bowenliang123 commented on code in PR #5248:
URL: https://github.com/apache/kyuubi/pull/5248#discussion_r1318100209
##########
extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/IcebergCatalogPrivilegesBuilderSuite.scala:
##########
@@ -125,4 +125,26 @@ class IcebergCatalogPrivilegesBuilderSuite extends
V2CommandsPrivilegesSuite {
assert(accessType === AccessType.UPDATE)
}
}
+
+ test("CallRewriteDataFilesProcedure") {
+ val table = "CallRewriteDataFilesProcedure"
+ withV2Table(table) { tableId =>
+ sql(s"CREATE TABLE IF NOT EXISTS $tableId (key int, value String) USING
iceberg")
+ sql(s"INSERT INTO $tableId VALUES (1, 'a'), (2, 'b'), (3, 'c')")
+
+ val plan = sql(s"CALL $catalogV2.system.rewrite_data_files " +
+ s"(table => '$tableId', options => map('min-input-files','2'))
").queryExecution.analyzed
+ val (inputs, outputs, operationType) = PrivilegesBuilder.build(plan,
spark)
+ assert(operationType === QUERY)
+ assert(outputs.size === 1)
+ val po = outputs.head
+ assert(po.actionType === PrivilegeObjectActionType.UPDATE)
+ assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
+ assertEqualsIgnoreCase(namespace)(po.dbname)
+ assertEqualsIgnoreCase(tableId.split("\\.").last)(po.objectName)
+ assert(inputs.size === 0)
Review Comment:
The SELECT query access privilege of the source table should be required
when calling the table rewriting produce.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
