You are viewing a plain text version of this content. The canonical link for it is here.

Posted to gitbox@hive.apache.org by GitBox <gi...@apache.org> on 2022/05/07 08:33:37 UTC

[GitHub] [hive] abstractdog opened a new pull request, #3019: HIVE-25929: Let secret config properties to be propagated to Tez

abstractdog opened a new pull request, #3019:
URL: https://github.com/apache/hive/pull/3019

   ### What changes were proposed in this pull request?
   Prevent removing some config properties from Configuration object which are passed to execution engines.
   
   ### Why are the changes needed?
   Described in jira.
   
   ### Does this PR introduce _any_ user-facing change?
   No.
   
   ### How was this patch tested?
   Unit test included.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org

[GitHub] [hive] abstractdog closed pull request #3019: HIVE-25929: Let secret config properties to be propagated to Tez

Posted by GitBox <gi...@apache.org>.

abstractdog closed pull request #3019: HIVE-25929: Let secret config properties to be propagated to Tez
URL: https://github.com/apache/hive/pull/3019


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org

[GitHub] [hive] github-actions[bot] closed pull request #3019: HIVE-25929: Let secret config properties to be propagated to Tez

Posted by GitBox <gi...@apache.org>.

github-actions[bot] closed pull request #3019: HIVE-25929: Let secret config properties to be propagated to Tez
URL: https://github.com/apache/hive/pull/3019


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org

[GitHub] [hive] zhangbutao commented on pull request #3019: HIVE-25929: Let secret config properties to be propagated to Tez

Posted by GitBox <gi...@apache.org>.

zhangbutao commented on PR #3019:
URL: https://github.com/apache/hive/pull/3019#issuecomment-1127587969

   I think this fix  make sense. I've had similar problems which tez can not get s3a secret parameter when running query against s3a object store.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org

[GitHub] [hive] abstractdog commented on a diff in pull request #3019: HIVE-25929: Let secret config properties to be propagated to Tez

Posted by GitBox <gi...@apache.org>.

abstractdog commented on code in PR #3019:
URL: https://github.com/apache/hive/pull/3019#discussion_r899907375


##########
common/src/java/org/apache/hadoop/hive/conf/HiveConf.java:
##########
@@ -5455,6 +5455,22 @@ public static enum ConfVars {
         + ",hive.zookeeper.ssl.truststore.location"
         + ",hive.zookeeper.ssl.truststore.password",
         "Comma separated list of configuration options which should not be read by normal user like passwords"),
+    HIVE_CONF_PROPAGATE_EXEC_ENGINES("hive.conf.propagate.exec.engines",
+        "fs.s3.awsAccessKeyId"

Review Comment:
   yes, if configs are dumped in logs then it's a security risk, but currently, we have no other way to support 'less secure' option
   ('more secure' uses hadoop credential provider)
   I don't have strong opinions about this one, so I'm closing the jira as invalid, until we're not facing customer pressure to support it
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org

[GitHub] [hive] rbalamohan commented on a diff in pull request #3019: HIVE-25929: Let secret config properties to be propagated to Tez

Posted by GitBox <gi...@apache.org>.

rbalamohan commented on code in PR #3019:
URL: https://github.com/apache/hive/pull/3019#discussion_r874242811


##########
common/src/java/org/apache/hadoop/hive/conf/HiveConf.java:
##########
@@ -5455,6 +5455,22 @@ public static enum ConfVars {
         + ",hive.zookeeper.ssl.truststore.location"
         + ",hive.zookeeper.ssl.truststore.password",
         "Comma separated list of configuration options which should not be read by normal user like passwords"),
+    HIVE_CONF_PROPAGATE_EXEC_ENGINES("hive.conf.propagate.exec.engines",
+        "fs.s3.awsAccessKeyId"

Review Comment:
   If configs are dumped in logs or available as files in the local directories of AM or tasks, this would be visible to end users which can be a serious risk.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org

[GitHub] [hive] github-actions[bot] closed pull request #3019: HIVE-25929: Let secret config properties to be propagated to Tez

Posted by GitBox <gi...@apache.org>.

github-actions[bot] closed pull request #3019: HIVE-25929: Let secret config properties to be propagated to Tez
URL: https://github.com/apache/hive/pull/3019


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org

[GitHub] [hive] github-actions[bot] commented on pull request #3019: HIVE-25929: Let secret config properties to be propagated to Tez

Posted by GitBox <gi...@apache.org>.

github-actions[bot] commented on PR #3019:
URL: https://github.com/apache/hive/pull/3019#issuecomment-1100978183

   This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
   Feel free to reach out on the dev@hive.apache.org list if the patch is in need of reviews.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org

[GitHub] [hive] abstractdog commented on a diff in pull request #3019: HIVE-25929: Let secret config properties to be propagated to Tez

Posted by GitBox <gi...@apache.org>.

abstractdog commented on code in PR #3019:
URL: https://github.com/apache/hive/pull/3019#discussion_r899907375


##########
common/src/java/org/apache/hadoop/hive/conf/HiveConf.java:
##########
@@ -5455,6 +5455,22 @@ public static enum ConfVars {
         + ",hive.zookeeper.ssl.truststore.location"
         + ",hive.zookeeper.ssl.truststore.password",
         "Comma separated list of configuration options which should not be read by normal user like passwords"),
+    HIVE_CONF_PROPAGATE_EXEC_ENGINES("hive.conf.propagate.exec.engines",
+        "fs.s3.awsAccessKeyId"

Review Comment:
   yes, if configs are dumped in logs then it's a security risk, but currently, we have no other way to support 'less secure' option
   ('more secure' uses hadoop credential provider)
   I don't have strong opinions about this one, so I'm closing this as invalid, until we're not facing customer pressure to support it
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org

[GitHub] [hive] github-actions[bot] closed pull request #3019: HIVE-25929: Let secret config properties to be propagated to Tez

Posted by GitBox <gi...@apache.org>.

github-actions[bot] closed pull request #3019: HIVE-25929: Let secret config properties to be propagated to Tez
URL: https://github.com/apache/hive/pull/3019


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org