You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by ha...@apache.org on 2020/05/10 23:47:24 UTC
[hive] branch master updated: HIVE-22933 : Allow connecting
kerberos-enabled Hive to connect to a non-kerberos druid cluster ( Nishant
Bangarwa via Slim Bouguerra)
This is an automated email from the ASF dual-hosted git repository.
hashutosh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push:
new 75f7762 HIVE-22933 : Allow connecting kerberos-enabled Hive to connect to a non-kerberos druid cluster ( Nishant Bangarwa via Slim Bouguerra)
75f7762 is described below
commit 75f77621b52218f4781a08441d4c3f7be572e299
Author: Nishant Bangarwa <ni...@gmail.com>
AuthorDate: Sun May 10 16:46:38 2020 -0700
HIVE-22933 : Allow connecting kerberos-enabled Hive to connect to a non-kerberos druid cluster ( Nishant Bangarwa via Slim Bouguerra)
Signed-off-by: Ashutosh Chauhan <ha...@apache.org>
---
common/src/java/org/apache/hadoop/hive/conf/HiveConf.java | 2 ++
.../java/org/apache/hadoop/hive/druid/DruidStorageHandler.java | 8 ++++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
index 60ae06a..4f2ea9a 100644
--- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
+++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
@@ -3033,6 +3033,8 @@ public class HiveConf extends Configuration {
"Wait time in ms default to 30 seconds."
),
HIVE_DRUID_BITMAP_FACTORY_TYPE("hive.druid.bitmap.type", "roaring", new PatternSet("roaring", "concise"), "Coding algorithm use to encode the bitmaps"),
+ HIVE_DRUID_KERBEROS_ENABLE("hive.druid.kerberos.enable", true,
+ "Enable/Disable Kerberos authentication explicitly while connecting to a druid cluster."),
// For HBase storage handler
HIVE_HBASE_WAL_ENABLED("hive.hbase.wal.enabled", true,
"Whether writes to HBase should be forced to the write-ahead log. \n" +
diff --git a/druid-handler/src/java/org/apache/hadoop/hive/druid/DruidStorageHandler.java b/druid-handler/src/java/org/apache/hadoop/hive/druid/DruidStorageHandler.java
index beaf249..36b2cdf 100644
--- a/druid-handler/src/java/org/apache/hadoop/hive/druid/DruidStorageHandler.java
+++ b/druid-handler/src/java/org/apache/hadoop/hive/druid/DruidStorageHandler.java
@@ -86,6 +86,7 @@ import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.hive.metastore.api.Table;
import org.apache.hadoop.hive.metastore.utils.MetaStoreUtils;
import org.apache.hadoop.hive.ql.hooks.WriteEntity;
+import org.apache.hadoop.hive.ql.metadata.Hive;
import org.apache.hadoop.hive.ql.metadata.HiveStorageHandler;
import org.apache.hadoop.hive.ql.metadata.StorageHandlerInfo;
import org.apache.hadoop.hive.ql.plan.ExprNodeGenericFuncDesc;
@@ -760,7 +761,8 @@ import static org.apache.hadoop.hive.druid.DruidStorageHandlerUtils.JSON_MAPPER;
}
@Override public void configureJobConf(TableDesc tableDesc, JobConf jobConf) {
- if (UserGroupInformation.isSecurityEnabled()) {
+ final boolean kerberosEnabled = HiveConf.getBoolVar(getConf(), HiveConf.ConfVars.HIVE_DRUID_KERBEROS_ENABLE);
+ if (kerberosEnabled && UserGroupInformation.isSecurityEnabled()) {
// AM can not do Kerberos Auth so will do the input split generation in the HS2
LOG.debug("Setting {} to {} to enable split generation on HS2",
HiveConf.ConfVars.HIVE_AM_SPLIT_GENERATION.toString(),
@@ -928,7 +930,9 @@ import static org.apache.hadoop.hive.druid.DruidStorageHandlerUtils.JSON_MAPPER;
.withNumConnections(numConnection)
.withReadTimeout(new Period(readTimeout).toStandardDuration())
.build(), lifecycle);
- if (UserGroupInformation.isSecurityEnabled()) {
+ final boolean kerberosEnabled =
+ HiveConf.getBoolVar(SessionState.getSessionConf(), HiveConf.ConfVars.HIVE_DRUID_KERBEROS_ENABLE);
+ if (kerberosEnabled && UserGroupInformation.isSecurityEnabled()) {
LOG.info("building Kerberos Http Client");
return new KerberosHttpClient(httpClient);
}