SUBMARINE-489. DCL Framework: SHOW CURRENT ROLES syntax
### What is this PR for?
Part of DCL framework, this PR adds SHOW CURRENT ROLES statement.
### What type of PR is it?
Improvement
### Todos
* [ ] - Task
### What is the Jira issue?
Jira https://issues.apache.org/jira/browse/SUBMARINE-489
### How should this be tested?
new unit test
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? /No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: Kent Yao <yaooqinn@hotmail.com>
Closes #277 from yaooqinn/SUBMARINE-489 and squashes the following commits:
fffed1e [Kent Yao] SUBMARINE-489. DCL Framework: SHOW CURRENT ROLES syntax
diff --git a/submarine-security/spark-security/ranger-1/src/main/scala/org.apache.submarine.spark.security.command/ShowCurrentRolesCommand.scala b/submarine-security/spark-security/ranger-1/src/main/scala/org.apache.submarine.spark.security.command/ShowCurrentRolesCommand.scala
new file mode 100644
index 0000000..b736af5
--- /dev/null
+++ b/submarine-security/spark-security/ranger-1/src/main/scala/org.apache.submarine.spark.security.command/ShowCurrentRolesCommand.scala
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.submarine.spark.security.command
+
+import org.apache.spark.sql.{Row, SparkSession}
+import org.apache.spark.sql.execution.command.RunnableCommand
+
+case class ShowCurrentRolesCommand() extends RunnableCommand {
+ override def run(sparkSession: SparkSession): Seq[Row] = {
+ throw new UnsupportedOperationException("SHOW CURRENT ROLES")
+ }
+}
+
diff --git a/submarine-security/spark-security/ranger-2/src/main/scala/org.apache.submarine.spark.security.command/ShowCurrentRolesCommand.scala b/submarine-security/spark-security/ranger-2/src/main/scala/org.apache.submarine.spark.security.command/ShowCurrentRolesCommand.scala
new file mode 100644
index 0000000..7739483
--- /dev/null
+++ b/submarine-security/spark-security/ranger-2/src/main/scala/org.apache.submarine.spark.security.command/ShowCurrentRolesCommand.scala
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.submarine.spark.security.command
+
+import scala.collection.JavaConverters._
+import scala.util.control.NonFatal
+
+import org.apache.hadoop.security.UserGroupInformation
+import org.apache.spark.sql.{Row, SparkSession}
+import org.apache.spark.sql.catalyst.expressions.{Attribute, AttributeReference}
+import org.apache.spark.sql.execution.command.RunnableCommand
+import org.apache.spark.sql.types.StringType
+
+import org.apache.submarine.spark.security.{RangerSparkAuditHandler, RangerSparkPlugin, SparkAccessControlException}
+
+case class ShowCurrentRolesCommand() extends RunnableCommand {
+
+ override def output: Seq[Attribute] =
+ Seq(AttributeReference("Role Name", StringType, nullable = false)())
+
+ override def run(sparkSession: SparkSession): Seq[Row] = {
+
+ try {
+ val auditHandler = RangerSparkAuditHandler()
+ val currentUser = UserGroupInformation.getCurrentUser.getShortUserName
+ val roles = RangerSparkPlugin.getUserRoles(currentUser, auditHandler)
+ roles.asScala.map(Row(_))
+ } catch {
+ case NonFatal(e) => throw new SparkAccessControlException(e.getMessage, e)
+ } finally {
+ // TODO: support auditHandler.flushAudit()
+ }
+ }
+}
diff --git a/submarine-security/spark-security/src/main/antlr4/org/apache/submarine/spark/security/parser/SubmarineSqlBase.g4 b/submarine-security/spark-security/src/main/antlr4/org/apache/submarine/spark/security/parser/SubmarineSqlBase.g4
index a63f847..8803551 100644
--- a/submarine-security/spark-security/src/main/antlr4/org/apache/submarine/spark/security/parser/SubmarineSqlBase.g4
+++ b/submarine-security/spark-security/src/main/antlr4/org/apache/submarine/spark/security/parser/SubmarineSqlBase.g4
@@ -31,6 +31,7 @@
statement
: CREATE ROLE identifier #createRole
| DROP ROLE identifier #dropRole
+ | SHOW CURRENT ROLES #showCurrentRoles
| SHOW ROLES #showRoles
;
@@ -48,6 +49,7 @@
: ALL
| ALTER
| CREATE
+ | CURRENT
| DELETE
| DELETE
| DROP
@@ -69,6 +71,7 @@
ALL: 'ALL';
ALTER: 'ALTER';
CREATE: 'CREATE';
+CURRENT: 'CURRENT';
DELETE: 'DELETE';
DROP: 'DROP';
GRANT: 'GRANT';
diff --git a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/parser/SubmarineSqlAstBuilder.scala b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/parser/SubmarineSqlAstBuilder.scala
index c2e3a11..01c64c1 100644
--- a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/parser/SubmarineSqlAstBuilder.scala
+++ b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/parser/SubmarineSqlAstBuilder.scala
@@ -21,8 +21,8 @@
import org.apache.spark.sql.catalyst.plans.logical.LogicalPlan
-import org.apache.submarine.spark.security.command.{CreateRoleCommand, DropRoleCommand, ShowRolesCommand}
-import org.apache.submarine.spark.security.parser.SubmarineSqlBaseParser.{CreateRoleContext, DropRoleContext, ShowRolesContext, SingleStatementContext}
+import org.apache.submarine.spark.security.command.{CreateRoleCommand, DropRoleCommand, ShowCurrentRolesCommand, ShowRolesCommand}
+import org.apache.submarine.spark.security.parser.SubmarineSqlBaseParser.{CreateRoleContext, DropRoleContext, ShowCurrentRolesContext, ShowRolesContext, SingleStatementContext}
class SubmarineSqlAstBuilder extends SubmarineSqlBaseBaseVisitor[AnyRef] {
@@ -41,4 +41,8 @@
override def visitShowRoles(ctx: ShowRolesContext): AnyRef = {
ShowRolesCommand()
}
+
+ override def visitShowCurrentRoles(ctx: ShowCurrentRolesContext): AnyRef = {
+ ShowCurrentRolesCommand()
+ }
}
diff --git a/submarine-security/spark-security/src/test/scala/org/apache/submarine/spark/security/parser/SubmarineSqlParserTest.scala b/submarine-security/spark-security/src/test/scala/org/apache/submarine/spark/security/parser/SubmarineSqlParserTest.scala
index 6204572..10312b3 100644
--- a/submarine-security/spark-security/src/test/scala/org/apache/submarine/spark/security/parser/SubmarineSqlParserTest.scala
+++ b/submarine-security/spark-security/src/test/scala/org/apache/submarine/spark/security/parser/SubmarineSqlParserTest.scala
@@ -23,7 +23,7 @@
import org.apache.spark.sql.hive.test.TestHive
import org.scalatest.FunSuite
-import org.apache.submarine.spark.security.command.{CreateRoleCommand, DropRoleCommand, ShowRolesCommand}
+import org.apache.submarine.spark.security.command.{CreateRoleCommand, DropRoleCommand, ShowCurrentRolesCommand, ShowRolesCommand}
class SubmarineSqlParserTest extends FunSuite {
@@ -61,4 +61,9 @@
val p1 = parser.parsePlan("show roles")
assert(p1.isInstanceOf[ShowRolesCommand])
}
+
+ test("show current roles") {
+ val p1 = parser.parsePlan("show current roles")
+ assert(p1.isInstanceOf[ShowCurrentRolesCommand])
+ }
}