[GitHub] [incubator-kyuubi] bowenliang123 commented on a diff in pull request #3197: [KYUUBI #3186] Support applying Row-level Filter policies for DatasourceV2 in Authz module

Mon, 08 Aug 2022 03:17:02 -0700 


bowenliang123 commented on code in PR #3197:
URL: https://github.com/apache/incubator-kyuubi/pull/3197#discussion_r940042795


##########
extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RuleApplyRowFilterAndDataMasking.scala:
##########
@@ -30,29 +30,37 @@ import 
org.apache.kyuubi.plugin.spark.authz.util.RowFilterAndDataMaskingMarker
 class RuleApplyRowFilterAndDataMasking(spark: SparkSession) extends 
Rule[LogicalPlan] {
 
   override def apply(plan: LogicalPlan): LogicalPlan = {
-    // Apply FilterAndMasking and wrap HiveTableRelation/LogicalRelation with
+    // Apply FilterAndMasking and wrap 
HiveTableRelation/LogicalRelation/DataSourceV2Relation with
     // RowFilterAndDataMaskingMarker if it is not wrapped yet.
     plan mapChildren {
       case p: RowFilterAndDataMaskingMarker => p
       case hiveTableRelation if hasResolvedHiveTable(hiveTableRelation) =>
         val table = getHiveTable(hiveTableRelation)
-        applyFilterAndMasking(hiveTableRelation, table, spark)
+        applyFilterAndMasking(hiveTableRelation, table.identifier, spark)
       case logicalRelation if hasResolvedDatasourceTable(logicalRelation) =>
         val table = getDatasourceTable(logicalRelation)
         if (table.isEmpty) {
           logicalRelation
         } else {
-          applyFilterAndMasking(logicalRelation, table.get, spark)
+          applyFilterAndMasking(logicalRelation, table.get.identifier, spark)
+        }
+      case datasourceV2Relation if 
hasResolvedDatasourceV2Table(datasourceV2Relation) =>
+        val identifier = getDatasourceV2Identifier(datasourceV2Relation)
+        if (identifier.isEmpty) {
+          return datasourceV2Relation
+        } else {
+          val tableIdentifier = TableIdentifier(identifier.get.name,
+            Option(identifier.get.namespace.mkString(".")))

Review Comment:
   Another problem related is `quote` automatically determine `quoteIfNeeded` 
and add quotes to it. However this escaping is not probablely necessary for 
naming and looking up of ranger policy. Quotes may cause confusions to it with 
inconsistency in namespaces and tables.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to