[KYUUBI #5472] Permanent View should pass column when child plan no output

### _Why are the changes needed?_ To close #5472 For cases such as `SELECT COUNT(*) FORM XXX`, when `XXX` is table, will extract table's column, if `XXX` is view, only pass the view name ``` test("[KYUUBI #xxx] ") { val db1 = defaultDb val table1 = "table1" val view1 = "view1" withSingleCallEnabled { withCleanTmpResources(Seq((s"$db1.$table1", "table"), (s"$db1.$view1", "view"))) { doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table1 (id int, scope int)")) doAs(admin, sql(s"CREATE VIEW $db1.$view1 AS SELECT * FROM $db1.$table1")) val e1 = intercept[AccessControlException]( doAs(someone, sql(s"SELECT count(*) FROM $db1.$table1").show())) assert(e1.getMessage.contains( s"does not have [select] privilege on [$db1/$table1/id,$db1/$table1/scope]")) val e2 = intercept[AccessControlException]( doAs(someone, sql(s"SELECT count(*) FROM $db1.$view1").show())) assert(e2.getMessage.contains( s"does not have [select] privilege on [$db1/$view1]")) } } } ``` After this pr, view will also extract columns. ### _How was this patch tested?_ - [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible - [ ] Add screenshots for manual tests if appropriate - [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request ### _Was this patch authored or co-authored using generative AI tooling?_ No Closes #5473 from AngersZhuuuu/KYUUBI-5742. Closes #5472 6575ad2ba [Angerszhuuuu] Update RangerSparkExtensionSuite.scala 8a264a810 [Angerszhuuuu] Update afa43d356 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5742 9f0bfb2a7 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5742 275784478 [Angerszhuuuu] Update RangerSparkExtensionSuite.scala 88f3d3282 [Angerszhuuuu] Merge branch 'master' into KYUUBI-5742 cd62c8d20 [Angerszhuuuu] update 55be7da95 [Angerszhuuuu] Update RangerSparkExtensionSuite.scala 4200ed3ed [Angerszhuuuu] [KYUUBI #5742] Permanent View should pass column when child plan no output Authored-by: Angerszhuuuu <angers.zhu@gmail.com> Signed-off-by: Kent Yao <yao@apache.org>
2023-10-24 11:19:56 +08:00 · 2023-10-24 11:19:56 +08:00 · ae29440453
commit ae29440453
parent 81964803c9
1 changed files with 46 additions and 0 deletions
--- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
+++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
@ -895,4 +895,50 @@ class HiveCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite {
      }
    }
  }
+
+  test("[KYUUBI #5472] Permanent View should pass column when child plan no output ") {
+    val db1 = defaultDb
+    val table1 = "table1"
+    val view1 = "view1"
+    val view2 = "view2"
+    withSingleCallEnabled {
+      withCleanTmpResources(
+        Seq((s"$db1.$table1", "table"), (s"$db1.$view1", "view"), (s"$db1.$view2", "view"))) {
+        doAs(admin, sql(s"CREATE TABLE IF NOT EXISTS $db1.$table1 (id int, scope int)"))
+        doAs(admin, sql(s"CREATE VIEW $db1.$view1 AS SELECT * FROM $db1.$table1"))
+        doAs(
+          admin,
+          sql(
+            s"""
+               |CREATE VIEW $db1.$view2
+               |AS
+               |SELECT count(*) as cnt, sum(id) as sum_id FROM $db1.$table1
+            """.stripMargin))
+        val e1 = intercept[AccessControlException](
+          doAs(someone, sql(s"SELECT count(*) FROM $db1.$table1").show()))
+        assert(e1.getMessage.contains(
+          s"does not have [select] privilege on [$db1/$table1/id,$db1/$table1/scope]"))
+
+        val e2 = intercept[AccessControlException](
+          doAs(someone, sql(s"SELECT count(*) FROM $db1.$view1").show()))
+        assert(e2.getMessage.contains(
+          s"does not have [select] privilege on [$db1/$view1/id,$db1/$view1/scope]"))
+
+        val e3 = intercept[AccessControlException](
+          doAs(someone, sql(s"SELECT count(*) FROM $db1.$view2").show()))
+        assert(e3.getMessage.contains(
+          s"does not have [select] privilege on [$db1/$view2/cnt,$db1/$view2/sum_id]"))
+
+        val e4 = intercept[AccessControlException](
+          doAs(someone, sql(s"SELECT count(*) FROM $db1.$view2 WHERE cnt > 10").show()))
+        assert(e4.getMessage.contains(
+          s"does not have [select] privilege on [$db1/$view2/cnt,$db1/$view2/sum_id]"))
+
+        val e5 = intercept[AccessControlException](
+          doAs(someone, sql(s"SELECT count(cnt) FROM $db1.$view2 WHERE cnt > 10").show()))
+        assert(e5.getMessage.contains(
+          s"does not have [select] privilege on [$db1/$view2/cnt,$db1/$view2/sum_id]"))
+      }
+    }
+  }
 }