[jira] [Comment Edited] (IMPALA-12584) Add backend config to restrict data file locations for Iceberg tables

Tue, 09 Jan 2024 03:00:46 -0800 


    [ 
https://issues.apache.org/jira/browse/IMPALA-12584?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17804684#comment-17804684
 ] 

Zoltán Borók-Nagy edited comment on IMPALA-12584 at 1/9/24 10:59 AM:
---------------------------------------------------------------------

I'm not sure if I understood the above. When the value of 
'iceberg_restrict_data_file_location' is
* false: we are allowing data files outside of the table directory (unsecure)
* true: we are not allowing data files outside of the table directory (secure)

The default value is currently false to not break workloads that use e.g. 
object store location providers.
If we really want to be secure then I guess we can switch to true (secure), we 
will just need to highlight this in the release notes.


was (Author: boroknagyz):
I'm not sure if I understood the above. When the value of 
'iceberg_restrict_data_file_location' is
* false: we are allowing data files outside of the table directory (unsecure)
* true: we are not allowing data files outside of the table directory (secure)
The default value is currently false to not break workloads that use e.g. 
object store location providers.
If we really want to be secure then I guess we can switch to true (secure), we 
will just need to highlight this in the release notes.

> Add backend config to restrict data file locations for Iceberg tables
> ---------------------------------------------------------------------
>
>                 Key: IMPALA-12584
>                 URL: https://issues.apache.org/jira/browse/IMPALA-12584
>             Project: IMPALA
>          Issue Type: Bug
>            Reporter: Zoltán Borók-Nagy
>            Assignee: Peter Rozsa
>            Priority: Major
>              Labels: impala-iceberg
>             Fix For: Impala 4.4.0
>
>
> Similarly to [https://github.com/apache/hive/pull/4910,] Impala should have a 
> backend flag to restrict the data file locations of Iceberg tables.
> If the flag is true, Impala should raise an error for Iceberg tables that 
> have data files outside of the table directory.
> We should not limit the location of metadata files, so they could be placed 
> to a different storage system (e.g. Amazon S3 Express).
> We must also ensure that users cannot create Iceberg tables at arbitrary 
> locations.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to