You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Steve Loughran (JIRA)" <ji...@apache.org> on 2018/09/12 11:43:00 UTC

[jira] [Commented] (SPARK-20799) Unable to infer schema for ORC/Parquet on S3N when secrets are in the URL

    [ https://issues.apache.org/jira/browse/SPARK-20799?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16611995#comment-16611995 ] 

Steve Loughran commented on SPARK-20799:
----------------------------------------

Update: Hadoop 3.3+ will remove all support for user:secret in S3A URIs because it's impossible to keep those secrets out of logs, and logs get everywhere. No plans to backport that, though HADOOP-15747 will, so giving people the specific hadoop version where this dangerous feature gets pull.

Propose, close as a WONTFIX.

> Unable to infer schema for ORC/Parquet on S3N when secrets are in the URL
> -------------------------------------------------------------------------
>
>                 Key: SPARK-20799
>                 URL: https://issues.apache.org/jira/browse/SPARK-20799
>             Project: Spark
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 2.1.1
>         Environment: Hadoop 2.8.0 binaries
>            Reporter: Jork Zijlstra
>            Priority: Minor
>
> We are getting the following exception: 
> {code}org.apache.spark.sql.AnalysisException: Unable to infer schema for ORC. It must be specified manually.{code}
> Combining following factors will cause it:
> - Use S3
> - Use format ORC
> - Don't apply a partitioning on de data
> - Embed AWS credentials in the path
> The problem is in the PartitioningAwareFileIndex def allFiles()
> {code}
> leafDirToChildrenFiles.get(qualifiedPath)
>           .orElse { leafFiles.get(qualifiedPath).map(Array(_)) }
>           .getOrElse(Array.empty)
> {code}
> leafDirToChildrenFiles uses the path WITHOUT credentials as its key while the qualifiedPath contains the path WITH credentials.
> So leafDirToChildrenFiles.get(qualifiedPath) doesn't find any files, so no data is read and the schema cannot be defined.
> Spark does output the S3xLoginHelper:90 - The Filesystem URI contains login details. This is insecure and may be unsupported in future., but this should not mean that it shouldn't work anymore.
> Workaround:
> Move the AWS credentials from the path to the SparkSession
> {code}
> SparkSession.builder
> 	.config("spark.hadoop.fs.s3n.awsAccessKeyId", {awsAccessKeyId})
> 	.config("spark.hadoop.fs.s3n.awsSecretAccessKey", {awsSecretAccessKey})
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org