Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[#5118] feat(auth): Lakehouse Iceberg catalog supports Ranger authorization plugin #5467

Merged
merged 11 commits into from
Nov 6, 2024
Merged

[#5118] feat(auth): Lakehouse Iceberg catalog supports Ranger authorization plugin #5467

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
23c7a81
Support Iceberg for Ranger
jerqi Oct 14, 2024
d3bc02e
cache
jerqi Nov 4, 2024
703f433
Add doc
jerqi Nov 5, 2024
7c02c0b
fix ut
jerqi Nov 5, 2024
fbf36f3
fix ut
jerqi Nov 5, 2024
87a79ee
fix ut
jerqi Nov 6, 2024
c61391a
address comment
jerqi Nov 6, 2024
e09946e
address comment
jerqi Nov 6, 2024
49b5fc9
Add doc
jerqi Nov 6, 2024
21e9197
rename
jerqi Nov 6, 2024
24cc486
fix
jerqi Nov 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion api/src/main/java/org/apache/gravitino/authorization/Privilege.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ enum Name {
USE_SCHEMA(0L, 1L << 4),
/** The privilege to create a table. */
CREATE_TABLE(0L, 1L << 5),
/** The privilege to execute SQL `ALTER`, `INSERT`, `UPDATE`, or `DELETE` for a table. */
/** The privilege to write data to a table or modify the table schema. */
MODIFY_TABLE(0L, 1L << 6),
/** The privilege to select data from a table. */
SELECT_TABLE(0L, 1L << 7),
Expand Down
2 changes: 1 addition & 1 deletion api/src/main/java/org/apache/gravitino/authorization/Privileges.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -407,7 +407,7 @@ public boolean canBindTo(MetadataObject.Type type) {
}
}

/** The privilege to execute SQL `ALTER`, `INSERT`, `UPDATE`, or `DELETE` for a table. */
/** The privilege to write data to a table or modify the table schema. */
public static class ModifyTable extends GenericPrivilege<ModifyTable> {
private static final ModifyTable ALLOW_INSTANCE =
new ModifyTable(Condition.ALLOW, Name.MODIFY_TABLE);
Expand Down
5 changes: 4 additions & 1 deletion authorizations/authorization-ranger/build.gradle.kts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ plugins {
val scalaVersion: String = project.properties["scalaVersion"] as? String ?: extra["defaultScalaVersion"].toString()
val sparkVersion: String = libs.versions.spark35.get()
val kyuubiVersion: String = libs.versions.kyuubi4spark35.get()
val sparkMajorVersion: String = sparkVersion.substringBeforeLast(".")
val icebergVersion: String = libs.versions.iceberg4spark.get()

dependencies {
implementation(project(":api")) {
Expand Down Expand Up @@ -97,6 +99,7 @@ dependencies {
exclude("javax.servlet", "servlet-api")
exclude("io.netty")
}
testImplementation("org.apache.iceberg:iceberg-spark-runtime-${sparkMajorVersion}_$scalaVersion:$icebergVersion")
}

tasks {
Expand Down Expand Up @@ -126,7 +129,7 @@ tasks {

tasks.test {
doFirst {
environment("HADOOP_USER_NAME", "test")
environment("HADOOP_USER_NAME", "gravitino")
}
xunliu marked this conversation as resolved.
Show resolved Hide resolved
dependsOn(":catalogs:catalog-hive:jar", ":catalogs:catalog-hive:runtimeJars")

Expand Down
3 changes: 2 additions & 1 deletion ...n-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorization.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ public String shortName() {
protected AuthorizationPlugin newPlugin(String catalogProvider, Map<String, String> config) {
switch (catalogProvider) {
case "hive":
return RangerAuthorizationHivePlugin.getInstance(config);
case "lakehouse-iceberg":
return RangerAuthorizationHadoopSQLPlugin.getInstance(config);
default:
throw new IllegalArgumentException("Unknown catalog provider: " + catalogProvider);
}
Expand Down
16 changes: 9 additions & 7 deletions ...ranger/RangerAuthorizationHivePlugin.java → ...r/RangerAuthorizationHadoopSQLPlugin.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,19 +41,21 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class RangerAuthorizationHivePlugin extends RangerAuthorizationPlugin {
private static final Logger LOG = LoggerFactory.getLogger(RangerAuthorizationHivePlugin.class);
private static volatile RangerAuthorizationHivePlugin instance = null;
public class RangerAuthorizationHadoopSQLPlugin extends RangerAuthorizationPlugin {
private static final Logger LOG =
LoggerFactory.getLogger(RangerAuthorizationHadoopSQLPlugin.class);
private static volatile RangerAuthorizationHadoopSQLPlugin instance = null;

private RangerAuthorizationHivePlugin(Map<String, String> config) {
private RangerAuthorizationHadoopSQLPlugin(Map<String, String> config) {
super(config);
}

public static synchronized RangerAuthorizationHivePlugin getInstance(Map<String, String> config) {
public static synchronized RangerAuthorizationHadoopSQLPlugin getInstance(
Map<String, String> config) {
if (instance == null) {
synchronized (RangerAuthorizationHivePlugin.class) {
synchronized (RangerAuthorizationHadoopSQLPlugin.class) {
if (instance == null) {
instance = new RangerAuthorizationHivePlugin(config);
instance = new RangerAuthorizationHadoopSQLPlugin(config);
}
}
}
Expand Down
Loading
Loading