This is an automated email from the ASF dual-hosted git repository.
yao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git
The following commit(s) were added to refs/heads/master by this push:
new aae38a97d [KYUUBI #5492][AUTHZ] saveAsTable create DataSource table
miss db info
aae38a97d is described below
commit aae38a97d0d51d947b5898c23f162b4f81f0e9cd
Author: Angerszhuuuu <[email protected]>
AuthorDate: Mon Oct 23 16:13:16 2023 +0800
[KYUUBI #5492][AUTHZ] saveAsTable create DataSource table miss db info
### _Why are the changes needed?_
To fix #5492
When we use saveAsTable and write as a DataSource table, since
CreateTableAsDataSource command's catalogTable was directly constructed by
identifier and only will check when executing, so here authz will miss db
information as below case
This fixes this issue by following the Spark's code
<img width="1256" alt="截屏2023-10-21 下午3 37 37"
src="https://github.com/apache/kyuubi/assets/46485123/d7c66db4-400b-4637-b75a-973a8a8a9968";>
### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including
negative and positive cases if possible
- [ ] Add screenshots for manual tests if appropriate
- [ ] [Run
test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests)
locally before make a pull request
### _Was this patch authored or co-authored using generative AI tooling?_
No
Closes #5493 from AngersZhuuuu/KYUUBI-5492.
Closes #5492
46867aff2 [Angerszhuuuu] update
7a4c86fe2 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5492
f56f29924 [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
7bcfc236a [Angerszhuuuu] Merge branch 'master' into KYUUBI-5492
6f2472811 [Angerszhuuuu] [KYUUBI #5492] saveAsTable create DataSource table
miss db info
Authored-by: Angerszhuuuu <[email protected]>
Signed-off-by: Kent Yao <[email protected]>
---
.../src/main/resources/table_command_spec.json | 6 +++---
.../kyuubi/plugin/spark/authz/gen/TableCommands.scala | 3 ++-
.../spark/authz/ranger/RangerSparkExtensionSuite.scala | 15 +++++++++++++++
3 files changed, 20 insertions(+), 4 deletions(-)
diff --git
a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 1d2b5dc88..0b09c902f 100644
---
a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++
b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -988,7 +988,7 @@
"tableTypeDesc" : null,
"catalogDesc" : null,
"isInput" : false,
- "setCurrentDatabaseIfMissing" : false
+ "setCurrentDatabaseIfMissing" : true
} ],
"opType" : "CREATETABLE_AS_SELECT",
"queryDescs" : [ {
@@ -1005,7 +1005,7 @@
"tableTypeDesc" : null,
"catalogDesc" : null,
"isInput" : false,
- "setCurrentDatabaseIfMissing" : false
+ "setCurrentDatabaseIfMissing" : true
} ],
"opType" : "CREATETABLE",
"queryDescs" : [ ]
@@ -1019,7 +1019,7 @@
"tableTypeDesc" : null,
"catalogDesc" : null,
"isInput" : false,
- "setCurrentDatabaseIfMissing" : false
+ "setCurrentDatabaseIfMissing" : true
} ],
"opType" : "CREATETABLE",
"queryDescs" : [ ]
diff --git
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index cf73cfbc6..cf7fae0d8 100644
---
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -377,7 +377,8 @@ object TableCommands {
val CreateDataSourceTable = {
val cmd =
"org.apache.spark.sql.execution.command.CreateDataSourceTableCommand"
- val tableDesc = TableDesc("table", classOf[CatalogTableTableExtractor])
+ val tableDesc =
+ TableDesc("table", classOf[CatalogTableTableExtractor],
setCurrentDatabaseIfMissing = true)
TableCommandSpec(cmd, Seq(tableDesc), CREATETABLE)
}
diff --git
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 8e1fe0587..e4e3014f5 100644
---
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -35,6 +35,7 @@ import
org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
import
org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization.KYUUBI_AUTHZ_TAG
import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.util.AssertionUtils._
import org.apache.kyuubi.util.reflect.ReflectUtils._
abstract class RangerSparkExtensionSuite extends AnyFunSuite
with SparkSessionProvider with BeforeAndAfterAll {
@@ -835,4 +836,18 @@ class HiveCatalogRangerSparkExtensionSuite extends
RangerSparkExtensionSuite {
assert(e2.getMessage.contains(s"does not have [select] privilege on
[$db1/$view1/new_id]"))
}
}
+
+ test("[KYUUBI #5492] saveAsTable create DataSource table miss db info") {
+ val table1 = "table1"
+ withSingleCallEnabled {
+ withCleanTmpResources(Seq.empty) {
+ val df = doAs(
+ admin,
+ sql(s"SELECT * FROM VALUES(1, 100),(2, 200),(3, 300) AS t(id,
scope)")).persist()
+ interceptContains[AccessControlException](
+ doAs(someone, df.write.mode("overwrite").saveAsTable(table1)))(
+ s"does not have [create] privilege on [$defaultDb/$table1]")
+ }
+ }
+ }
}
