Re: [PR] HIVE-28736:Remove DFS_URI authorization for CREATE_TABLE event with n… [hive]

via GitHub Sat, 05 Apr 2025 10:05:25 -0700


ayushtkn commented on code in PR #5689:
URL: https://github.com/apache/hive/pull/5689#discussion_r2021774332



##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateTableEvent.java:
##########
@@ -45,10 +47,13 @@ public class CreateTableEvent extends 
HiveMetaStoreAuthorizableEvent {
   private static final Logger LOG = 
LoggerFactory.getLogger(CreateTableEvent.class);
 
   private String COMMAND_STR = "create table";
+  private Warehouse wh;
 
 
   public CreateTableEvent(PreEventContext preEventContext) {
-      super(preEventContext);
+
+    super(preEventContext);
+    this.wh = preEventContext.getHandler().getWh();

Review Comment:
   Why do we want to save it? It should be always available in 
`preEventContext`?
   
   We can directly do below
   ```
    preEventContext.getHandler().getWh().getDefaultTablePath(database, 
table.getTableName(), isExternalTable);
   ```



##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateTableEvent.java:
##########
@@ -62,11 +67,26 @@ private List<HivePrivilegeObject> getInputHObjs() {
     List<HivePrivilegeObject> ret   = new ArrayList<>();
     PreCreateTableEvent       event = (PreCreateTableEvent) preEventContext;
     Table                     table = event.getTable();
-    String                    uri   = getSdLocation(table.getSd());
+    Database               database = event.getDatabase();
+    String                      uri = getSdLocation(table.getSd());
 
-    if (StringUtils.isNotEmpty(uri)) {
+    if (StringUtils.isEmpty(uri)) {
+      return ret;
+    }
+
+    boolean isExternalTable = 
table.getTableType().equalsIgnoreCase(TableType.EXTERNAL_TABLE.toString());

Review Comment:
   does this work?
   ```
   MetaStoreUtils.isExternalTable(table);
   ```
   
   maybe we can use this directly if it does rather than storing in the variable



##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateTableEvent.java:
##########
@@ -62,11 +67,26 @@ private List<HivePrivilegeObject> getInputHObjs() {
     List<HivePrivilegeObject> ret   = new ArrayList<>();
     PreCreateTableEvent       event = (PreCreateTableEvent) preEventContext;
     Table                     table = event.getTable();
-    String                    uri   = getSdLocation(table.getSd());
+    Database               database = event.getDatabase();
+    String                      uri = getSdLocation(table.getSd());
 
-    if (StringUtils.isNotEmpty(uri)) {
+    if (StringUtils.isEmpty(uri)) {
+      return ret;
+    }
+
+    boolean isExternalTable = 
table.getTableType().equalsIgnoreCase(TableType.EXTERNAL_TABLE.toString());
+    String expectedTablePath = null;
+    try {
+      expectedTablePath = wh.getDefaultTablePath(database, 
table.getTableName(), isExternalTable).toString();

Review Comment:
   I think we don't need to getTableName & things like that
   ```
         expectedTablePath = wh.getDefaultTablePath(database, table).toString();
   ```



##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateTableEvent.java:
##########
@@ -62,11 +67,26 @@ private List<HivePrivilegeObject> getInputHObjs() {
     List<HivePrivilegeObject> ret   = new ArrayList<>();
     PreCreateTableEvent       event = (PreCreateTableEvent) preEventContext;
     Table                     table = event.getTable();
-    String                    uri   = getSdLocation(table.getSd());
+    Database               database = event.getDatabase();
+    String                      uri = getSdLocation(table.getSd());

Review Comment:
   I think there was some unconventional spacing, but can we keep the same 
thing to maintain redability
   ```
       List<HivePrivilegeObject> ret   = new ArrayList<>();
       PreCreateTableEvent       event = (PreCreateTableEvent) preEventContext;
       Table                     table = event.getTable();
       Database                  database = event.getDatabase();
       String                    uri = getSdLocation(table.getSd());
   ```



##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateTableEvent.java:
##########
@@ -62,11 +67,26 @@ private List<HivePrivilegeObject> getInputHObjs() {
     List<HivePrivilegeObject> ret   = new ArrayList<>();
     PreCreateTableEvent       event = (PreCreateTableEvent) preEventContext;
     Table                     table = event.getTable();
-    String                    uri   = getSdLocation(table.getSd());
+    Database               database = event.getDatabase();
+    String                      uri = getSdLocation(table.getSd());
 
-    if (StringUtils.isNotEmpty(uri)) {
+    if (StringUtils.isEmpty(uri)) {
+      return ret;
+    }
+
+    boolean isExternalTable = 
table.getTableType().equalsIgnoreCase(TableType.EXTERNAL_TABLE.toString());
+    String expectedTablePath = null;
+    try {
+      expectedTablePath = wh.getDefaultTablePath(database, 
table.getTableName(), isExternalTable).toString();
+    } catch (MetaException e) {
+      LOG.warn("Got exception fetching Default table location for table " + 
table.getTableName(), e);

Review Comment:
   Can you use {} + add the database name as well



##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateTableEvent.java:
##########
@@ -76,20 +96,31 @@ private List<HivePrivilegeObject> getOutputHObjs() {
     List<HivePrivilegeObject> ret   = new ArrayList<>();
     PreCreateTableEvent       event = (PreCreateTableEvent) preEventContext;
     Table                     table = event.getTable();
-    Database                  database = event.getDatabase();
-    String                    uri   = getSdLocation(table.getSd());
+    Database               database = event.getDatabase();
+    String                      uri = getSdLocation(table.getSd());

Review Comment:
   can you match the indentation with above lines



##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateTableEvent.java:
##########
@@ -76,20 +96,31 @@ private List<HivePrivilegeObject> getOutputHObjs() {
     List<HivePrivilegeObject> ret   = new ArrayList<>();
     PreCreateTableEvent       event = (PreCreateTableEvent) preEventContext;
     Table                     table = event.getTable();
-    Database                  database = event.getDatabase();
-    String                    uri   = getSdLocation(table.getSd());
+    Database               database = event.getDatabase();
+    String                      uri = getSdLocation(table.getSd());
 
     ret.add(getHivePrivilegeObject(database));
     ret.add(getHivePrivilegeObject(table));
 
-    if (StringUtils.isNotEmpty(uri) && 
!TableType.EXTERNAL_TABLE.toString().equalsIgnoreCase(table.getTableType())) {
-      ret.add(new HivePrivilegeObject(HivePrivilegeObjectType.DFS_URI, null, 
uri));
+    if (StringUtils.isNotEmpty(uri)) {
+      boolean isExternalTable = 
table.getTableType().equalsIgnoreCase(TableType.EXTERNAL_TABLE.toString());
+      String expectedTablePath = null;
+      try {
+        expectedTablePath = wh.getDefaultTablePath(database, 
table.getTableName(), isExternalTable).toString();
+      } catch (MetaException e) {
+        LOG.warn("Got exception fetching Default table location for table " + 
table.getTableName(), e);
+      }
+
+      // Skip DFS_URI for external tables and if managed table location is 
under default db path
+      if (!isExternalTable) {

Review Comment:
   curious, trying to undersatand in getInputObj you didn't had this 
`!isExternalTable`, but here you have it, why?



##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateTableEvent.java:
##########
@@ -76,20 +96,31 @@ private List<HivePrivilegeObject> getOutputHObjs() {
     List<HivePrivilegeObject> ret   = new ArrayList<>();
     PreCreateTableEvent       event = (PreCreateTableEvent) preEventContext;
     Table                     table = event.getTable();
-    Database                  database = event.getDatabase();
-    String                    uri   = getSdLocation(table.getSd());
+    Database               database = event.getDatabase();
+    String                      uri = getSdLocation(table.getSd());
 
     ret.add(getHivePrivilegeObject(database));
     ret.add(getHivePrivilegeObject(table));
 
-    if (StringUtils.isNotEmpty(uri) && 
!TableType.EXTERNAL_TABLE.toString().equalsIgnoreCase(table.getTableType())) {
-      ret.add(new HivePrivilegeObject(HivePrivilegeObjectType.DFS_URI, null, 
uri));
+    if (StringUtils.isNotEmpty(uri)) {
+      boolean isExternalTable = 
table.getTableType().equalsIgnoreCase(TableType.EXTERNAL_TABLE.toString());
+      String expectedTablePath = null;
+      try {
+        expectedTablePath = wh.getDefaultTablePath(database, 
table.getTableName(), isExternalTable).toString();
+      } catch (MetaException e) {
+        LOG.warn("Got exception fetching Default table location for table " + 
table.getTableName(), e);
+      }
+
+      // Skip DFS_URI for external tables and if managed table location is 
under default db path
+      if (!isExternalTable) {
+        if (StringUtils.isEmpty(expectedTablePath) || 
!uri.equals(expectedTablePath)) {

Review Comment:
   this part looks being duplicated, can you refactor into a method & return 
whether you need to add DFS_URI or not



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For additional commands, e-mail: gitbox-h...@hive.apache.org

Re: [PR] HIVE-28736:Remove DFS_URI authorization for CREATE_TABLE event with n… [hive]

Reply via email to