[KYUUBI #5677][AUTHZ] Typeof expression miss column information #5678
Conversation
|
ping @yaooqinn |
|
What is the problem here? |
Without this pr, it will check the privilege of all table, not column |
|
I see the id, age field in the project. Why not pull them out? |
Yea |
|
Without this pr the UT's result is as below cc @yaooqinn |
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #5678 +/- ##
============================================
- Coverage 61.44% 61.43% -0.01%
Complexity 23 23
============================================
Files 603 607 +4
Lines 35664 35712 +48
Branches 4876 4891 +15
============================================
+ Hits 21914 21941 +27
- Misses 11373 11392 +19
- Partials 2377 2379 +2 ☔ View full report in Codecov by Sentry. |
Why not pull them out? |
The name and exprId are not the same between the projection list and the relation 's output, then merge projection miss the column. |
|
Why is typeof special, or how many are they? |
Since typeof's result only needs the expression's datatype, it doesn't need real value. |
Shall we bypass it? |
But it need table's read privilege, can't just ignore, better extract the correct column? |
|
It's much more like |
But only when the query's result is empty, then this sql have the output. If there is no row, show an empty result Explain command seems won't trigger privilege check. But when it execute the query, still will check the query's privilege |
| |typeof(substring(day, 1, 3)) | ||
| |FROM $db1.$table1""".stripMargin).show()))( | ||
| s"does not have [select] privilege on [$db1/$table1/id,$db1/$table1/day]") | ||
| doAs(admin, sql(s"SELECT typeof(id), typeof(day) FROM $db1.$table1").show()) |
There was a problem hiding this comment.
SELECT typeof(typeof)
typeof typeof(id + age)
There was a problem hiding this comment.
How about current?
...z/src/test/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtensionSuite.scala
Outdated
Show resolved
Hide resolved
|
Could you add the example for the plan in either the issue or the pr description to show the problem and the plan? |
|
Any more suggestion? cc @yaooqinn |
How about current? |
...ark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/rule/RuleEliminateTypeOf.scala
Outdated
Show resolved
Hide resolved
|
Any more suggestion? |
Sorry, it's still too difficult for me. I'm out of the context. |
|
If you don't have time next time, there's no need to ping me. Lately, I haven't been keeping up with your series of PRs. They always get merged quickly, and my suggestions are being skipped. Not enough information for me to understand. If the Kyuubi community is okay with this 'no-explanation-just-go' approach, I don't have any objections. I attribute all of my willingness to my own shortcomings in abilities. |
Add explain about root cause and solution. |
4 participants
Why are the changes needed?
To close #5677
Typeof expression miss column information, in this pr we add a place holder to support this.
For sql
Without this pr, typeof after optimizer passed to PrivilegeBuild is just an attribute, miss the origin child expression info.
When handle this plan's project list, it's an attribute and miss expression when expression result is a constant value, then we can't extract the
TypeOf's child expression.This is caused by
TypeOfexpression is foldableIt will be convert to a constant value after spark optimizer, then cause we miss the child expression, then can't extract columns by
collectLeavesIn this pr we wrap the
TypeOfby a non-foldable expression placeholder then we can get the expression contains column of table whenmergeProjectionAfter this pr, the plan is like below
How was this patch tested?
Add some test cases that check the changes thoroughly including negative and positive cases if possible
Add screenshots for manual tests if appropriate
Run test locally before make a pull request
Was this patch authored or co-authored using generative AI tooling?
No