[GitHub] [incubator-paimon] wg1026688210 opened a new issue, #830: [Feature] Avoid using hive's own FileSystem to access the location of paimon for the authenticates strategy of StorageBasedAuthorizationProvider when creating external table locationed at object storage.

[via GitHub]

wg1026688210 opened a new issue, #830:
URL: https://github.com/apache/incubator-paimon/issues/830

   ### Search before asking
   
   - [X] I searched in the 
[issues](https://github.com/apache/incubator-paimon/issues) and found nothing 
similar.
   
   
   ### Motivation
   
   When using a permission authentication policy based on 
`StorageBasedAuthorizationProvider`, creating an external table in  paimon will 
cause Hive to create its own FileSystem to access the object storage location 
of paimon table , and it will not read the configuration of paimon for 
accessing the object storage .
   
   ### Solution
   
   
   -  Extend  `StorageBasedAuthorizationProvider` for checking whether is 
paimon table through the storage of table
   
   -  Support multi strategy for  permission authentication  policy of paimon 
if the  table is stored by paimon :
       
      - do nothing for permission authentication checking   ,hand it over to 
data ingestion 
       
      - using  paimon's filesystem for checking permission authentication , the 
following is what we need to do
          - support the catalog property of paimon's extern table like Iceberg 
, so that we can access the config of object storage .        For example  :
          
            ```
              CREATE EXTERNAL TABLE my_table
              STORED BY 'org.apache.paimon.hive.PaimonStorageHandler'
              LOCATION 's3://realtime/wgcn/warehouse/default.db/word_count';
              TBLPROPERTIES ('paimon.catalog'='catalog_a1');
            ```   
   
             and then we can get the catalog info from the config of HMS like:
   
           ```
           <property>
               <name>paimon.catalog.a1.access.key</name>
               <value>...</value>
          </property>
          <property>
              <name>paimon.catalog.a1.secret.key</name>
           <value>...</value>
          </property>
          ``` 
                or somewhere use redefine
   
   
          -   implement the  permission authentication  using the paimon's 
filesystem like the implenmence of StorageBasedAuthorizationProvider
   
   -  add the document for guiding users config the  implemence  of 
StorageBasedAuthorizationProvider at HMS
   
   ### Anything else?
   
   _No response_
   
   ### Are you willing to submit a PR?
   
   - [X] I'm willing to submit a PR!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@paimon.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org