[#4759] feat(auth-ranger): Use Spark verify Ranger authorization Hive (…

…#4948) ### What changes were proposed in this pull request? 1. Shadow integration-test-common module. 2. Add Ranger authorization Hive IT, use Spark to verify Ranger authorization Hive. ### Why are the changes needed? Fix: #4759 ### Does this PR introduce _any_ user-facing change? N/A ### How was this patch tested? CI Passed.
apache · Sep 27, 2024 · 46a6a20 · 46a6a20
1 parent c64ded6
commit 46a6a20
Show file tree

Hide file tree

Showing 10 changed files with 388 additions and 221 deletions.
diff --git a/authorizations/authorization-ranger/build.gradle.kts b/authorizations/authorization-ranger/build.gradle.kts
@@ -24,6 +24,10 @@ plugins {
   id("idea")
 }
 
+val scalaVersion: String = project.properties["scalaVersion"] as? String ?: extra["defaultScalaVersion"].toString()
+val sparkVersion: String = libs.versions.spark35.get()
+val kyuubiVersion: String = libs.versions.kyuubi4spark35.get()
+
 dependencies {
   implementation(project(":api")) {
     exclude(group = "*")
@@ -69,24 +73,30 @@ dependencies {
   testImplementation(libs.mockito.core)
   testImplementation(libs.testcontainers)
   testRuntimeOnly(libs.junit.jupiter.engine)
-  testImplementation(libs.ranger.intg) {
-    exclude("org.apache.hive", "hive-storage-api")
-    exclude("org.apache.lucene")
-    exclude("org.apache.solr")
-    exclude("org.apache.kafka")
-    exclude("org.eclipse.jetty")
-    exclude("org.elasticsearch")
-    exclude("org.elasticsearch.client")
-    exclude("org.elasticsearch.plugin")
-    exclude("javax.ws.rs")
-    exclude("org.apache.ranger", "ranger-plugin-classloader")
-  }
-  testImplementation(libs.hive2.jdbc) {
-    exclude("org.slf4j")
-    exclude("org.eclipse.jetty.aggregate")
-  }
   testImplementation(libs.mysql.driver)
   testImplementation(libs.postgresql.driver)
+  testImplementation(libs.postgresql.driver)
+  testImplementation("org.apache.spark:spark-hive_$scalaVersion:$sparkVersion")
+  testImplementation("org.apache.spark:spark-sql_$scalaVersion:$sparkVersion") {
+    exclude("org.apache.avro")
+    exclude("org.apache.hadoop")
+    exclude("org.apache.zookeeper")
+    exclude("io.dropwizard.metrics")
+    exclude("org.rocksdb")
+  }
+  testImplementation("org.apache.kyuubi:kyuubi-spark-authz_$scalaVersion:$kyuubiVersion") {
+    exclude("com.sun.jersey")
+  }
+  testImplementation(libs.hadoop3.client)
+  testImplementation(libs.hadoop3.common) {
+    exclude("com.sun.jersey")
+    exclude("javax.servlet", "servlet-api")
+  }
+  testImplementation(libs.hadoop3.hdfs) {
+    exclude("com.sun.jersey")
+    exclude("javax.servlet", "servlet-api")
+    exclude("io.netty")
+  }
 }
 
 tasks {

diff --git a/...rization-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerHelper.java b/...rization-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerHelper.java
@@ -36,6 +36,7 @@
 import org.apache.gravitino.authorization.SecurableObject;
 import org.apache.gravitino.authorization.SecurableObjects;
 import org.apache.gravitino.exceptions.AuthorizationPluginException;
+import org.apache.ranger.RangerClient;
 import org.apache.ranger.RangerServiceException;
 import org.apache.ranger.plugin.model.RangerPolicy;
 import org.apache.ranger.plugin.model.RangerRole;
@@ -60,12 +61,12 @@ public class RangerHelper {
   /** The policy search keys */
   private final List<String> policyResourceDefines;
 
-  private final RangerClientExtension rangerClient;
+  private final RangerClient rangerClient;
   private final String rangerAdminName;
   private final String rangerServiceName;
 
   public RangerHelper(
-      RangerClientExtension rangerClient,
+      RangerClient rangerClient,
       String rangerAdminName,
       String rangerServiceName,
       Map<Privilege.Name, Set<RangerPrivilege>> privilegesMapping,