diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json index 95e00f7213b..1d2b5dc88a2 100644 --- a/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json +++ b/extensions/spark/kyuubi-spark-authz/src/main/resources/table_command_spec.json @@ -1699,6 +1699,23 @@ } ], "opType" : "MSCK", "queryDescs" : [ ] +}, { + "classname" : "org.apache.spark.sql.hudi.command.ShowHoodieTablePartitionsCommand", + "tableDescs" : [ { + "fieldName" : "tableIdentifier", + "fieldExtractor" : "TableIdentifierTableExtractor", + "columnDesc" : { + "fieldName" : "specOpt", + "fieldExtractor" : "PartitionOptionColumnExtractor" + }, + "actionTypeDesc" : null, + "tableTypeDesc" : null, + "catalogDesc" : null, + "isInput" : true, + "setCurrentDatabaseIfMissing" : false + } ], + "opType" : "SHOWPARTITIONS", + "queryDescs" : [ ] }, { "classname" : "org.apache.spark.sql.hudi.command.Spark31AlterTableCommand", "tableDescs" : [ { diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala index 5bd7a683780..e4949d54181 100644 --- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala +++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/HudiCommands.scala @@ -189,6 +189,17 @@ object HudiCommands { TableCommandSpec(cmd, Seq(tableDesc), queryDescs = Seq(queryDescs)) } + val ShowHoodieTablePartitionsCommand = { + val cmd = "org.apache.spark.sql.hudi.command.ShowHoodieTablePartitionsCommand" + val columnDesc = ColumnDesc("specOpt", classOf[PartitionOptionColumnExtractor]) + val tableDesc = TableDesc( + "tableIdentifier", + classOf[TableIdentifierTableExtractor], + isInput = true, + columnDesc = Some(columnDesc)) + TableCommandSpec(cmd, Seq(tableDesc), SHOWPARTITIONS) + } + val data: Array[TableCommandSpec] = Array( AlterHoodieTableAddColumnsCommand, AlterHoodieTableChangeColumnCommand, @@ -206,6 +217,7 @@ object HudiCommands { MergeIntoHoodieTableCommand, RepairHoodieTableCommand, TruncateHoodieTableCommand, + ShowHoodieTablePartitionsCommand, Spark31AlterTableCommand, UpdateHoodieTableCommand) } diff --git a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala index 93d075a6a15..193446bb24f 100644 --- a/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala +++ b/extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/HudiCatalogRangerSparkExtensionSuite.scala @@ -371,7 +371,7 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite { } } - test("DeleteHoodieTableCommand/UpdateHoodieTableCommand/MergeIntoHoodieTableCommand") { + test("ShowHoodieTablePartitionsCommand") { withSingleCallEnabled { withCleanTmpResources(Seq( (s"$namespace1.$table1", "table"), @@ -392,43 +392,18 @@ class HudiCatalogRangerSparkExtensionSuite extends RangerSparkExtensionSuite { |PARTITIONED BY(city) |""".stripMargin)) - doAs( - admin, - sql( - s""" - |CREATE TABLE IF NOT EXISTS $namespace1.$table2(id int, name string, city string) - |USING HUDI - |OPTIONS ( - | type = 'cow', - | primaryKey = 'id', - | 'hoodie.datasource.hive_sync.enable' = 'false' - |) - |PARTITIONED BY(city) - |""".stripMargin)) - - val deleteFrom = s"DELETE FROM $namespace1.$table1 WHERE id = 10" + val showPartitionsSql = s"SHOW PARTITIONS $namespace1.$table1" interceptContains[AccessControlException] { - doAs(someone, sql(deleteFrom)) - }(s"does not have [update] privilege on [$namespace1/$table1]") + doAs(someone, sql(showPartitionsSql)) + }(s"does not have [select] privilege on [$namespace1/$table1]") + doAs(admin, sql(showPartitionsSql)) - val updateSql = s"UPDATE $namespace1.$table1 SET name = 'test' WHERE id > 10" + val showPartitionSpecSql = + s"SHOW PARTITIONS $namespace1.$table1 PARTITION (city = 'hangzhou')" interceptContains[AccessControlException] { - doAs(someone, sql(updateSql)) - }(s"does not have [update] privilege on [$namespace1/$table1]") - - val mergeIntoSQL = - s""" - |MERGE INTO $namespace1.$table1 target - |USING $namespace1.$table2 source - |ON target.id = source.id - |WHEN MATCHED - |AND target.name == 'test' - | THEN UPDATE SET id = source.id, name = source.name, city = source.city - |""".stripMargin - interceptContains[AccessControlException] { - doAs(someone, sql(mergeIntoSQL)) - }(s"does not have [select] privilege on " + - s"[$namespace1/$table2/id,$namespace1/$table2/name,$namespace1/$table2/city]") + doAs(someone, sql(showPartitionSpecSql)) + }(s"does not have [select] privilege on [$namespace1/$table1/city]") + doAs(admin, sql(showPartitionSpecSql)) } } }