pan3793 commented on code in PR #7187:
URL: https://github.com/apache/kyuubi/pull/7187#discussion_r2324212019
##########
extensions/spark/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/FunctionPrivilegesBuilderSuite.scala:
##########
@@ -193,4 +199,56 @@ class HiveFunctionPrivilegesBuilderSuite extends
FunctionPrivilegesBuilderSuite
}
}
+ test("Built in and UDF Function Call Query") {
+ val plan = sql(s"SELECT kyuubi_fun_0('TESTSTRING'), " +
+ s"kyuubi_fun_0(value)," +
+ s"abs(key)," +
+ s"abs(-100)," +
+ s"lower(value)," +
+ s"lower('TESTSTRING') " +
+ s"FROM $reusedTable").queryExecution.analyzed
+ val (inputs, _, _) = PrivilegesBuilder.buildFunctions(plan, spark)
+ assert(inputs.size === 2)
+ inputs.foreach { po =>
+ assert(po.actionType === PrivilegeObjectActionType.OTHER)
+ assert(po.privilegeObjectType === PrivilegeObjectType.FUNCTION)
+ assert(po.dbname startsWith reusedDb.toLowerCase)
+ assert(po.objectName startsWith functionNamePrefix.toLowerCase)
+ val accessType = ranger.AccessType(po, QUERY, isInput = true)
+ assert(accessType === AccessType.SELECT)
+ }
+ }
+
+ test("[KYUUBI #7186] Introduce RuleFunctionAuthorization") {
+
+ val ruleFunc =
Mockito.spy[RuleFunctionAuthorization](RuleFunctionAuthorization(spark))
+ Mockito.doAnswer(new Answer[Unit] {
+ override def answer(invocation: InvocationOnMock): Unit = {
+ val requests =
invocation.getArgument[mutable.ArrayBuffer[AccessRequest]](0)
+ requests.foreach { request =>
+ // deny udf `reusedDb.kyuubi_fun_0`
Review Comment:
is it possible to modify the policy configs instead of mock?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
