Anne Yu created SENTRY-1230:
-------------------------------
Summary: Add basic testing workflow to test Sentry with Hive
storage on S3
Key: SENTRY-1230
URL: https://issues.apache.org/jira/browse/SENTRY-1230
Project: Sentry
Issue Type: Bug
Components: Sentry
Affects Versions: 1.8.0
Reporter: Anne Yu
Assignee: Anne Yu
Fix For: 1.8.0
As Hive (and other Apache Engines) is capable of having storage in the AWS/S3,
Sentry should be able to secure URIs with S3 schema. Basic workflow could be
create an external table with location pointing to S3:
1. sudo -u hdfs hadoop fs ${S3} -mkdir -p s3a://sentry-s3/cdh-sentry/db/tbl
2. CREATE EXTERNAL TABLE my_s3_table (viewTime INT, userid BIGINT, page_url
STRING, referrer_url STRING, ip STRING COMMENT 'IP Address of the User',
country STRING COMMENT 'country of origination') COMMENT 'This is the staging
page view table' ROW FORMAT DELIMITED FIELDS TERMINATED BY '\054' STORED AS
TEXTFILE LOCATION 's3a://sentry-s3/cdh-sentry/db/tbl'; (show create table
page_view shows the location points to s3a)
3. insert into table my_s3_table values (1, 1001, 'test_url', 'reference_url',
'201.245.14.5', 'us'); (sudo -u hdfs hadoop fs ${S3} -cat
s3a://sentry-s3/cdh-sentry/db/tbl/000000_0 shows the data is successfully
created in s3a file 000000: 1,1001,test_url,reference_url,201.245.14.5,us);
4. Sentry is able to grant URI privilege on
‘s3a://sentry-s3/cdh-sentry/db/tbl’, Without URI privilege, Sentry throws
exception such as, “User systest does not have privileges for CREATETABLE; The
required privileges:
Server=server1->URI=s3a://sentry-s3/cdh-sentry/db/tbl->action=*;
(state=42000,code=40000)”
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
