Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id E873C200C52 for ; Fri, 3 Mar 2017 01:54:51 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id E72A6160B86; Fri, 3 Mar 2017 00:54:51 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 29236160B84 for ; Fri, 3 Mar 2017 01:54:51 +0100 (CET) Received: (qmail 46244 invoked by uid 500); 3 Mar 2017 00:54:50 -0000 Mailing-List: contact issues-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list issues@hive.apache.org Received: (qmail 46118 invoked by uid 99); 3 Mar 2017 00:54:50 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Mar 2017 00:54:50 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id CD369C254D for ; Fri, 3 Mar 2017 00:54:49 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -2.347 X-Spam-Level: X-Spam-Status: No, score=-2.347 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-2.999, SPF_NEUTRAL=0.652] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id 90e4Ty2YxTfn for ; Fri, 3 Mar 2017 00:54:48 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 81EFC5FDD4 for ; Fri, 3 Mar 2017 00:54:48 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 08286E0AF9 for ; Fri, 3 Mar 2017 00:54:47 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 4F2CF24188 for ; Fri, 3 Mar 2017 00:54:46 +0000 (UTC) Date: Fri, 3 Mar 2017 00:54:46 +0000 (UTC) From: "Wei Zheng (JIRA)" To: issues@hive.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HIVE-14688) Hive drop call fails in presence of TDE MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Fri, 03 Mar 2017 00:54:52 -0000 [ https://issues.apache.org/jira/browse/HIVE-14688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15893476#comment-15893476 ] Wei Zheng commented on HIVE-14688: ---------------------------------- Will commit once hive is depending on hadoop 2.8+. Current logic will safeguard improper DROP commands against tables in encryption zone > Hive drop call fails in presence of TDE > --------------------------------------- > > Key: HIVE-14688 > URL: https://issues.apache.org/jira/browse/HIVE-14688 > Project: Hive > Issue Type: Bug > Components: Security > Affects Versions: 1.2.1, 2.0.0 > Reporter: Deepesh Khandelwal > Assignee: Wei Zheng > Attachments: HIVE-14688.1.patch, HIVE-14688.2.patch, HIVE-14688.3.patch, HIVE-14688.4.patch > > > This should be committed to when Hive moves to Hadoop 2.8 > In Hadoop 2.8.0 TDE trash collection was fixed through HDFS-8831. This enables us to make drop table calls for Hive managed tables where Hive metastore warehouse directory is in encrypted zone. However even with the feature in HDFS, Hive drop table currently fail: > {noformat} > $ hdfs crypto -listZones > /apps/hive/warehouse key2 > $ hdfs dfs -ls /apps/hive/warehouse > Found 1 items > drwxrwxrwt - hdfs hdfs 0 2016-09-01 02:54 /apps/hive/warehouse/.Trash > hive> create table abc(a string, b int); > OK > Time taken: 5.538 seconds > hive> dfs -ls /apps/hive/warehouse; > Found 2 items > drwxrwxrwt - hdfs hdfs 0 2016-09-01 02:54 /apps/hive/warehouse/.Trash > drwxrwxrwx - deepesh hdfs 0 2016-09-01 17:15 /apps/hive/warehouse/abc > hive> drop table if exists abc; > FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. MetaException(message:Unable to drop default.abc because it is in an encryption zone and trash is enabled. Use PURGE option to skip trash.) > {noformat} > The problem lies here: > {code:title=metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java} > private void checkTrashPurgeCombination(Path pathToData, String objectName, boolean ifPurge) > ... > if (trashEnabled) { > try { > HadoopShims.HdfsEncryptionShim shim = > ShimLoader.getHadoopShims().createHdfsEncryptionShim(FileSystem.get(hiveConf), hiveConf); > if (shim.isPathEncrypted(pathToData)) { > throw new MetaException("Unable to drop " + objectName + " because it is in an encryption zone" + > " and trash is enabled. Use PURGE option to skip trash."); > } > } catch (IOException ex) { > MetaException e = new MetaException(ex.getMessage()); > e.initCause(ex); > throw e; > } > } > {code} > As we can see that we are making an assumption that delete wouldn't be successful in encrypted zone. We need to modify this logic. -- This message was sent by Atlassian JIRA (v6.3.15#6346)