apache/kyuubi
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
721f264bb5
kyuubi/extensions
History
Bowen Liang 1989e4c793
[KYUUBI #3325] [FEATURE] [AUTHZ] Privilege checks for permanent views and skipping shadowed tables 
### _Why are the changes needed?_

fix #3325

Permanent views are generally registed globally and then used for unifing, masking, joining tables for different practical purposes. The data manager would like to authorize views to users , but not all the source tables.

Authz plugin is not satisfiying this senario as it checks privileges all the source table instead of the permanent views.

Suggesting chaning behaviour of PrivilegesBuilder

- check privileges for permanent view
- skip privileges check for shadowed source view of permanent views
### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #3326 from bowenliang123/feature-authz-perm-view.

Closes #3325

468f47ae [Bowen Liang] fix ut
b9d2cdb6 [Bowen Liang] fix ut
82c7ae63 [Bowen Liang] fix case for #3326. add "view" type for withCleanTmpResources.
bcd35d33 [Bowen Liang] add ut
3cfb4320 [Bowen Liang] Merge branch 'master' into feature-authz-perm-view
81e8b992 [Bowen Liang] rename to hasResolvedPermanentView and check if plan resolved
4903f0a9 [Bowen Liang] change to use mergeProjection in PivilegesBuilder , checking column level privilege.
78ff9d30 [Bowen Liang] view casting (+1 squashed commit) Squashed commits: [98f523d1] fix error in view casting
3706dda0 [Bowen Liang] rename ViewAccessAnalysis to RuleApplyPermanentViewMarker (+2 squashed commits) Squashed commits: [207ed7b5] rename ViewAccessAnalysis to RuleApplyPermanentViewMarker [f58be005] nit
6ef81319 [Bowen Liang] use isSparkVersionAtLeast 3.1.0 instead of try-catch RuntimeException non-existed isTempView field
76ec6b42 [Bowen Liang] simplify and remove applyPermanentViewMarker (+2 squashed commits) Squashed commits: [802e5223] nit [ba1beb49] nit
aea561c5 [Bowen Liang] ut for spark30 and spark31greater
41c67ac9 [Bowen Liang] use reflection for isTempView of View
94a837fc [liangbowen] add ut for permanent view privilege checks
a0072c0c [liangbowen] add PermanentViewMarker for marking perm view catalogTable and check PrivilegesBuilder with PermanentViewMarker, finally maker cleanup in RuleEliminateViewMarker

Lead-authored-by: Bowen Liang <liangbowen@gf.com.cn>
Co-authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Kent Yao <yao@apache.org>
2022-08-30 15:18:20 +08:00
..
server/kyuubi-server-plugin [KYUUBI #3264] [RELEASE] Bump 1.7.0-SNAPSHOT 2022-08-18 11:23:54 +08:00
spark [KYUUBI #3325] [FEATURE] [AUTHZ] Privilege checks for permanent views and skipping shadowed tables 2022-08-30 15:18:20 +08:00
README.md [KYUUBI #2292] Unify kyuubi server plugin location 2022-04-08 10:16:11 +08:00

README.md

For developers

This folder contains plugins/extension for kyuubi server and different engine types.

  • ext
    • kyuubi-server
    • spark
    • flink
    • trino
    • hive
    • others
    • ...