This is an automated email from the ASF dual-hosted git repository.
yao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git
The following commit(s) were added to refs/heads/master by this push:
new ae2944045 [KYUUBI #5472] Permanent View should pass column when child
plan no output
ae2944045 is described below
commit ae29440453c35f4e541fb286effd6561d5234ba9
Author: Angerszhuuuu <[email protected]>
AuthorDate: Tue Oct 24 11:19:56 2023 +0800
[KYUUBI #5472] Permanent View should pass column when child plan no output
### _Why are the changes needed?_
To close #5472
For cases such as `SELECT COUNT(*) FORM XXX`, when `XXX` is table, will
extract table's column, if `XXX` is view, only pass the view name
```
test("[KYUUBI #xxx] ") {
val db1 = defaultDb
val table1 = "table1"
val view1 = "view1"
withSingleCallEnabled {
withCleanTmpResources(Seq((s"$db1.$table1", "table"),
(s"$db1.$view1", "view"))) {
doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table1 (id int,
scope int)"))
doAs(admin, sql(s"CREATE VIEW $db1.$view1 AS SELECT * FROM
$db1.$table1"))
val e1 = intercept[AccessControlException](
doAs(someone, sql(s"SELECT count(*) FROM $db1.$table1").show()))
assert(e1.getMessage.contains(
s"does not have [select] privilege on
[$db1/$table1/id,$db1/$table1/scope]"))
val e2 = intercept[AccessControlException](
doAs(someone, sql(s"SELECT count(*) FROM $db1.$view1").show()))
assert(e2.getMessage.contains(
s"does not have [select] privilege on [$db1/$view1]"))
}
}
}
```
After this pr, view will also extract columns.
### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including
negative and positive cases if possible
- [ ] Add screenshots for manual tests if appropriate
- [ ] [Run
test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests)
locally before make a pull request
### _Was this patch authored or co-authored using generative AI tooling?_
No
Closes #5473 from AngersZhuuuu/KYUUBI-5742.
Closes #5472
6575ad2ba [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
8a264a810 [Angerszhuuuu] Update
afa43d356 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5742
9f0bfb2a7 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5742
275784478 [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
88f3d3282 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5742
cd62c8d20 [Angerszhuuuu] update
55be7da95 [Angerszhuuuu] Update RangerSparkExtensionSuite.scala
4200ed3ed [Angerszhuuuu] [KYUUBI #5742] Permanent View should pass column
when child plan no output
Authored-by: Angerszhuuuu <[email protected]>
Signed-off-by: Kent Yao <[email protected]>
---
.../authz/ranger/RangerSparkExtensionSuite.scala | 46 ++++++++++++++++++++++
1 file changed, 46 insertions(+)
diff --git
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 532a11436..c2e886f02 100644
---
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -895,4 +895,50 @@ class HiveCatalogRangerSparkExtensionSuite extends
RangerSparkExtensionSuite {
}
}
}
+
+ test("[KYUUBI #5472] Permanent View should pass column when child plan no
output ") {
+ val db1 = defaultDb
+ val table1 = "table1"
+ val view1 = "view1"
+ val view2 = "view2"
+ withSingleCallEnabled {
+ withCleanTmpResources(
+ Seq((s"$db1.$table1", "table"), (s"$db1.$view1", "view"),
(s"$db1.$view2", "view"))) {
+ doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table1 (id int,
scope int)"))
+ doAs(admin, sql(s"CREATE VIEW $db1.$view1 AS SELECT * FROM
$db1.$table1"))
+ doAs(
+ admin,
+ sql(
+ s"""
+ |CREATE VIEW $db1.$view2
+ |AS
+ |SELECT count(*) as cnt, sum(id) as sum_id FROM $db1.$table1
+ """.stripMargin))
+ val e1 = intercept[AccessControlException](
+ doAs(someone, sql(s"SELECT count(*) FROM $db1.$table1").show()))
+ assert(e1.getMessage.contains(
+ s"does not have [select] privilege on
[$db1/$table1/id,$db1/$table1/scope]"))
+
+ val e2 = intercept[AccessControlException](
+ doAs(someone, sql(s"SELECT count(*) FROM $db1.$view1").show()))
+ assert(e2.getMessage.contains(
+ s"does not have [select] privilege on
[$db1/$view1/id,$db1/$view1/scope]"))
+
+ val e3 = intercept[AccessControlException](
+ doAs(someone, sql(s"SELECT count(*) FROM $db1.$view2").show()))
+ assert(e3.getMessage.contains(
+ s"does not have [select] privilege on
[$db1/$view2/cnt,$db1/$view2/sum_id]"))
+
+ val e4 = intercept[AccessControlException](
+ doAs(someone, sql(s"SELECT count(*) FROM $db1.$view2 WHERE cnt >
10").show()))
+ assert(e4.getMessage.contains(
+ s"does not have [select] privilege on
[$db1/$view2/cnt,$db1/$view2/sum_id]"))
+
+ val e5 = intercept[AccessControlException](
+ doAs(someone, sql(s"SELECT count(cnt) FROM $db1.$view2 WHERE cnt >
10").show()))
+ assert(e5.getMessage.contains(
+ s"does not have [select] privilege on
[$db1/$view2/cnt,$db1/$view2/sum_id]"))
+ }
+ }
+ }
}
