[KYUUBI #5503][FOLLOWUP][AUTHZ] Authz should skip inner plan that have been verified #5563
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Why are the changes needed?
To close #5503
For sql such as lateral join in test
[KYUUBI #5503][AUTHZ] Check plan auth checked should not set tag to all child nodes
, it will first verify subquery inlateral
then verify whole plan, if there is a view, when verify the whole plan, thePermanentViewMarker
will be remove by spark's optimizer.Then it will verify both source table
table1
andtable2
.So I think we need to do 3 things:
isAuthChecked
should only check the first level of the plan to avoid skipping the check of the whole plan in the demo testbuildQuery
, if the current node has the tag, we just skip it.Without this pr, the SQL in test will both check
table1
andtable2
How was this patch tested?
Add some test cases that check the changes thoroughly including negative and positive cases if possible
Add screenshots for manual tests if appropriate
Run test locally before make a pull request
Was this patch authored or co-authored using generative AI tooling?
No