HIVE-20001: With doas set to true, running select query as hrt_qa use… #389
Conversation
…r on external table fails due to permission denied to read /warehouse/tablespace/managed directory
| @@ -138,7 +138,11 @@ public void authorize(Privilege[] readRequiredPriv, Privilege[] writeRequiredPri | |||
| @Override | |||
| public void authorize(Database db, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) | |||
| throws HiveException, AuthorizationException { | |||
| Path path = getDbLocation(db); | |||
| Path path; | |||
| path = wh.determineDatabaseExternalPath(db); | |||
There was a problem hiding this comment.
Thought the logic here was supposed to be getDefaultExternalDatabasePath(), and falling back to getDatabasePath() if the external DB path did not actually exist on the filesystem. This seems to be doing something different.
There was a problem hiding this comment.
getDefaultExternalDatabasePath is never null and may return the directory inside the managed space which may not be the location of the database. My understanding was that if an external folder hasn't been created for the database we should default to the location of the database.
There was a problem hiding this comment.
Actually at this point we should check not only if !=null but also if it exists or default to the db location
| @@ -1,5 +1,5 @@ | |||
| --! qt:dataset:src | |||
| set hive.metastore.warehouse.dir=invalid_scheme://${system:test.tmp.dir}; | |||
| -- set hive.metastore.warehouse.dir=invalid_scheme://${system:test.tmp.dir}; | |||
There was a problem hiding this comment.
In a previous patch it had to be commented because we were defaulting to hive.metastore.warehouse.dir if the external warehouse directory so this doesn't have to be commented any more. I'll remove the comment.
| @@ -201,6 +201,48 @@ public Path determineDatabasePath(Catalog cat, Database db) throws MetaException | |||
| } | |||
| } | |||
|
|
|||
| /** | |||
There was a problem hiding this comment.
Given the changes from StorageBasedAuthorizationProvider.java, the changes for Warehouse.java may not be necessary.
| if (wh.hasExternalWarehouseRoot() && | ||
| wh.isDatabaseLocationDefault(db)) { | ||
| try { | ||
| madeExternalDir = UserGroupInformation.getCurrentUser().doAs( |
There was a problem hiding this comment.
@thejasmn, in the case of remote HiveMetastore, is UserGroupInformation.getCurrentUser() set to the user that issued the request to the Metastore, or is it still the "hive" user?
…r on external table fails due to permission denied to read /warehouse/tablespace/managed directory