> On July 13, 2018, 1:16 p.m., kalyan kumar kalvagadda wrote: > > From your comment, "Sentry client at NameNode does not create entry for > > external table. When user rename an external table with different path, > > null exception happens" > > > > Does does that mean sentry ACL's don't work in external table? Please > > calrify.
I believe so. From the code, when the path is outside of the prefix, its entry is not created. We can look more into the exact behavior and implication of not creating entry for external path. This jira is about NPE, and investigating "sentry ACL's don't work in external table" and determing what's the correct behavior is outside of the scope of this jira. - Na ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67899/#review206050 ----------------------------------------------------------- On July 12, 2018, 9:14 p.m., Na Li wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/67899/ > ----------------------------------------------------------- > > (Updated July 12, 2018, 9:14 p.m.) > > > Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, and Sergio > Pena. > > > Bugs: sentry-2299 > https://issues.apache.org/jira/browse/sentry-2299 > > > Repository: sentry > > > Description > ------- > > Sentry client at NameNode does not create entry for external table. When user > rename an external table with different path, null exception happens. The fix > is to check if old entry exists or not. If exists, move old paths to new > table. Otherwise, skip that step. > > You can see that in the following function createAuthzObjPath in > HMSPaths.java, if the path is outside of prefix, no entry is created > > public Entry createAuthzObjPath(List<String> pathElements, String > authzObj) { > Entry entry = null; > Entry prefix = findPrefixEntry(pathElements); > if (prefix != null) { > // we only create the entry if is under a prefix, else we ignore it > entry = createChild(pathElements, EntryType.AUTHZ_OBJECT, authzObj); > } else { > if (LOG.isDebugEnabled()) { > LOG.debug(String.format("%s: createAuthzObjPath(%s, %s): outside of > prefix, skipping", <- skip creating entry for external tables > this, authzObj, pathElements)); > } > } > return entry; > } > > > Diffs > ----- > > > sentry-hdfs/sentry-hdfs-common/src/main/java/org/apache/sentry/hdfs/HMSPaths.java > 3919d60 > > sentry-hdfs/sentry-hdfs-common/src/test/java/org/apache/sentry/hdfs/TestHMSPaths.java > 20ed97c > > > Diff: https://reviews.apache.org/r/67899/diff/1/ > > > Testing > ------- > > Add new test case for renaming external table with different paths. It passes > > > Thanks, > > Na Li > >
