search

apache / kyuubi

Apache Kyuubi is a distributed and multi-tenant gateway to provide serverless SQL on data warehouses and lakehouses.
https://kyuubi.apache.org/
Apache License 2.0
2.07k stars 903 forks source link

[Improvement] Shall We Add a SparkSession for AccessResource in SparkSQL Authz? #2438

Open packyan opened 2 years ago

packyan commented 2 years ago

Code of Conduct

Search before asking

What would you like to be improved?

The current constructor of AccessResource is :

object AccessResource {
  def apply(
      objectType: ObjectType,
      firstLevelResource: String,
      secondLevelResource: String,
      thirdLevelResource: String) {
    ...
  }
}

In some cases, firstLevelResource maybe null, for example, in spark 2.4,DESCRIBE TABLE table_name, will produce a DescribeTableCommand without database info, so the correspnding AccessResource's firstLevelResource is null. Then it will generate a invaild RangerRequest, because of the databasse field is null.

I'm not sure that when the database is not explicitly specified in the sql statement, there will be other commands without database information.

How should we improve?

Therefore, I think we should add a sparksession in AccessResource, in the case of databasse is null. When the firstLevelResource is null or empty, get firstLevelResource from catalog's current database.

Are you willing to submit PR?

packyan commented 2 years ago

cc @yaooqinn

yaooqinn commented 2 years ago

we shall use currentdb case by case

yaooqinn commented 2 years ago

The DescribeTableCommand supports both temp view, permanent view, and table. we can use the current db directly for the temp view. we seem can do nothing if the spark does not pass the database part into this command.