NullPointerException ： HiveAuthorizerImpl.checkPrivileges(HiveAuthorizerImpl.java:85)

背景

做hive+sentry+LDAP授权

1: jdbc:hive2://localhost:10000> !connect jdbc:hive2://localhost:10000
Connecting to jdbc:hive2://localhost:10000
Enter username for jdbc:hive2://localhost:10000: hive
Enter password for jdbc:hive2://localhost:10000: ****
Connected to: Apache Hive (version 1.1.0-cdh5.15.2)
Driver: Hive JDBC (version 1.1.0-cdh5.15.2)
Transaction isolation: TRANSACTION_REPEATABLE_READ
2: jdbc:hive2://localhost:10000> CREATE ROLE admin_role;
Error: Error while compiling statement: FAILED: NullPointerException null (state=42000,code=40000)

创建角色报错，错误内容授权相关。
日志内容为

2019-07-30 15:01:33,605 WARN  org.apache.hadoop.security.LdapGroupsMapping: [main]: Failed to get groups for user hive (retry=0) by javax.naming.NamingException: The group object does not have attribute 'ou'.
2019-07-30 15:01:33,611 WARN  org.apache.hadoop.security.LdapGroupsMapping: [main]: Failed to get groups for user hive (retry=1) by javax.naming.NamingException: The group object does not have attribute 'ou'.
2019-07-30 15:01:33,624 WARN  org.apache.hadoop.security.LdapGroupsMapping: [main]: Failed to get groups for user hive (retry=2) by javax.naming.NamingException: The group object does not have attribute 'ou'.



2019-07-30 14:38:58,276 WARN  org.apache.sentry.provider.common.HadoopGroupMappingService: [HiveServer2-Handler-Pool: Thread-54]: Unable to obtain groups for hive
java.io.IOException: No groups found for user hive
        at org.apache.hadoop.security.Groups.noGroupsForUser(Groups.java:199)
        at org.apache.hadoop.security.Groups.access$400(Groups.java:74)
        at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:319)
        at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:269)
        at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568)
        at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350)

2019-07-30 14:39:07,454 INFO  org.apache.hadoop.hive.ql.log.PerfLogger: [HiveServer2-Handler-Pool: Thread-54]: 
2019-07-30 14:39:07,454 INFO  org.apache.hadoop.hive.ql.log.PerfLogger: [HiveServer2-Handler-Pool: Thread-54]: 
2019-07-30 14:39:07,454 INFO  org.apache.hadoop.hive.ql.Driver: [HiveServer2-Handler-Pool: Thread-54]: Completed compiling command(queryId=hive_20190730143939_a2193f7c-1a29-4147-80ac-ef2fbce6937f); Time taken: 0.065 seconds
2019-07-30 14:39:07,455 INFO  org.apache.hadoop.hive.ql.log.PerfLogger: [HiveServer2-Handler-Pool: Thread-54]: 
2019-07-30 14:39:07,455 INFO  org.apache.hadoop.hive.ql.log.PerfLogger: [HiveServer2-Handler-Pool: Thread-54]: 
2019-07-30 14:39:07,455 INFO  org.apache.hive.service.cli.operation.OperationManager: [HiveServer2-Handler-Pool: Thread-54]: Closing operation: OperationHandle [opType=EXECUTE_STATEMENT, getHandleIdentifier()=d50927f4-bc1e-4ac7-9c7e-f8e1975b2e7e]
2019-07-30 14:39:07,456 WARN  org.apache.hive.service.cli.thrift.ThriftCLIService: [HiveServer2-Handler-Pool: Thread-54]: Error executing statement: 
org.apache.hive.service.cli.HiveSQLException: Error while compiling statement: FAILED: NullPointerException null
        at org.apache.hive.service.cli.operation.Operation.toSQLException(Operation.java:400)
        at org.apache.hive.service.cli.operation.SQLOperation.prepare(SQLOperation.java:187)
        at org.apache.hive.service.cli.operation.SQLOperation.runInternal(SQLOperation.java:271)
        at org.apache.hive.service.cli.operation.Operation.run(Operation.java:337)
        at org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementInternal(HiveSessionImpl.java:439)
        at org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementAsync(HiveSessionImpl.java:416)
        at org.apache.hive.service.cli.CLIService.executeStatementAsync(CLIService.java:282)
        at org.apache.hive.service.cli.thrift.ThriftCLIService.ExecuteStatement(ThriftCLIService.java:503)
        at org.apache.hive.service.cli.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1313)
        at org.apache.hive.service.cli.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1298)
        at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
        at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingProcessor.process(HadoopThriftAuthBridge.java:706)
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
        at org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerImpl.checkPrivileges(HiveAuthorizerImpl.java:85)
        at org.apache.hadoop.hive.ql.Driver.doAuthorizationV2(Driver.java:992)
        at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:787)
        at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:605)
        at org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.java:1358)
        at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1345)
        at org.apache.hive.service.cli.operation.SQLOperation.prepare(SQLOperation.java:185)
        ... 15 more

首先看上面的报错

The group object does not have attribute 'ou'.

组找不到ou，看了一下LDAP上面，组配置的是cn=hive,ou=group,dc=hadoop,dc=com
但是我的hdfs配置为

修改过之后，就可以了，但是却在beeline下报错

0: jdbc:hive2://localhost:10000> CREATE ROLE admin_role;
Error: Error while compiling statement: FAILED: NullPointerException null (state=42000,code=40000)

日志为

2019-07-30 15:16:01,395 INFO  org.apache.hadoop.hive.ql.exec.ListSinkOperator: [HiveServer2-Handler-Pool: Thread-60]: 1 finished. closing... 
2019-07-30 15:16:01,395 INFO  org.apache.hadoop.hive.ql.exec.ListSinkOperator: [HiveServer2-Handler-Pool: Thread-60]: 1 Close done
2019-07-30 15:16:01,396 WARN  org.apache.hive.service.cli.thrift.ThriftCLIService: [HiveServer2-Handler-Pool: Thread-60]: Error executing statement: 
org.apache.hive.service.cli.HiveSQLException: Error while compiling statement: FAILED: NullPointerException null
        at org.apache.hive.service.cli.operation.Operation.toSQLException(Operation.java:400)
        at org.apache.hive.service.cli.operation.SQLOperation.prepare(SQLOperation.java:187)
        at org.apache.hive.service.cli.operation.SQLOperation.runInternal(SQLOperation.java:271)
        at org.apache.hive.service.cli.operation.Operation.run(Operation.java:337)
        at org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementInternal(HiveSessionImpl.java:439)
        at org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementAsync(HiveSessionImpl.java:416)
        at org.apache.hive.service.cli.CLIService.executeStatementAsync(CLIService.java:282)
        at org.apache.hive.service.cli.thrift.ThriftCLIService.ExecuteStatement(ThriftCLIService.java:503)
        at org.apache.hive.service.cli.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1313)
        at org.apache.hive.service.cli.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1298)
        at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
        at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingProcessor.process(HadoopThriftAuthBridge.java:747)
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
        at org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerImpl.checkPrivileges(HiveAuthorizerImpl.java:85)
        at org.apache.hadoop.hive.ql.Driver.doAuthorizationV2(Driver.java:992)
        at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:787)
        at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:605)
        at org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.java:1358)
        at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1345)
        at org.apache.hive.service.cli.operation.SQLOperation.prepare(SQLOperation.java:185)
        ... 15 more

但是hue界面是可以用的
猜想是beelin客户端有问题，什么问题还不知道。

后来我们逐一把页面上配置的东西去掉，发现是

hive.security.authorization.task.factory	
org.apache.hadoop.hive.ql.parse.authorization.HiveAuthorizationTaskFactoryImpl

上面这四个错误导致了问题，其中还有
https://cwiki.apache.org/confluence/display/SENTRY/Sentry+integration+with+Hive+Authorization+V2

有个版本v2，这里测试一下修改成v2版本会报错吗？。

报错

0: jdbc:hive2://localhost:10000>  CREATE ROLE admin_role1;
Error: Error while compiling statement: FAILED: RuntimeException java.lang.RuntimeException: java.lang.ClassNotFoundException: Class org.apache.sentry.binding.hive.v2.SentryHiveAuthorizationTaskFactoryImplV2 not found (state=42000,code=40000)

但是还是能在hue中新建role成功