Sentry UDFWhiteList bug分析
Sentry UDFWhiteList bug分析
1 簡介
此手冊應(yīng)用于row_number、unbase64、windowingtablefunction在開啟sentry后不能執(zhí)行的bug分析。
2 準(zhǔn)備
2.1 環(huán)境說明
Sentry版本: sentry-1.4.0-cdh5.3.3
注:核對了最新版Sentry(sentry-1.5.1-cdh5.7.0)已無此問題.
前同事已經(jīng)在jira里報(bào)告此bug
[SENTRY-770] When use sentry to configuration hive,to ensure safety of data access.The functions(row_number and unbase64) can't be used.The Problem caused by a sentry bug. I have already found a way to solve the problem,except to modify the sentry source code. - ASF JIRA
#別人提出的類似報(bào)告
[SENTRY-717] Fix the UDF whitelist format for functions row_number and unbase64 - ASF JIRA
patch地址:
https://issues.apache.org/jira/secure/attachment/12730680/SENTRY-717.001.patch
3 問題分析
3.1 問題說明
1)? 問題再現(xiàn)
#在配置了sentry的hive里執(zhí)行訪問unbase64自定義函數(shù)時(shí)報(bào)錯
select?unbase64(url)?from?test?limit?10;
錯誤見下: 初步定位問題在?The?UDF?unbase64?is?not?found?in?the?list?of?allowed?UDFs?
Caused?by:?org.apache.hadoop.hive.ql.metadata.AuthorizationException:?The?UDF?unbase64?is?not?found?in?the?list?of?allowed?UDFs
????????at?org.apache.sentry.binding.hive.HiveAuthzBindingHook.checkUDFWhiteList(HiveAuthzBindingHook.java:556)
????????at?org.apache.sentry.binding.hive.HiveAuthzBindingHook.authorizeWithHiveBindings(HiveAuthzBindingHook.java:454)
????????at?org.apache.sentry.binding.hive.HiveAuthzBindingHook.postAnalyze(HiveAuthzBindingHook.java:332)
????????...?33?more
.
2)? 通過報(bào)錯不難分析是和UDFWhiteList有關(guān),通過google檢索定位到org.apache.sentry.binding.hive.conf.HiveAuthzConf類
3)? 仔細(xì)查看HiveAuthzConf類發(fā)現(xiàn)字符串HIVE_UDF_WHITE_LIST在拼接時(shí)少了個(gè)逗號(,)
?
4 解決方案
4.1 問題說明
方法一)在sentry安裝依賴的sentry-site.xml里配置hive.sentry.udf.whitelist參數(shù),將HIVE_UDF_WHITE_LIST的值拷貝到該參數(shù)的value內(nèi).
方法二)修改org.apache.sentry.binding.hive.conf.HiveAuthzConf源碼,重新打成sentry-binding-hive-1.4.0-cdh5.3.3.jar
??
注:建議采用第一種方法
5 總結(jié)
暫無.
總結(jié)
以上是生活随笔為你收集整理的Sentry UDFWhiteList bug分析的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 推荐几个燃气热水器有没有好用的牌子?
- 下一篇: Yarn资源分配示例