HIVE-27322: Iceberg: metadata location overrides can cause data breach.

[ayushtkn]

What changes were proposed in this pull request?

Pass metadata location to authorizer if that is provided as part of create table

Why are the changes needed?

Better Authorizaton checks

Does this PR introduce any user-facing change?

Yes, metadata location will go through auth checks while creating table if they are specified.

Is the change a dependency upgrade?

No

How was this patch tested?

UT

[aturoczy]

Why this dummy needs?

[ayushtkn]

old code, shows up in refactor, when location is provided in create table, the metadata.json file will be created in that location /metadata/some.json, we don't know the exact path, so we pass this dummy.json to check if we would be able to create a file inside /metadata directory, the name of the file is irrelevant here, as what I could decode from history

[aturoczy]

Would it not be simpler if the metadataLocation is empty than throw exception?

[ayushtkn]

it would be empty in general unless someone provides the the metadata location as part of the create command. like in normal create command it would be empty
create table ice (schema) stored by iceberg;
it would be empty here.
create table ice TBLPROPERTIES(metadata-location='') stored by iceberg;
we handle this case, & if it is provided we do the logic

[ayushtkn]

may be I can change it to just null check, if it is empty iceberg should, if it doesn't resolve to anything

[deniskuzZ]

LGTM +1

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
9 Code Smells

No Coverage information
No Duplication information

The version of Java (11.0.8) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17.
Read more here