(kyuubi) branch branch-1.9 updated: [KYUUBI #6564] Insert into table check the privilege of table

chengpan Mon, 05 Aug 2024 01:59:51 -0700

This is an automated email from the ASF dual-hosted git repository.

chengpan pushed a commit to branch branch-1.9
in repository https://gitbox.apache.org/repos/asf/kyuubi.git



The following commit(s) were added to refs/heads/branch-1.9 by this push:
     new e0fc1fbe8 [KYUUBI #6564] Insert into table check the privilege of table
e0fc1fbe8 is described below

commit e0fc1fbe898924db2a0a1784618eef591ac39cb8
Author: joey.ljy <[email protected]>
AuthorDate: Mon Aug 5 16:58:24 2024 +0800

    [KYUUBI #6564] Insert into table check the privilege of table
    
    # :mag: Description
    ## Issue References 🔗
    
    This pull request fixes #6564
    
    ## Describe Your Solution 🔧
    
    Remove the `columnDesc` for `InsertIntoHadoopFsRelationCommand ` and 
`InsertIntoHiveTable ` in `table_command_spec.json`
    
    ## Types of changes :bookmark:
    
    - [ ] Bugfix (non-breaking change which fixes an issue)
    - [ ] New feature (non-breaking change which adds functionality)
    - [x] Breaking change (fix or feature that would cause existing 
functionality to change)
    
    ## Test Plan 🧪
    
    #### Behavior Without This Pull Request :coffin:
    Insert into table will check the privilege of columns.
    
    #### Behavior With This Pull Request :tada:
    Insert into table will check the privilege of table.
    
    #### Related Unit Tests
    
    ---
    
    # Checklist 📝
    
    - [ ] This patch was not authored or co-authored using [Generative 
Tooling](https://www.apache.org/legal/generative-tooling.html)
    
    **Be nice. Be informative.**
    
    Closes #6570 from liujiayi771/insert-permission.
    
    Closes #6564
    
    d956aa916 [joey.ljy] Fix ut
    d282f8ec5 [joey.ljy] insert into table check the privilege of table
    
    Authored-by: joey.ljy <[email protected]>
    Signed-off-by: Cheng Pan <[email protected]>
---
 .../src/main/resources/table_command_spec.json               | 12 ++----------
 .../kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala   |  2 --
 .../apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala |  6 +-----
 .../spark/authz/ranger/RangerSparkExtensionSuite.scala       |  3 +--
 4 files changed, 4 insertions(+), 19 deletions(-)

diff --git 
a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
 
b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 027583f84..d707a0920 100644
--- 
a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ 
b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1628,11 +1628,7 @@
   "tableDescs" : [ {
     "fieldName" : "catalogTable",
     "fieldExtractor" : "CatalogTableOptionTableExtractor",
-    "columnDesc" : {
-      "fieldName" : "outputColumnNames",
-      "fieldExtractor" : "StringSeqColumnExtractor",
-      "comment" : ""
-    },
+    "columnDesc" : null,
     "actionTypeDesc" : {
       "fieldName" : "mode",
       "fieldExtractor" : "SaveModeActionTypeExtractor",
@@ -1732,11 +1728,7 @@
   "tableDescs" : [ {
     "fieldName" : "table",
     "fieldExtractor" : "CatalogTableTableExtractor",
-    "columnDesc" : {
-      "fieldName" : "outputColumnNames",
-      "fieldExtractor" : "StringSeqColumnExtractor",
-      "comment" : ""
-    },
+    "columnDesc" : null,
     "actionTypeDesc" : {
       "fieldName" : "overwrite",
       "fieldExtractor" : "OverwriteOrInsertActionTypeExtractor",
diff --git 
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
 
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index d8b672a56..63837f250 100644
--- 
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++ 
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -1571,7 +1571,6 @@ class HiveCatalogPrivilegeBuilderSuite extends 
PrivilegesBuilderSuite {
         assert(po.catalog.isEmpty)
         assertEqualsIgnoreCase(defaultDb)(po.dbname)
         assertEqualsIgnoreCase(tableName)(po.objectName)
-        assert(po.columns === Seq("a", "b"))
         checkTableOwner(po)
         val accessType = ranger.AccessType(po, operationType, isInput = false)
         assert(accessType === AccessType.UPDATE)
@@ -1658,7 +1657,6 @@ class HiveCatalogPrivilegeBuilderSuite extends 
PrivilegesBuilderSuite {
         assert(po.catalog.isEmpty)
         assertEqualsIgnoreCase(defaultDb)(po.dbname)
         assertEqualsIgnoreCase(tableName)(po.objectName)
-        assert(po.columns === Seq("a", "b"))
         checkTableOwner(po)
         val accessType = ranger.AccessType(po, operationType, isInput = false)
         assert(accessType === AccessType.UPDATE)
diff --git 
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
 
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index d75411066..1b88123c7 100644
--- 
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ 
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -573,12 +573,10 @@ object TableCommands extends 
CommandSpecs[TableCommandSpec] {
   val InsertIntoHiveTable = {
     val cmd = "org.apache.spark.sql.hive.execution.InsertIntoHiveTable"
     val actionTypeDesc = overwriteActionTypeDesc
-    val columnDesc = ColumnDesc("outputColumnNames", 
classOf[StringSeqColumnExtractor])
     val tableDesc = TableDesc(
       "table",
       classOf[CatalogTableTableExtractor],
-      Some(columnDesc),
-      Some(actionTypeDesc))
+      actionTypeDesc = Some(actionTypeDesc))
     val queryDesc = queryQueryDesc
     TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(queryDesc))
   }
@@ -599,11 +597,9 @@ object TableCommands extends 
CommandSpecs[TableCommandSpec] {
   val InsertIntoHadoopFsRelationCommand = {
     val cmd = 
"org.apache.spark.sql.execution.datasources.InsertIntoHadoopFsRelationCommand"
     val actionTypeDesc = ActionTypeDesc("mode", 
classOf[SaveModeActionTypeExtractor])
-    val columnDesc = ColumnDesc("outputColumnNames", 
classOf[StringSeqColumnExtractor])
     val tableDesc = TableDesc(
       "catalogTable",
       classOf[CatalogTableOptionTableExtractor],
-      Some(columnDesc),
       actionTypeDesc = Some(actionTypeDesc))
     val queryDesc = queryQueryDesc
     TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(queryDesc))
diff --git 
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
 
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 6feb63eb9..69491cab3 100644
--- 
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ 
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -644,8 +644,7 @@ class HiveCatalogRangerSparkExtensionSuite extends 
RangerSparkExtensionSuite {
           s" [select] privilege on" +
           s" [$db1/$srcTable1/city,$db1/$srcTable1/id,$db1/$srcTable1/name," +
           s"$db1/$srcTable2/age,$db1/$srcTable2/id]," +
-          s" [update] privilege on [$db1/$sinkTable1/id,$db1/$sinkTable1/age," 
+
-          s"$db1/$sinkTable1/name,$db1/$sinkTable1/city]"))
+          s" [update] privilege on [$db1/$sinkTable1]"))
       }
     }
   }

(kyuubi) branch branch-1.9 updated: [KYUUBI #6564] Insert into table check the privilege of table

Reply via email to