You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kyuubi.apache.org by bo...@apache.org on 2023/02/09 12:13:03 UTC
[kyuubi] branch master updated: [KYUUBI #4262] [AUTHZ] Change from DROP to ALTER as required privilege of the source table in AlterTableRenameCommand
This is an automated email from the ASF dual-hosted git repository.
bowenliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git
The following commit(s) were added to refs/heads/master by this push:
new 68cc0e409 [KYUUBI #4262] [AUTHZ] Change from DROP to ALTER as required privilege of the source table in AlterTableRenameCommand
68cc0e409 is described below
commit 68cc0e40970453e59351d199396a2c546afb8c08
Author: liangbowen <li...@gf.com.cn>
AuthorDate: Thu Feb 9 20:12:52 2023 +0800
[KYUUBI #4262] [AUTHZ] Change from DROP to ALTER as required privilege of the source table in AlterTableRenameCommand
### _Why are the changes needed?_
to close #4262 .
- change the required privilege of the source table from DROP to ALTER
- skip privilege checks of the new target table, as the same way in Ranger's Hive plugin
### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible
- [ ] Add screenshots for manual tests if appropriate
- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request
Closes #4281 from bowenliang123/4262-renametable.
Closes #4262
e7117de9 [liangbowen] change required privilege of the source table from DROP to ALTER
Authored-by: liangbowen <li...@gf.com.cn>
Signed-off-by: liangbowen <li...@gf.com.cn>
---
.../src/main/resources/table_command_spec.json | 17 -----------------
.../kyuubi/plugin/spark/authz/ranger/AccessType.scala | 3 +--
.../plugin/spark/authz/PrivilegesBuilderSuite.scala | 7 ++-----
.../kyuubi/plugin/spark/authz/gen/TableCommands.scala | 8 ++------
4 files changed, 5 insertions(+), 30 deletions(-)
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
index af748c278..d36690bcf 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
+++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json
@@ -691,23 +691,6 @@
"fieldName" : "oldName",
"fieldExtractor" : "TableIdentifierTableExtractor",
"columnDesc" : null,
- "actionTypeDesc" : {
- "fieldName" : null,
- "fieldExtractor" : null,
- "actionType" : "DELETE"
- },
- "tableTypeDesc" : {
- "fieldName" : "oldName",
- "fieldExtractor" : "TableIdentifierTableTypeExtractor",
- "skipTypes" : [ "TEMP_VIEW" ]
- },
- "catalogDesc" : null,
- "isInput" : false,
- "setCurrentDatabaseIfMissing" : false
- }, {
- "fieldName" : "newName",
- "fieldExtractor" : "TableIdentifierTableExtractor",
- "columnDesc" : null,
"actionTypeDesc" : null,
"tableTypeDesc" : {
"fieldName" : "oldName",
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala
index 52e3c0176..7d62229ee 100644
--- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala
@@ -35,14 +35,13 @@ object AccessType extends Enumeration {
case CREATETABLE | CREATEVIEW | CREATETABLE_AS_SELECT
if obj.privilegeObjectType == TABLE_OR_VIEW =>
if (isInput) SELECT else CREATE
- // new table new `CREATE` privilege here and the old table gets `DELETE` via actionType
- case ALTERTABLE_RENAME => CREATE
case ALTERDATABASE |
ALTERDATABASE_LOCATION |
ALTERTABLE_ADDCOLS |
ALTERTABLE_ADDPARTS |
ALTERTABLE_DROPPARTS |
ALTERTABLE_LOCATION |
+ ALTERTABLE_RENAME |
ALTERTABLE_PROPERTIES |
ALTERTABLE_RENAMECOL |
ALTERTABLE_RENAMEPART |
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
index 15f58deb3..b014aaaca 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilderSuite.scala
@@ -143,7 +143,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
val (in, out, operationType) = PrivilegesBuilder.build(plan, spark)
assert(operationType === ALTERTABLE_RENAME)
assert(in.isEmpty)
- assert(out.size === 2)
+ assert(out.size === 1)
out.foreach { po =>
assert(po.privilegeObjectType === PrivilegeObjectType.TABLE_OR_VIEW)
assert(po.catalog.isEmpty)
@@ -151,10 +151,7 @@ abstract class PrivilegesBuilderSuite extends AnyFunSuite
assert(Set(oldTableShort, "efg").contains(po.objectName))
assert(po.columns.isEmpty)
val accessType = ranger.AccessType(po, operationType, isInput = false)
- assert(Set(AccessType.CREATE, AccessType.DROP).contains(accessType))
- if (accessType == AccessType.DROP) {
- checkTableOwner(po)
- }
+ assert(accessType == AccessType.ALTER)
}
}
}
diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
index e2fda9162..d24583e76 100644
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/TableCommands.scala
@@ -102,7 +102,6 @@ object TableCommands {
val AlterTableRename = {
val cmd = "org.apache.spark.sql.execution.command.AlterTableRenameCommand"
- val actionTypeDesc = ActionTypeDesc(actionType = Some(DELETE))
val oldTableTableTypeDesc =
TableTypeDesc(
@@ -112,12 +111,9 @@ object TableCommands {
val oldTableD = TableDesc(
"oldName",
tite,
- tableTypeDesc = Some(oldTableTableTypeDesc),
- actionTypeDesc = Some(actionTypeDesc))
+ tableTypeDesc = Some(oldTableTableTypeDesc))
- val newTableD =
- TableDesc("newName", tite, tableTypeDesc = Some(oldTableTableTypeDesc))
- TableCommandSpec(cmd, Seq(oldTableD, newTableD), ALTERTABLE_RENAME)
+ TableCommandSpec(cmd, Seq(oldTableD), ALTERTABLE_RENAME)
}
// this is for spark 3.1 or below