[jira] [Work logged] (HIVE-16913) Support per-session S3 credentials

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/HIVE-16913?focusedWorklogId=821735&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-821735
 ]

ASF GitHub Bot logged work on HIVE-16913:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 30/Oct/22 00:28
            Start Date: 30/Oct/22 00:28
    Worklog Time Spent: 10m 
      Work Description: github-actions[bot] commented on PR #3542:
URL: https://github.com/apache/hive/pull/3542#issuecomment-1296036774

   This pull request has been automatically marked as stale because it has not 
had recent activity. It will be closed if no further activity occurs.
   Feel free to reach out on the d...@hive.apache.org list if the patch is in 
need of reviews.




Issue Time Tracking
-------------------

    Worklog Id:     (was: 821735)
    Time Spent: 1h  (was: 50m)

> Support per-session S3 credentials
> ----------------------------------
>
>                 Key: HIVE-16913
>                 URL: https://issues.apache.org/jira/browse/HIVE-16913
>             Project: Hive
>          Issue Type: Improvement
>            Reporter: Vihang Karajgaonkar
>            Assignee: Vihang Karajgaonkar
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> Currently, the credentials needed to support Hive-on-S3 (or any other 
> cloud-storage) need to be to the hive-site.xml. Either using a hadoop 
> credential provider or by adding the keys in the hive-site.xml in plain text 
> (unsecure)
> This limits the usecase to using a single S3 key. If we configure per bucket 
> s3 keys like described [here | 
> http://hadoop.apache.org/docs/current/hadoop-aws/tools/hadoop-aws/index.html#Configurations_different_S3_buckets]
>  it exposes the access to all the buckets to all the hive users.
> It is possible that there are different sets of users who would not like to 
> share there buckets and still be able to process the data using Hive. 
> Enabling session level credentials will help solve such use-cases. For 
> example, currently this doesn't work
> {noformat}
> set fs.s3a.secret.key=my_secret_key;
> set fs.s3a.access.key=my_access.key;
> {noformat}
> Because metastore is unaware of the the keys. This doesn't work either
> {noformat}
> set fs.s3a.secret.key=my_secret_key;
> set fs.s3a.access.key=my_access.key;
> set metaconf:fs.s3a.secret.key=my_secret_key;
> set metaconf:fs.s3a.access.key=my_access_key;
> {noformat}
> This is because only a certain metastore configurations defined in 
> {{HiveConf.MetaVars}} are allowed to be set by the user. If we enable the 
> above approaches we could potentially allow multiple S3 credentials on a 
> per-session level basis.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)