Acl's still applied after drop of database with cascade

[Al Pivonka <al...@gmail.com>]

Good Day, all

We are using Cloudera CDH 5.4.4 which based on their version is using
Sentry 1.4.0

Here is the basic scenari: I have Oozie workflows that can reproduce the
following:

1) User creates the HDFS directory structures,   /project/database/table
2) User creates a Hive database and grants all to a role on database.
3) User creates "external" tables within the database and uses the HDFS
directory structures for the location of each table
(/project/database/table)
4) grants all to a role on table

Expected/Actual Results :The Hive ACLs are applied to the HDFS directory
leaf..  /project/databse/table


1) Users drops the database with cascade.
2) User removes the directory tree ( /project/databse/table) with HDFS
commands.

Expected/Actual Results: All data, database and HDFS directories are
removed from system.

Problem statement:
1) User recreates the same directory tree ( /project/databse/table)
2) run "hadoop fs -getfacl /project/databse/table

Expected Results: no Hive/Sentry ACLs will be associated with
/project/databse/table
Actual Results: The old Acls are being re-applied to the new HDFS directory
tree.

Assumption is that when a database or a table is dropped from Hive,
Sentry's ACLs should also be removed or reverted to the previous state.

I would assume that the removal of ACLs is the responsibility of
(hive/impala) drop command which would also issue a command to Sentry to
remove all ACLs associated.

Is it reasonable to assume, if the table is dropped, the grant associated
with that table should also be removed.


If test scripts are needed I can create them.


Insights?




-- 
Those who say it can't be done, are usually interrupted by those doing it.