[
https://issues.apache.org/jira/browse/HIVE-24719?focusedWorklogId=546683&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-546683
]
ASF GitHub Bot logged work on HIVE-24719:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 03/Feb/21 01:29
Start Date: 03/Feb/21 01:29
Worklog Time Spent: 10m
Work Description: pvary commented on a change in pull request #1937:
URL: https://github.com/apache/hive/pull/1937#discussion_r568640128
##########
File path: ql/src/java/org/apache/hadoop/hive/ql/txn/compactor/Worker.java
##########
@@ -574,6 +573,35 @@ protected Boolean findNextCompactionAndExecute(boolean
computeStats) throws Inte
return true;
}
+ /**
+ * Just AcidUtils.getAcidState, but with impersonation if needed.
+ */
+ private AcidDirectory getAcidStateForWorker(CompactionInfo ci,
StorageDescriptor sd,
+ ValidCompactorWriteIdList tblValidWriteIds) throws IOException,
InterruptedException {
+ Ref<AcidDirectory> acidDirectoryRef = Ref.from(null);
+ if (runJobAsSelf(ci.runAs)) {
+ acidDirectoryRef.value = AcidUtils.getAcidState(null, new
Path(sd.getLocation()), conf,
+ tblValidWriteIds, Ref.from(false), true);
+ } else {
+ UserGroupInformation ugi =
UserGroupInformation.createProxyUser(ci.runAs,
UserGroupInformation.getLoginUser());
+ try {
+ ugi.doAs((PrivilegedExceptionAction<Object>) () -> {
+ acidDirectoryRef.value = AcidUtils.getAcidState(null, new
Path(sd.getLocation()), conf,
+ tblValidWriteIds, Ref.from(false), true);
+ return null;
+ });
Review comment:
Maybe this:
```
acidDirectoryRef =
ugi.doAs((PrivilegedExceptionAction<AcidDirectory>) () ->
AcidUtils.getAcidState(null, new Path(sd.getLocation()), conf,
tblValidWriteIds, Ref.from(false), true)
);
```
##########
File path: ql/src/java/org/apache/hadoop/hive/ql/txn/compactor/Worker.java
##########
@@ -574,6 +573,35 @@ protected Boolean findNextCompactionAndExecute(boolean
computeStats) throws Inte
return true;
}
+ /**
+ * Just AcidUtils.getAcidState, but with impersonation if needed.
+ */
+ private AcidDirectory getAcidStateForWorker(CompactionInfo ci,
StorageDescriptor sd,
+ ValidCompactorWriteIdList tblValidWriteIds) throws IOException,
InterruptedException {
+ Ref<AcidDirectory> acidDirectoryRef = Ref.from(null);
+ if (runJobAsSelf(ci.runAs)) {
+ acidDirectoryRef.value = AcidUtils.getAcidState(null, new
Path(sd.getLocation()), conf,
+ tblValidWriteIds, Ref.from(false), true);
+ } else {
+ UserGroupInformation ugi =
UserGroupInformation.createProxyUser(ci.runAs,
UserGroupInformation.getLoginUser());
+ try {
+ ugi.doAs((PrivilegedExceptionAction<Object>) () -> {
+ acidDirectoryRef.value = AcidUtils.getAcidState(null, new
Path(sd.getLocation()), conf,
+ tblValidWriteIds, Ref.from(false), true);
+ return null;
+ });
Review comment:
Maybe this:
```
acidDirectory = ugi.doAs((PrivilegedExceptionAction<AcidDirectory>)
() ->
AcidUtils.getAcidState(null, new Path(sd.getLocation()), conf,
tblValidWriteIds, Ref.from(false), true)
);
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 546683)
Time Spent: 50m (was: 40m)
> There's a getAcidState call without impersonation in compactor.Worker
> ---------------------------------------------------------------------
>
> Key: HIVE-24719
> URL: https://issues.apache.org/jira/browse/HIVE-24719
> Project: Hive
> Issue Type: Improvement
> Reporter: Karen Coppage
> Assignee: Karen Coppage
> Priority: Major
> Labels: pull-request-available
> Time Spent: 50m
> Remaining Estimate: 0h
>
> In compactor.Initiator and compactor.Cleaner, getAcidState is called by a
> proxy user (the table/partition dir owner) because the HS2 user might not
> have permission to list the files. In Worker getAcidState is not called by a
> proxy user.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
