You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/04/18 00:22:00 UTC

[jira] [Work logged] (HIVE-25929) Let secret config properties to be propagated to Tez

     [ https://issues.apache.org/jira/browse/HIVE-25929?focusedWorklogId=757724&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-757724 ]

ASF GitHub Bot logged work on HIVE-25929:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 18/Apr/22 00:21
            Start Date: 18/Apr/22 00:21
    Worklog Time Spent: 10m 
      Work Description: github-actions[bot] commented on PR #3019:
URL: https://github.com/apache/hive/pull/3019#issuecomment-1100978183

   This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
   Feel free to reach out on the dev@hive.apache.org list if the patch is in need of reviews.




Issue Time Tracking
-------------------

    Worklog Id:     (was: 757724)
    Time Spent: 1.5h  (was: 1h 20m)

> Let secret config properties to be propagated to Tez
> ----------------------------------------------------
>
>                 Key: HIVE-25929
>                 URL: https://issues.apache.org/jira/browse/HIVE-25929
>             Project: Hive
>          Issue Type: Bug
>            Reporter: László Bodor
>            Assignee: László Bodor
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> History in chronological order:
> HIVE-10508: removed some passwords from config that's propagated to execution engines
> HIVE-9013: introduced hive.conf.hidden.list, which is used instead of the hardcoded list in HIVE-10508
> the problem with HIVE-9013 is it's about to introduce a common method for removing sensitive data from Configuration, which absolutely makes sense in most of the cases (set command showing sensitive data), but can cause issues e.g. while using non-secure cloud connectors on a cluster, where instead of the hadoop credential provider API (which is considered the secure and proper way), passwords/secrets appear in the Configuration object (like: "fs.azure.account.oauth2.client.secret")
> 2 possible solutions:
> 1. introduce a new property like: "hive.conf.hidden.list.exec.engines" -> which defaults to "hive.conf.hidden.list" (configurable, but maybe just more confusing to users, having a new config property which should be understood and maintained on a cluster)
> 2. simply revert DAGUtils to use to old stripHivePasswordDetails introduced by HIVE-10508 (convenient, less confusing for users, but cannot be configured)



--
This message was sent by Atlassian Jira
(v8.20.1#820001)