Enabling S3 browser for Hue configured with IDBroker

You can access the S3 buckets from Hue to upload files and tables to S3 and import CSV files as tables directly in Hue by enabling the S3 browser on the Hue user interface.

If you have set up authentication using Knox IDBroker on your cluster, then Hue automatically detects and uses the IDBroker mappings from your cluster’s core-site.xml file. Verify that the following property is present in the core-site.xml file:
<property>
  <name>fs.s3a.ext.cab.address</name>
  <value>https://<idbrokerurl>:8444/gateway</value>
</property>

This property is automatically appended to the core-site.xml file when you enable Knox IDBroker on your cluster.

  1. Sign in to Cloudera Manager as an Administrator.
  2. Go to Clusters > Hue service > Configuration.
  3. Enter the following in the Hue Server Advanced Configuration Snippet (Safety Valve) for hue_safety_valve_server.ini field:
    [desktop]
    # Remove the file browser from the blacklisted apps.
    # Tweak the app_blacklist property to suit your app configuration.
    app_blacklist=spark,zookeeper,hive,hbase,search,oozie,jobsub,pig,sqoop,security
    [aws]
    has_iam_detection=true
    [[aws_accounts]]
    [[[default]]]
    region=[***AWS-REGION***]
    
    # Set a particular S3 bucket as the default
    [filebrowser]
    remote_storage_home=s3a://[***S3-BUCKET-NAME***]
    The custom configuration is stored in the hue_safety_valve_server.ini file.
  4. Click Save Changes.
  5. Restart the Hue service.
    The S3 file browser icon appears on the left Assist panel as well as on the left navigation bar on the Hue web interface.

You must manually grant the following application permission to non-admin users and groups for them to be able to view and access S3 File Browser in Hue: filebrowser.s3_access:Access to S3 from filebrowser and filepicker..

You must also add the CDP users and groups to IAM role mappings.