- Download Diff

Summary:

HUE-9150 [importer] Avoid creating scratchdir outside of encryption zone

Review Request #14771 — Created Feb. 21, 2020 and updated March 4, 2020, 5:16 p.m.

Information
Owner:	yingc
Repository:	hue
Branch:	master
Bugs:	HUE-9150
Depends On:
Reviewers
Groups:
People:	johan, quadoss, ranade, romain, weixia

Description

commit 3fef410d8e4190498b01c3e304d36fe27a32033e (HEAD -> master)
Author: Ying Chen <yingchen@cloudera.com>
Date:   Wed Feb 12 19:34:17 2020 -0800

    HUE-9150 [importer] Avoid creating scratchdir outside of encryption zone

:100644 100644 999bd9e0cc... d687495462... M    desktop/libs/hadoop/src/hadoop/fs/webhdfs_types.py
:100644 100644 18f9dc5928... 34e6cb8652... M    desktop/libs/indexer/src/indexer/indexers/sql.py
:100644 100644 336e8eff3d... 2622ea8c17... M    desktop/libs/indexer/src/indexer/indexers/sql_tests.py

Testing Done

Issues

0
0
5
2
All Issues: 7

Description	From	Last Updated
Variable needed? + new line like before	romain	Feb. 26, 2020, 3:59 p.m.
"# Only for HDFS, import data and non-external table" --> "# For import data or non-external table creation, validate that ...	romain	March 3, 2020, 3:30 p.m.
return self.fs.do_as_user('hive', self.fs.check_access, path, 'rwx') ?	romain	March 3, 2020, 6:42 p.m.
test_create_table_from_a_file_to_csv_with_enc --> test_create_table_from_a_file_to_csv_with_security_and_kms_encryption	romain	March 3, 2020, 3:31 p.m.
check_access=Mock(check_access=Mock(side_effect=WebHdfsException("check access denied!"))), ?	romain	March 3, 2020, 4:03 p.m.
Add another call/test with check_perm_for_hive returning True? Could also add another call with stats.encBit == False	romain	March 3, 2020, 6:45 p.m.
Split in a new function with '_kms_encryption' removed? @patch('uuid.uuid4', mock_uuid) def test_create_table_from_a_file_to_csv_with_security_and(self):	romain	March 4, 2020, 5:17 p.m.

Change Summary:

added unit test

Description:

~		commit 601968659dd70c90fc7432cadf500d517b8f1c81 (HEAD -> master)
	~	commit 3fef410d8e4190498b01c3e304d36fe27a32033e (HEAD -> master)
		Author: Ying Chen yingchen@cloudera.com
		Date: Wed Feb 12 19:34:17 2020 -0800

		HUE-9150 [importer] Avoid creating scratchdir outside of encryption zone

~		:100644 100644 e7946f302c... a6e1aea8bf... M desktop/libs/hadoop/src/hadoop/fs/webhdfs_types.py
~		:100644 100644 d60bd7ba49... 9e55009401... M desktop/libs/indexer/src/indexer/indexers/sql.py
	~	:100644 100644 999bd9e0cc... d687495462... M desktop/libs/hadoop/src/hadoop/fs/webhdfs_types.py
	~	:100644 100644 18f9dc5928... 34e6cb8652... M desktop/libs/indexer/src/indexer/indexers/sql.py
	+	:100644 100644 336e8eff3d... 2622ea8c17... M desktop/libs/indexer/src/indexer/indexers/sql_tests.py

Diff:

Revision 2 (+94 -4)

Show changes

	desktop/libs/hadoop/src/hadoop/fs/webhdfs_types.py
	desktop/libs/indexer/src/indexer/indexers/sql.py
	desktop/libs/indexer/src/indexer/indexers/sql_tests.py

```
Nice!
Just a few nits
```
desktop/libs/indexer/src/indexer/indexers/sql.py (Diff revision 2)
Show all issues
```
Variable needed?

+ new line like before
```

desktop/libs/indexer/src/indexer/indexers/sql.py (Diff revision 2)

Show all issues

"# Only for HDFS, import data and non-external table" --> "# For import data or non-external table creation, validate that hive has the perms to move the files
# Note: the user still needs to upload the data in the same encryption zone as the warehouse."

desktop/libs/indexer/src/indexer/indexers/sql.py (Diff revision 2)

Show all issues

return self.fs.do_as_user('hive', self.fs.check_access, path, 'rwx')
?

yingc March 3, 2020, 6:47 p.m.

It return None if permission is ok, but throws exception when no access. https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Check_access

desktop/libs/indexer/src/indexer/indexers/sql_tests.py (Diff revision 2)

Show all issues

test_create_table_from_a_file_to_csv_with_enc --> test_create_table_from_a_file_to_csv_with_security_and_kms_encryption

desktop/libs/indexer/src/indexer/indexers/sql_tests.py (Diff revision 2)

Show all issues

check_access=Mock(check_access=Mock(side_effect=WebHdfsException("check access denied!"))),
?

desktop/libs/indexer/src/indexer/indexers/sql_tests.py (Diff revision 2)

Show all issues

Add another call/test with check_perm_for_hive returning True?

Could also add another call with stats.encBit == False

Change Summary:

Fix suggestions, add more unit test, and add source type as service user

Diff:

Revision 3 (+130 -7)

Show changes

	desktop/libs/hadoop/src/hadoop/fs/webhdfs_types.py
	desktop/libs/indexer/src/indexer/indexers/sql.py
	desktop/libs/indexer/src/indexer/indexers/sql_tests.py

Ship it!

desktop/libs/indexer/src/indexer/indexers/sql_tests.py (Diff revision 3)

Show all issues

Split in a new function with '_kms_encryption' removed?
@patch('uuid.uuid4', mock_uuid)

  def test_create_table_from_a_file_to_csv_with_security_and(self):

Change Summary:


split new unit test function
reuse get_source and get_destination
fix chown to the right user bases on source_type

Diff:

Revision 4 (+119 -12)

Show changes

	desktop/libs/hadoop/src/hadoop/fs/webhdfs_types.py
	desktop/libs/indexer/src/indexer/indexers/sql.py
	desktop/libs/indexer/src/indexer/indexers/sql_tests.py

You have a pending review.

Review Board 3.0.17

HUE-9150 [importer] Avoid creating scratchdir outside of encryption zone

Change Summary:

Description:

Diff:

Change Summary:

Diff:

Change Summary:

Diff: