From 4e609b09a2e5ff73bd3efeb3ec6f3f7a48ebec76 Mon Sep 17 00:00:00 2001 From: yikaifei Date: Fri, 12 Jan 2024 15:22:02 +0800 Subject: [PATCH] Supports check hoodie procedures show_commits resource privileges --- .../spark/authz/serde/tableExtractors.scala | 3 +++ ...HudiCatalogRangerSparkExtensionSuite.scala | 26 +++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala index 8a7bc452293..952db091444 100644 --- a/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala +++ b/extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/serde/tableExtractors.scala @@ -438,6 +438,9 @@ abstract class HudiCallProcedureTableExtractor extends TableExtractor { ( s"$PROCEDURE_CLASS_PATH.ShowClusteringProcedure", ProcedureArgsInputOutputPair(input = Some("table"))), + ( + s"$PROCEDURE_CLASS_PATH.ShowCommitsProcedure", + ProcedureArgsInputOutputPair(input = Some("table"))), ( s"$PROCEDURE_CLASS_PATH.ShowCommitExtraMetadataProcedure", ProcedureArgsInputOutputPair(input = Some("table"))), diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala index b6b9b6f31a5..f7b556686cb 100644 --- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala +++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala @@ -618,4 +618,30 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite { doAs(admin, sql(dropIndex)) } } + + test("ShowCommitsProcedure") { + withCleanTmpResources(Seq((s"$namespace1.$table1", "table"), (namespace1, "database"))) { + doAs(admin, sql(s"CREATE DATABASE IF NOT EXISTS $namespace1")) + doAs( + admin, + sql( + s""" + |CREATE TABLE IF NOT EXISTS $namespace1.$table1(id int, name string, city string) + |USING HUDI + |OPTIONS ( + | type = 'mor', + | primaryKey = 'id', + | 'hoodie.datasource.hive_sync.enable' = 'false' + |) + |PARTITIONED BY(city) + |TBLPROPERTIES ('hoodie.datasource.write.precombine.field' = 'id') + |""".stripMargin)) + + val showCommitsSql = s"CALL SHOW_COMMITS(table => '$namespace1.$table1', limit => 10)" + interceptEndsWith[AccessControlException] { + doAs(someone, sql(showCommitsSql)) + }(s"does not have [select] privilege on [$namespace1/$table1]") + doAs(admin, sql(showCommitsSql)) + } + } }