[#5180][part-1] improvement(test): Add more integration tests about access control

authorizations/authorization-ranger/build.gradle.kts

@@ -125,6 +125,9 @@ tasks {
 }
 
 tasks.test {
+  doFirst {
+    environment("HADOOP_USER_NAME", "test")
+  }
   dependsOn(":catalogs:catalog-hive:jar", ":catalogs:catalog-hive:runtimeJars")
 
   val skipITs = project.hasProperty("skipITs")

authorizations/authorization-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorizationHivePlugin.java

@@ -226,6 +226,10 @@ public List<RangerSecurableObject> translatePrivilege(SecurableObject securableO
         .forEach(
             gravitinoPrivilege -> {
               Set<RangerPrivilege> rangerPrivileges = new HashSet<>();
+              // Ignore unsupported privileges
+              if (!privilegesMappingRule().containsKey(gravitinoPrivilege.name())) {
+                return;
+              }
               privilegesMappingRule().get(gravitinoPrivilege.name()).stream()
                   .forEach(
                       rangerPrivilege ->

authorizations/authorization-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorizationPlugin.java

@@ -681,15 +681,6 @@ public boolean validAuthorizationOperation(List<SecurableObject> securableObject
               securableObject.privileges().stream()
                   .forEach(
                       privilege -> {
-                        if (!allowPrivilegesRule().contains(privilege.name())) {
-                          LOG.error(
-                              "Authorization to ignore privilege({}) on metadata object({})!",
-                              privilege.name(),
-                              securableObject.fullName());
-                          match.set(false);
-                          return;
-                        }
-
                         if (!privilege.canBindTo(securableObject.type())) {
                           LOG.error(
                               "The privilege({}) is not supported for the metadata object({})!",

authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerAuthorizationPluginIT.java

@@ -299,11 +299,11 @@ public void testValidAuthorizationOperation() {
             String.format("catalog.schema"),
             MetadataObject.Type.SCHEMA,
             Lists.newArrayList(Privileges.ReadFileset.allow()));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(createFilesetInMetalake)));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(createFilesetInCatalog)));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(createFilesetInSchema)));
 
     // Ignore the Topic operation
@@ -327,13 +327,13 @@ public void testValidAuthorizationOperation() {
             String.format("catalog.schema.fileset"),
             MetadataObject.Type.FILESET,
             Lists.newArrayList(Privileges.WriteFileset.allow()));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(writeFilesetInMetalake)));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(writeFilesetInCatalog)));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(writeFilesetInScheam)));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(writeFileset)));
 
     // Ignore the Fileset operation
@@ -357,14 +357,13 @@ public void testValidAuthorizationOperation() {
             String.format("catalog.schema.table"),
             MetadataObject.Type.FILESET,
             Lists.newArrayList(Privileges.ReadFileset.allow()));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(readFilesetInMetalake)));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(readFilesetInCatalog)));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(readFilesetInSchema)));
-    Assertions.assertFalse(
-        rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(readFileset)));
+    Assertions.assertTrue(rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(readFileset)));
 
     // Ignore the Topic operation
     SecurableObject createTopicInMetalake =
@@ -382,11 +381,11 @@ public void testValidAuthorizationOperation() {
             String.format("catalog.schema"),
             MetadataObject.Type.SCHEMA,
             Lists.newArrayList(Privileges.CreateTopic.allow()));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(createTopicInMetalake)));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(createTopicInCatalog)));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(createTopicInSchema)));
 
     SecurableObject produceTopicInMetalake =
@@ -409,13 +408,13 @@ public void testValidAuthorizationOperation() {
             String.format("catalog.schema.fileset"),
             MetadataObject.Type.TOPIC,
             Lists.newArrayList(Privileges.ProduceTopic.allow()));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(produceTopicInMetalake)));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(produceTopicInCatalog)));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(produceTopicInSchema)));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(produceTopic)));
 
     SecurableObject consumeTopicInMetalake =
@@ -438,13 +437,13 @@ public void testValidAuthorizationOperation() {
             String.format("catalog.schema.topic"),
             MetadataObject.Type.TOPIC,
             Lists.newArrayList(Privileges.ConsumeTopic.allow()));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(consumeTopicInMetalake)));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(consumeTopicInCatalog)));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(consumeTopicInSchema)));
-    Assertions.assertFalse(
+    Assertions.assertTrue(
         rangerAuthPlugin.validAuthorizationOperation(Arrays.asList(consumeTopic)));
   }