[KYUUBI #5529][AUTHZ] Support create table command for Delta Lake

[zml1206]

Why are the changes needed?

To close #5529.
Support create table command for Delta Lake in Authz.
https://docs.delta.io/latest/delta-batch.html#create-a-table

How was this patch tested?

• Add some test cases that check the changes thoroughly including negative and positive cases if possible

• Add screenshots for manual tests if appropriate

• Run test locally before make a pull request

Was this patch authored or co-authored using generative AI tooling?

No.

[pan3793]

Nice! cc @bowenliang123 and @AngersZhuuuu

[bowenliang123]

Cool, let's bring Ranger authorisation to Delta in Kyuubi Authz !

[bowenliang123]

LGTM.
Would be more clare if we reorder the test cases in the order for the non-partitioned table, the partitioned table, and then the create/replace table. Or just separated into separated ut.

[cfmcgrady]

delta lake also supports creating a table at a path

-- Create or replace table with path
CREATE OR REPLACE TABLE delta.`/tmp/delta/people10m` (
  id INT,
  firstName STRING,
  middleName STRING,
  lastName STRING,
  gender STRING,
  birthDate TIMESTAMP,
  ssn STRING,
  salary INT
) USING DELTA

Shall we also add UTs for this case?

[bowenliang123]

Path-based tables are supported in Authz now. No path based policies (eg. HDFS service def) of Ranger are supported.

[zml1206]

LGTM. Would be more clare if we reorder the test cases in the order for the non-partitioned table, the partitioned table, and then the create/replace table. Or just separated into separated ut.

Thanks, updated.

[cfmcgrady]

Path-based tables are supported in Authz now. No path based policies (eg. HDFS service def) of Ranger are supported.

Does Delta Lake have an option for the globally disabled path-based table, similar to how spark.sql.runSQLOnFiles works? If not, I think we can introduce a configuration in Kyuubi AuthZ to disable this behavior temporarily, prior to the completion of the path-based table feature. WDYT? cc @yaooqinn

[yaooqinn]

@AngersZhuuuu is currently working one the path/uri authorization

What's the plan of CREATE OR REPLACE TABLE delta./tmp/delta/people10m

[zml1206]

Path-based tables are supported in Authz now. No path based policies (eg. HDFS service def) of Ranger are supported.

Does Delta Lake have an option for the globally disabled path-based table, similar to how spark.sql.runSQLOnFiles works? If not, I think we can introduce a configuration in Kyuubi AuthZ to disable this behavior temporarily, prior to the completion of the path-based table feature. WDYT? cc @yaooqinn

https://github.com/delta-io/delta/blob/8639c411890a5c77386f04e2282fcf4caa401eff/spark/src/test/scala/org/apache/spark/sql/delta/DeltaDDLUsingPathSuite.scala#L125
Delta Lake is also controlled by spark.sql.runSQLOnFiles.

[zml1206]

@AngersZhuuuu is currently working one the path/uri authorization

What's the plan of CREATE OR REPLACE TABLE delta./tmp/delta/people10m

== Analyzed Logical Plan ==
ReplaceTable [StructField(id,IntegerType,true)], TableSpec(Map(),Some(DELTA),Map(),None,None,None,false), true
+- ResolvedDBObjectName org.apache.spark.sql.delta.catalog.DeltaCatalog@2f9addd4, [delta, /tmp/delta/people10m]

== Optimized Logical Plan ==
CommandResult AtomicReplaceTable org.apache.spark.sql.delta.catalog.DeltaCatalog@2f9addd4, delta.`/tmp/delta/people10m`, [StructField(id,IntegerType,true)], TableSpec(Map(),Some(DELTA),Map(),None,None,None,false), true, org.apache.spark.sql.execution.datasources.v2.DataSourceV2Strategy$$Lambda$1627/2047805101@71b3ba5a
   +- ReplaceTable [StructField(id,IntegerType,true)], TableSpec(Map(),Some(DELTA),Map(),None,None,None,false), true
      +- ResolvedDBObjectName org.apache.spark.sql.delta.catalog.DeltaCatalog@2f9addd4, [delta, /tmp/delta/people10m]

[cfmcgrady]

Delta Lake is also controlled by spark.sql.runSQLOnFiles.

thank you for your input. @zml1206

[codecov-commenter]

Codecov Report

Merging #5530 (facd8f7) into master (322cb48) will decrease coverage by 0.03%.
Report is 2 commits behind head on master.
The diff coverage is n/a.

❗ Current head facd8f7 differs from pull request most recent head b8ed2a4. Consider uploading reports for the commit b8ed2a4 to get more accurate results

@@             Coverage Diff              @@
##             master    #5530      +/-   ##
============================================
- Coverage     61.35%   61.32%   -0.03%     
  Complexity       23       23              
============================================
  Files           598      598              
  Lines         34260    34254       -6     
  Branches       4489     4488       -1     
============================================
- Hits          21019    21007      -12     
- Misses        11113    11118       +5     
- Partials       2128     2129       +1     

see 15 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[cfmcgrady]

thanks, merging to master(v1.9.0).

[yaooqinn]

Hi @zml1206, this line has an issue that it does not trigger a sql operation.

[zml1206]

Yes, I'll fix it right away, thanks.

[zml1206]

Fix in #5597

[yaooqinn]

ditto

[yaooqinn]

ditto