[Bug] AuthZ does not authenticate the path resources of Hudi procedures #6007
Labels
Comments
zhaohehuhu
pushed a commit
to zhaohehuhu/incubator-kyuubi
that referenced
this issue
Feb 5, 2024
…ce privileges # 🔍 Description ## Issue References 🔗 This pull request aims to make authz check hoodie procedures path resource privileges. ## Describe Your Solution 🔧 Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. ## Types of changes 🔖 - [x] Bugfix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) ## Test Plan 🧪 #### Behavior Without This Pull Request ⚰️ When the Hoodie procedure operation is on the path, the check can pass regardless of whether the path resource has permissions. #### Behavior With This Pull Request 🎉 Check the path permissions correctly. #### Related Unit Tests New tests added. --- # Checklist 📝 - [x] This patch was not authored or co-authored using [Generative Tooling](https://www.apache.org/legal/generative-tooling.html) **Be nice. Be informative.** Closes apache#5972 from Yikf/hudi-call-path. Closes apache#6007 e7dd28b [yikaifei] AuthZ should check hoodie procedures path resource privileges Authored-by: yikaifei <[email protected]> Signed-off-by: yikaifei <[email protected]>
zhaohehuhu
pushed a commit
to zhaohehuhu/incubator-kyuubi
that referenced
this issue
Mar 21, 2024
…ce privileges # 🔍 Description ## Issue References 🔗 This pull request aims to make authz check hoodie procedures path resource privileges. ## Describe Your Solution 🔧 Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. ## Types of changes 🔖 - [x] Bugfix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) ## Test Plan 🧪 #### Behavior Without This Pull Request ⚰️ When the Hoodie procedure operation is on the path, the check can pass regardless of whether the path resource has permissions. #### Behavior With This Pull Request 🎉 Check the path permissions correctly. #### Related Unit Tests New tests added. --- # Checklist 📝 - [x] This patch was not authored or co-authored using [Generative Tooling](https://www.apache.org/legal/generative-tooling.html) **Be nice. Be informative.** Closes apache#5972 from Yikf/hudi-call-path. Closes apache#6007 e7dd28b [yikaifei] AuthZ should check hoodie procedures path resource privileges Authored-by: yikaifei <[email protected]> Signed-off-by: yikaifei <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Code of Conduct
Search before asking
Describe the bug
AuthZ does not authenticate the path resources of Hudi procedures.
Like, "CALL RUN_COMPACTION(path => 'hdfs://demo/test/hudi/path')", It should check patch resource.
Affects Version(s)
1.9.0
Kyuubi Server Log Output
No response
Kyuubi Engine Log Output
No response
Kyuubi Server Configurations
No response
Kyuubi Engine Configurations
No response
Additional context
No response
Are you willing to submit PR?
The text was updated successfully, but these errors were encountered: