difin commented on code in PR #6474:
URL: https://github.com/apache/hive/pull/6474#discussion_r3495783220


##########
iceberg/iceberg-handler/src/main/java/org/apache/iceberg/mr/hive/HiveTableUtil.java:
##########
@@ -244,6 +244,7 @@ public static Table deserializeTable(Configuration config, 
String name) {
       table = readTableObjectFromFile(location, config);
     }
     checkAndSetIoConfig(config, table);
+    IcebergVendedCredentialUtil.applyFromJobConf(table, config);

Review Comment:
   I tested in the Gravitino q-test: you are correct - vended credentials in 
`table.io().properties()` survive ser/de to executors. But I believe we still 
need parsing these credentials and moving them to Hive configuration for the 
following 2 reasons:
   
   We still need to put credentials in JobConf because Iceberg FileIO and 
Hadoop S3A do not share state, S3A only reads Configuration, and Tez/LLAP use 
S3A for many s3:// paths.
   
   `applyFromJobConf` in `HiveTableUtil.deserializeTable` is still needed 
because there can be setups where REST catalogs vend S3 connection settings for 
their own environment while Hive is running in a different network. For 
example, In the Gravitino q-test, Gravitino (in Docker) vends 
`s3.endpoint=http://minio:9000`, which Hive tasks on the host cannot reach. 
Hive session config sets a reachable endpoint (`http://<host>:9000`). 
`applyFromJobConf` takes the vended credentials, replaces only the endpoint and 
path-style fields with the session values, leaves access keys unchanged, and 
installs the result on the FileIO via `setCredentials()`. In my debug, 
deserialized `table.io().properties()` still contained `http://minio:9000`, and 
need to be overridden, so this step is required even when vended keys survive 
ser/de.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to