[hive] branch master updated: HIVE-26707: Iceberg: Write failing due to Ranger Authorization failure. (#3731). (Ayush Saxena, reviewed by Adam Szita, Chris Nauroth)

ayushsaxena Tue, 08 Nov 2022 01:20:38 -0800

This is an automated email from the ASF dual-hosted git repository.

ayushsaxena pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git



The following commit(s) were added to refs/heads/master by this push:
     new bf9e66fc70d HIVE-26707: Iceberg: Write failing due to Ranger 
Authorization failure. (#3731). (Ayush Saxena, reviewed by Adam Szita,  Chris 
Nauroth)
bf9e66fc70d is described below

commit bf9e66fc70d9142bc9682d92c71c8358f1086927
Author: Ayush Saxena <[email protected]>
AuthorDate: Tue Nov 8 14:49:45 2022 +0530

    HIVE-26707: Iceberg: Write failing due to Ranger Authorization failure. 
(#3731). (Ayush Saxena, reviewed by Adam Szita,  Chris Nauroth)
---
 .../iceberg/mr/hive/HiveIcebergStorageHandler.java  | 21 ++++++++++++++++-----
 .../hive/TestHiveIcebergStorageHandlerNoScan.java   |  7 +++++++
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git 
a/iceberg/iceberg-handler/src/main/java/org/apache/iceberg/mr/hive/HiveIcebergStorageHandler.java
 
b/iceberg/iceberg-handler/src/main/java/org/apache/iceberg/mr/hive/HiveIcebergStorageHandler.java
index 078acc30b7b..91439beec3b 100644
--- 
a/iceberg/iceberg-handler/src/main/java/org/apache/iceberg/mr/hive/HiveIcebergStorageHandler.java
+++ 
b/iceberg/iceberg-handler/src/main/java/org/apache/iceberg/mr/hive/HiveIcebergStorageHandler.java
@@ -541,21 +541,32 @@ public class HiveIcebergStorageHandler implements 
HiveStoragePredicateHandler, H
   public URI getURIForAuth(org.apache.hadoop.hive.metastore.api.Table 
hmsTable) throws URISyntaxException {
     String dbName = hmsTable.getDbName();
     String tableName = hmsTable.getTableName();
-    StringBuilder authURI = new 
StringBuilder(ICEBERG_URI_PREFIX).append(dbName).append("/").append(tableName)
-        .append("?snapshot=");
+    StringBuilder authURI =
+        new 
StringBuilder(ICEBERG_URI_PREFIX).append(encodeString(dbName)).append("/").append(encodeString(tableName))
+            .append("?snapshot=");
     Optional<String> locationProperty = SessionStateUtil.getProperty(conf, 
hive_metastoreConstants.META_TABLE_LOCATION);
     if (locationProperty.isPresent()) {
       Preconditions.checkArgument(locationProperty.get() != null,
           "Table location is not set in SessionState. Authorization URI cannot 
be supplied.");
       // this property is set during the create operation before the hive 
table was created
       // we are returning a dummy iceberg metadata file
-      
authURI.append(URI.create(locationProperty.get()).getPath()).append("/metadata/dummy.metadata.json");
+      
authURI.append(encodeString(URI.create(locationProperty.get()).getPath()))
+          .append(encodeString("/metadata/dummy.metadata.json"));
     } else {
       Table table = IcebergTableUtil.getTable(conf, hmsTable);
-      authURI.append(URI.create(((BaseTable) 
table).operations().current().metadataFileLocation()).getPath());
+      authURI.append(
+          encodeString(URI.create(((BaseTable) 
table).operations().current().metadataFileLocation()).getPath()));
     }
     LOG.debug("Iceberg storage handler authorization URI {}", authURI);
-    return new 
URI(HiveConf.EncoderDecoderFactory.URL_ENCODER_DECODER.encode(authURI.toString()));
+    return new URI(authURI.toString());
+  }
+
+  @VisibleForTesting
+  static String encodeString(String rawString) {
+    if (rawString == null) {
+      return null;
+    }
+    return 
HiveConf.EncoderDecoderFactory.URL_ENCODER_DECODER.encode(rawString);
   }
 
 
diff --git 
a/iceberg/iceberg-handler/src/test/java/org/apache/iceberg/mr/hive/TestHiveIcebergStorageHandlerNoScan.java
 
b/iceberg/iceberg-handler/src/test/java/org/apache/iceberg/mr/hive/TestHiveIcebergStorageHandlerNoScan.java
index af18d4c8c7e..53ac887ecc6 100644
--- 
a/iceberg/iceberg-handler/src/test/java/org/apache/iceberg/mr/hive/TestHiveIcebergStorageHandlerNoScan.java
+++ 
b/iceberg/iceberg-handler/src/test/java/org/apache/iceberg/mr/hive/TestHiveIcebergStorageHandlerNoScan.java
@@ -1437,6 +1437,13 @@ public class TestHiveIcebergStorageHandlerNoScan {
     storageHandler.setConf(shell.getHiveConf());
     URI uriForAuth = storageHandler.getURIForAuth(hmsTable);
 
+    Assert.assertEquals("iceberg://" +
+            
HiveIcebergStorageHandler.encodeString(target.namespace().toString()) + "/" +
+            HiveIcebergStorageHandler.encodeString(target.name()) + 
"?snapshot=" +
+            HiveIcebergStorageHandler.encodeString(
+            URI.create(((BaseTable) 
table).operations().current().metadataFileLocation()).getPath()),
+        uriForAuth.toString());
+
     Assert.assertEquals("iceberg://" + target.namespace() + "/" + 
target.name() + "?snapshot=" +
         URI.create(((BaseTable) 
table).operations().current().metadataFileLocation()).getPath(),
         
HiveConf.EncoderDecoderFactory.URL_ENCODER_DECODER.decode(uriForAuth.toString()));

[hive] branch master updated: HIVE-26707: Iceberg: Write failing due to Ranger Authorization failure. (#3731). (Ayush Saxena, reviewed by Adam Szita, Chris Nauroth)

Reply via email to