-
Notifications
You must be signed in to change notification settings - Fork 29.3k
[SPARK-30312][SQL] Preserve path permission and acl when truncate table #26956
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 6 commits
73e1bb0
60134c1
1df437b
2c3f1fb
39fe234
7b29f2f
ab69638
00a2bc8
8e429a3
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -24,6 +24,7 @@ import scala.util.Try | |
| import scala.util.control.NonFatal | ||
|
|
||
| import org.apache.hadoop.fs.{FileContext, FsConstants, Path} | ||
| import org.apache.hadoop.fs.permission.{AclEntry, FsPermission} | ||
|
|
||
| import org.apache.spark.sql.{AnalysisException, Row, SparkSession} | ||
| import org.apache.spark.sql.catalyst.TableIdentifier | ||
|
|
@@ -499,8 +500,48 @@ case class TruncateTableCommand( | |
| val path = new Path(location.get) | ||
| try { | ||
| val fs = path.getFileSystem(hadoopConf) | ||
| val fileStatus = fs.getFileStatus(path) | ||
| // Not all fs impl. support these APIs. | ||
| var optPermission: Option[FsPermission] = None | ||
| try { | ||
| optPermission = Some(fileStatus.getPermission()) | ||
| } catch { | ||
| case NonFatal(e) => | ||
| } | ||
|
|
||
| var optAcls: Option[java.util.List[AclEntry]] = None | ||
| try { | ||
| optAcls = Some(fs.getAclStatus(path).getEntries) | ||
| } catch { | ||
| case NonFatal(e) => | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ditto. |
||
| } | ||
|
|
||
| fs.delete(path, true) | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. not familiar with Hadoop FS APIs, but do we have something like
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In the FileSystem API, I didn't find one like that. But I just search again, there is FileUtil API that seems working like that. I will test tomorrow to see if it work well to keep permission/acl in a Spark cluster like current approach.
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. oh, I think
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. So I think there is no single API to do We can do
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do you know how Hive/Presto implement TRUNCATE TABLE? Are there other file attributes we need to retain?
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. For Hive, I try to trace the code path for TRUNCATE TABLE:
Get the locations of table/partitions and call Warehouse.deleteDir for each.
In
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Now I retain permission and ACLs. I was doing In Hive code, since it is code running the metastore server, I think it is running with enough permission to set owner/group. For Spark, we may not running it with super user.
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In Presto, looks like it takes the approach by listing all files/directories under the path to delete (i.e.,
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. the presto way seems safer to me.
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I was concerned with the presto way on performance regression. For a table which has many files/directories, deleting them one by one could be a bottleneck. If we add a config for retaining permission/ACLs when truncating table? Users can choose to disable it and directly delete top directory (current behavior) without retaining permission/ACLs. |
||
|
|
||
| // We should keep original permission/acl of the path. | ||
| // For owner/group, only super-user can set it, for example on HDFS. Because | ||
| // current user can delete the path, we assume the user/group is correct or not an issue. | ||
| fs.mkdirs(path) | ||
| optPermission.foreach { permission => | ||
| try { | ||
| fs.setPermission(path, permission) | ||
| } catch { | ||
| case NonFatal(e) => | ||
| throw new AnalysisException( | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ur,
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Also,
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Ah, this follows throwing AnalysisException at the outside try..catch block. We can change this.
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
For security reason, cannot set back original Acl/permission seems serious issue so I'm ok with a
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Maybe
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Based on previous discussion around #26956 (comment), we may not need a config.
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. SecurityException sounds good |
||
| s"Failed to set original permission $permission back to " + | ||
| s"the created path: $path. Exception: ${e.getMessage}") | ||
| } | ||
| } | ||
| optAcls.foreach { acls => | ||
| try { | ||
| fs.setAcl(path, acls) | ||
| } catch { | ||
| case NonFatal(e) => | ||
| throw new AnalysisException( | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ditto. |
||
| s"Failed to set original ACL $acls back to " + | ||
| s"the created path: $path. Exception: ${e.getMessage}") | ||
| } | ||
| } | ||
| } catch { | ||
| case NonFatal(e) => | ||
| throw new AnalysisException( | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cloud-fan @HyukjinKwon By using try catch, I'm not sure what we should do for exception during getPermission/getAcls. I think we don't/can't do anything?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this case, I guess
case NonFatal(_) => // do nothingis okay.