You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sr...@apache.org on 2015/05/28 01:08:24 UTC
ambari git commit: AMBARI-11466. Under SQLStdAuth auth the
hive.server2.enable.doAs should be turned to false (srimanth)
Repository: ambari
Updated Branches:
refs/heads/trunk 8419e55bf -> f00daf006
AMBARI-11466. Under SQLStdAuth auth the hive.server2.enable.doAs should be turned to false (srimanth)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f00daf00
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f00daf00
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f00daf00
Branch: refs/heads/trunk
Commit: f00daf0065390fe5fa0cd4b254ae3fa376d6085f
Parents: 8419e55
Author: Srimanth Gunturi <sg...@hortonworks.com>
Authored: Wed May 27 16:01:25 2015 -0700
Committer: Srimanth Gunturi <sg...@hortonworks.com>
Committed: Wed May 27 16:01:31 2015 -0700
----------------------------------------------------------------------
.../2.2/services/HIVE/configuration/hive-site.xml | 6 ++++++
.../HIVE/configuration/hiveserver2-site.xml | 6 ++++++
.../stacks/HDP/2.2/services/stack_advisor.py | 4 +++-
.../stacks/2.2/common/test_stack_advisor.py | 18 ++++++++++++++----
4 files changed, 29 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/f00daf00/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml
index 30bfdef..34162d6 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml
@@ -1157,6 +1157,12 @@ limitations under the License.
</entries>
<selection-cardinality>1</selection-cardinality>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>hive-env</type>
+ <name>hive_security_authorization</name>
+ </property>
+ </depends-on>
</property>
<property>
<name>hive.server2.table.type.mapping</name>
http://git-wip-us.apache.org/repos/asf/ambari/blob/f00daf00/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hiveserver2-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hiveserver2-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hiveserver2-site.xml
index 0032b6f..64dda93 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hiveserver2-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hiveserver2-site.xml
@@ -68,6 +68,12 @@ limitations under the License.
</entries>
<selection-cardinality>1</selection-cardinality>
</value-attributes>
+ <depends-on>
+ <property>
+ <type>hive-env</type>
+ <name>hive_security_authorization</name>
+ </property>
+ </depends-on>
</property>
<property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/f00daf00/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
index 34d1e26..5e78ee9 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
@@ -366,7 +366,10 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
pass
sqlstdauth_class = "org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly"
+ putHiveServerProperty("hive.server2.enable.doAs", "true")
+
if str(configurations["hive-env"]["properties"]["hive_security_authorization"]).lower() == "sqlstdauth":
+ putHiveServerProperty("hive.server2.enable.doAs", "false")
if sqlstdauth_class not in auth_manager_value:
putHiveSiteProperty("hive.security.metastore.authorization.manager", auth_manager_value + "," + sqlstdauth_class)
elif auth_manager_value != '':
@@ -376,7 +379,6 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
putHiveSiteProperty("hive.security.metastore.authorization.manager", ",".join(auth_manager_values))
pass
- putHiveServerProperty("hive.server2.enable.doAs", "true")
putHiveSiteProperty("hive.server2.use.SSL", "false")
#Hive authentication
http://git-wip-us.apache.org/repos/asf/ambari/blob/f00daf00/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
index aff1c9e..d2867e1 100644
--- a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
@@ -1129,14 +1129,16 @@ class TestHDP22StackAdvisor(TestCase):
self.assertEquals(configurations, expected)
#test recommendations
- configurations = expected
configurations["hive-site"]["properties"]["hive.cbo.enable"] = "false"
configurations["hive-env"]["properties"]["hive_security_authorization"] = "sqlstdauth"
- services["configurations"] = configurations
- services["changed-configurations"] = [{"type": "hive-site", "key": "hive.cbo.enable"},
- {"type": "hive-env", "key": "hive_security_authorization"}]
+ services["changed-configurations"] = [{"type": "hive-site", "name": "hive.cbo.enable"},
+ {"type": "hive-env", "name": "hive_security_authorization"}]
+ expected["hive-env"]["properties"]["hive_security_authorization"] = "sqlstdauth"
+ expected["hive-site"]["properties"]["hive.cbo.enable"] = "false"
expected["hive-site"]["properties"]["hive.stats.fetch.partition.stats"]="false"
expected["hive-site"]["properties"]["hive.stats.fetch.column.stats"]="false"
+ expected["hive-site"]["properties"]["hive.security.authorization.enabled"]="true"
+ expected["hiveserver2-site"]["properties"]["hive.server2.enable.doAs"]="false"
expected["hive-site"]["properties"]["hive.security.metastore.authorization.manager"]=\
",org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly"
@@ -1144,6 +1146,14 @@ class TestHDP22StackAdvisor(TestCase):
self.assertEquals(configurations, expected)
+ # test 'hive_security_authorization'=='sqlstdauth' => 'hive.server2.enable.doAs'=='false'
+ configurations["hive-env"]["properties"]["hive_security_authorization"] = "none"
+ expected["hive-env"]["properties"]["hive_security_authorization"] = "none"
+ expected["hive-site"]["properties"]["hive.security.authorization.enabled"]="false"
+ expected["hiveserver2-site"]["properties"]["hive.server2.enable.doAs"]="true"
+ self.stackAdvisor.recommendHIVEConfigurations(configurations, clusterData, services, hosts)
+ self.assertEquals(configurations, expected)
+
def test_recommendMapredConfigurationAttributesWithPigService(self):
configurations = {
"mapred-site": {