bowenliang123 commented on code in PR #5287:
URL: https://github.com/apache/kyuubi/pull/5287#discussion_r1351232005
##########
extensions/spark/kyuubi-spark-authz/pom.xml:
##########
@@ -36,6 +36,7 @@
<gethostname4j.version>1.0.0</gethostname4j.version>
<jersey.client.version>1.19.4</jersey.client.version>
<jna.version>5.7.0</jna.version>
+ <hudi.version>0.14.0</hudi.version>
Review Comment:
ditto: move to the parent pom.
##########
extensions/spark/kyuubi-spark-authz/pom.xml:
##########
@@ -323,6 +324,13 @@
<artifactId>scala-collection-compat_${scala.binary.version}</artifactId>
<scope>test</scope>
</dependency>
+
+ <dependency>
+ <groupId>org.apache.hudi</groupId>
+ <artifactId>hudi-spark3.4-bundle_2.12</artifactId>
+ <version>${hudi.version}</version>
+ <scope>provided</scope>
+ </dependency>
Review Comment:
1. Move the dependency definition to the project parent pom.
2. use place holder for scala version and hudi vrsion
3. set scope to `test`
Check the counter part in pom for Iceberg for reference, which is very
helpful in your case.
##########
extensions/spark/kyuubi-spark-authz/pom.xml:
##########
@@ -361,5 +369,53 @@
</plugins>
</build>
</profile>
+
+ <profile>
+ <id>spark-3.1</id>
Review Comment:
The dedicated profiles for Spark may be necessary.
##########
extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HoodieCatalogRangerSparkExtensionSuite.scala:
##########
@@ -0,0 +1,125 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kyuubi.plugin.spark.authz.ranger
+
+import org.apache.spark.SparkConf
+import org.scalatest.Outcome
+
+import org.apache.kyuubi.Utils
+import org.apache.kyuubi.plugin.spark.authz.AccessControlException
+import org.apache.kyuubi.plugin.spark.authz.RangerTestNamespace._
+import org.apache.kyuubi.plugin.spark.authz.RangerTestUsers._
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.tags.HoodieTest
+
+/**
+ * Tests for RangerSparkExtensionSuite on Hoodie SQL.
+ */
+@HoodieTest
+class HoodieCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite
{
+ override protected val catalogImpl: String = "in-memory"
+ override protected val sqlExtensions: String =
+ if (isSparkV31OrGreater) {
+ "org.apache.spark.sql.hudi.HoodieSparkSessionExtension"
+ } else {
+ ""
+ }
+
+ override protected val extraSparkConf: SparkConf =
+ new SparkConf()
+ .set("spark.serializer", "org.apache.spark.serializer.KryoSerializer")
+
+ val namespace1 = hoodieNamespace
+ val table1 = "table1_hoodie"
+ val table2 = "table2_hoodie"
+ val outputTable1 = "outputTable_hoodie"
+
+ override def withFixture(test: NoArgTest): Outcome = {
+ assume(isSparkV31OrGreater)
+ test()
+ }
+
+ override def beforeAll(): Unit = {
+ if (isSparkV31OrGreater) {
+ if (isSparkV32OrGreater) {
+ spark.conf.set(
+ s"spark.sql.catalog.$sparkCatalog",
+ "org.apache.spark.sql.hudi.catalog.HoodieCatalog")
+ spark.conf.set("hoodie.schema.on.read.enable", "true")
+ spark.conf.set(s"spark.sql.catalog.$sparkCatalog.type", "hadoop")
+ spark.conf.set(
+ s"spark.sql.catalog.$sparkCatalog.warehouse",
+ Utils.createTempDir("hoodie-hadoop").toString)
+ }
+ super.beforeAll()
+ }
+ }
+
+ override def afterAll(): Unit = {
+ if (isSparkV31OrGreater) {
+ super.afterAll()
+ spark.sessionState.catalog.reset()
+ spark.sessionState.conf.clear()
+ }
+ }
+
+ test("[KYUUBI #5284] Kyuubi authz support Hoodie Alter Table Command") {
+ doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1"))
+ doAs(
+ admin,
+ sql(
+ s"""
+ |CREATE TABLE IF NOT EXISTS $namespace1.$table1(id int, name
string, city string)
+ |USING hudi
+ |OPTIONS (
+ | type = 'cow',
+ | primaryKey = 'id',
+ | 'hoodie.datasource.hive_sync.enable' = 'false'
+ |)
+ |PARTITIONED BY(city)
+ |""".stripMargin))
+
+ val e1 = intercept[AccessControlException] {
+ doAs(someone, sql(s"ALTER TABLE $namespace1.$table1 ADD COLUMNS(age
int)"))
+ }.getMessage
+ assert(e1.contains(s"does not have [alter] privilege" +
+ s" on [$namespace1/$table1/age]"))
Review Comment:
```suggestion
interceptContains[AccessControlException] (
doAs(someone, sql(s"ALTER TABLE $namespace1.$table1 ADD COLUMNS(age
int)"))
)(s"does not have [alter] privilege on [$namespace1/$table1/age]")
```
Use `AssertUtils.interceptContains` method instead for intercepting and
string containing assertions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
