Return-Path: X-Original-To: apmail-ambari-commits-archive@www.apache.org Delivered-To: apmail-ambari-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C942418DEF for ; Mon, 8 Jun 2015 22:25:26 +0000 (UTC) Received: (qmail 68547 invoked by uid 500); 8 Jun 2015 22:25:26 -0000 Delivered-To: apmail-ambari-commits-archive@ambari.apache.org Received: (qmail 68513 invoked by uid 500); 8 Jun 2015 22:25:26 -0000 Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-dev@ambari.apache.org Delivered-To: mailing list commits@ambari.apache.org Received: (qmail 68503 invoked by uid 99); 8 Jun 2015 22:25:26 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Jun 2015 22:25:26 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 8B344DFF90; Mon, 8 Jun 2015 22:25:26 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: srimanth@apache.org To: commits@ambari.apache.org Date: Mon, 08 Jun 2015 22:25:26 -0000 Message-Id: <8e4c94b43d974420bb46276935ed1531@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [1/2] ambari git commit: AMBARI-11575. hive-site.xml property "hive.security.metastore.authorization.manager" becomes invalid when switching values in "Choose Authorization" widget (srimanth) Repository: ambari Updated Branches: refs/heads/branch-2.1 ab526ff5f -> b36ce9c6a http://git-wip-us.apache.org/repos/asf/ambari/blob/b36ce9c6/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/HIVE/configuration/hive-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/HIVE/configuration/hive-site.xml b/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/HIVE/configuration/hive-site.xml index e6421ee..ff14e4c 100644 --- a/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/HIVE/configuration/hive-site.xml +++ b/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/HIVE/configuration/hive-site.xml @@ -92,6 +92,12 @@ limitations under the License. The Hive client authorization manager class name. The user defined authorization class should implement interface org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider. + + + hive-env + hive_security_authorization + + @@ -968,11 +974,17 @@ limitations under the License. hive client authenticator manager class name. The user defined authenticator should implement interface org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider. + + + hive-env + hive_security_authorization + + hive.security.metastore.authorization.manager Hive Authorization Manager - org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider,org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly + org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider authorization manager class name to be used in the metastore for authorization. The user defined authorization class should implement interface @@ -1245,12 +1257,23 @@ limitations under the License. hive.server2.tez.default.queues + Default query queues default A list of comma separated values corresponding to YARN queues of the same name. When HiveServer2 is launched in Tez mode, this configuration needs to be set for multiple Tez sessions to run in parallel on the cluster. + + combo + + + default + + + + 1+ + http://git-wip-us.apache.org/repos/asf/ambari/blob/b36ce9c6/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/HIVE/configuration/hiveserver2-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/HIVE/configuration/hiveserver2-site.xml b/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/HIVE/configuration/hiveserver2-site.xml index c0cb31c..b68ddbe 100644 --- a/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/HIVE/configuration/hiveserver2-site.xml +++ b/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/HIVE/configuration/hiveserver2-site.xml @@ -23,6 +23,12 @@ limitations under the License. hive.security.authenticator.manager org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator Hive client authenticator manager class name. The user-defined authenticator class should implement interface org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider. + + + hive-env + hive_security_authorization + + @@ -30,79 +36,19 @@ limitations under the License. org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory the hive client authorization manager class name. The user defined authorization class should implement interface org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider. + + + hive-env + hive_security_authorization + + - - - hive.server2.enable.doAs - true - - Setting this property to true will have HiveServer2 execute - Hive operations as the user making the calls to it. - - Run as end user instead of Hive user - - value-list - - - true - - - - false - - - - 1 - - - - - hive.server2.tez.sessions.per.default.queue - 1 - - A positive integer that determines the number of Tez sessions that should be - launched on each of the queues specified by "hive.server2.tez.default.queues". - Determines the parallelism on each queue. - - Session per queue - - int - 1 - 10 - 1 - - - - - hive.server2.tez.default.queues - Default query queues - default - - A list of comma separated values corresponding to YARN queues of the same name. - When HiveServer2 is launched in Tez mode, this configuration needs to be set - for multiple Tez sessions to run in parallel on the cluster. - - - combo - - - default - - - - 1+ - - - + - hive.server2.tez.initialize.default.sessions + hive.security.authorization.enabled false - - This flag is used in HiveServer2 to enable a user to use HiveServer2 without - turning on Tez for HiveServer2. The user could potentially want to run queries - over Tez without the pool of sessions. - - Start Tez session at Initialization + enable or disable the Hive client authorization + Enable Authorization value-list @@ -117,5 +63,12 @@ limitations under the License. 1 + + + hive-env + hive_security_authorization + + + \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/b36ce9c6/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/HIVE/themes/theme.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/HIVE/themes/theme.json b/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/HIVE/themes/theme.json index 1d88c73..1a3b9fc 100644 --- a/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/HIVE/themes/theme.json +++ b/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/HIVE/themes/theme.json @@ -196,15 +196,15 @@ "subsection-name": "optimization-row1-col3" }, { - "config": "hiveserver2-site/hive.server2.tez.default.queues", + "config": "hive-site/hive.server2.tez.default.queues", "subsection-name": "interactive-query-row1-col1" }, { - "config": "hiveserver2-site/hive.server2.tez.initialize.default.sessions", + "config": "hive-site/hive.server2.tez.initialize.default.sessions", "subsection-name": "interactive-query-row1-col1" }, { - "config": "hiveserver2-site/hive.server2.tez.sessions.per.default.queue", + "config": "hive-site/hive.server2.tez.sessions.per.default.queue", "subsection-name": "interactive-query-row1-col1" }, { @@ -212,7 +212,7 @@ "subsection-name": "security-row1-col1" }, { - "config": "hiveserver2-site/hive.server2.enable.doAs", + "config": "hive-site/hive.server2.enable.doAs", "subsection-name": "security-row1-col1" }, { @@ -341,13 +341,13 @@ } }, { - "config": "hiveserver2-site/hive.server2.tez.initialize.default.sessions", + "config": "hive-site/hive.server2.tez.initialize.default.sessions", "widget": { "type": "toggle" } }, { - "config": "hiveserver2-site/hive.server2.tez.sessions.per.default.queue", + "config": "hive-site/hive.server2.tez.sessions.per.default.queue", "widget": { "type": "slider", "units": [ @@ -358,7 +358,7 @@ } }, { - "config": "hiveserver2-site/hive.server2.enable.doAs", + "config": "hive-site/hive.server2.enable.doAs", "widget": { "type": "toggle" } @@ -382,7 +382,7 @@ } }, { - "config": "hiveserver2-site/hive.server2.tez.default.queues", + "config": "hive-site/hive.server2.tez.default.queues", "widget": { "type": "list" } http://git-wip-us.apache.org/repos/asf/ambari/blob/b36ce9c6/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/stack_advisor.py index 6d123b0..6d527ea 100644 --- a/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDPWIN/2.2/services/stack_advisor.py @@ -371,48 +371,67 @@ class HDPWIN22StackAdvisor(HDPWIN21StackAdvisor): putHiveSiteProperty("hive.compute.query.using.stats", "true") # Interactive Query - putHiveServerProperty("hive.server2.tez.initialize.default.sessions", "false") - putHiveServerProperty("hive.server2.tez.sessions.per.default.queue", "1") - putHiveServerProperty("hive.server2.enable.doAs", "true") + putHiveSiteProperty("hive.server2.tez.initialize.default.sessions", "false") + putHiveSiteProperty("hive.server2.tez.sessions.per.default.queue", "1") + putHiveSiteProperty("hive.server2.enable.doAs", "true") yarn_queues = "default" if "capacity-scheduler" in configurations and \ "yarn.scheduler.capacity.root.queues" in configurations["capacity-scheduler"]["properties"]: yarn_queues = str(configurations["capacity-scheduler"]["properties"]["yarn.scheduler.capacity.root.queues"]) - putHiveServerProperty("hive.server2.tez.default.queues", yarn_queues) + putHiveSiteProperty("hive.server2.tez.default.queues", yarn_queues) # Interactive Queues property attributes putHiveServerPropertyAttribute = self.putPropertyAttribute(configurations, "hiveserver2-site") entries = [] for queue in yarn_queues.split(","): entries.append({"label": str(queue) + " queue", "value": queue}) - putHiveServerPropertyAttribute("hive.server2.tez.default.queues", "entries", entries) + putHiveSitePropertyAttribute("hive.server2.tez.default.queues", "entries", entries) # Security putHiveEnvProperty("hive_security_authorization", "None") + # hive_security_authorization == 'none' if str(configurations["hive-env"]["properties"]["hive_security_authorization"]).lower() == "none": putHiveSiteProperty("hive.security.authorization.enabled", "false") + putHiveSiteProperty("hive.security.authorization.manager", "org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory") + putHiveServerPropertyAttribute("hive.security.authorization.manager", "delete", "true") + putHiveServerPropertyAttribute("hive.security.authorization.enabled", "delete", "true") + putHiveServerPropertyAttribute("hive.security.authenticator.manager", "delete", "true") else: putHiveSiteProperty("hive.security.authorization.enabled", "true") try: auth_manager_value = str(configurations["hive-env"]["properties"]["hive.security.metastore.authorization.manager"]) except KeyError: - auth_manager_value = '' + auth_manager_value = 'org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider' pass + auth_manager_values = auth_manager_value.split(",") sqlstdauth_class = "org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly" + putHiveSiteProperty("hive.server2.enable.doAs", "true") + + # hive_security_authorization == 'sqlstdauth' if str(configurations["hive-env"]["properties"]["hive_security_authorization"]).lower() == "sqlstdauth": - if sqlstdauth_class not in auth_manager_value: - putHiveSiteProperty("hive.security.metastore.authorization.manager", auth_manager_value + "," + sqlstdauth_class) - elif auth_manager_value != '': + putHiveSiteProperty("hive.server2.enable.doAs", "false") + putHiveServerProperty("hive.security.authorization.enabled", "true") + putHiveServerProperty("hive.security.authorization.manager", "org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory") + putHiveServerProperty("hive.security.authenticator.manager", "org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator") + putHiveSiteProperty("hive.security.authorization.manager", "org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory") + if sqlstdauth_class not in auth_manager_values: + auth_manager_values.append(sqlstdauth_class) + elif sqlstdauth_class in auth_manager_values: #remove item from csv - auth_manager_values = auth_manager_value.split(",") auth_manager_values = [x for x in auth_manager_values if x != sqlstdauth_class] - putHiveSiteProperty("hive.security.metastore.authorization.manager", ",".join(auth_manager_values)) pass + putHiveSiteProperty("hive.security.metastore.authorization.manager", ",".join(auth_manager_values)) + + # hive_security_authorization == 'ranger' + if str(configurations["hive-env"]["properties"]["hive_security_authorization"]).lower() == "ranger": + putHiveSiteProperty("hive.server2.enable.doAs", "false") + putHiveServerProperty("hive.security.authorization.enabled", "true") + putHiveServerProperty("hive.security.authorization.manager", "org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory") + putHiveServerProperty("hive.security.authenticator.manager", "org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator") - putHiveServerProperty("hive.server2.enable.doAs", "true") putHiveSiteProperty("hive.server2.use.SSL", "false") #Hive authentication http://git-wip-us.apache.org/repos/asf/ambari/blob/b36ce9c6/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py index 46f58ad..d021f62 100644 --- a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py +++ b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py @@ -964,6 +964,10 @@ class TestHDP22StackAdvisor(TestCase): }, 'hive-site': { 'properties': { + 'hive.server2.enable.doAs': 'true', + 'hive.server2.tez.default.queues': "queue1,queue2", + 'hive.server2.tez.initialize.default.sessions': 'false', + 'hive.server2.tez.sessions.per.default.queue': '1', 'hive.auto.convert.join.noconditionaltask.size': '268435456', 'hive.cbo.enable': 'true', 'hive.compactor.initiator.on': 'false', @@ -995,7 +999,9 @@ class TestHDP22StackAdvisor(TestCase): 'hive.tez.java.opts': '-server -Xmx615m -Djava.net.preferIPv4Stack=true -XX:NewRatio=8 -XX:+UseNUMA -XX:+UseParallelGC -XX:+PrintGCDetails -verbose:gc -XX:+PrintGCTimeStamps', 'hive.txn.manager': 'org.apache.hadoop.hive.ql.lockmgr.DummyTxnManager', 'hive.vectorized.execution.enabled': 'true', - 'hive.vectorized.execution.reduce.enabled': 'false' + 'hive.vectorized.execution.reduce.enabled': 'false', + 'hive.security.metastore.authorization.manager': 'org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider', + 'hive.security.authorization.manager': 'org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory' }, 'property_attributes': { 'hive.auto.convert.join.noconditionaltask.size': {'maximum': '805306368'}, @@ -1004,22 +1010,21 @@ class TestHDP22StackAdvisor(TestCase): 'hive.server2.authentication.ldap.baseDN': {'delete': 'true'}, 'hive.server2.authentication.kerberos.principal': {'delete': 'true'}, 'hive.server2.authentication.kerberos.keytab': {'delete': 'true'}, - 'hive.server2.authentication.ldap.url': {'delete': 'true'} + 'hive.server2.authentication.ldap.url': {'delete': 'true'}, + 'hive.server2.tez.default.queues': { + 'entries': [{'value': 'queue1', 'label': 'queue1 queue'}, {'value': 'queue2', 'label': 'queue2 queue'}] + } } }, 'hiveserver2-site': { 'properties': { - 'hive.server2.enable.doAs': 'true', - 'hive.server2.tez.default.queues': "queue1,queue2", - 'hive.server2.tez.initialize.default.sessions': 'false', - 'hive.server2.tez.sessions.per.default.queue': '1' }, 'property_attributes': { - 'hive.server2.tez.default.queues': { - 'entries': [{'value': 'queue1', 'label': 'queue1 queue'}, {'value': 'queue2', 'label': 'queue2 queue'}] - } + 'hive.security.authorization.manager': {'delete': 'true'}, + 'hive.security.authorization.enabled': {'delete': 'true'}, + 'hive.security.authenticator.manager': {'delete': 'true'} } - }, + } } services = { "services": [ @@ -1150,9 +1155,12 @@ class TestHDP22StackAdvisor(TestCase): expected["hive-site"]["properties"]["hive.stats.fetch.partition.stats"]="false" expected["hive-site"]["properties"]["hive.stats.fetch.column.stats"]="false" expected["hive-site"]["properties"]["hive.security.authorization.enabled"]="true" - expected["hiveserver2-site"]["properties"]["hive.server2.enable.doAs"]="false" + expected["hive-site"]["properties"]["hive.server2.enable.doAs"]="false" expected["hive-site"]["properties"]["hive.security.metastore.authorization.manager"]=\ - ",org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly" + "org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider,org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly" + expected["hiveserver2-site"]["properties"]["hive.security.authorization.enabled"]="true" + expected["hiveserver2-site"]["properties"]["hive.security.authorization.manager"]="org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory" + expected["hiveserver2-site"]["properties"]["hive.security.authenticator.manager"]="org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator" self.stackAdvisor.recommendHIVEConfigurations(configurations, clusterData, services, hosts) self.assertEquals(configurations, expected) @@ -1162,7 +1170,9 @@ class TestHDP22StackAdvisor(TestCase): configurations["hive-env"]["properties"]["hive_security_authorization"] = "none" expected["hive-env"]["properties"]["hive_security_authorization"] = "none" expected["hive-site"]["properties"]["hive.security.authorization.enabled"]="false" - expected["hiveserver2-site"]["properties"]["hive.server2.enable.doAs"]="true" + expected["hive-site"]["properties"]["hive.server2.enable.doAs"]="true" + expected["hive-site"]["properties"]["hive.security.metastore.authorization.manager"]=\ + "org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider" self.stackAdvisor.recommendHIVEConfigurations(configurations, clusterData, services, hosts) self.assertEquals(configurations, expected) http://git-wip-us.apache.org/repos/asf/ambari/blob/b36ce9c6/ambari-web/app/controllers/main/service/info/summary.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/controllers/main/service/info/summary.js b/ambari-web/app/controllers/main/service/info/summary.js index c4d56f3..779ccdd 100644 --- a/ambari-web/app/controllers/main/service/info/summary.js +++ b/ambari-web/app/controllers/main/service/info/summary.js @@ -55,11 +55,6 @@ App.MainServiceInfoSummaryController = Em.Controller.extend(App.WidgetSectionMix propertyName: 'ranger-hdfs-plugin-enabled' }, { - serviceName: 'HIVE', - type: 'ranger-hive-plugin-properties', - propertyName: 'ranger-hive-plugin-enabled' - }, - { serviceName: 'HBASE', type: 'ranger-hbase-plugin-properties', propertyName: 'ranger-hbase-plugin-enabled' http://git-wip-us.apache.org/repos/asf/ambari/blob/b36ce9c6/ambari-web/app/data/HDP2.2/site_properties.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/HDP2.2/site_properties.js b/ambari-web/app/data/HDP2.2/site_properties.js index f81cb0c..44d7a82 100644 --- a/ambari-web/app/data/HDP2.2/site_properties.js +++ b/ambari-web/app/data/HDP2.2/site_properties.js @@ -214,17 +214,6 @@ hdp22properties.push( }, { "id": "site property", - "name": "ranger-hive-plugin-enabled", - "displayType": "checkbox", - "displayName": "Enable Ranger for HIVE", - "isOverridable": false, - "filename": "ranger-hive-plugin-properties.xml", - "category": "Advanced ranger-hive-plugin-properties", - "serviceName": "HIVE", - "index": 1 - }, - { - "id": "site property", "name": "policy_user", "value": "ambari-qa", "recommendedValue": "ambari-qa", http://git-wip-us.apache.org/repos/asf/ambari/blob/b36ce9c6/ambari-web/app/utils/configs/modification_handlers/hive.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/utils/configs/modification_handlers/hive.js b/ambari-web/app/utils/configs/modification_handlers/hive.js deleted file mode 100644 index bfb9b9c..0000000 --- a/ambari-web/app/utils/configs/modification_handlers/hive.js +++ /dev/null @@ -1,122 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with this - * work for additional information regarding copyright ownership. The ASF - * licenses this file to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations under - * the License. - */ - -var App = require('app'); -require('utils/configs/modification_handlers/modification_handler'); - -module.exports = App.ServiceConfigModificationHandler.create({ - serviceId : 'HIVE', - - getDependentConfigChanges : function(changedConfig, selectedServices, allConfigs, securityEnabled) { - var affectedProperties = []; - var newValue = changedConfig.get("value"); - var rangerPluginEnabledName = "ranger-hive-plugin-enabled"; - var affectedPropertyName = changedConfig.get("name"); - if (affectedPropertyName == rangerPluginEnabledName) { - var configAuthorizationEnabled = this.getConfig(allConfigs, 'hive.security.authorization.enabled', 'hive-site.xml', 'HIVE'); - var configAuthorizationManager = this.getConfig(allConfigs, 'hive.security.authorization.manager', 'hiveserver2-site.xml', 'HIVE'); - var configAuthenticatorManager = this.getConfig(allConfigs, 'hive.security.authenticator.manager', 'hiveserver2-site.xml', 'HIVE'); - var configRestrictedList = this.getConfig(allConfigs, 'hive.conf.restricted.list', 'hive-site.xml', 'HIVE'); - - var rangerPluginEnabled = newValue == "Yes"; - var newConfigAuthorizationEnabledValue = rangerPluginEnabled ? "true" : "false"; - var newAuthorizationManagerValue = rangerPluginEnabled ? (App.get('isHadoop23Stack') ? "org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory" - : "com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory") - : "org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory"; - var newAuthenticatorManagerValue = rangerPluginEnabled ? "org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator" - : "org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator"; - var enabledRestrictedMap = { - "hive.security.authorization.enabled" : "hive.security.authorization.enabled", - "hive.security.authorization.manager" : "hive.security.authorization.manager", - "hive.security.authenticator.manager" : "hive.security.authenticator.manager" - } - var enabledRestrictedList = Object.keys(enabledRestrictedMap); - var newRestrictedListValue = rangerPluginEnabled ? enabledRestrictedList : []; - - // Add Hive-Ranger configs - if (configAuthorizationEnabled != null && newConfigAuthorizationEnabledValue !== configAuthorizationEnabled.get('value')) { - affectedProperties.push({ - serviceName : "HIVE", - sourceServiceName : "HIVE", - propertyName : 'hive.security.authorization.enabled', - propertyDisplayName : 'hive.security.authorization.enabled', - newValue : newConfigAuthorizationEnabledValue, - curValue : configAuthorizationEnabled.get('value'), - changedPropertyName : rangerPluginEnabledName, - removed : false, - filename : 'hive-site.xml' - }); - } - if (configAuthorizationManager != null && newAuthorizationManagerValue !== configAuthorizationManager.get('value')) { - affectedProperties.push({ - serviceName : "HIVE", - sourceServiceName : "HIVE", - propertyName : 'hive.security.authorization.manager', - propertyDisplayName : 'hive.security.authorization.manager', - newValue : newAuthorizationManagerValue, - curValue : configAuthorizationManager.get('value'), - changedPropertyName : rangerPluginEnabledName, - removed : false, - filename : 'hiveserver2-site.xml' - }); - } - if (configAuthenticatorManager != null && newAuthenticatorManagerValue !== configAuthenticatorManager.get('value')) { - affectedProperties.push({ - serviceName : "HIVE", - sourceServiceName : "HIVE", - propertyName : 'hive.security.authenticator.manager', - propertyDisplayName : 'hive.security.authenticator.manager', - newValue : newAuthenticatorManagerValue, - curValue : configAuthenticatorManager.get('value'), - changedPropertyName : rangerPluginEnabledName, - removed : false, - filename : 'hiveserver2-site.xml' - }); - } - if (configRestrictedList != null) { - var currentValueList = configRestrictedList.get('value').split(','); - // 'newRestrictedListValue' elements should be found in existing list - var newValueList = []; - currentValueList.forEach(function(s) { - if (enabledRestrictedMap[s] == s) { - return; - } - newValueList.push(s); - }); - if (newRestrictedListValue.length > 0) - newValueList = newValueList.concat(newRestrictedListValue); - - if (newValueList.length != currentValueList.length) { - // One of the value was not found - set all of them in. - var newValueListString = newValueList.join(','); - affectedProperties.push({ - serviceName : "HIVE", - sourceServiceName : "HIVE", - propertyName : 'hive.conf.restricted.list', - propertyDisplayName : 'hive.conf.restricted.list', - newValue : newValueListString, - curValue : configRestrictedList.get('value'), - changedPropertyName : rangerPluginEnabledName, - removed : false, - filename : 'hive-site.xml' - }); - } - } - } - return affectedProperties; - } -}); \ No newline at end of file