You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sr...@apache.org on 2015/05/28 01:08:24 UTC

ambari git commit: AMBARI-11466. Under SQLStdAuth auth the hive.server2.enable.doAs should be turned to false (srimanth)

Repository: ambari
Updated Branches:
  refs/heads/trunk 8419e55bf -> f00daf006


AMBARI-11466. Under SQLStdAuth auth the hive.server2.enable.doAs should be turned to false (srimanth)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f00daf00
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f00daf00
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f00daf00

Branch: refs/heads/trunk
Commit: f00daf0065390fe5fa0cd4b254ae3fa376d6085f
Parents: 8419e55
Author: Srimanth Gunturi <sg...@hortonworks.com>
Authored: Wed May 27 16:01:25 2015 -0700
Committer: Srimanth Gunturi <sg...@hortonworks.com>
Committed: Wed May 27 16:01:31 2015 -0700

----------------------------------------------------------------------
 .../2.2/services/HIVE/configuration/hive-site.xml |  6 ++++++
 .../HIVE/configuration/hiveserver2-site.xml       |  6 ++++++
 .../stacks/HDP/2.2/services/stack_advisor.py      |  4 +++-
 .../stacks/2.2/common/test_stack_advisor.py       | 18 ++++++++++++++----
 4 files changed, 29 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/f00daf00/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml
index 30bfdef..34162d6 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml
@@ -1157,6 +1157,12 @@ limitations under the License.
       </entries>
       <selection-cardinality>1</selection-cardinality>
     </value-attributes>
+    <depends-on>
+      <property>
+        <type>hive-env</type>
+        <name>hive_security_authorization</name>
+      </property>
+    </depends-on>
   </property>
   <property>
     <name>hive.server2.table.type.mapping</name>

http://git-wip-us.apache.org/repos/asf/ambari/blob/f00daf00/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hiveserver2-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hiveserver2-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hiveserver2-site.xml
index 0032b6f..64dda93 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hiveserver2-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hiveserver2-site.xml
@@ -68,6 +68,12 @@ limitations under the License.
       </entries>
       <selection-cardinality>1</selection-cardinality>
     </value-attributes>
+    <depends-on>
+      <property>
+        <type>hive-env</type>
+        <name>hive_security_authorization</name>
+      </property>
+    </depends-on>
   </property>
 
   <property>

http://git-wip-us.apache.org/repos/asf/ambari/blob/f00daf00/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
index 34d1e26..5e78ee9 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
@@ -366,7 +366,10 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
       pass
     sqlstdauth_class = "org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly"
 
+    putHiveServerProperty("hive.server2.enable.doAs", "true")
+
     if str(configurations["hive-env"]["properties"]["hive_security_authorization"]).lower() == "sqlstdauth":
+      putHiveServerProperty("hive.server2.enable.doAs", "false")
       if sqlstdauth_class not in auth_manager_value:
         putHiveSiteProperty("hive.security.metastore.authorization.manager", auth_manager_value + "," + sqlstdauth_class)
     elif auth_manager_value != '':
@@ -376,7 +379,6 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
       putHiveSiteProperty("hive.security.metastore.authorization.manager", ",".join(auth_manager_values))
       pass
 
-    putHiveServerProperty("hive.server2.enable.doAs", "true")
     putHiveSiteProperty("hive.server2.use.SSL", "false")
 
     #Hive authentication

http://git-wip-us.apache.org/repos/asf/ambari/blob/f00daf00/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
index aff1c9e..d2867e1 100644
--- a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
@@ -1129,14 +1129,16 @@ class TestHDP22StackAdvisor(TestCase):
     self.assertEquals(configurations, expected)
 
     #test recommendations
-    configurations = expected
     configurations["hive-site"]["properties"]["hive.cbo.enable"] = "false"
     configurations["hive-env"]["properties"]["hive_security_authorization"] = "sqlstdauth"
-    services["configurations"] = configurations
-    services["changed-configurations"] = [{"type": "hive-site", "key": "hive.cbo.enable"},
-                                          {"type": "hive-env", "key": "hive_security_authorization"}]
+    services["changed-configurations"] = [{"type": "hive-site", "name": "hive.cbo.enable"},
+                                          {"type": "hive-env", "name": "hive_security_authorization"}]
+    expected["hive-env"]["properties"]["hive_security_authorization"] = "sqlstdauth"
+    expected["hive-site"]["properties"]["hive.cbo.enable"] = "false"
     expected["hive-site"]["properties"]["hive.stats.fetch.partition.stats"]="false"
     expected["hive-site"]["properties"]["hive.stats.fetch.column.stats"]="false"
+    expected["hive-site"]["properties"]["hive.security.authorization.enabled"]="true"
+    expected["hiveserver2-site"]["properties"]["hive.server2.enable.doAs"]="false"
     expected["hive-site"]["properties"]["hive.security.metastore.authorization.manager"]=\
       ",org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly"
 
@@ -1144,6 +1146,14 @@ class TestHDP22StackAdvisor(TestCase):
     self.assertEquals(configurations, expected)
 
 
+    # test 'hive_security_authorization'=='sqlstdauth' => 'hive.server2.enable.doAs'=='false'
+    configurations["hive-env"]["properties"]["hive_security_authorization"] = "none"
+    expected["hive-env"]["properties"]["hive_security_authorization"] = "none"
+    expected["hive-site"]["properties"]["hive.security.authorization.enabled"]="false"
+    expected["hiveserver2-site"]["properties"]["hive.server2.enable.doAs"]="true"
+    self.stackAdvisor.recommendHIVEConfigurations(configurations, clusterData, services, hosts)
+    self.assertEquals(configurations, expected)
+
   def test_recommendMapredConfigurationAttributesWithPigService(self):
     configurations = {
       "mapred-site": {