MLikeWater opened a new pull request, #2580:
URL: https://github.com/apache/incubator-kyuubi/pull/2580
<!--
Thanks for sending a pull request!
Here are some tips for you:
1. If this is your first time, please read our contributor guidelines:
https://kyuubi.readthedocs.io/en/latest/community/contributions.html
2. If the PR is related to an issue in
https://github.com/apache/incubator-kyuubi/issues, add '[KYUUBI #XXXX]' in your
PR title, e.g., '[KYUUBI #XXXX] Your PR title ...'.
3. If the PR is unfinished, add '[WIP]' in your PR title, e.g.,
'[WIP][KYUUBI #XXXX] Your PR title ...'.
-->
### _Why are the changes needed?_
<!--
Please clarify why the changes are needed. For instance,
1. If you add a feature, you can talk about the use case of it.
2. If you fix a bug, you can clarify why it is a bug.
-->
When using Kyuubi to access the Spark database, the `show databases` command
cannot be used to filter the database by Ranger, causing data security problems
for multi-tenants.
### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including
negative and positive cases if possible
- [x] Add screenshots for manual tests if appropriate
* step1: Grant database permissions through Ranger
User meimei can access shdw database
User tuantuan can access tjdw and default databases
* step2:
Kyuubi integrates Ranger and then accesses it with the following command:
```
# meimei test
$ externals/spark-3.2.1-bin-hadoop3.2/bin/beeline -u
jdbc:hive2://xx.xxx.xx.xxx:10011/default -n meimei -pxxxxxx
0: jdbc:hive2://xx.xxx.xx.xxx:10011/default>show databases;
+------------+
| namespace |
+------------+
| shdw |
+------------+
0: jdbc:hive2://10.2.1.6:10011/default> use tjdw;
Error: Error operating EXECUTE_STATEMENT: java.lang.RuntimeException:
Permission denied: user [meimei] does not have [_any] privilege on [tjdw]
# tuantuan test
$ externals/spark-3.2.1-bin-hadoop3.2/bin/beeline -u
jdbc:hive2://xx.xxx.xx.xxx:10011/default -n tuantuan -pxxxxxx
0: jdbc:hive2://xx.xxx.xx.xxx:10011/default>show databases;
+------------+
| namespace |
+------------+
| default |
| tjdw |
+------------+
0: jdbc:hive2://10.2.1.6:10011/default> use shdw;
Error: Error operating EXECUTE_STATEMENT: java.lang.RuntimeException:
Permission denied: user [tuantuan] does not have [_any] privilege on [shdw]
```
- [x] [Run
test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests)
locally before make a pull request
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
