Bowen Liang
Bowen Liang
I am afraid that choosing group name by connection param, without appropriate authentication or management, may cause privilige leaking, group level resource control leaking and etc.
Another user-group binding in my mind is #3308 , fetching UserStore from Ranger which contains user to group(s) relations. But authz is spark engine side plugin.
Yes , continue to allow choosing group name via params and checks whether it is in allowed groups with different mechanisms with LDAP、Kerberos、JDBC 、Ranger UserStore and etc .
1. Introduced a `IcebergTableCatalogRangerSparkExtensionSuite` with iceberg's `IcebergSparkSessionExtensions` for unit test. 2. Replacing mapChildren in RuleApplyRowFilterAndDataMaskingto skip head of children query as insterted by iceberg in IcebergSparkSessionExtensions . Currently it passed...
cc @yaooqinn , please have a check if some time available.
Thanks very much for the guidance and patience from all of you. And now with this PR with Iceberg catalog/extension integrated, it also helps us to test more features and...
Can you isolate Arctic related commands with in this PR? I'm trying to cover `org.apache.spark.sql.catalyst.plans.logical.v2Commands.scala` with `org.apache.spark.sql.catalyst.analysis.v2ResolutionPlans.scala` in #3425. The challenge is to maintain adaption to compatible with eache version...
Could you have a look a my implementation in #3425? Covering the following v2Commands: - CreateTable - CreateAsSelect - UpdateTable - AppendData: Insert Using a SELECT Statement / VALUES /...
Yes, I think so. And for Arctic related command , please try to isolate their impacts . As for `CreateV2Table` in your case, it is not form `org.apache.spark.sql.catalyst.plans.logical.v2Commands.scala` of Spark.
cc @pan3793 , please have a check if some time available.