Revert "[KYUUBI #5546][AUTHZ] Reorgnize the package names for rules"

This reverts commit 7a0534f.
apache · Oct 29, 2023 · 67b61df · 67b61df
1 parent 8da1801
commit 67b61df
Show file tree

Hide file tree

Showing 23 changed files with 41 additions and 52 deletions.
diff --git a/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json b/extensions/spark/kyuubi-spark-authz/src/main/resources/scan_command_spec.json
@@ -1,5 +1,5 @@
 [ {
-  "classname" : "org.apache.kyuubi.plugin.spark.authz.rule.permanetview.PermanentViewMarker",
+  "classname" : "org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker",
   "scanDescs" : [ {
     "fieldName" : "catalogTable",
     "fieldExtractor" : "CatalogTableTableExtractor",

diff --git a/...i-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala b/...i-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/PrivilegesBuilder.scala
@@ -26,9 +26,9 @@ import org.slf4j.LoggerFactory
 
 import org.apache.kyuubi.plugin.spark.authz.OperationType.OperationType
 import org.apache.kyuubi.plugin.spark.authz.PrivilegeObjectActionType._
-import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.PermanentViewMarker
 import org.apache.kyuubi.plugin.spark.authz.serde._
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 object PrivilegesBuilder {

diff --git a/...le/config/AuthzConfigurationChecker.scala → ...hz/ranger/AuthzConfigurationChecker.scala b/...le/config/AuthzConfigurationChecker.scala → ...hz/ranger/AuthzConfigurationChecker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.config
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan

diff --git a/...owfilter/FilterDataSourceV2Strategy.scala → ...z/ranger/FilterDataSourceV2Strategy.scala b/...owfilter/FilterDataSourceV2Strategy.scala → ...z/ranger/FilterDataSourceV2Strategy.scala
@@ -14,12 +14,14 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.spark.sql.{SparkSession, Strategy}
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, Project}
 import org.apache.spark.sql.execution.SparkPlan
 
+import org.apache.kyuubi.plugin.spark.authz.util.ObjectFilterPlaceHolder
+
 class FilterDataSourceV2Strategy(spark: SparkSession) extends Strategy {
   override def apply(plan: LogicalPlan): Seq[SparkPlan] = plan match {
     // For Spark 3.1 and below, `ColumnPruning` rule will set `ObjectFilterPlaceHolder#child` to

diff --git a/...e/rowfilter/FilteredShowObjectsExec.scala → ...uthz/ranger/FilteredShowObjectsExec.scala b/...e/rowfilter/FilteredShowObjectsExec.scala → ...uthz/ranger/FilteredShowObjectsExec.scala
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.SparkContext
@@ -24,7 +24,6 @@ import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.execution.{LeafExecNode, SparkPlan}
 
 import org.apache.kyuubi.plugin.spark.authz.{ObjectType, OperationType}
-import org.apache.kyuubi.plugin.spark.authz.ranger.{AccessRequest, AccessResource, AccessType, SparkRangerAdminPlugin}
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils
 
 trait FilteredShowObjectsExec extends LeafExecNode {

diff --git a/...thz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala b/...thz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/RangerSparkExtension.scala
@@ -19,11 +19,9 @@ package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.spark.sql.SparkSessionExtensions
 
-import org.apache.kyuubi.plugin.spark.authz.rule.{RuleEliminateMarker, RuleEliminatePermanentViewMarker}
-import org.apache.kyuubi.plugin.spark.authz.rule.config.AuthzConfigurationChecker
-import org.apache.kyuubi.plugin.spark.authz.rule.datamasking.{RuleApplyDataMaskingStage0, RuleApplyDataMaskingStage1}
-import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.RuleApplyPermanentViewMarker
-import org.apache.kyuubi.plugin.spark.authz.rule.rowfilter.{FilterDataSourceV2Strategy, RuleApplyRowFilter, RuleReplaceShowObjectCommands}
+import org.apache.kyuubi.plugin.spark.authz.ranger.datamasking.{RuleApplyDataMaskingStage0, RuleApplyDataMaskingStage1}
+import org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter.RuleApplyRowFilter
+import org.apache.kyuubi.plugin.spark.authz.util.{RuleEliminateMarker, RuleEliminateViewMarker}
 
 /**
  * ACL Management for Apache Spark SQL with Apache Ranger, enabling:
@@ -51,7 +49,7 @@ class RangerSparkExtension extends (SparkSessionExtensions => Unit) {
     v1.injectResolutionRule(RuleApplyDataMaskingStage1)
     v1.injectOptimizerRule(_ => new RuleEliminateMarker())
     v1.injectOptimizerRule(new RuleAuthorization(_))
-    v1.injectOptimizerRule(_ => new RuleEliminatePermanentViewMarker())
+    v1.injectOptimizerRule(_ => new RuleEliminateViewMarker())
     v1.injectPlannerStrategy(new FilterDataSourceV2Strategy(_))
   }
 }
diff --git a/...ntview/RuleApplyPermanentViewMarker.scala → ...ranger/RuleApplyPermanentViewMarker.scala b/...ntview/RuleApplyPermanentViewMarker.scala → ...ranger/RuleApplyPermanentViewMarker.scala
@@ -15,20 +15,21 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.permanentview
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, View}
 import org.apache.spark.sql.catalyst.rules.Rule
 
 import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker
 
 /**
- * Adding [[PermanentViewMarker]] for permanent views
+ * Adding [[org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker]] for permanent views
  * for marking catalogTable of views used by privilege checking
  * in [[org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization]].
- * [[PermanentViewMarker]] must be transformed up later
- * in [[org.apache.kyuubi.plugin.spark.authz.rule.RuleEliminatePermanentViewMarker]] optimizer.
+ * [[org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker]] must be transformed up later
+ * in [[org.apache.kyuubi.plugin.spark.authz.util.RuleEliminateViewMarker]] optimizer.
  */
 class RuleApplyPermanentViewMarker extends Rule[LogicalPlan] {
 

diff --git a/.../plugin/spark/authz/rule/RuleHelper.scala → ...lugin/spark/authz/ranger/RuleHelper.scala b/.../plugin/spark/authz/rule/RuleHelper.scala → ...lugin/spark/authz/ranger/RuleHelper.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.sql.SparkSession

diff --git a/...ilter/RuleReplaceShowObjectCommands.scala → ...anger/RuleReplaceShowObjectCommands.scala b/...ilter/RuleReplaceShowObjectCommands.scala → ...anger/RuleReplaceShowObjectCommands.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.apache.hadoop.security.UserGroupInformation
 import org.apache.spark.sql.{Row, SparkSession}
@@ -25,9 +25,7 @@ import org.apache.spark.sql.catalyst.rules.Rule
 import org.apache.spark.sql.execution.command.{RunnableCommand, ShowColumnsCommand}
 
 import org.apache.kyuubi.plugin.spark.authz.{ObjectType, OperationType}
-import org.apache.kyuubi.plugin.spark.authz.ranger.{AccessRequest, AccessResource, AccessType, SparkRangerAdminPlugin}
-import org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
-import org.apache.kyuubi.plugin.spark.authz.util.{AuthZUtils, WithInternalChildren}
+import org.apache.kyuubi.plugin.spark.authz.util.{AuthZUtils, ObjectFilterPlaceHolder, WithInternalChildren}
 import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 class RuleReplaceShowObjectCommands extends Rule[LogicalPlan] {
@@ -36,7 +34,7 @@ class RuleReplaceShowObjectCommands extends Rule[LogicalPlan] {
     case n: LogicalPlan if n.nodeName == "ShowTables" =>
       ObjectFilterPlaceHolder(n)
     case n: LogicalPlan if n.nodeName == "ShowNamespaces" =>
-      rowfilter.ObjectFilterPlaceHolder(n)
+      ObjectFilterPlaceHolder(n)
     case r: RunnableCommand if r.nodeName == "ShowFunctionsCommand" =>
       FilteredShowFunctionsCommand(r)
     case r: RunnableCommand if r.nodeName == "ShowColumnsCommand" =>

diff --git a/...z/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala b/...z/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/SparkRangerAdminPlugin.scala
@@ -26,6 +26,7 @@ import org.apache.ranger.plugin.service.RangerBasePlugin
 import org.slf4j.LoggerFactory
 
 import org.apache.kyuubi.plugin.spark.authz.AccessControlException
+import org.apache.kyuubi.plugin.spark.authz.util.RangerConfigProvider
 
 object SparkRangerAdminPlugin extends RangerBasePlugin("spark", "sparkSql")
   with RangerConfigProvider {

diff --git a/...datamasking/DataMaskingStage0Marker.scala → ...datamasking/DataMaskingStage0Marker.scala b/...datamasking/DataMaskingStage0Marker.scala → ...datamasking/DataMaskingStage0Marker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
 
 import org.apache.spark.sql.catalyst.expressions.{Attribute, ExprId}
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}

diff --git a/...datamasking/DataMaskingStage1Marker.scala → ...datamasking/DataMaskingStage1Marker.scala b/...datamasking/DataMaskingStage1Marker.scala → ...datamasking/DataMaskingStage1Marker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
 
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}

diff --git a/...amasking/RuleApplyDataMaskingStage0.scala → ...amasking/RuleApplyDataMaskingStage0.scala b/...amasking/RuleApplyDataMaskingStage0.scala → ...amasking/RuleApplyDataMaskingStage0.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.expressions.Alias
@@ -24,7 +24,6 @@ import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, Project}
 import org.apache.kyuubi.plugin.spark.authz.ObjectType
 import org.apache.kyuubi.plugin.spark.authz.OperationType.QUERY
 import org.apache.kyuubi.plugin.spark.authz.ranger._
-import org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper
 import org.apache.kyuubi.plugin.spark.authz.serde._
 
 /**

diff --git a/...amasking/RuleApplyDataMaskingStage1.scala → ...amasking/RuleApplyDataMaskingStage1.scala b/...amasking/RuleApplyDataMaskingStage1.scala → ...amasking/RuleApplyDataMaskingStage1.scala
@@ -15,13 +15,13 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.datamasking
+package org.apache.kyuubi.plugin.spark.authz.ranger.datamasking
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.expressions.NamedExpression
 import org.apache.spark.sql.catalyst.plans.logical.{Command, LogicalPlan}
 
-import org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper
+import org.apache.kyuubi.plugin.spark.authz.ranger.RuleHelper
 import org.apache.kyuubi.plugin.spark.authz.serde._
 
 /**

diff --git a/...uthz/rule/rowfilter/RowFilterMarker.scala → ...hz/ranger/rowfilter/RowFilterMarker.scala b/...uthz/rule/rowfilter/RowFilterMarker.scala → ...hz/ranger/rowfilter/RowFilterMarker.scala
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter
 
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}

diff --git a/...z/rule/rowfilter/RuleApplyRowFilter.scala → ...ranger/rowfilter/RuleApplyRowFilter.scala b/...z/rule/rowfilter/RuleApplyRowFilter.scala → ...ranger/rowfilter/RuleApplyRowFilter.scala
@@ -15,15 +15,14 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter
 
 import org.apache.spark.sql.SparkSession
 import org.apache.spark.sql.catalyst.plans.logical.{Filter, LogicalPlan}
 
 import org.apache.kyuubi.plugin.spark.authz.ObjectType
 import org.apache.kyuubi.plugin.spark.authz.OperationType.QUERY
 import org.apache.kyuubi.plugin.spark.authz.ranger._
-import org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper
 import org.apache.kyuubi.plugin.spark.authz.serde._
 
 case class RuleApplyRowFilter(spark: SparkSession) extends RuleHelper {

diff --git a/...e/rowfilter/ObjectFilterPlaceHolder.scala → .../authz/util/ObjectFilterPlaceHolder.scala b/...e/rowfilter/ObjectFilterPlaceHolder.scala → .../authz/util/ObjectFilterPlaceHolder.scala
@@ -15,13 +15,11 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.rowfilter
+package org.apache.kyuubi.plugin.spark.authz.util
 
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
 
-import org.apache.kyuubi.plugin.spark.authz.util.WithInternalChild
-
 case class ObjectFilterPlaceHolder(child: LogicalPlan) extends UnaryNode
   with WithInternalChild {
 

diff --git a/...e/permanentview/PermanentViewMarker.scala → ...park/authz/util/PermanentViewMarker.scala b/...e/permanentview/PermanentViewMarker.scala → ...park/authz/util/PermanentViewMarker.scala
@@ -15,14 +15,12 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule.permanentview
+package org.apache.kyuubi.plugin.spark.authz.util
 
 import org.apache.spark.sql.catalyst.catalog.CatalogTable
 import org.apache.spark.sql.catalyst.expressions.Attribute
 import org.apache.spark.sql.catalyst.plans.logical.{LogicalPlan, UnaryNode}
 
-import org.apache.kyuubi.plugin.spark.authz.util.WithInternalChild
-
 case class PermanentViewMarker(
     child: LogicalPlan,
     catalogTable: CatalogTable,

diff --git a/...k/authz/ranger/RangerConfigProvider.scala → ...ark/authz/util/RangerConfigProvider.scala b/...k/authz/ranger/RangerConfigProvider.scala → ...ark/authz/util/RangerConfigProvider.scala
@@ -15,12 +15,12 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.ranger
+package org.apache.kyuubi.plugin.spark.authz.util
 
 import org.apache.hadoop.conf.Configuration
 
-import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils.isRanger21orGreater
-import org.apache.kyuubi.util.reflect.ReflectUtils.invokeAs
+import org.apache.kyuubi.plugin.spark.authz.util.AuthZUtils._
+import org.apache.kyuubi.util.reflect.ReflectUtils._
 
 trait RangerConfigProvider {
 

diff --git a/...park/authz/rule/RuleEliminateMarker.scala → ...park/authz/util/RuleEliminateMarker.scala b/...park/authz/rule/RuleEliminateMarker.scala → ...park/authz/util/RuleEliminateMarker.scala
@@ -15,14 +15,14 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule
+package org.apache.kyuubi.plugin.spark.authz.util
 
 import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.apache.spark.sql.catalyst.rules.Rule
 
-import org.apache.kyuubi.plugin.spark.authz.rule.datamasking.{DataMaskingStage0Marker, DataMaskingStage1Marker}
-import org.apache.kyuubi.plugin.spark.authz.rule.rowfilter.RowFilterMarker
+import org.apache.kyuubi.plugin.spark.authz.ranger.datamasking.{DataMaskingStage0Marker, DataMaskingStage1Marker}
+import org.apache.kyuubi.plugin.spark.authz.ranger.rowfilter.RowFilterMarker
 
 class RuleEliminateMarker extends Rule[LogicalPlan] {
   override def apply(plan: LogicalPlan): LogicalPlan = {

diff --git a/...le/RuleEliminatePermanentViewMarker.scala → .../authz/util/RuleEliminateViewMarker.scala b/...le/RuleEliminatePermanentViewMarker.scala → .../authz/util/RuleEliminateViewMarker.scala
@@ -15,18 +15,16 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule
+package org.apache.kyuubi.plugin.spark.authz.util
 
 import org.apache.spark.sql.catalyst.expressions.SubqueryExpression
 import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
 import org.apache.spark.sql.catalyst.rules.Rule
 
-import org.apache.kyuubi.plugin.spark.authz.rule.permanentview.PermanentViewMarker
-
 /**
- * Transforming up [[PermanentViewMarker]]
+ * Transforming up [[org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker]]
  */
-class RuleEliminatePermanentViewMarker extends Rule[LogicalPlan] {
+class RuleEliminateViewMarker extends Rule[LogicalPlan] {
   override def apply(plan: LogicalPlan): LogicalPlan = {
     plan.transformUp {
       case pvm: PermanentViewMarker => pvm.child.transformAllExpressions {

diff --git a/...rk/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala b/...rk/kyuubi-spark-authz/src/test/scala/org/apache/kyuubi/plugin/spark/authz/gen/Scans.scala
@@ -50,7 +50,7 @@ object Scans extends CommandSpecs[ScanSpec] {
   }
 
   val PermanentViewMarker = {
-    val r = "org.apache.kyuubi.plugin.spark.authz.rule.permanetview.PermanentViewMarker"
+    val r = "org.apache.kyuubi.plugin.spark.authz.util.PermanentViewMarker"
     val tableDesc =
       ScanDesc(
         "catalogTable",

diff --git a/...rule/AuthzConfigurationCheckerSuite.scala → ...nger/AuthzConfigurationCheckerSuite.scala b/...rule/AuthzConfigurationCheckerSuite.scala → ...nger/AuthzConfigurationCheckerSuite.scala
@@ -15,15 +15,13 @@
  * limitations under the License.
  */
 
-package org.apache.kyuubi.plugin.spark.authz.rule
+package org.apache.kyuubi.plugin.spark.authz.ranger
 
 import org.scalatest.BeforeAndAfterAll
 // scalastyle:off
 import org.scalatest.funsuite.AnyFunSuite
 
 import org.apache.kyuubi.plugin.spark.authz.{AccessControlException, SparkSessionProvider}
-import org.apache.kyuubi.plugin.spark.authz.ranger.RuleAuthorization
-import org.apache.kyuubi.plugin.spark.authz.rule.config.AuthzConfigurationChecker
 
 class AuthzConfigurationCheckerSuite extends AnyFunSuite with SparkSessionProvider
   with BeforeAndAfterAll {