[#4662] improve(IT): Add ranger authorization Hive E2E test #4651
Conversation
xunliu
changed the title
xunliu
force-pushed
the
minor-ranger-lib
branch
from
d666855 to
323287c
Compare
xunliu
changed the title
xunliu
force-pushed
the
minor-ranger-lib
branch
2 times, most recently
from
eda989c to
974f71d
Compare
xunliu
force-pushed
the
minor-ranger-lib
branch
from
974f71d to
d4641e2
Compare
| @@ -0,0 +1,110 @@ | |||
| name: Authorization Integration Test | |||
There was a problem hiding this comment.
Can you put authorization tests to the backend tests? I'm afraid the CI pipeline is already too large.
There was a problem hiding this comment.
I think the authorization module is very important, and testing depends on many Docker containers (hive, ranger, MySQL, IAM, ...) , So I think better to split to a single CI pipeline.
Don't worry, I also disable the authorization IT test in the backend tests.
There was a problem hiding this comment.
Could we reduce the number of the pipeline? The yaml will increase 6 pipelines.
There was a problem hiding this comment.
Should the Authorization Integration Test include authentication tests? There are some AuthenticationIT in catalogIT
There was a problem hiding this comment.
@jerqi Please create an issue to track and fix this problem. Thanks.
There was a problem hiding this comment.
It's hard to test them with a single pipeline. They don't use a standalone module.
...er/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerITEnv.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/apache/gravitino/connector/BaseCatalog.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/apache/gravitino/utils/IsolatedClassLoader.java
Outdated
Show resolved
Hide resolved
| String authorizationProvider = | ||
| catalogPropertiesMetadata().containsProperty(AUTHORIZATION_PROVIDER) | ||
| ? (String) catalogPropertiesMetadata().getOrDefault(conf, AUTHORIZATION_PROVIDER) | ||
| : null; | ||
|
|
||
| if (authorizationProvider == null) { | ||
| LOG.info("Authorization provider is not set!"); | ||
| return null; | ||
| return; |
There was a problem hiding this comment.
Do we only add logs if the authorization provider is not set?
There was a problem hiding this comment.
Yes, the Authorization plugin is an option in the Catalog. It may or may not be configured.
core/src/main/java/org/apache/gravitino/connector/BaseCatalog.java
Outdated
Show resolved
Hide resolved
| # Integration test for AMD64 architecture | ||
| architecture: [linux/amd64] | ||
| java-version: [ 8, 11, 17 ] | ||
| test-mode: [ embedded, deploy ] |
There was a problem hiding this comment.
I'm afraid there are so many pipelines that ASF will not allow us to run so many runners. I would suggest we don't split them so many, maybe one "java-version" is enough, what do you think?
There was a problem hiding this comment.
OK, If only one, I hope to use high version JDK to test.
There was a problem hiding this comment.
Reduce to only use JDK-17 to test, Currently we only have two CI pipelines.
| - build.gradle.kts | ||
| - gradle.properties | ||
| - gradlew | ||
| - setting.gradle.kts |
There was a problem hiding this comment.
I think maybe only the code changes in catalog, core, and some other places is enough to trigger this test, some parts like client, web, etc maybe unrelated.
| } else { | ||
| // In real environment, the catalog package is under the catalog directory. | ||
| pkgPath = String.join(File.separator, gravitinoHome, "catalogs", provider, "libs"); | ||
| return String.join(File.separator, pkg, "libs"); |
There was a problem hiding this comment.
How do we handle this case if Catalog.PROPERTY_PACKAGE is set? From the current code, if Catalog.PROPERTY_PACKAGE is set, then we'll directly return without handling authorization related packages.
| @@ -79,6 +79,7 @@ flink = "1.18.0" | |||
| cglib = "2.2" | |||
| ranger = "2.4.0" | |||
| javax-jaxb-api = "2.3.1" | |||
| javax-ws-rs-api = "2.1.1" | |||
There was a problem hiding this comment.
Why do we need to add this library? I don't find there's a place using it.
There was a problem hiding this comment.
I use it implementation(libs.javax.ws.rs.api) in the authorizations/authorization-ranger/build.gradle.kts:L56
Because JDK-17 removed Javax library internally, So we need to manually add it.
|
@jerryshao Please help me review this PR, thanks. |
| ImmutableMap.<String, PropertyEntry<?>>builder() | ||
| .putAll(BASIC_CATALOG_PROPERTY_ENTRIES) | ||
| .putAll(Maps.uniqueIndex(propertyEntries, PropertyEntry::getName)) | ||
| .build(); |
There was a problem hiding this comment.
@yuqi1129 can you please check this part?
There was a problem hiding this comment.
This part is fine with me.
| false /* immutable */, | ||
| false /* hidden */)) | ||
| .putAll(BASIC_CATALOG_PROPERTY_ENTRIES) | ||
| .build(); |
There was a problem hiding this comment.
@mchades can you please check this part?
What changes were proposed in this pull request?
distribution/package/authorizations/ranger/libs.Apache Rangerto license.binWhy are the changes needed?
#4662
Does this PR introduce any user-facing change?
N/A
How was this patch tested?
CI