[
https://issues.apache.org/jira/browse/SENTRY-1230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Anne Yu updated SENTRY-1230:
----------------------------
Attachment: SENTRY-1230.1.patch
> Add basic testing workflow to test Sentry with Hive storage on S3
> -----------------------------------------------------------------
>
> Key: SENTRY-1230
> URL: https://issues.apache.org/jira/browse/SENTRY-1230
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
> Affects Versions: 1.8.0
> Reporter: Anne Yu
> Assignee: Anne Yu
> Fix For: 1.8.0
>
> Attachments: SENTRY-1230.0.patch, SENTRY-1230.1.patch
>
>
> As Hive (and other Apache Engines) is capable of having storage in the
> AWS/S3, Sentry should be able to secure URIs with S3 schema. Basic workflow
> could be create an external table with location pointing to S3:
> 1. sudo -u hdfs hadoop fs ${S3} -mkdir -p s3a://sentry-s3/cdh-sentry/db/tbl
> 2. CREATE EXTERNAL TABLE my_s3_table (viewTime INT, userid BIGINT, page_url
> STRING, referrer_url STRING, ip STRING COMMENT 'IP Address of the User',
> country STRING COMMENT 'country of origination') COMMENT 'This is the staging
> page view table' ROW FORMAT DELIMITED FIELDS TERMINATED BY '\054' STORED AS
> TEXTFILE LOCATION 's3a://sentry-s3/cdh-sentry/db/tbl'; (show create table
> page_view shows the location points to s3a)
> 3. insert into table my_s3_table values (1, 1001, 'test_url',
> 'reference_url', '201.245.14.5', 'us'); (sudo -u hdfs hadoop fs ${S3} -cat
> s3a://sentry-s3/cdh-sentry/db/tbl/000000_0 shows the data is successfully
> created in s3a file 000000: 1,1001,test_url,reference_url,201.245.14.5,us);
> 4. Sentry is able to grant URI privilege on
> ‘s3a://sentry-s3/cdh-sentry/db/tbl’, Without URI privilege, Sentry throws
> exception such as, “User systest does not have privileges for CREATETABLE;
> The required privileges:
> Server=server1->URI=s3a://sentry-s3/cdh-sentry/db/tbl->action=*;
> (state=42000,code=40000)”
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
