search

apache / kyuubi

Apache Kyuubi is a distributed and multi-tenant gateway to provide serverless SQL on data warehouses and lakehouses.
https://kyuubi.apache.org/
Apache License 2.0
2.11k stars 915 forks source link

[Umberella] Support Paimon in Authz #5470

Open bowenliang123 opened 1 year ago

bowenliang123 commented 1 year ago

Code of Conduct

Search before asking

Describe the proposal

Introduce Paimon support in Kyuubi Authz plugin.

Apache Paimon is an incubating Apache project of data lake platform for high-speed data ingestion, changelog tracking and efficient real-time analytics.

Task list

Paimon Spark 3 Reference: https://paimon.apache.org/docs/master/engines/spark3/

Are you willing to submit PR?

davidyuan1223 commented 1 year ago

hello, i want try this issue, but i'm not sure how to improve it, this code is a createTableAsSql for paimon

  test("CreateTableAs") {
    withCleanTmpResources(Seq((s"$catalogV2.$namespace1.$table1", "table"),
      (s"$catalogV2.$namespace1.$table2", "table"))) {
      doAs(
        admin,
        sql(
          s"""
             |CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table1
             |(id int, name string, city string)
             |USING paimon
             |OPTIONS (
             |  primaryKey = 'id'
             |)
             |""".stripMargin
        )
      )
      interceptContains[AccessControlException] {
        doAs(
          someone,
          sql(
            s"""
               |CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table2
               |USING PAIMON
               |AS
               |SELECT * FROM $catalogV2.$namespace1.$table1
               |""".stripMargin
          )
        )
      }(s"does not have [select] privilege on [$table1/id]")
    }
  }

But when i try admin to execute the createTableAs Sql, the authz also will print exception, like user [admin] does not have [select] privilege on [$table1/id]

bowenliang123 commented 1 year ago

hello, i want try this issue, but i'm not sure how to improve it, this code is a createTableAsSql for paimon

  test("CreateTableAs") {
    withCleanTmpResources(Seq((s"$catalogV2.$namespace1.$table1", "table"),
      (s"$catalogV2.$namespace1.$table2", "table"))) {
      doAs(
        admin,
        sql(
          s"""
             |CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table1
             |(id int, name string, city string)
             |USING paimon
             |OPTIONS (
             |  primaryKey = 'id'
             |)
             |""".stripMargin
        )
      )
      interceptContains[AccessControlException] {
        doAs(
          someone,
          sql(
            s"""
               |CREATE TABLE IF NOT EXISTS $catalogV2.$namespace1.$table2
               |USING PAIMON
               |AS
               |SELECT * FROM $catalogV2.$namespace1.$table1
               |""".stripMargin
          )
        )
      }(s"does not have [select] privilege on [$table1/id]")
    }
  }

But when i try admin to execute the createTableAs Sql, the authz also will print exception, like user [admin] does not have [select] privilege on [$table1/id]

Hi, I'm not reproducing the case you mentioned. And #5590 is raised for it, you may have a check on this. If you still encounter this issue, please submit a dedicated issue with code and logs showing the full test cases for positive and negative.