From 3af5ed13c552038c38601f4a6c501daf662486f4 Mon Sep 17 00:00:00 2001 From: yikaifei Date: Fri, 20 Oct 2023 20:10:34 +0800 Subject: [PATCH] [KYUUBI #5427] [AUTHZ] Shade spark authz plugin ### _Why are the changes needed?_ This PR aims to shade the kyuubi spark authz plugin to simplify the user's use. ### _How was this patch tested?_ - [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible - [x] Add screenshots for manual tests if appropriate - [ ] [Run test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests) locally before make a pull request ### _Was this patch authored or co-authored using generative AI tooling?_ No Closes #5427 from Yikf/shade-authz. Closes #5427 d2f7ea8d1 [yikaifei] fix 695133de4 [Kent Yao] Update docs/security/authorization/spark/install.md f3a653133 [Kent Yao] Update docs/security/authorization/spark/build.md 963cab372 [yikaifei] bundle 2068c98fc [yikaifei] relocation 6c6e50ea7 [yikaifei] Shade spark authz plugin Lead-authored-by: yikaifei Co-authored-by: Kent Yao Signed-off-by: yikaifei --- docs/security/authorization/spark/build.md | 13 + docs/security/authorization/spark/install.md | 2 +- .../spark/kyuubi-spark-authz-shaded/pom.xml | 317 ++++++++++++++++++ pom.xml | 1 + 4 files changed, 332 insertions(+), 1 deletion(-) create mode 100644 extensions/spark/kyuubi-spark-authz-shaded/pom.xml diff --git a/docs/security/authorization/spark/build.md b/docs/security/authorization/spark/build.md index aa7fc18da1c..17e8e00f4c6 100644 --- a/docs/security/authorization/spark/build.md +++ b/docs/security/authorization/spark/build.md @@ -31,6 +31,19 @@ After a while, if everything goes well, you will get the plugin finally in two p - The main plugin jar, which is under `./extensions/spark/kyuubi-spark-authz/target/kyuubi-spark-authz_${scala.binary.version}-${project.version}.jar` - The least transitive dependencies needed, which are under `./extensions/spark/kyuubi-spark-authz/target/scala-${scala.binary.version}/jars` +## Build shaded jar with Apache Maven + +Apache Kyuubi also provides the shaded jar for the Spark AuthZ plugin, You can run the AuthZ plugin using just a shaded jar without the additional dependency of jars, +To build it, `cd` to the root direct of kyuubi project and run: + +```shell +build/mvn clean package -pl :kyuubi-spark-authz-shaded_2.12 -DskipTests -am +``` + +After a while, if everything goes well, you will get the plugin finally: + +- The shaded AuthZ plugin jar, which is under `./extensions/spark/kyuubi-spark-authz-shaded/target/kyuubi-spark-authz-shaded_${scala.binary.version}-${project.version}.jar` + ### Build against Different Apache Spark Versions The maven option `spark.version` is used for specifying Spark version to compile with and generate corresponding transitive dependencies. diff --git a/docs/security/authorization/spark/install.md b/docs/security/authorization/spark/install.md index f820f53c4ec..ff4131c6f73 100644 --- a/docs/security/authorization/spark/install.md +++ b/docs/security/authorization/spark/install.md @@ -31,7 +31,7 @@ ## Install -With the `kyuubi-spark-authz_*.jar` and its transitive dependencies available for spark runtime classpath, such as +Use either the shaded jar `kyuubi-spark-authz-shaded_*.jar` or the `kyuubi-spark-authz_*.jar` with its transitive dependencies available for spark runtime classpath, such as - Copied to `$SPARK_HOME/jars`, or - Specified to `spark.jars` configuration diff --git a/extensions/spark/kyuubi-spark-authz-shaded/pom.xml b/extensions/spark/kyuubi-spark-authz-shaded/pom.xml new file mode 100644 index 00000000000..b135a1d7c1e --- /dev/null +++ b/extensions/spark/kyuubi-spark-authz-shaded/pom.xml @@ -0,0 +1,317 @@ + + + + 4.0.0 + + org.apache.kyuubi + kyuubi-parent + 1.9.0-SNAPSHOT + ../../../pom.xml + + + kyuubi-spark-authz-shaded_${scala.binary.version} + jar + Kyuubi Dev Spark Authorization Extension Shaded + https://kyuubi.apache.org/ + + + + 1.0.0 + 1.19.4 + 5.7.0 + + + + + org.apache.kyuubi + kyuubi-spark-authz_${scala.binary.version} + ${project.version} + + + org.apache.kyuubi + kyuubi-util-scala_${scala.binary.version} + ${project.version} + + + org.apache.ranger + ranger-plugins-common + ${ranger.version} + + + com.sun.jersey + jersey-bundle + + + org.apache.ranger + ranger-plugin-classloader + + + org.apache.ranger + ranger-plugins-audit + + + log4j + log4j + + + ch.qos.logback + logback-classic + + + commons-lang + commons-lang + + + commons-logging + commons-logging + + + org.apache.httpcomponents + * + + + org.apache.hadoop + hadoop-common + + + javax.ws.rs + jsr311-api + + + org.codehaus.jackson + jackson-core-asl + + + org.codehaus.jackson + jackson-mapper-asl + + + com.kstruct + gethostname4j + + + net.java.dev.jna + jna + + + net.java.dev.jna + jna-platform + + + + + + com.sun.jersey + jersey-client + ${jersey.client.version} + + + javax.ws.rs + jsr311-api + + + + + + com.kstruct + gethostname4j + ${gethostname4j.version} + + + + net.java.dev.jna + jna + ${jna.version} + + + + net.java.dev.jna + jna-platform + ${jna.version} + + + + org.apache.ranger + ranger-plugins-audit + ${ranger.version} + + + org.apache.ranger + ranger-plugins-cred + + + org.apache.kafka + * + + + org.apache.solr + solr-solrj + + + org.elasticsearch + * + + + org.elasticsearch.client + * + + + org.elasticsearch.plugin + * + + + org.apache.lucene + * + + + log4j + log4j + + + commons-lang + commons-lang + + + commons-logging + commons-logging + + + com.carrotsearch + hppc + + + org.apache.httpcomponents + * + + + org.apache.hive + hive-storage-api + + + org.apache.orc + orc-core + + + org.apache.hadoop + hadoop-common + + + com.google.guava + guava + + + joda-time + joda-time + + + org.apache.logging.log4j + * + + + com.amazonaws + aws-java-sdk-bundle + + + + + + + + + org.apache.maven.plugins + maven-shade-plugin + + false + + + org.apache.kyuubi:kyuubi-util-scala_${scala.binary.version} + org.apache.kyuubi:kyuubi-spark-authz_${scala.binary.version} + org.apache.kyuubi:kyuubi-util + org.apache.ranger:ranger-plugins-common + org.apache.ranger:ranger-plugins-audit + org.codehaus.jackson:jackson-jaxrs + com.sun.jersey:jersey-client + com.sun.jersey:jersey-core + com.kstruct:gethostname4j + net.java.dev.jna:jna + net.java.dev.jna:jna-platform + + + + + *:* + + **/*.proto + META-INF/*.SF + META-INF/*.DSA + META-INF/*.RSA + META-INF/DEPENDENCIES + META-INF/LICENSE.txt + META-INF/NOTICE.txt + META-INF/maven/** + LICENSE.txt + NOTICE.txt + mozilla/** + **/module-info.class + + + + + + org.codehaus.jackson.jaxrs + ${kyuubi.shade.packageName}.org.codehaus.jackson.jaxrs + + + com.sun.jersey + ${kyuubi.shade.packageName}.com.sun.jersey + + + com.sun.ws.rs.ext + ${kyuubi.shade.packageName}.com.sun.ws.rs.ext + + + com.kstruct.gethostname4j + ${kyuubi.shade.packageName}.com.kstruct.gethostname4j + + + org.apache.hadoop.security + ${kyuubi.shade.packageName}.org.apache.hadoop.security + + org.apache.hadoop.security.KrbPasswordSaverLoginModule + org.apache.hadoop.security.SecureClientLogin + org.apache.hadoop.security.SecureClientLoginConfiguration + + + + + + + + + + + shade + + package + + + + + + diff --git a/pom.xml b/pom.xml index 1f3fca53b86..417800be1a7 100644 --- a/pom.xml +++ b/pom.xml @@ -56,6 +56,7 @@ extensions/server/kyuubi-server-plugin extensions/spark/kyuubi-extension-spark-jdbc-dialect extensions/spark/kyuubi-spark-authz + extensions/spark/kyuubi-spark-authz-shaded extensions/spark/kyuubi-spark-connector-common extensions/spark/kyuubi-spark-connector-tpcds extensions/spark/kyuubi-spark-connector-tpch