AFAIK currently, s3 keys cannot be session specific currently. They are loaded by the metastore server when it starts and it cannot be modified without a metastore server restart. In order to do this we will have make some code changes. I had created HIVE-16913 for this long time back but never got around working on it later (I can take a relook at it if there are use-cases in practice which would need this).
The other workaround would be to have one master key configured at the server level and restrict user access to urls using Sentry or Ranger. On Wed, Jul 11, 2018 at 2:44 AM, Sandhya Agarwal <write2s...@gmail.com> wrote: > Hello, > > We want to leverage standalone metastore for our project, for which I want > to enable access to multiple S3 buckets, each with its own access key and > secret key. I am trying to access the metastore operations from a Java > client using HiveMetastoreClient and using the thrift metastore URI to > connect to the metastore service. For the database location and table > location, I am using the S3A file system scheme. I am trying to set the > access key and secret key for the S3 bucket location in the > HiveMetastoreClient, but the client side settings are never honoured and I > cannot figure out a way to do this. One way is to provide the per-bucket > access key and secret key on the server side in metastore-site.xml. > However, I want this to be dynamic as I want the metastore to be multi > tenant enabled and based on the current tenant user, I wish to provide > these keys through my client. I tried looking through the metastore source > code, but did not find a way to do this. Can this be done ? > > I am using apache-hive-metastore-3.0.0 version. > > Thank you, > > Sandhya > >
