Skip to content

Commit

Permalink
[#5775] feat(auth): Chain authorization plugin
Browse files Browse the repository at this point in the history
  • Loading branch information
xunliu committed Dec 23, 2024
1 parent 82af297 commit 4755a53
Show file tree
Hide file tree
Showing 42 changed files with 1,461 additions and 215 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/access-control-integration-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -87,9 +87,9 @@ jobs:
- name: Authorization Integration Test (JDK${{ matrix.java-version }})
id: integrationTest
run: |
./gradlew -PtestMode=embedded -PjdbcBackend=h2 -PjdkVersion=${{ matrix.java-version }} -PskipDockerTests=false :authorizations:authorization-ranger:test
./gradlew -PtestMode=deploy -PjdbcBackend=mysql -PjdkVersion=${{ matrix.java-version }} -PskipDockerTests=false :authorizations:authorization-ranger:test
./gradlew -PtestMode=deploy -PjdbcBackend=postgresql -PjdkVersion=${{ matrix.java-version }} -PskipDockerTests=false :authorizations:authorization-ranger:test
./gradlew -PtestMode=embedded -PjdbcBackend=h2 -PjdkVersion=${{ matrix.java-version }} -PskipDockerTests=false :authorizations:test
./gradlew -PtestMode=deploy -PjdbcBackend=mysql -PjdkVersion=${{ matrix.java-version }} -PskipDockerTests=false :authorizations:test
./gradlew -PtestMode=deploy -PjdbcBackend=postgresql -PjdkVersion=${{ matrix.java-version }} -PskipDockerTests=false :authorizations:test
- name: Upload integrate tests reports
uses: actions/upload-artifact@v3
Expand Down
146 changes: 146 additions & 0 deletions authorizations/authorization-chain/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1,146 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
description = "authorization-chain"

plugins {
`maven-publish`
id("java")
id("idea")
}

val scalaVersion: String = project.properties["scalaVersion"] as? String ?: extra["defaultScalaVersion"].toString()
val sparkVersion: String = libs.versions.spark35.get()
val kyuubiVersion: String = libs.versions.kyuubi4paimon.get()
val sparkMajorVersion: String = sparkVersion.substringBeforeLast(".")

dependencies {
implementation(project(":api")) {
exclude(group = "*")
}
implementation(project(":core")) {
exclude(group = "*")
}
implementation(project(":common")) {
exclude(group = "*")
}
implementation(project(":authorizations:authorization-common")) {
exclude(group = "*")
}
implementation(libs.bundles.log4j)
implementation(libs.commons.lang3)
implementation(libs.guava)
implementation(libs.javax.jaxb.api) {
exclude("*")
}
implementation(libs.javax.ws.rs.api)
implementation(libs.jettison)
compileOnly(libs.lombok)
implementation(libs.rome)

testImplementation(project(":core"))
testImplementation(project(":clients:client-java"))
testImplementation(project(":server"))
testImplementation(project(":catalogs:catalog-common"))
testImplementation(project(":integration-test-common", "testArtifacts"))
testImplementation(project(":authorizations:authorization-ranger"))
testImplementation(project(":authorizations:authorization-ranger", "testArtifacts"))
testImplementation(libs.junit.jupiter.api)
testImplementation(libs.mockito.core)
testImplementation(libs.testcontainers)
testRuntimeOnly(libs.junit.jupiter.engine)
testImplementation(libs.mysql.driver)
testImplementation(libs.postgresql.driver)
testImplementation(libs.ranger.intg) {
exclude("org.apache.hadoop", "hadoop-common")
exclude("org.apache.hive", "hive-storage-api")
exclude("org.apache.lucene")
exclude("org.apache.solr")
exclude("org.apache.kafka")
exclude("org.elasticsearch")
exclude("org.elasticsearch.client")
exclude("org.elasticsearch.plugin")
exclude("org.apache.ranger", "ranger-plugins-audit")
exclude("org.apache.ranger", "ranger-plugins-cred")
exclude("org.apache.ranger", "ranger-plugin-classloader")
exclude("net.java.dev.jna")
exclude("javax.ws.rs")
exclude("org.eclipse.jetty")
}
testImplementation("org.apache.spark:spark-hive_$scalaVersion:$sparkVersion")
testImplementation("org.apache.spark:spark-sql_$scalaVersion:$sparkVersion") {
exclude("org.apache.avro")
exclude("org.apache.hadoop")
exclude("org.apache.zookeeper")
exclude("io.dropwizard.metrics")
exclude("org.rocksdb")
}
testImplementation("org.apache.kyuubi:kyuubi-spark-authz-shaded_$scalaVersion:$kyuubiVersion") {
exclude("com.sun.jersey")
}
testImplementation(libs.hadoop3.client)
testImplementation(libs.hadoop3.common) {
exclude("com.sun.jersey")
exclude("javax.servlet", "servlet-api")
}
testImplementation(libs.hadoop3.hdfs) {
exclude("com.sun.jersey")
exclude("javax.servlet", "servlet-api")
exclude("io.netty")
}
}

tasks {
val runtimeJars by registering(Copy::class) {
from(configurations.runtimeClasspath)
into("build/libs")
}

val copyAuthorizationLibs by registering(Copy::class) {
dependsOn("jar", runtimeJars)
from("build/libs") {
exclude("guava-*.jar")
exclude("log4j-*.jar")
exclude("slf4j-*.jar")
}
into("$rootDir/distribution/package/authorizations/chain/libs")
}

register("copyLibAndConfig", Copy::class) {
dependsOn(copyAuthorizationLibs)
}

jar {
dependsOn(runtimeJars)
}
}

tasks.test {
doFirst {
environment("HADOOP_USER_NAME", "gravitino")
}
dependsOn(":catalogs:catalog-hive:jar", ":catalogs:catalog-hive:runtimeJars", ":authorizations:authorization-ranger:jar", ":authorizations:authorization-ranger:runtimeJars")

val skipITs = project.hasProperty("skipITs")
if (skipITs) {
// Exclude integration tests
exclude("**/integration/test/**")
} else {
dependsOn(tasks.jar)
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -16,24 +16,28 @@
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.gravitino.connector.authorization.mysql;
package org.apache.gravitino.authorization.chain;

import java.util.Map;
import org.apache.gravitino.connector.authorization.AuthorizationPlugin;
import org.apache.gravitino.connector.authorization.BaseAuthorization;

public class TestMySQLAuthorization extends BaseAuthorization<TestMySQLAuthorization> {

public TestMySQLAuthorization() {}

/** Implementation of a Chain authorization in Gravitino. */
public class ChainAuthorization extends BaseAuthorization<ChainAuthorization> {
@Override
public String shortName() {
return "mysql";
return "chain";
}

@Override
public AuthorizationPlugin newPlugin(
String metalake, String catalogProvider, Map<String, String> config) {
return new TestMySQLAuthorizationPlugin();
switch (catalogProvider) {
case "hive":
case "test": // For testing purposes
return new ChainAuthorizationPlugin(metalake, catalogProvider, config);
default:
throw new IllegalArgumentException("Unknown catalog provider: " + catalogProvider);
}
}
}
Loading

0 comments on commit 4755a53

Please sign in to comment.