[ https://issues.apache.org/jira/browse/HIVE-17853?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16234338#comment-16234338 ]
Vihang Karajgaonkar commented on HIVE-17853: -------------------------------------------- bq. Right. HS2 doesn't come into it, since this has more to do with HCatClient. The HCatalog APIs use HiveClientCache to amortize the cost of HiveMetaStoreClient construction and metastore connections. Systems like Oozie/Falcon that use HCatClient to make metastore-calls within a doAs() context might land up losing their UGI.doAs() contexts after timeout, causing any retried actions to run as a privileged, rather than the impersonated user. Thanks [~mithun] for the clarification. I am fine with adding unit-tests in a followup JIRA. May be we should also refactor the reconnect using UGI logic in a separate method? the {{invoke}} method is already pretty unwieldy will the different try catch clauses. Rest looks fine to me. +1 > RetryingMetaStoreClient loses UGI impersonation-context when reconnecting > after timeout > --------------------------------------------------------------------------------------- > > Key: HIVE-17853 > URL: https://issues.apache.org/jira/browse/HIVE-17853 > Project: Hive > Issue Type: Bug > Components: Metastore > Affects Versions: 3.0.0, 2.4.0, 2.2.1 > Reporter: Mithun Radhakrishnan > Assignee: Chris Drome > Priority: Critical > Attachments: HIVE-17853.01-branch-2.patch, HIVE-17853.01.patch > > > The {{RetryingMetaStoreClient}} is used to automatically reconnect to the > Hive metastore, after client timeout, transparently to the user. > In case of user impersonation (e.g. Oozie super-user {{oozie}} impersonating > a Hadoop user {{mithun}}, to run a workflow), in case of timeout, we find > that the reconnect causes the {{UGI.doAs()}} context to be lost. Any further > metastore operations will be attempted as the login-user ({{oozie}}), as > opposed to the effective user ({{mithun}}). > We should have a fix for this shortly. -- This message was sent by Atlassian JIRA (v6.4.14#64029)