kyuubi
kyuubi copied to clipboard
apache
[Bug] Spark Authz Plugin masking does not work when using resource wildcard
Code of Conduct
- [x] I agree to follow this project's Code of Conduct
Search before asking
- [x] I have searched in the issues and found no similar issues.
Describe the bug
Config data masking using wild card is not working.
However, if you specific database, and table, it's work
Affects Version(s)
1.10.0
Kyuubi Server Log Output
Kyuubi Engine Log Output
25/02/20 07:50:05 DEBUG UserGroupInformation: Failed to get groups for user ranger
java.io.IOException: No groups found for user ranger
at org.apache.hadoop.security.Groups.noGroupsForUser(Groups.java:200)
at org.apache.hadoop.security.Groups.getGroups(Groups.java:223)
at org.apache.hadoop.security.UserGroupInformation.getGroups(UserGroupInformation.java:1734)
at org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1722)
at org.apache.kyuubi.plugin.spark.authz.ranger.AccessRequest$.getUserGroupsFromUgi(AccessRequest.scala:72)
at org.apache.kyuubi.plugin.spark.authz.ranger.AccessRequest$.getUserGroups(AccessRequest.scala:93)
at org.apache.kyuubi.plugin.spark.authz.ranger.AccessRequest$.apply(AccessRequest.scala:41)
at org.apache.kyuubi.plugin.spark.authz.rule.datamasking.RuleApplyDataMaskingStage0.$anonfun$applyMasking$1(RuleApplyDataMaskingStage0.scala:65)
at scala.collection.immutable.List.map(List.scala:293)
at org.apache.kyuubi.plugin.spark.authz.rule.datamasking.RuleApplyDataMaskingStage0.applyMasking(RuleApplyDataMaskingStage0.scala:62)
at org.apache.kyuubi.plugin.spark.authz.rule.datamasking.RuleApplyDataMaskingStage0.$anonfun$apply$2(RuleApplyDataMaskingStage0.scala:53)
at scala.Option.map(Option.scala:230)
at org.apache.kyuubi.plugin.spark.authz.rule.datamasking.RuleApplyDataMaskingStage0.$anonfun$apply$1(RuleApplyDataMaskingStage0.scala:53)
at scala.collection.TraversableLike.$anonfun$map$1(TraversableLike.scala:286)
at scala.collection.Iterator.foreach(Iterator.scala:943)
at scala.collection.Iterator.foreach$(Iterator.scala:943)
at scala.collection.AbstractIterator.foreach(Iterator.scala:1431)
at scala.collection.IterableLike.foreach(IterableLike.scala:74)
at scala.collection.IterableLike.foreach$(IterableLike.scala:73)
at scala.collection.AbstractIterable.foreach(Iterable.scala:56)
at scala.collection.TraversableLike.map(TraversableLike.scala:286)
at scala.collection.TraversableLike.map$(TraversableLike.scala:279)
at scala.collection.AbstractTraversable.map(Traversable.scala:108)
at org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper.mapChildren(RuleHelper.scala:45)
at org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper.mapChildren$(RuleHelper.scala:35)
at org.apache.kyuubi.plugin.spark.authz.rule.datamasking.RuleApplyDataMaskingStage0.mapChildren(RuleApplyDataMaskingStage0.scala:45)
at org.apache.kyuubi.plugin.spark.authz.rule.datamasking.RuleApplyDataMaskingStage0.apply(RuleApplyDataMaskingStage0.scala:48)
at org.apache.kyuubi.plugin.spark.authz.rule.datamasking.RuleApplyDataMaskingStage0.$anonfun$apply$1(RuleApplyDataMaskingStage0.scala:54)
at scala.collection.TraversableLike.$anonfun$map$1(TraversableLike.scala:286)
at scala.collection.Iterator.foreach(Iterator.scala:943)
at scala.collection.Iterator.foreach$(Iterator.scala:943)
at scala.collection.AbstractIterator.foreach(Iterator.scala:1431)
at scala.collection.IterableLike.foreach(IterableLike.scala:74)
at scala.collection.IterableLike.foreach$(IterableLike.scala:73)
at scala.collection.AbstractIterable.foreach(Iterable.scala:56)
at scala.collection.TraversableLike.map(TraversableLike.scala:286)
at scala.collection.TraversableLike.map$(TraversableLike.scala:279)
at scala.collection.AbstractTraversable.map(Traversable.scala:108)
at org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper.mapChildren(RuleHelper.scala:45)
at org.apache.kyuubi.plugin.spark.authz.rule.RuleHelper.mapChildren$(RuleHelper.scala:35)
at org.apache.kyuubi.plugin.spark.authz.rule.datamasking.RuleApplyDataMaskingStage0.mapChildren(RuleApplyDataMaskingStage0.scala:45)
at org.apache.kyuubi.plugin.spark.authz.rule.datamasking.RuleApplyDataMaskingStage0.apply(RuleApplyDataMaskingStage0.scala:48)
at org.apache.kyuubi.plugin.spark.authz.rule.datamasking.RuleApplyDataMaskingStage0.apply(RuleApplyDataMaskingStage0.scala:45)
at org.apache.spark.sql.catalyst.rules.RuleExecutor.$anonfun$execute$2(RuleExecutor.scala:222)
at scala.collection.LinearSeqOptimized.foldLeft(LinearSeqOptimized.scala:126)
at scala.collection.LinearSeqOptimized.foldLeft$(LinearSeqOptimized.scala:122)
at scala.collection.immutable.List.foldLeft(List.scala:91)
at org.apache.spark.sql.catalyst.rules.RuleExecutor.$anonfun$execute$1(RuleExecutor.scala:219)
at org.apache.spark.sql.catalyst.rules.RuleExecutor.$anonfun$execute$1$adapted(RuleExecutor.scala:211)
at scala.collection.immutable.List.foreach(List.scala:431)
at org.apache.spark.sql.catalyst.rules.RuleExecutor.execute(RuleExecutor.scala:211)
at org.apache.spark.sql.catalyst.analysis.Analyzer.org$apache$spark$sql$catalyst$analysis$Analyzer$$executeSameContext(Analyzer.scala:240)
at org.apache.spark.sql.catalyst.analysis.Analyzer.$anonfun$execute$1(Analyzer.scala:236)
at org.apache.spark.sql.catalyst.analysis.AnalysisContext$.withNewAnalysisContext(Analyzer.scala:187)
at org.apache.spark.sql.catalyst.analysis.Analyzer.execute(Analyzer.scala:236)
at org.apache.spark.sql.catalyst.analysis.Analyzer.execute(Analyzer.scala:202)
at org.apache.spark.sql.catalyst.rules.RuleExecutor.$anonfun$executeAndTrack$1(RuleExecutor.scala:182)
at org.apache.spark.sql.catalyst.QueryPlanningTracker$.withTracker(QueryPlanningTracker.scala:89)
at org.apache.spark.sql.catalyst.rules.RuleExecutor.executeAndTrack(RuleExecutor.scala:182)
at org.apache.spark.sql.catalyst.analysis.Analyzer.$anonfun$executeAndCheck$1(Analyzer.scala:223)
at org.apache.spark.sql.catalyst.plans.logical.AnalysisHelper$.markInAnalyzer(AnalysisHelper.scala:330)
at org.apache.spark.sql.catalyst.analysis.Analyzer.executeAndCheck(Analyzer.scala:222)
at org.apache.spark.sql.execution.QueryExecution.$anonfun$analyzed$1(QueryExecution.scala:77)
at org.apache.spark.sql.catalyst.QueryPlanningTracker.measurePhase(QueryPlanningTracker.scala:138)
at org.apache.spark.sql.execution.QueryExecution.$anonfun$executePhase$2(QueryExecution.scala:219)
at org.apache.spark.sql.execution.QueryExecution$.withInternalError(QueryExecution.scala:546)
at org.apache.spark.sql.execution.QueryExecution.$anonfun$executePhase$1(QueryExecution.scala:219)
at org.apache.spark.sql.SparkSession.withActive(SparkSession.scala:900)
at org.apache.spark.sql.execution.QueryExecution.executePhase(QueryExecution.scala:218)
at org.apache.spark.sql.execution.QueryExecution.analyzed$lzycompute(QueryExecution.scala:77)
at org.apache.spark.sql.execution.QueryExecution.analyzed(QueryExecution.scala:74)
at org.apache.spark.sql.execution.QueryExecution.assertAnalyzed(QueryExecution.scala:66)
at org.apache.spark.sql.Dataset$.$anonfun$ofRows$2(Dataset.scala:99)
at org.apache.spark.sql.SparkSession.withActive(SparkSession.scala:900)
at org.apache.spark.sql.Dataset$.ofRows(Dataset.scala:97)
at org.apache.spark.sql.SparkSession.$anonfun$sql$4(SparkSession.scala:691)
at org.apache.spark.sql.SparkSession.withActive(SparkSession.scala:900)
at org.apache.spark.sql.SparkSession.sql(SparkSession.scala:682)
at org.apache.spark.sql.SparkSession.sql(SparkSession.scala:713)
at org.apache.spark.sql.SparkSession.sql(SparkSession.scala:744)
at org.apache.kyuubi.engine.spark.operation.ExecuteStatement.$anonfun$executeStatement$1(ExecuteStatement.scala:90)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
at org.apache.kyuubi.engine.spark.operation.SparkOperation.$anonfun$withLocalProperties$1(SparkOperation.scala:174)
at org.apache.spark.sql.execution.SQLExecution$.withSQLConfPropagated(SQLExecution.scala:201)
at org.apache.kyuubi.engine.spark.operation.SparkOperation.withLocalProperties(SparkOperation.scala:158)
at org.apache.kyuubi.engine.spark.operation.ExecuteStatement.executeStatement(ExecuteStatement.scala:85)
at org.apache.kyuubi.engine.spark.operation.ExecuteStatement$$anon$1.run(ExecuteStatement.scala:113)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
Kyuubi Server Configurations
Kyuubi Engine Configurations
Additional context
No response
Are you willing to submit PR?
- [ ] Yes. I would be willing to submit a PR with guidance from the Kyuubi community to fix.
- [x] No. I cannot submit a PR at this time.
Hello @vanphuoc3012, Thanks for finding the time to report the issue! We really appreciate the community's efforts to improve Apache Kyuubi.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}