivileges(getTableName)
+ inputObjs += tablePrivilegesWithOwner(getTableName)
}
case "SetCatalogAndNamespace" =>
@@ -506,47 +528,51 @@ object PrivilegesBuilder {
val table = getTableName
val cols = getPlanField[Option[TablePartitionSpec]]("partitionSpec")
.map(_.keySet).getOrElse(Nil)
- outputObjs += tablePrivileges(table, cols.toSeq)
+ outputObjs += tablePrivilegesWithOwner(table, cols.toSeq)
case "ShowColumnsCommand" =>
- inputObjs += tablePrivileges(getTableName)
+ inputObjs += tablePrivilegesWithOwner(getTableName)
case "ShowCreateTableCommand" |
"ShowCreateTableAsSerdeCommand" |
"ShowTablePropertiesCommand" =>
val table = getPlanField[TableIdentifier]("table")
- inputObjs += tablePrivileges(table)
+ inputObjs += tablePrivilegesWithOwner(table)
case "ShowTableProperties" =>
val resolvedTable = getPlanField[Any]("table")
val identifier = getFieldVal[AnyRef](resolvedTable, "identifier")
val namespace = invoke(identifier,
"namespace").asInstanceOf[Array[String]]
val table = invoke(identifier, "name").asInstanceOf[String]
+ val owner = getTableOwnerFromV2Plan(resolvedTable,
identifier.asInstanceOf[Identifier])
inputObjs += PrivilegeObject(
TABLE_OR_VIEW,
PrivilegeObjectActionType.OTHER,
quote(namespace),
table,
- Nil)
+ Nil,
+ owner)
case "ShowCreateTable" =>
val resolvedTable = getPlanField[Any]("child")
val identifier = getFieldVal[AnyRef](resolvedTable, "identifier")
val namespace = invoke(identifier,
"namespace").asInstanceOf[Array[String]]
val table = invoke(identifier, "name").asInstanceOf[String]
+ val owner = getTableOwnerFromV2Plan(resolvedTable,
identifier.asInstanceOf[Identifier])
inputObjs += PrivilegeObject(
TABLE_OR_VIEW,
PrivilegeObjectActionType.OTHER,
quote(namespace),
table,
- Nil)
+ Nil,
+ owner)
case "ShowFunctionsCommand" =>
case "ShowPartitionsCommand" =>
val cols = getPlanField[Option[TablePartitionSpec]]("spec")
.map(_.keySet.toSeq).getOrElse(Nil)
- inputObjs += tablePrivileges(getTableName, cols)
+ inputObjs += tablePrivilegesWithOwner(getTableName, cols)
case "SetNamespaceProperties" | "SetNamespaceLocation" =>
val resolvedNamespace = getPlanField[Any]("namespace")
@@ -558,12 +584,14 @@ object PrivilegesBuilder {
val identifier = getFieldVal[AnyRef](relation, "identifier")
val namespace = invoke(identifier,
"namespace").asInstanceOf[Array[String]]
val table = invoke(identifier, "name").asInstanceOf[String]
+ val owner = getTableOwnerFromV2Plan(relation,
identifier.asInstanceOf[Identifier])
outputObjs += PrivilegeObject(
TABLE_OR_VIEW,
PrivilegeObjectActionType.UPDATE,
quote(namespace),
table,
- Nil)
+ Nil,
+ owner)
case _ =>
// AddArchivesCommand
diff --git
a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
index 373706bdf..801978ea9 100644
---
a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
+++
b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/util/AuthZUtils.scala
@@ -17,8 +17,6 @@
package org.apache.kyuubi.plugin.spark.authz.util
-import java.util
-
import scala.util.{Failure, Success, Try}
import org.apache.hadoop.security.UserGroupInformation
@@ -26,7 +24,7 @@ import org.apache.spark.{SPARK_VERSION, SparkContext}
import org.apache.spark.sql.catalyst.TableIdentifier
import org.apache.spark.sql.catalyst.catalog.CatalogTable
import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, View}
-import org.apache.spark.sql.connector.catalog.Identifier
+import org.apache.spark.sql.connector.catalog.{CatalogPlugin, Identifier,
Table, TableCatalog}
private[authz] object AuthZUtils {
@@ -91,6 +89,10 @@ private[authz] object AuthZUtils {
getFieldVal[CatalogTable](plan, "tableMeta")
}
+ def extractTableOwner(table: CatalogTable): Option[String] = {
+ Option(table.owner).filter(_.nonEmpty)
+ }
+
def hasResolvedDatasourceTable(plan: LogicalPlan): Boolean = {
plan.nodeName == "LogicalRelation" && plan.resolved
}
@@ -108,15 +110,26 @@ private[authz] object AuthZUtils {
}
def getDatasourceV2TableOwner(plan: LogicalPlan): Option[String] = {
- val table = getFieldVal[AnyRef](plan, "table")
- val properties = invoke(table, "properties").asInstanceOf[util.Map[String,
String]]
- Option(properties.get("owner"))
+ val table = getFieldVal[Table](plan, "table")
+ Option(table.properties.get("owner"))
}
def getTableIdentifierFromV2Identifier(id: Identifier): TableIdentifier = {
TableIdentifier(id.name(), Some(quote(id.namespace())))
}
+ def getTableOwnerFromV2Plan(
+ child: Any,
+ identifier: Identifier,
+ catalogField: String = "catalog"): Option[String] = {
+ getFieldVal[CatalogPlugin](child, catalogField) match {
+ case tableCatalog: TableCatalog =>
+ val table = tableCatalog.loadTable(identifier)
+ Option(table.properties().get("owner"))
+ case _ => None
+ }
+ }
+
def hasResolvedPermanentView(plan: LogicalPlan): Boolean = {
plan match {
case view: View if view.resolved && isSparkVersionAtLeast("3.1.0") =>
diff --git
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index b4c6dfb7b..89be44630 100644
---
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -123,24 +123,34 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
test("AlterTableRenameCommand") {
withTable(s"$reusedDb.efg") { t =>
- sql(s"CREATE TABLE IF NOT EXISTS ${reusedTable}_old" +
- s" (key int, value string) USING parquet")
- // toLowerCase because of: SPARK-38587
- val plan =
- sql(s"ALTER TABLE
${reusedDb.toLowerCase}.${getClass.getSimpleName}_old" +
- s" RENAME TO $t").queryExecution.analyzed
- val operationType = OperationType(plan.nodeName)
- assert(operationType === ALTERTABLE_RENAME)
- val tuple = PrivilegesBuilder.build(plan, spark)
- assert(tuple._1.isEmpty)
- assert(tuple._2.size === 2)
- tuple._2.foreach { po =>
- assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
- assert(po.dbname equalsIgnoreCase reusedDb)
- assert(Set(reusedDb + "_old", "efg").contains(po.objectName))
- assert(po.columns.isEmpty)
- val accessType = ranger.AccessType(po, operationType, isInput = false)
- assert(Set(AccessType.CREATE, AccessType.DROP).contains(accessType))
+ withTable(s"${reusedTable}_old") { oldTable =>
+ val oldTableShort = oldTable.split("\\.").last
+ val create = s"CREATE TABLE IF NOT EXISTS $oldTable" +
+ s" (key int, value string) USING parquet"
+ sql(create)
+ // toLowerCase because of: SPARK-38587
+ val plan =
+ sql(s"ALTER TABLE ${reusedDb.toLowerCase}.$oldTableShort" +
+ s" RENAME TO $t").queryExecution.analyzed
+ // re-create oldTable because we needs to get table owner from table
metadata later
+ sql(create)
+
+ val operationType = OperationType(plan.nodeName)
+ assert(operationType === ALTERTABLE_RENAME)
+ val tuple = PrivilegesBuilder.build(plan, spark)
+ assert(tuple._1.isEmpty)
+ assert(tuple._2.size === 2)
+ tuple._2.foreach { po =>
+ assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
+ assert(po.dbname equalsIgnoreCase reusedDb)
+ assert(Set(oldTableShort, "efg").contains(po.objectName))
+ assert(po.columns.isEmpty)
+ val accessType = ranger.AccessType(po, operationType, isInput =
false)
+ assert(Set(AccessType.CREATE, AccessType.DROP).contains(accessType))
+ if (accessType === AccessType.DROP) {
+ checkTableOwner(po)
+ }
+ }
}
}
}
@@ -198,6 +208,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po.dbname equalsIgnoreCase reusedDb)
assert(po.objectName === reusedPartTableShort)
assert(po.columns.head === "pid")
+ checkTableOwner(po)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.ALTER)
}
@@ -216,6 +227,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po.dbname equalsIgnoreCase reusedDb)
assert(po.objectName === reusedPartTableShort)
assert(po.columns.head === "pid")
+ checkTableOwner(po)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.ALTER)
}
@@ -249,6 +261,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po.dbname equalsIgnoreCase reusedDb)
assert(po.objectName equalsIgnoreCase tableName.split("\\.").last)
assert(po.columns.isEmpty)
+ checkTableOwner(po)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.ALTER)
}
@@ -272,6 +285,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po.dbname equalsIgnoreCase reusedDb)
assert(po.objectName === reusedPartTableShort)
assert(po.columns.head === "pid")
+ checkTableOwner(po)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.ALTER)
}
@@ -293,6 +307,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po.dbname === reusedDb)
assert(po.objectName === reusedPartTableShort)
assert(po.columns.head === "pid")
+ checkTableOwner(po)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.ALTER)
}
@@ -314,6 +329,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po.dbname === reusedDb)
assert(po.objectName === reusedTable.split("\\.").last)
assert(po.columns.isEmpty)
+ checkTableOwner(po)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.ALTER)
}
@@ -332,8 +348,11 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po0.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
assert(po0.dbname equalsIgnoreCase reusedDb)
assert(po0.objectName equalsIgnoreCase reusedPartTableShort)
- // ignore this check as it behaves differently across spark versions
- // assert(po0.columns === Seq("key", "value", "pid"))
+ if (isSparkV32OrGreater) {
+ // Query in AlterViewAsCommand can not be resolved before SPARK-34698
+ assert(po0.columns === Seq("key", "value", "pid"))
+ checkTableOwner(po0)
+ }
val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
assert(accessType0 === AccessType.SELECT)
@@ -343,6 +362,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
assert(po.dbname === (if (isSparkV2) null else "default"))
assert(po.objectName === "AlterViewAsCommand")
+ checkTableOwner(po)
assert(po.columns.isEmpty)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.ALTER)
@@ -362,6 +382,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po0.objectName equalsIgnoreCase reusedPartTableShort)
// ignore this check as it behaves differently across spark versions
assert(po0.columns === Seq("key"))
+ checkTableOwner(po0)
val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
assert(accessType0 === AccessType.SELECT)
@@ -382,6 +403,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po0.objectName equalsIgnoreCase reusedPartTableShort)
// ignore this check as it behaves differently across spark versions
assert(po0.columns === Seq("pid"))
+ checkTableOwner(po0)
val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
assert(accessType0 === AccessType.SELECT)
@@ -402,6 +424,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po0.objectName equalsIgnoreCase reusedPartTableShort)
// ignore this check as it behaves differently across spark versions
assert(po0.columns.isEmpty)
+ checkTableOwner(po0)
val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
assert(accessType0 === AccessType.SELECT)
@@ -441,6 +464,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po0.dbname equalsIgnoreCase reusedDb)
assert(po0.objectName equalsIgnoreCase reusedDb)
assert(po0.columns.isEmpty)
+ checkTableOwner(po0)
val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
assert(accessType0 === AccessType.SELECT)
@@ -662,6 +686,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po0.dbname equalsIgnoreCase reusedDb)
assert(po0.objectName equalsIgnoreCase reusedTable.split("\\.").last)
assert(po0.columns.isEmpty)
+ checkTableOwner(po0)
val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
assert(accessType0 === AccessType.SELECT)
@@ -693,6 +718,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po0.dbname equalsIgnoreCase reusedDb)
assert(po0.objectName equalsIgnoreCase reusedTable.split("\\.").last)
assert(po0.columns.isEmpty)
+ checkTableOwner(po0)
val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
assert(accessType0 === AccessType.SELECT)
@@ -731,6 +757,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po.dbname equalsIgnoreCase reusedDb)
assert(po.objectName equalsIgnoreCase reusedTable.split("\\.").last)
assert(po.columns === Seq("key"))
+ checkTableOwner(po)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.SELECT)
@@ -749,6 +776,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po.dbname equalsIgnoreCase reusedDb)
assert(po.objectName equalsIgnoreCase reusedTable.split("\\.").last)
assert(po.columns.isEmpty)
+ checkTableOwner(po)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.SELECT)
@@ -810,6 +838,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po.dbname equalsIgnoreCase reusedDb)
assert(po.objectName === reusedPartTableShort)
assert(po.columns.head === "pid")
+ checkTableOwner(po)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.UPDATE)
}
@@ -826,6 +855,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po0.dbname equalsIgnoreCase reusedDb)
assert(po0.objectName equalsIgnoreCase reusedTable.split("\\.").last)
assert(po0.columns.isEmpty)
+ checkTableOwner(po0)
val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
assert(accessType0 === AccessType.SELECT)
@@ -844,6 +874,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po0.dbname equalsIgnoreCase reusedDb)
assert(po0.objectName equalsIgnoreCase reusedTable.split("\\.").last)
assert(po0.columns.isEmpty)
+ checkTableOwner(po0)
val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
assert(accessType0 === AccessType.SELECT)
@@ -862,6 +893,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po0.dbname equalsIgnoreCase reusedDb)
assert(po0.objectName equalsIgnoreCase reusedTable.split("\\.").last)
assert(po0.columns.isEmpty)
+ checkTableOwner(po0)
val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
assert(accessType0 === AccessType.SELECT)
@@ -890,6 +922,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po0.dbname equalsIgnoreCase reusedDb)
assert(po0.objectName equalsIgnoreCase reusedPartTableShort)
assert(po0.columns === Seq("pid"))
+ checkTableOwner(po0)
val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
assert(accessType0 === AccessType.SELECT)
@@ -925,6 +958,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po.dbname equalsIgnoreCase reusedDb)
assert(po.objectName equalsIgnoreCase tableName.split("\\.").last)
assert(po.columns.isEmpty)
+ checkTableOwner(po)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.UPDATE)
}
@@ -1227,6 +1261,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po.dbname equalsIgnoreCase reusedDb)
assert(po.objectName === getClass.getSimpleName)
assert(po.columns.head === "a")
+ checkTableOwner(po)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.ALTER)
}
@@ -1246,6 +1281,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(po.dbname equalsIgnoreCase reusedDb)
assert(po.objectName === getClass.getSimpleName)
assert(po.columns.head === "value")
+ checkTableOwner(po)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.ALTER)
}
@@ -1333,6 +1369,7 @@ class HiveCatalogPrivilegeBuilderSuite extends
PrivilegesBuilderSuite {
assert(po.dbname === "default")
assert(po.objectName === t)
assert(po.columns.head === "pid")
+ checkTableOwner(po)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.ALTER)
}
@@ -1415,6 +1452,7 @@ class HiveCatalogPrivilegeBuilderSuite extends
PrivilegesBuilderSuite {
assert(po0.dbname equalsIgnoreCase reusedDb)
assert(po0.objectName equalsIgnoreCase tableName.split("\\.").last)
assert(po0.columns.isEmpty)
+ checkTableOwner(po0)
val accessType0 = ranger.AccessType(po0, operationType, isInput = false)
assert(accessType0 === AccessType.UPDATE)
}
@@ -1498,6 +1536,7 @@ class HiveCatalogPrivilegeBuilderSuite extends
PrivilegesBuilderSuite {
assert(po.dbname equalsIgnoreCase "default")
assert(po.objectName equalsIgnoreCase tableName)
assert(po.columns.isEmpty)
+ checkTableOwner(po)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.UPDATE)
@@ -1586,6 +1625,7 @@ class HiveCatalogPrivilegeBuilderSuite extends
PrivilegesBuilderSuite {
assert(po.dbname equalsIgnoreCase "default")
assert(po.objectName equalsIgnoreCase tableName)
assert(po.columns.isEmpty)
+ checkTableOwner(po)
val accessType = ranger.AccessType(po, operationType, isInput = false)
assert(accessType === AccessType.UPDATE)
}
@@ -1607,6 +1647,7 @@ class HiveCatalogPrivilegeBuilderSuite extends
PrivilegesBuilderSuite {
assert(po0.dbname === "default")
assert(po0.objectName === t)
assert(po0.columns.isEmpty)
+ checkTableOwner(po0)
val accessType0 = ranger.AccessType(po0, operationType, isInput = true)
assert(accessType0 === AccessType.SELECT)
