You are viewing a plain text version of this content. The canonical link for it is here.
Posted to gitbox@hive.apache.org by GitBox <gi...@apache.org> on 2022/09/20 16:42:11 UTC
[GitHub] [hive] kevinw66 opened a new pull request, #3609: HIVE-26549: Add auth config for WebHCat server
kevinw66 opened a new pull request, #3609:
URL: https://github.com/apache/hive/pull/3609
<!--
Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, please read our contributor guidelines: https://cwiki.apache.org/confluence/display/Hive/HowToContribute
2. Ensure that you have created an issue on the Hive project JIRA: https://issues.apache.org/jira/projects/HIVE/summary
3. Ensure you have added or run the appropriate tests for your PR:
4. If the PR is unfinished, add '[WIP]' in your PR title, e.g., '[WIP]HIVE-XXXXX: Your PR title ...'.
5. Be sure to keep the PR description updated to reflect all changes.
6. Please write your PR title to summarize what this PR proposes.
7. If possible, provide a concise example to reproduce the issue for a faster review.
-->
### What changes were proposed in this pull request?
<!--
Please clarify what changes you are proposing. The purpose of this section is to outline the changes and how this PR fixes the issue.
If possible, please consider writing useful notes for better and faster reviews in your PR. See the examples below.
1. If you refactor some codes with changing classes, showing the class hierarchy will help reviewers.
2. If you fix some SQL features, you can provide some references of other DBMSes.
3. If there is design documentation, please add the link.
4. If there is a discussion in the mailing list, please add the link.
-->
### Why are the changes needed?
<!--
Please clarify why the changes are needed. For instance,
1. If you propose a new API, clarify the use case for a new API.
2. If you fix a bug, you can clarify why it is a bug.
-->
### Does this PR introduce _any_ user-facing change?
<!--
Note that it means *any* user-facing change including all aspects such as the documentation fix.
If yes, please clarify the previous behavior and the change this PR proposes - provide the console output, description, screenshot and/or a reproducable example to show the behavior difference if possible.
If possible, please also clarify if this is a user-facing change compared to the released Hive versions or within the unreleased branches such as master.
If no, write 'No'.
-->
### How was this patch tested?
<!--
If tests were added, say they were added here. Please make sure to add some test cases that check the changes thoroughly including negative and positive cases if possible.
If it was tested in a way different from regular unit tests, please clarify how you tested step by step, ideally copy and paste-able, so that other reviewers can test and check, and descendants can verify in the future.
If tests were not added, please describe why they were not added and/or why it was difficult to add.
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] kevinw66 commented on a diff in pull request #3609: HIVE-26549: Add auth config for WebHCat server
Posted by GitBox <gi...@apache.org>.
kevinw66 commented on code in PR #3609:
URL: https://github.com/apache/hive/pull/3609#discussion_r976641320
##########
hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java:
##########
@@ -306,18 +308,30 @@ private Connector createChannelConnector(Server server) {
public FilterHolder makeAuthFilter() throws IOException {
FilterHolder authFilter = new FilterHolder(AuthFilter.class);
UserNameHandler.allowAnonymous(authFilter);
+
+ // compatible with Hadoop 3.3.x.
Review Comment:
If we don't care about versions before 3.3.x, we need to use AuthFilterInitializer, refers to:https://github.com/apache/hadoop/commit/4ea6c2f457496461afc63f38ef4cef3ab0efce49#diff-8794afa0dfd45cc8be6743dd6d13d0bd89bdfbd6dbab8804da0b0555413734d6R67
`AuthFilterInitializer` not exists in earlier version in Hadoop, that's why I set all configuration by myself, I'm trying to compatible with both Hadoop3.1.x and Hadoop3.3.x, But I only tested with Hadoop3.3.x
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] sonarcloud[bot] commented on pull request #3609: HIVE-26549: Add auth config for WebHCat server
Posted by GitBox <gi...@apache.org>.
sonarcloud[bot] commented on PR #3609:
URL: https://github.com/apache/hive/pull/3609#issuecomment-1255287074
Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=3609)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=BUG) [1 Bug](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=3609&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=3609&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=3609&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=CODE_SMELL) [4 Code Smells](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=3609&metric=coverage&view=list) No Coverage information
[](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=3609&metric=duplicated_lines_density&view=list) No Duplication information
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] zabetak commented on a diff in pull request #3609: HIVE-26549: Add auth config for WebHCat server
Posted by GitBox <gi...@apache.org>.
zabetak commented on code in PR #3609:
URL: https://github.com/apache/hive/pull/3609#discussion_r976373915
##########
hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java:
##########
@@ -306,18 +308,30 @@ private Connector createChannelConnector(Server server) {
public FilterHolder makeAuthFilter() throws IOException {
FilterHolder authFilter = new FilterHolder(AuthFilter.class);
UserNameHandler.allowAnonymous(authFilter);
+
+ // compatible with Hadoop 3.3.x.
Review Comment:
Can you elaborate a bit more what compatible means.
If I understand well the changes are required after upgrading to hadoop 3.3.x onwards otherwise the Authentication filter will not work but what happens with versions before 3.3.x. I guess that the new code will not work if an earlier version of hadoop is used.
##########
hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java:
##########
@@ -306,18 +308,30 @@ private Connector createChannelConnector(Server server) {
public FilterHolder makeAuthFilter() throws IOException {
FilterHolder authFilter = new FilterHolder(AuthFilter.class);
UserNameHandler.allowAnonymous(authFilter);
+
+ // compatible with Hadoop 3.3.x.
+ // https://issues.apache.org/jira/browse/HIVE-24083
Review Comment:
Please remove the link to the JIRA. We will pre-pend it to the commit message so developers will be able to find it.
##########
hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java:
##########
@@ -306,18 +308,30 @@ private Connector createChannelConnector(Server server) {
public FilterHolder makeAuthFilter() throws IOException {
FilterHolder authFilter = new FilterHolder(AuthFilter.class);
UserNameHandler.allowAnonymous(authFilter);
+
+ // compatible with Hadoop 3.3.x.
+ // https://issues.apache.org/jira/browse/HIVE-24083
+ String confPrefix = "dfs.web.authentication";
+ String prefix = confPrefix + ".";
+ authFilter.setInitParameter(AuthenticationFilter.CONFIG_PREFIX, confPrefix);
+ authFilter.setInitParameter(prefix + AuthenticationFilter.COOKIE_PATH, "/");
+
if (UserGroupInformation.isSecurityEnabled()) {
+ authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, KerberosAuthenticationHandler.TYPE);
+
//http://hadoop.apache.org/docs/r1.1.1/api/org/apache/hadoop/security/authentication/server/AuthenticationFilter.html
Review Comment:
Please remove the links towards Hadoop source code; they are obsolete and do not really provide any useful information right now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] kevinw66 commented on a diff in pull request #3609: HIVE-26549: Add auth config for WebHCat server
Posted by GitBox <gi...@apache.org>.
kevinw66 commented on code in PR #3609:
URL: https://github.com/apache/hive/pull/3609#discussion_r976642337
##########
hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java:
##########
@@ -306,18 +308,30 @@ private Connector createChannelConnector(Server server) {
public FilterHolder makeAuthFilter() throws IOException {
FilterHolder authFilter = new FilterHolder(AuthFilter.class);
UserNameHandler.allowAnonymous(authFilter);
+
+ // compatible with Hadoop 3.3.x.
+ // https://issues.apache.org/jira/browse/HIVE-24083
Review Comment:
Sure. I'll remove the link
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] zabetak commented on a diff in pull request #3609: HIVE-26549: Add auth config for WebHCat server
Posted by GitBox <gi...@apache.org>.
zabetak commented on code in PR #3609:
URL: https://github.com/apache/hive/pull/3609#discussion_r977467468
##########
hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java:
##########
@@ -306,18 +308,30 @@ private Connector createChannelConnector(Server server) {
public FilterHolder makeAuthFilter() throws IOException {
FilterHolder authFilter = new FilterHolder(AuthFilter.class);
UserNameHandler.allowAnonymous(authFilter);
+
+ // compatible with Hadoop 3.3.x.
+ // https://issues.apache.org/jira/browse/HIVE-24083
+ String confPrefix = "dfs.web.authentication";
+ String prefix = confPrefix + ".";
+ authFilter.setInitParameter(AuthenticationFilter.CONFIG_PREFIX, confPrefix);
+ authFilter.setInitParameter(prefix + AuthenticationFilter.COOKIE_PATH, "/");
+
if (UserGroupInformation.isSecurityEnabled()) {
+ authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, KerberosAuthenticationHandler.TYPE);
+
//http://hadoop.apache.org/docs/r1.1.1/api/org/apache/hadoop/security/authentication/server/AuthenticationFilter.html
Review Comment:
Yes feel free to remove all of them since they are obsolete. We do not want to direct people to wrong documentation.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] kevinw66 commented on a diff in pull request #3609: HIVE-26549: Add auth config for WebHCat server
Posted by GitBox <gi...@apache.org>.
kevinw66 commented on code in PR #3609:
URL: https://github.com/apache/hive/pull/3609#discussion_r977781441
##########
hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java:
##########
@@ -306,18 +308,30 @@ private Connector createChannelConnector(Server server) {
public FilterHolder makeAuthFilter() throws IOException {
FilterHolder authFilter = new FilterHolder(AuthFilter.class);
UserNameHandler.allowAnonymous(authFilter);
+
+ // compatible with Hadoop 3.3.x.
+ // https://issues.apache.org/jira/browse/HIVE-24083
+ String confPrefix = "dfs.web.authentication";
+ String prefix = confPrefix + ".";
+ authFilter.setInitParameter(AuthenticationFilter.CONFIG_PREFIX, confPrefix);
+ authFilter.setInitParameter(prefix + AuthenticationFilter.COOKIE_PATH, "/");
+
if (UserGroupInformation.isSecurityEnabled()) {
+ authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, KerberosAuthenticationHandler.TYPE);
+
//http://hadoop.apache.org/docs/r1.1.1/api/org/apache/hadoop/security/authentication/server/AuthenticationFilter.html
Review Comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] kevinw66 commented on a diff in pull request #3609: HIVE-26549: Add auth config for WebHCat server
Posted by GitBox <gi...@apache.org>.
kevinw66 commented on code in PR #3609:
URL: https://github.com/apache/hive/pull/3609#discussion_r976637113
##########
hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java:
##########
@@ -306,18 +308,30 @@ private Connector createChannelConnector(Server server) {
public FilterHolder makeAuthFilter() throws IOException {
FilterHolder authFilter = new FilterHolder(AuthFilter.class);
UserNameHandler.allowAnonymous(authFilter);
+
+ // compatible with Hadoop 3.3.x.
+ // https://issues.apache.org/jira/browse/HIVE-24083
+ String confPrefix = "dfs.web.authentication";
+ String prefix = confPrefix + ".";
+ authFilter.setInitParameter(AuthenticationFilter.CONFIG_PREFIX, confPrefix);
+ authFilter.setInitParameter(prefix + AuthenticationFilter.COOKIE_PATH, "/");
+
if (UserGroupInformation.isSecurityEnabled()) {
+ authFilter.setInitParameter(prefix + AuthenticationFilter.AUTH_TYPE, KerberosAuthenticationHandler.TYPE);
+
//http://hadoop.apache.org/docs/r1.1.1/api/org/apache/hadoop/security/authentication/server/AuthenticationFilter.html
Review Comment:
The link already exists, not added by me, should I remove it anyway?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] sonarcloud[bot] commented on pull request #3609: HIVE-26549: Add auth config for WebHCat server
Posted by GitBox <gi...@apache.org>.
sonarcloud[bot] commented on PR #3609:
URL: https://github.com/apache/hive/pull/3609#issuecomment-1252680753
Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=3609)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=BUG) [2 Bugs](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=BUG)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=VULNERABILITY)
[](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=3609&resolved=false&types=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=3609&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=3609&resolved=false&types=SECURITY_HOTSPOT)
[](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=CODE_SMELL) [9 Code Smells](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3609&resolved=false&types=CODE_SMELL)
[](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=3609&metric=coverage&view=list) No Coverage information
[](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=3609&metric=duplicated_lines_density&view=list) No Duplication information
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] zabetak commented on a diff in pull request #3609: HIVE-26549: Add auth config for WebHCat server
Posted by GitBox <gi...@apache.org>.
zabetak commented on code in PR #3609:
URL: https://github.com/apache/hive/pull/3609#discussion_r977466274
##########
hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/Main.java:
##########
@@ -306,18 +308,30 @@ private Connector createChannelConnector(Server server) {
public FilterHolder makeAuthFilter() throws IOException {
FilterHolder authFilter = new FilterHolder(AuthFilter.class);
UserNameHandler.allowAnonymous(authFilter);
+
+ // compatible with Hadoop 3.3.x.
Review Comment:
Hive is currently on Hadoop 3.3.1 and this is the only version that we are gonna claim that we are compatible with. You can pick whatever API you think its best as long as it works fine for 3.3.1.
The comment can be removed since by definition we are compatible **only** with the `hadoop.version` mentioned in the pom files.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org
[GitHub] [hive] zabetak closed pull request #3609: HIVE-26549: Add auth config for WebHCat server
Posted by GitBox <gi...@apache.org>.
zabetak closed pull request #3609: HIVE-26549: Add auth config for WebHCat server
URL: https://github.com/apache/hive/pull/3609
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscribe@hive.apache.org
For additional commands, e-mail: gitbox-help@hive.apache.org