Skip to content

Commit cce3ff3

Browse files
okuminokumin
committed
Classify HiveAccessControlException as ForbiddenException
1 parent dba0e76 commit cce3ff3

File tree

2 files changed

+32
-1
lines changed

2 files changed

+32
-1
lines changed

iceberg/iceberg-catalog/src/main/java/org/apache/iceberg/hive/HiveClientPool.java

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
import org.apache.hadoop.hive.metastore.api.MetaException;
2929
import org.apache.iceberg.ClientPoolImpl;
3030
import org.apache.iceberg.common.DynMethods;
31+
import org.apache.iceberg.exceptions.ForbiddenException;
3132
import org.apache.iceberg.relocated.com.google.common.annotations.VisibleForTesting;
3233
import org.apache.thrift.TException;
3334
import org.apache.thrift.transport.TTransportException;
@@ -75,6 +76,31 @@ protected IMetaStoreClient newClient() {
7576
}
7677
}
7778

79+
@Override
80+
public <R> R run(Action<R, IMetaStoreClient, TException> action) throws TException, InterruptedException {
81+
try {
82+
return super.run(action);
83+
} catch (MetaException e) {
84+
if (isAccessControlException(e)) {
85+
throw new ForbiddenException(e, "Access denied: %s", e.getMessage());
86+
}
87+
throw e;
88+
}
89+
}
90+
91+
@Override
92+
public <R> R run(Action<R, IMetaStoreClient, TException> action, boolean retry)
93+
throws TException, InterruptedException {
94+
try {
95+
return super.run(action, retry);
96+
} catch (MetaException e) {
97+
if (isAccessControlException(e)) {
98+
throw new ForbiddenException(e, "Access denied: %s", e.getMessage());
99+
}
100+
throw e;
101+
}
102+
}
103+
78104
@Override
79105
protected IMetaStoreClient reconnect(IMetaStoreClient client) {
80106
try {
@@ -92,6 +118,11 @@ protected boolean isConnectionException(Exception e) {
92118
e.getMessage().contains("Got exception: org.apache.thrift.transport.TTransportException");
93119
}
94120

121+
private boolean isAccessControlException(MetaException exception) {
122+
return exception.getMessage() != null && exception.getMessage().startsWith(
123+
"Got exception: org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException");
124+
}
125+
95126
@Override
96127
protected void close(IMetaStoreClient client) {
97128
client.close();

ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizer.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -136,7 +136,7 @@ public final void onEvent(PreEventContext preEventContext)
136136
}
137137
} catch (Exception e) {
138138
LOG.error("HiveMetaStoreAuthorizer.onEvent(): failed", e);
139-
throw MetaStoreUtils.newMetaException(e);
139+
MetaStoreUtils.throwMetaException(e);
140140
}
141141

142142
LOG.debug("<== HiveMetaStoreAuthorizer.onEvent(): EventType=" + preEventContext.getEventType());

0 commit comments

Comments
 (0)