hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Prasad Mujumdar" <pras...@cloudera.com>
Subject Re: Review Request 13845: HIVE-5155: Support secure proxy user access to HiveServer2
Date Mon, 10 Mar 2014 18:39:40 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/13845/
-----------------------------------------------------------

(Updated March 10, 2014, 6:39 p.m.)


Review request for hive, Brock Noland, Carl Steinbach, and Thejas Nair.


Changes
-------

Address the ptest failures in TestSessionHooks and TestSSL.


Bugs: HIVE-5155
    https://issues.apache.org/jira/browse/HIVE-5155


Repository: hive-git


Description
-------

Delegation token support -
Enable delegation token connection for HiveServer2
Enhance the TCLIService interface to support delegation token requests
Support passing the delegation token connection type via JDBC URL and Beeline option

Direct proxy access -
Define new proxy user property
Shim interfaces to validate proxy access for a given user

Note that the diff doesn't include thrift generated code.


Diffs (updated)
-----

  beeline/pom.xml 02bfaaa 
  beeline/src/java/org/apache/hive/beeline/BeeLine.java e63a3b0 
  beeline/src/java/org/apache/hive/beeline/BeeLineOpts.java 91e20ec 
  beeline/src/java/org/apache/hive/beeline/Commands.java d2d7fd3 
  beeline/src/java/org/apache/hive/beeline/DatabaseConnection.java 94178ef 
  beeline/src/test/org/apache/hive/beeline/ProxyAuthTest.java PRE-CREATION 
  common/src/java/org/apache/hadoop/hive/conf/HiveConf.java edc3d38 
  conf/hive-default.xml.template a5a85b4 
  data/files/ProxyAuth.res PRE-CREATION 
  itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java 8210e75 
  jdbc/src/java/org/apache/hadoop/hive/jdbc/HiveConnection.java d08e05b 
  jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java 607fc7a 
  jdbc/src/java/org/apache/hive/jdbc/Utils.java 608837e 
  service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java d8ba3aa 
  service/src/java/org/apache/hive/service/auth/KerberosSaslHelper.java 71dc592 
  service/src/java/org/apache/hive/service/auth/PlainSaslHelper.java 15b1675 
  service/src/java/org/apache/hive/service/cli/CLIService.java 2b1e712 
  service/src/java/org/apache/hive/service/cli/CLIServiceClient.java b9d1489 
  service/src/java/org/apache/hive/service/cli/EmbeddedCLIServiceClient.java a31ea94 
  service/src/java/org/apache/hive/service/cli/ICLIService.java 621d689 
  service/src/java/org/apache/hive/service/cli/session/HiveSession.java c8fb8ec 
  service/src/java/org/apache/hive/service/cli/session/HiveSessionImpl.java d6d0d27 
  service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java b934ebe

  service/src/java/org/apache/hive/service/cli/session/SessionManager.java cec3b04 
  service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java 26bda5a 
  service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIServiceClient.java 3675e86

  service/src/test/org/apache/hive/service/auth/TestPlainSaslHelper.java 8fa4afd 
  service/src/test/org/apache/hive/service/cli/session/TestSessionHooks.java 2fac800 
  shims/0.20/src/main/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 51c8051 
  shims/common-secure/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java e205caa

  shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/DelegationTokenSecretManager.java
29114f0 
  shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
dc89de1 
  shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java e15ab4e 
  shims/common/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java 03f4e51


Diff: https://reviews.apache.org/r/13845/diff/


Testing
-------

Since this requires kerberos setup, its tested by a standalone test program that runs various
existing and new secure connection scenarios. The test code is attached to the ticket at https://issues.apache.org/jira/secure/attachment/12600119/ProxyAuth.java


Thanks,

Prasad Mujumdar


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message