[AUTHZ] Check previleges for Paimon #6541
Labels
Comments
|
Seems there is nothing we can do on the Kyuubi side. |
We can compensate for this by getting the database from DataSourceV2Relation#identifier. Otherwise, AUTHZ would need to be removed if the user wants to use paimon's catalog, but in the case of multiple catalogs, AUTHZ is needed. |
|
Please go ahead to make a PR |
promising-forever
changed the title
promising-forever
pushed a commit
to promising-forever/kyuubi
that referenced
this issue
Jul 17, 2024
…able can't get the 'database' attribute if it's a Paimon plan.
promising-forever
pushed a commit
to promising-forever/kyuubi
that referenced
this issue
Jul 17, 2024
…able can't get the 'database' attribute if it's a Paimon plan.
promising-forever
pushed a commit
to promising-forever/kyuubi
that referenced
this issue
Jul 18, 2024
…able can't get the 'database' attribute if it's a Paimon plan.
bowenliang123
pushed a commit
that referenced
this issue
Jul 28, 2024
…et the 'database' attribute if it's a Paimon plan. # 🔍 Description ## Issue References 🔗 This pull request fixes #6541 ## Describe Your Solution 🔧 Fix an issue where DataSourceV2RelationTableExtractor#table could not fetch the ‘database’ attribute causing the Ranger checks to fail when using the Paimon Catalog. If the database attribute is not resolved, use DataSourceV2RelationTableExtractor#identifier to complete it. ## Types of changes 🔖 - [x] Bugfix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) ## Test Plan 🧪 #### Behavior Without This Pull Request ⚰️ #### Behavior With This Pull Request 🎉 #### Related Unit Tests --- # Checklist 📝 - [ ] This patch was not authored or co-authored using [Generative Tooling](https://www.apache.org/legal/generative-tooling.html) **Be nice. Be informative.** Closes #6544 from promising-forever/issues/6541. Closes #6541 6549f85 [caoyu] Fix test failure, paimon-spark run on Scala 2.12. c1a0921 [caoyu] Optimising the 'database' capture logic 69fb0bc [caoyu] PolicyJsonFileGenerator#genPolicies add paimonNamespace c89c70b [caoyu] [KYUUBI #6541] [AUTHZ] Fix DataSourceV2RelationTableExtractor#table can't get the 'database' attribute if it's a Paimon plan. 77f121b [caoyu] [KYUUBI #6541] [AUTHZ] Fix DataSourceV2RelationTableExtractor#table can't get the 'database' attribute if it's a Paimon plan. 9cfb584 [caoyu] [KYUUBI #6541] [AUTHZ] Fix DataSourceV2RelationTableExtractor#table can't get the 'database' attribute if it's a Paimon plan. Authored-by: caoyu <caoy.5@jifenn.com> Signed-off-by: Bowen Liang <liangbowen@gf.com.cn> (cherry picked from commit d9d2109) Signed-off-by: Bowen Liang <liangbowen@gf.com.cn>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Code of Conduct
Search before asking
Describe the bug
Before this PR, If Spark-ranger is enabled, the Paimon query will be rejected, because the corresponding dbname cannot be obtained when the plan is parsed.
when the select xx from pamion.db.table commond is executed.
The DataSourceV2Relation#table in org.apache.paimon.spark.SparkTable, The 'database' value could not be obtained, ranger need this parameter during verification.
Affects Version(s)
1.9.1
Kyuubi Server Log Output
No response
Kyuubi Engine Log Output
No response
Kyuubi Server Configurations
No response
Kyuubi Engine Configurations
No response
Additional context
No response
Are you willing to submit PR?
The text was updated successfully, but these errors were encountered: