[GitHub] [incubator-dolphinscheduler] gary0416 opened a new issue #864: [Feature] Hive datasource support authorization

Mon, 23 Sep 2019 02:18:32 -0700 

gary0416 opened a new issue #864: [Feature] Hive datasource support 
authorization
URL: https://github.com/apache/incubator-dolphinscheduler/issues/864
 
 
   When hive authorization enabled, sql like:"set role admin" is needed before 
executing "add jar ..." to prevent these errors:
   ```
   Error while processing statement: Permission denied: Principal [name=xxx, 
type=USER] does not have following privileges for operation ADD [[ADMIN 
PRIVILEGE] on Object [type=COMMAND_PARAMS, name=[jar, 
hdfs://xxx/escheduler/tenant-dev/udfs/xxx.jar]]]
   ```
   
   For example: 
   
https://github.com/apache/incubator-dolphinscheduler/blob/1.1.0/escheduler-server/src/main/java/cn/escheduler/server/utils/UDFUtils.java#L72
   ```
   private static void buildJarSql(List<String> sqls, Set<String> resources, 
String uploadPath) {
           String defaultFS = 
HadoopUtils.getInstance().getConfiguration().get(Constants.FS_DEFAULTFS);
           if (!uploadPath.startsWith("hdfs:")) {
               uploadPath = defaultFS + uploadPath;
           }
   
           for (String resource : resources) {
               sqls.add(String.format("add jar %s/%s", uploadPath, resource));
           }
       }
   ```
   change to :
   ```
   private static void buildJarSql(List<String> sqls, Set<String> resources, 
String uploadPath) {
           String defaultFS = 
HadoopUtils.getInstance().getConfiguration().get(Constants.FS_DEFAULTFS);
           if (!uploadPath.startsWith("hdfs:")) {
               uploadPath = defaultFS + uploadPath;
           }
   
           sqls.add("set role admin");
   
           for (String resource : resources) {
               sqls.add(String.format("add jar %s/%s", uploadPath, resource));
           }
       }
   ```
   
   In dolphin scheduler 1.1.0, preStatementsBinds is executed after funcStmt, 
so pre sql can't solve this issue. 
(https://github.com/apache/incubator-dolphinscheduler/blob/1.1.0/escheduler-server/src/main/java/cn/escheduler/server/worker/task/sql/SqlTask.java#L271)
   
   Suggested that it could be configured on udf or somewhere.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to