[ https://issues.apache.org/jira/browse/HIVE-17853?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16227126#comment-16227126 ]
Vihang Karajgaonkar commented on HIVE-17853: -------------------------------------------- Thanks for the patch [~cdrome]. I am curious to understand why this happens. When impersonation is turned on the HMSClient is instantiated from the HiveSessionImplWithUGI and it does a doAs() when instantiating the client. All subsequent actions coming via HS2 should also do a doAs() using the sessionProxy. Is this happening in case of HCatalog (I am not very familiar with HCatalog)? It would be great if you provide some call-stack or example of when this happens. Thanks! Took a quick look at the patch. Couple questions. if (this.ugi == null) { 78 LOG.warn("RetryingMetaStoreClient unable to determine current user UGI."); 79 } Will ugi ever be null? If not, may be this check is redundant. Can you also add a test case if possible? Thanks! > RetryingMetaStoreClient loses UGI impersonation-context when reconnecting > after timeout > --------------------------------------------------------------------------------------- > > Key: HIVE-17853 > URL: https://issues.apache.org/jira/browse/HIVE-17853 > Project: Hive > Issue Type: Bug > Components: Metastore > Affects Versions: 3.0.0, 2.4.0, 2.2.1 > Reporter: Mithun Radhakrishnan > Assignee: Chris Drome > Priority: Critical > Attachments: HIVE-17853.01-branch-2.2.patch, > HIVE-17853.01-branch-2.patch, HIVE-17853.01.patch > > > The {{RetryingMetaStoreClient}} is used to automatically reconnect to the > Hive metastore, after client timeout, transparently to the user. > In case of user impersonation (e.g. Oozie super-user {{oozie}} impersonating > a Hadoop user {{mithun}}, to run a workflow), in case of timeout, we find > that the reconnect causes the {{UGI.doAs()}} context to be lost. Any further > metastore operations will be attempted as the login-user ({{oozie}}), as > opposed to the effective user ({{mithun}}). > We should have a fix for this shortly. -- This message was sent by Atlassian JIRA (v6.4.14#64029)