Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Branch utilized view columns ACL #24589

Draft
wants to merge 5 commits into
base: master
Choose a base branch
from
Draft

Branch utilized view columns ACL #24589

wants to merge 5 commits into from

Conversation

kevintang2022
Copy link
Contributor

@kevintang2022 kevintang2022 commented Feb 18, 2025
edited
Loading

Description

Not able to reproduce the bug in this tasks using automated testing: T214103298

Motivation and Context

Impact

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

General Changes
* ... 
* ... 

Hive Connector Changes
* ... 
* ...

If release note is NOT required, use:

== NO RELEASE NOTE ==

kevintang2022
kevintang2022 commented Feb 18, 2025
View reviewed changes
presto-main/src/test/java/com/facebook/presto/sql/analyzer/TestUtilizedColumnsAnalyzer.java
Analyzer analyzer = createAnalyzer(session, metadata, WarningCollector.NOOP);
Statement statement = SQL_PARSER.createStatement(query);
Analysis analysis = analyzer.analyze(statement);
assertEquals(analysis.getAccessControlReferences().getTableColumnAndSubfieldReferencesForAccessControl().values().toString(), "[{tpch.s1.v6=[a, c], tpch.s1.v7=[y]}, {tpch.s1.t1=[]}, {tpch.s1.t13=[]}]");
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test case passes, so it shows that ACL is not being run on columns v6.b and v7.x

Copy link
Contributor

@rschlussel rschlussel Feb 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh i think this is the problem. The tables are getting empty lists, but our permissions service checks ALL columns when it gets an empty list of columns. The table access controls should have the columns that are used from the table (via the view).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I will see if adding an equals method to AccessControlContext will change the results from empty list.

So the correct behavior would be something like:
"[{tpch.s1.v6=[a, c], tpch.s1.v7=[y]}, {tpch.s1.t1=[a, c]}, {tpch.s1.t13=[y]}]"

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, that's correct

kevintang2022
kevintang2022 commented Feb 18, 2025
View reviewed changes
presto-main/src/test/java/com/facebook/presto/sql/analyzer/AbstractAnalyzerTest.java
Comment on lines +370 to +371
Optional.empty(),
true));
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Used runAsInvoker as true

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rschlussel rschlussel rschlussel left review comments

@jaystarshot jaystarshot Awaiting requested review from jaystarshot jaystarshot will be requested when the pull request is marked ready for review jaystarshot is a code owner

@feilong-liu feilong-liu Awaiting requested review from feilong-liu feilong-liu will be requested when the pull request is marked ready for review feilong-liu is a code owner

@ClarenceThreepwood ClarenceThreepwood Awaiting requested review from ClarenceThreepwood ClarenceThreepwood will be requested when the pull request is marked ready for review ClarenceThreepwood is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kevintang2022 @rschlussel