Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] [Authz] Failed to build and test Authz plugin with Ranger below 1.0 with failures of data masking #4450

Closed
2 tasks done
bowenliang123 opened this issue Mar 6, 2023 · 1 comment
Closed
2 tasks done

[Bug] [Authz] Failed to build and test Authz plugin with Ranger below 1.0 with failures of data masking #4450

bowenliang123 opened this issue Mar 6, 2023 · 1 comment
Labels
kind:bug This is a clearly a bug priority:major
Milestone
v1.7.0

Comments

@bowenliang123
Copy link
Contributor

bowenliang123 commented Mar 6, 2023
edited

Code of Conduct

Search before asking

  • I have searched in the issues and found no similar issues.

Describe the bug

✅ OK to build and test with Ranger 1.0+(1.1.0/1.2.0/2.1.0/2.3.0)
❌ Failed to build and test Authz plugin with either 0.6.0 or 0.7.0.

build/mvn clean package -pl :kyuubi-spark-authz_2.12 -Pspark-3.3 -Dranger.version=0.6.0
build/mvn clean package -pl :kyuubi-spark-authz_2.12 -Pspark-3.3 -Dranger.version=0.7.0

Total number of tests run: 455
Suites: completed 18, aborted 0
Tests: succeeded 307, failed 148, canceled 37, ignored 0, pending 0
*** 148 TESTS FAILED ***
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------

Affects Version(s)

1.7.0/master

Kyuubi Server Log Output

No response

Kyuubi Engine Log Output

- auth: databases *** FAILED ***
  Expected exception org.apache.kyuubi.plugin.spark.authz.AccessControlException to be thrown, but no exception was thrown (RangerSparkExtensionSuite.scala:155)
- auth: tables *** FAILED ***
  Expected exception org.apache.kyuubi.plugin.spark.authz.AccessControlException to be thrown, but no exception was thrown (RangerSparkExtensionSuite.scala:177)
- auth: functions *** FAILED ***
  Expected exception org.apache.kyuubi.plugin.spark.authz.AccessControlException to be thrown, but no exception was thrown (RangerSparkExtensionSuite.scala:215)
- row level filter *** FAILED ***
  SELECT value FROM default.src Array([1], [2], [3]) did not equal List([1]) (RangerSparkExtensionSuite.scala:248)
- [KYUUBI #3581]: row level filter on permanent view *** FAILED ***
  SELECT value FROM default.perm_view Array([1], [2], [3]) did not equal List([1]) (RangerSparkExtensionSuite.scala:291)
- show tables *** FAILED ***
  0 did not equal 2 (RangerSparkExtensionSuite.scala:310)
- show databases *** FAILED ***
  Array() had length 0 instead of expected length 2 (RangerSparkExtensionSuite.scala:321)
- show functions *** FAILED ***
  Array() had length 0 instead of expected length 1 (RangerSparkExtensionSuite.scala:340)
- show columns *** FAILED ***
  0 did not equal 2 (RangerSparkExtensionSuite.scala:367)
- show table extended *** FAILED ***
  0 did not equal 5 (RangerSparkExtensionSuite.scala:397)
- [KYUUBI #3426] Drop temp view should be skipped permission check *** FAILED ***
  Array() had length 0 instead of expected length 2 (RangerSparkExtensionSuite.scala:453)
- [KYUUBI #3428] AlterViewAsCommand should be skipped permission check *** FAILED ***
  java.lang.reflect.UndeclaredThrowableException:
  at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1894)
  at org.apache.kyuubi.plugin.spark.authz.SparkSessionProvider.doAs(SparkSessionProvider.scala:76)
  at org.apache.kyuubi.plugin.spark.authz.SparkSessionProvider.doAs$(SparkSessionProvider.scala:74)
  at org.apache.kyuubi.plugin.spark.authz.ranger.RangerSparkExtensionSuite.doAs(RangerSparkExtensionSuite.scala:37)
  at org.apache.kyuubi.plugin.spark.authz.ranger.RangerSparkExtensionSuite.$anonfun$new$138(RangerSparkExtensionSuite.scala:466)
  at org.scalatest.OutcomeOf.outcomeOf(OutcomeOf.scala:85)
  at org.scalatest.OutcomeOf.outcomeOf$(OutcomeOf.scala:83)
  at org.scalatest.OutcomeOf$.outcomeOf(OutcomeOf.scala:104)
  at org.scalatest.Transformer.apply(Transformer.scala:22)
  at org.scalatest.Transformer.apply(Transformer.scala:20)
  ...
  Cause: org.apache.spark.sql.catalyst.analysis.TempTableAlreadyExistsException: Temporary view 'temp_view' already exists
  at org.apache.spark.sql.catalyst.catalog.SessionCatalog.createTempView(SessionCatalog.scala:602)
  at org.apache.spark.sql.execution.command.CreateViewCommand.run(views.scala:124)
  at org.apache.spark.sql.execution.command.ExecutedCommandExec.sideEffectResult$lzycompute(commands.scala:75)
  at org.apache.spark.sql.execution.command.ExecutedCommandExec.sideEffectResult(commands.scala:73)
  at org.apache.spark.sql.execution.command.ExecutedCommandExec.executeCollect(commands.scala:84)
  at org.apache.spark.sql.execution.QueryExecution$$anonfun$eagerlyExecuteCommands$1.$anonfun$applyOrElse$1(QueryExecution.scala:98)
  at org.apache.spark.sql.execution.SQLExecution$.$anonfun$withNewExecutionId$6(SQLExecution.scala:109)
  at org.apache.spark.sql.execution.SQLExecution$.withSQLConfPropagated(SQLExecution.scala:169)
  at org.apache.spark.sql.execution.SQLExecution$.$anonfun$withNewExecutionId$1(SQLExecution.scala:95)
  at org.apache.spark.sql.SparkSession.withActive(SparkSession.scala:779)
  ...
- [KYUUBI #3343] pass temporary view creation *** FAILED ***
  scala.util.Try.apply[org.apache.spark.sql.DataFrame](RangerSparkExtensionSuite.this.sql.apply(scala.StringContext.apply("CREATE TEMPORARY VIEW ", " AS select * from values(1)").s(tempView))).isSuccess was false (RangerSparkExtensionSuite.scala:495)
== Physical Plan ==
CommandResult <empty>
   +- CreateNamespace org.apache.spark.sql.execution.datasources.v2.jdbc.JDBCTableCatalog@33770455, [ns2], true


- [KYUUBI #3424] CREATE DATABASE *** FAILED ***
  Expected exception org.apache.kyuubi.plugin.spark.authz.AccessControlException to be thrown, but no exception was thrown (V2JdbcTableCatalogRangerSparkExtensionSuite.scala:84)
- [KYUUBI #3424] DROP DATABASE *** FAILED ***
  Expected exception org.apache.kyuubi.plugin.spark.authz.AccessControlException to be thrown, but java.lang.reflect.UndeclaredThrowableException was thrown (V2JdbcTableCatalogRangerSparkExtensionSuite.scala:94)



### Kyuubi Server Configurations

_No response_

### Kyuubi Engine Configurations

_No response_

### Additional context

_No response_

### Are you willing to submit PR?

- [ ] Yes. I would be willing to submit a PR with guidance from the Kyuubi community to fix.
- [X] No. I cannot submit a PR at this time.
@bowenliang123 bowenliang123 added kind:bug This is a clearly a bug priority:major labels Mar 6, 2023
@bowenliang123 bowenliang123 changed the title [Bug] [Authz] Failed to build and test Authz plugin with Ranger below 1.0 [Bug] [Authz] Failed to build and test Authz plugin with Ranger below 1.0 with failures of data masking Mar 6, 2023
@bowenliang123
Copy link
Contributor Author

bowenliang123 commented Mar 6, 2023
edited

cc @yaooqinn @pan3793

@yaooqinn yaooqinn added this to the v1.7.0 milestone Mar 6, 2023
@bowenliang123 bowenliang123 mentioned this issue Mar 6, 2023
Closed
3 tasks
@pan3793 pan3793 closed this as completed in 889dbc6 Mar 7, 2023
pan3793 pushed a commit that referenced this issue Mar 7, 2023
@bowenliang123 @pan3793
[KYUUBI #4450] Ignore unknown fields policyPriority when reading po…
ab0106c 
…licy json file

### _Why are the changes needed?_

To fix #4450.
- allow ignoring unknown fields in policy file for testing which brought by Ranger version changes

```
com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "policyPriority" (class org.apache.ranger.plugin.model.RangerPolicy), not marked as ignorable (21 known properties: "denyPolicyItems", "resources", "guid", "resourceSignature", "name", "policyType", "allowExceptions", "policyItems", "isAuditEnabled", "updatedBy", "service", "updateTime", "isEnabled", "version", "id", "description", "createdBy", "createTime", "denyExceptions", "dataMaskPolicyItems", "rowFilterPolicyItems"])
```

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [ ] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #4455 from bowenliang123/authz-unknown-fields.

Closes #4450

592a954 [liangbowen] ignore unknown fields in json mapper

Authored-by: liangbowen <liangbowen@gf.com.cn>
Signed-off-by: Cheng Pan <chengpan@apache.org>
(cherry picked from commit 889dbc6)
Signed-off-by: Cheng Pan <chengpan@apache.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind:bug This is a clearly a bug priority:major
Projects
None yet
Milestone
v1.7.0
2 participants
@bowenliang123 @yaooqinn