[HIVE-20089] CTAS doesn't work into nonexisting /tmp/... directory while CT works - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.0.0
Fix Version/s: None
Component/s: None
Labels:
None

Description

While checking negative qtests I've found some strange behavior according to CT and CTAS statements.

ct_noperm_loc.q
ctas_noperm_loc.q

The common part these tests are initialization:

set hive.test.authz.sstd.hs2.mode=true;

set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;

set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;

set hive.security.authorization.enabled=true;

set user.name=user1;

But while simple 'create table' works to a nonexisting dir...

create table foo0(id int) location 'hdfs:///tmp/ct_noperm_loc_foo0';

...'create table as select' doesn't work:

create table foo0 location 'hdfs:///tmp/ctas_noperm_loc_foo0' as select 1 as c1;

expected result in a negative test is:

FAILED: HiveAccessControlException Permission denied: Principal [name=user1, type=USER] does not have following privileges for operation CREATETABLE_AS_SELECT [[INSERT, DELETE] on Object [type=DFS_URI, name=hdfs://### HDFS PATH ###]]

So it passes, however it should work same as simple CT, isn't it?
Is it by design, or am I missing something here?

mvn test -Dtest=TestNegativeMinimrCliDriver -Dqfile=ct_noperm_loc.q -Pitests,hadoop-2 -pl itests/qtest
mvn test -Dtest=TestNegativeMinimrCliDriver -Dqfile=ctas_noperm_loc.q -Pitests,hadoop-2 -pl itests/qtest

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: László Bodor

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 04/Jul/18 14:02

Updated:: 05/Jul/18 08:41