This is an automated email from the ASF dual-hosted git repository.
liuxun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/submarine.git
The following commit(s) were added to refs/heads/master by this push:
new cef21e6 SUBMARINE-489. DCL Framework: SHOW CURRENT ROLES syntax
cef21e6 is described below
commit cef21e6b92d070cc38fa8c360baedeece7aae922
Author: Kent Yao <[email protected]>
AuthorDate: Wed May 6 00:43:33 2020 +0800
SUBMARINE-489. DCL Framework: SHOW CURRENT ROLES syntax
### What is this PR for?
Part of DCL framework, this PR adds SHOW CURRENT ROLES statement.
### What type of PR is it?
Improvement
### Todos
* [ ] - Task
### What is the Jira issue?
Jira https://issues.apache.org/jira/browse/SUBMARINE-489
### How should this be tested?
new unit test
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? /No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: Kent Yao <[email protected]>
Closes #277 from yaooqinn/SUBMARINE-489 and squashes the following commits:
fffed1e [Kent Yao] SUBMARINE-489. DCL Framework: SHOW CURRENT ROLES syntax
---
.../ShowCurrentRolesCommand.scala | 30 +++++++++++++
.../ShowCurrentRolesCommand.scala | 51 ++++++++++++++++++++++
.../spark/security/parser/SubmarineSqlBase.g4 | 3 ++
.../security/parser/SubmarineSqlAstBuilder.scala | 8 +++-
.../security/parser/SubmarineSqlParserTest.scala | 7 ++-
5 files changed, 96 insertions(+), 3 deletions(-)
diff --git
a/submarine-security/spark-security/ranger-1/src/main/scala/org.apache.submarine.spark.security.command/ShowCurrentRolesCommand.scala
b/submarine-security/spark-security/ranger-1/src/main/scala/org.apache.submarine.spark.security.command/ShowCurrentRolesCommand.scala
new file mode 100644
index 0000000..b736af5
--- /dev/null
+++
b/submarine-security/spark-security/ranger-1/src/main/scala/org.apache.submarine.spark.security.command/ShowCurrentRolesCommand.scala
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.submarine.spark.security.command
+
+import org.apache.spark.sql.{Row, SparkSession}
+import org.apache.spark.sql.execution.command.RunnableCommand
+
+case class ShowCurrentRolesCommand() extends RunnableCommand {
+ override def run(sparkSession: SparkSession): Seq[Row] = {
+ throw new UnsupportedOperationException("SHOW CURRENT ROLES")
+ }
+}
+
diff --git
a/submarine-security/spark-security/ranger-2/src/main/scala/org.apache.submarine.spark.security.command/ShowCurrentRolesCommand.scala
b/submarine-security/spark-security/ranger-2/src/main/scala/org.apache.submarine.spark.security.command/ShowCurrentRolesCommand.scala
new file mode 100644
index 0000000..7739483
--- /dev/null
+++
b/submarine-security/spark-security/ranger-2/src/main/scala/org.apache.submarine.spark.security.command/ShowCurrentRolesCommand.scala
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.submarine.spark.security.command
+
+import scala.collection.JavaConverters._
+import scala.util.control.NonFatal
+
+import org.apache.hadoop.security.UserGroupInformation
+import org.apache.spark.sql.{Row, SparkSession}
+import org.apache.spark.sql.catalyst.expressions.{Attribute,
AttributeReference}
+import org.apache.spark.sql.execution.command.RunnableCommand
+import org.apache.spark.sql.types.StringType
+
+import org.apache.submarine.spark.security.{RangerSparkAuditHandler,
RangerSparkPlugin, SparkAccessControlException}
+
+case class ShowCurrentRolesCommand() extends RunnableCommand {
+
+ override def output: Seq[Attribute] =
+ Seq(AttributeReference("Role Name", StringType, nullable = false)())
+
+ override def run(sparkSession: SparkSession): Seq[Row] = {
+
+ try {
+ val auditHandler = RangerSparkAuditHandler()
+ val currentUser = UserGroupInformation.getCurrentUser.getShortUserName
+ val roles = RangerSparkPlugin.getUserRoles(currentUser, auditHandler)
+ roles.asScala.map(Row(_))
+ } catch {
+ case NonFatal(e) => throw new SparkAccessControlException(e.getMessage,
e)
+ } finally {
+ // TODO: support auditHandler.flushAudit()
+ }
+ }
+}
diff --git
a/submarine-security/spark-security/src/main/antlr4/org/apache/submarine/spark/security/parser/SubmarineSqlBase.g4
b/submarine-security/spark-security/src/main/antlr4/org/apache/submarine/spark/security/parser/SubmarineSqlBase.g4
index a63f847..8803551 100644
---
a/submarine-security/spark-security/src/main/antlr4/org/apache/submarine/spark/security/parser/SubmarineSqlBase.g4
+++
b/submarine-security/spark-security/src/main/antlr4/org/apache/submarine/spark/security/parser/SubmarineSqlBase.g4
@@ -31,6 +31,7 @@ singleStatement
statement
: CREATE ROLE identifier
#createRole
| DROP ROLE identifier
#dropRole
+ | SHOW CURRENT ROLES
#showCurrentRoles
| SHOW ROLES
#showRoles
;
@@ -48,6 +49,7 @@ nonReserved
: ALL
| ALTER
| CREATE
+ | CURRENT
| DELETE
| DELETE
| DROP
@@ -69,6 +71,7 @@ nonReserved
ALL: 'ALL';
ALTER: 'ALTER';
CREATE: 'CREATE';
+CURRENT: 'CURRENT';
DELETE: 'DELETE';
DROP: 'DROP';
GRANT: 'GRANT';
diff --git
a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/parser/SubmarineSqlAstBuilder.scala
b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/parser/SubmarineSqlAstBuilder.scala
index c2e3a11..01c64c1 100644
---
a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/parser/SubmarineSqlAstBuilder.scala
+++
b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/parser/SubmarineSqlAstBuilder.scala
@@ -21,8 +21,8 @@ package org.apache.submarine.spark.security.parser
import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
-import org.apache.submarine.spark.security.command.{CreateRoleCommand,
DropRoleCommand, ShowRolesCommand}
-import
org.apache.submarine.spark.security.parser.SubmarineSqlBaseParser.{CreateRoleContext,
DropRoleContext, ShowRolesContext, SingleStatementContext}
+import org.apache.submarine.spark.security.command.{CreateRoleCommand,
DropRoleCommand, ShowCurrentRolesCommand, ShowRolesCommand}
+import
org.apache.submarine.spark.security.parser.SubmarineSqlBaseParser.{CreateRoleContext,
DropRoleContext, ShowCurrentRolesContext, ShowRolesContext,
SingleStatementContext}
class SubmarineSqlAstBuilder extends SubmarineSqlBaseBaseVisitor[AnyRef] {
@@ -41,4 +41,8 @@ class SubmarineSqlAstBuilder extends
SubmarineSqlBaseBaseVisitor[AnyRef] {
override def visitShowRoles(ctx: ShowRolesContext): AnyRef = {
ShowRolesCommand()
}
+
+ override def visitShowCurrentRoles(ctx: ShowCurrentRolesContext): AnyRef = {
+ ShowCurrentRolesCommand()
+ }
}
diff --git
a/submarine-security/spark-security/src/test/scala/org/apache/submarine/spark/security/parser/SubmarineSqlParserTest.scala
b/submarine-security/spark-security/src/test/scala/org/apache/submarine/spark/security/parser/SubmarineSqlParserTest.scala
index 6204572..10312b3 100644
---
a/submarine-security/spark-security/src/test/scala/org/apache/submarine/spark/security/parser/SubmarineSqlParserTest.scala
+++
b/submarine-security/spark-security/src/test/scala/org/apache/submarine/spark/security/parser/SubmarineSqlParserTest.scala
@@ -23,7 +23,7 @@ import org.apache.spark.sql.catalyst.parser.ParseException
import org.apache.spark.sql.hive.test.TestHive
import org.scalatest.FunSuite
-import org.apache.submarine.spark.security.command.{CreateRoleCommand,
DropRoleCommand, ShowRolesCommand}
+import org.apache.submarine.spark.security.command.{CreateRoleCommand,
DropRoleCommand, ShowCurrentRolesCommand, ShowRolesCommand}
class SubmarineSqlParserTest extends FunSuite {
@@ -61,4 +61,9 @@ class SubmarineSqlParserTest extends FunSuite {
val p1 = parser.parsePlan("show roles")
assert(p1.isInstanceOf[ShowRolesCommand])
}
+
+ test("show current roles") {
+ val p1 = parser.parsePlan("show current roles")
+ assert(p1.isInstanceOf[ShowCurrentRolesCommand])
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
