(kyuubi) branch branch-1.8 updated: [KYUUBI #6564] Insert into table check the privilege of table

Mon, 05 Aug 2024 02:03:44 -0700 

This is an automated email from the ASF dual-hosted git repository.

chengpan pushed a commit to branch branch-1.8
in repository https://gitbox.apache.org/repos/asf/kyuubi.git


The following commit(s) were added to refs/heads/branch-1.8 by this push:
     new feac06531 [KYUUBI #6564] Insert into table check the privilege of table
feac06531 is described below

commit feac06531a88453701a1c16ba1f816afec449e26
Author: joey.ljy <[email protected]>
AuthorDate: Mon Aug 5 16:58:24 2024 +0800

    [KYUUBI #6564] Insert into table check the privilege of table
    
    This pull request fixes #6564
    
    Remove the `columnDesc` for `InsertIntoHadoopFsRelationCommand ` and 
`InsertIntoHiveTable ` in `table_command_spec.json`
    
    - [ ] Bugfix (non-breaking change which fixes an issue)
    - [ ] New feature (non-breaking change which adds functionality)
    - [x] Breaking change (fix or feature that would cause existing 
functionality to change)
    
    Insert into table will check the privilege of columns.
    
    Insert into table will check the privilege of table.
    
    ---
    
    - [ ] This patch was not authored or co-authored using [Generative 
Tooling](https://www.apache.org/legal/generative-tooling.html)
    
    **Be nice. Be informative.**
    
    Closes #6570 from liujiayi771/insert-permission.
    
    Closes #6564
    
    d956aa916 [joey.ljy] Fix ut
    d282f8ec5 [joey.ljy] insert into table check the privilege of table
    
    Authored-by: joey.ljy <[email protected]>
    Signed-off-by: Cheng Pan <[email protected]>
---
 .../src/main/resources/table_command_spec.json               | 12 +++---------
 .../kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala   |  2 --
 .../apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala |  6 +-----
 .../spark/authz/ranger/RangerSparkExtensionSuite.scala       |  3 +--
 4 files changed, 5 insertions(+), 18 deletions(-)

diff --git 
a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
 
b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index 46f50f706..f9caf93d4 100644
--- 
a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ 
b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -1303,10 +1303,7 @@
   "tableDescs" : [ {
     "fieldName" : "catalogTable",
     "fieldExtractor" : "CatalogTableOptionTableExtractor",
-    "columnDesc" : {
-      "fieldName" : "outputColumnNames",
-      "fieldExtractor" : "StringSeqColumnExtractor"
-    },
+    "columnDesc" : null,
     "actionTypeDesc" : {
       "fieldName" : "mode",
       "fieldExtractor" : "SaveModeActionTypeExtractor",
@@ -1377,10 +1374,7 @@
   "tableDescs" : [ {
     "fieldName" : "table",
     "fieldExtractor" : "CatalogTableTableExtractor",
-    "columnDesc" : {
-      "fieldName" : "outputColumnNames",
-      "fieldExtractor" : "StringSeqColumnExtractor"
-    },
+    "columnDesc" : null,
     "actionTypeDesc" : {
       "fieldName" : "overwrite",
       "fieldExtractor" : "OverwriteOrInsertActionTypeExtractor",
@@ -1416,4 +1410,4 @@
     "fieldName" : "query",
     "fieldExtractor" : "LogicalPlanQueryExtractor"
   } ]
-} ]
\ No newline at end of file
+} ]
diff --git 
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
 
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index 723fabd7b..f8985b0f1 100644
--- 
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++ 
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -1562,7 +1562,6 @@ class HiveCatalogPrivilegeBuilderSuite extends 
PrivilegesBuilderSuite {
         assert(po.catalog.isEmpty)
         assertEqualsIgnoreCase(defaultDb)(po.dbname)
         assertEqualsIgnoreCase(tableName)(po.objectName)
-        assert(po.columns === Seq("a", "b"))
         checkTableOwner(po)
         val accessType = ranger.AccessType(po, operationType, isInput = false)
         assert(accessType === AccessType.UPDATE)
@@ -1641,7 +1640,6 @@ class HiveCatalogPrivilegeBuilderSuite extends 
PrivilegesBuilderSuite {
         assert(po.catalog.isEmpty)
         assertEqualsIgnoreCase(defaultDb)(po.dbname)
         assertEqualsIgnoreCase(tableName)(po.objectName)
-        assert(po.columns === Seq("a", "b"))
         checkTableOwner(po)
         val accessType = ranger.AccessType(po, operationType, isInput = false)
         assert(accessType === AccessType.UPDATE)
diff --git 
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
 
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index cf73cfbc6..cbccb0c8a 100644
--- 
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ 
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -538,12 +538,10 @@ object TableCommands {
   val InsertIntoHiveTable = {
     val cmd = "org.apache.spark.sql.hive.execution.InsertIntoHiveTable"
     val actionTypeDesc = overwriteActionTypeDesc
-    val columnDesc = ColumnDesc("outputColumnNames", 
classOf[StringSeqColumnExtractor])
     val tableDesc = TableDesc(
       "table",
       classOf[CatalogTableTableExtractor],
-      Some(columnDesc),
-      Some(actionTypeDesc))
+      actionTypeDesc = Some(actionTypeDesc))
     val queryDesc = queryQueryDesc
     TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(queryDesc))
   }
@@ -557,11 +555,9 @@ object TableCommands {
   val InsertIntoHadoopFsRelationCommand = {
     val cmd = 
"org.apache.spark.sql.execution.datasources.InsertIntoHadoopFsRelationCommand"
     val actionTypeDesc = ActionTypeDesc("mode", 
classOf[SaveModeActionTypeExtractor])
-    val columnDesc = ColumnDesc("outputColumnNames", 
classOf[StringSeqColumnExtractor])
     val tableDesc = TableDesc(
       "catalogTable",
       classOf[CatalogTableOptionTableExtractor],
-      Some(columnDesc),
       actionTypeDesc = Some(actionTypeDesc))
     val queryDesc = queryQueryDesc
     TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(queryDesc))
diff --git 
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
 
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
index 0c307195c..93ed6725d 100644
--- 
a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ 
b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@@ -648,8 +648,7 @@ class HiveCatalogRangerSparkExtensionSuite extends 
RangerSparkExtensionSuite {
           s" [select] privilege on" +
           s" [$db1/$srcTable1/id,$db1/$srcTable1/name,$db1/$srcTable1/city," +
           s"$db1/$srcTable2/age,$db1/$srcTable2/id]," +
-          s" [update] privilege on [$db1/$sinkTable1/id,$db1/$sinkTable1/age," 
+
-          s"$db1/$sinkTable1/name,$db1/$sinkTable1/city]"))
+          s" [update] privilege on [$db1/$sinkTable1]"))
       }
     }
   }

Reply via email to