diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json index 3c52998cd61..272876d524d 100644 --- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json +++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json @@ -2042,6 +2042,30 @@ "opType" : "QUERY", "queryDescs" : [ ], "uriDescs" : [ ] +}, { + "classname" : "io.delta.tables.execution.VacuumTableCommand", + "tableDescs" : [ { + "fieldName" : "child", + "fieldExtractor" : "ResolvedTableTableExtractor", + "columnDesc" : null, + "actionTypeDesc" : null, + "tableTypeDesc" : null, + "catalogDesc" : null, + "isInput" : false, + "setCurrentDatabaseIfMissing" : false + }, { + "fieldName" : "table", + "fieldExtractor" : "TableIdentifierOptionTableExtractor", + "columnDesc" : null, + "actionTypeDesc" : null, + "tableTypeDesc" : null, + "catalogDesc" : null, + "isInput" : false, + "setCurrentDatabaseIfMissing" : false + } ], + "opType" : "MSCK", + "queryDescs" : [ ], + "uriDescs" : [ ] }, { "classname" : "org.apache.spark.sql.delta.commands.DeleteCommand", "tableDescs" : [ { diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DeltaCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DeltaCommands.scala index cf9e9a5d846..1c121f6eb5c 100644 --- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DeltaCommands.scala +++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/DeltaCommands.scala @@ -61,9 +61,17 @@ object DeltaCommands extends CommandSpecs[TableCommandSpec] { TableCommandSpec(cmd, Seq(childDesc, tableDesc), ALTERTABLE_COMPACT) } + val VacuumTableCommand = { + val cmd = "io.delta.tables.execution.VacuumTableCommand" + val childDesc = TableDesc("child", classOf[ResolvedTableTableExtractor]) + val tableDesc = TableDesc("table", classOf[TableIdentifierOptionTableExtractor]) + TableCommandSpec(cmd, Seq(childDesc, tableDesc), MSCK) + } + override def specs: Seq[TableCommandSpec] = Seq( DeleteCommand, MergeIntoCommand, OptimizeTableCommand, - UpdateCommand) + UpdateCommand, + VacuumTableCommand) } diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala index c05f7671a93..9c4dc42ff6d 100644 --- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala +++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/DeltaCatalogRangerSparkExtensionSuite.scala @@ -281,6 +281,18 @@ class DeltaCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite { doAs(admin, sql(optimizeTableSql)) } } + + test("vacuum table") { + withCleanTmpResources(Seq((s"$namespace1.$table1", "table"), (s"$namespace1", "database"))) { + doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1")) + doAs(admin, sql(createTableSql(namespace1, table1))) + val vacuumTableSql = s"VACUUM $namespace1.$table1" + interceptContains[AccessControlException]( + doAs(someone, sql(vacuumTableSql)))( + s"does not have [alter] privilege on [$namespace1/$table1]") + doAs(admin, sql(vacuumTableSql)) + } + } } object DeltaCatalogRangerSparkExtensionSuite {