Exception on encryption key altering (apache#14723)

* initial commit

* illegal args exception

Author: ggershinsky

hive-metastore/src/main/java/org/apache/iceberg/hive/HiveTableOperations.java

@@ -321,7 +321,14 @@ protected void doCommit(TableMetadata base, TableMetadata metadata) {
       }
 
       if (removedProps.contains(TableProperties.ENCRYPTION_TABLE_KEY)) {
-        throw new RuntimeException("Cannot remove key in encrypted table");
+        throw new IllegalArgumentException("Cannot remove key in encrypted table");
+      }
+
+      if (base != null
+          && !Objects.equals(
+              base.properties().get(TableProperties.ENCRYPTION_TABLE_KEY),
+              metadata.properties().get(TableProperties.ENCRYPTION_TABLE_KEY))) {
+        throw new IllegalArgumentException("Cannot modify key in encrypted table");
       }
 
       HMSTablePropertyHelper.updateHmsTableForIcebergTable(

spark/v4.0/spark/src/test/java/org/apache/iceberg/spark/sql/TestTableEncryption.java

@@ -169,6 +169,13 @@ public void testKeyDelete() {
         .hasMessageContaining("Cannot remove key in encrypted table");
   }
 
+  @TestTemplate
+  public void testKeyAlter() {
+    assertThatThrownBy(
+            () -> sql("ALTER TABLE %s SET TBLPROPERTIES ('encryption.key-id'='abcd')", tableName))
+        .hasMessageContaining("Cannot modify key in encrypted table");
+  }
+
   @TestTemplate
   public void testDirectDataFileRead() {
     List<Object[]> dataFileTable =