You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by Lefty Leverenz <le...@gmail.com> on 2014/02/23 10:47:21 UTC
Re: Review Request 13845: HIVE-5155: Support secure proxy user access to
HiveServer2
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/13845/#review35241
-----------------------------------------------------------
conf/hive-default.xml.template
<https://reviews.apache.org/r/13845/#comment65695>
Agreed on both points. But as typos go, "requestion" is such a lovely word that it ought to be added to the English language. ;)
- Lefty Leverenz
On Dec. 5, 2013, 8:08 p.m., Prasad Mujumdar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/13845/
> -----------------------------------------------------------
>
> (Updated Dec. 5, 2013, 8:08 p.m.)
>
>
> Review request for hive, Brock Noland, Carl Steinbach, and Thejas Nair.
>
>
> Bugs: HIVE-5155
> https://issues.apache.org/jira/browse/HIVE-5155
>
>
> Repository: hive-git
>
>
> Description
> -------
>
> Delegation token support -
> Enable delegation token connection for HiveServer2
> Enhance the TCLIService interface to support delegation token requests
> Support passing the delegation token connection type via JDBC URL and Beeline option
>
> Direct proxy access -
> Define new proxy user property
> Shim interfaces to validate proxy access for a given user
>
> Note that the diff doesn't include thrift generated code.
>
>
> Diffs
> -----
>
> beeline/src/java/org/apache/hive/beeline/BeeLine.java c5e36a5
> beeline/src/java/org/apache/hive/beeline/BeeLineOpts.java c3abba3
> beeline/src/java/org/apache/hive/beeline/Commands.java d2d7fd3
> beeline/src/java/org/apache/hive/beeline/DatabaseConnection.java 1de5829
> common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 36503fa
> conf/hive-default.xml.template c61a0bb
> itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java 7b1c9da
> jdbc/src/java/org/apache/hadoop/hive/jdbc/HiveConnection.java d08e05b
> jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java ef39573
> jdbc/src/java/org/apache/hive/jdbc/Utils.java 4d75d98
> service/if/TCLIService.thrift 62a9730
> service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java d80649f
> service/src/java/org/apache/hive/service/auth/KerberosSaslHelper.java 519556c
> service/src/java/org/apache/hive/service/auth/PlainSaslHelper.java 15b1675
> service/src/java/org/apache/hive/service/cli/CLIService.java 8c85386
> service/src/java/org/apache/hive/service/cli/CLIServiceClient.java 14ef54f
> service/src/java/org/apache/hive/service/cli/EmbeddedCLIServiceClient.java 9dca874
> service/src/java/org/apache/hive/service/cli/ICLIService.java f647ce6
> service/src/java/org/apache/hive/service/cli/session/HiveSession.java 00058cc
> service/src/java/org/apache/hive/service/cli/session/HiveSessionImpl.java cfda752
> service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java 708f4e4
> service/src/java/org/apache/hive/service/cli/session/SessionManager.java e262b72
> service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java 9df110e
> service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIServiceClient.java 9bb2a0f
> service/src/test/org/apache/hive/service/auth/TestPlainSaslHelper.java 8fa4afd
> service/src/test/org/apache/hive/service/cli/session/TestSessionHooks.java 2fac800
> shims/0.20/src/main/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 6ff1a84
> shims/common-secure/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java 84f3ddc
> shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java dc89de1
> shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java 0d5615c
> shims/common/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java 03f4e51
>
> Diff: https://reviews.apache.org/r/13845/diff/
>
>
> Testing
> -------
>
> Since this requires kerberos setup, its tested by a standalone test program that runs various existing and new secure connection scenarios. The test code is attached to the ticket at https://issues.apache.org/jira/secure/attachment/12600119/ProxyAuth.java
>
>
> Thanks,
>
> Prasad Mujumdar
>
>
Re: Review Request 13845: HIVE-5155: Support secure proxy user access to
HiveServer2
Posted by Lefty Leverenz <le...@gmail.com>.
> On Feb. 23, 2014, 9:47 a.m., Lefty Leverenz wrote:
> > conf/hive-default.xml.template, line 2111
> > <https://reviews.apache.org/r/13845/diff/4/?file=394500#file394500line2111>
> >
> > Agreed on both points. But as typos go, "requestion" is such a lovely word that it ought to be added to the English language. ;)
Oops, thought this would appear with Thejas's comment (the points are "altername" -> "alternate" and "requestion" -> "request").
- Lefty
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/13845/#review35241
-----------------------------------------------------------
On Dec. 5, 2013, 8:08 p.m., Prasad Mujumdar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/13845/
> -----------------------------------------------------------
>
> (Updated Dec. 5, 2013, 8:08 p.m.)
>
>
> Review request for hive, Brock Noland, Carl Steinbach, and Thejas Nair.
>
>
> Bugs: HIVE-5155
> https://issues.apache.org/jira/browse/HIVE-5155
>
>
> Repository: hive-git
>
>
> Description
> -------
>
> Delegation token support -
> Enable delegation token connection for HiveServer2
> Enhance the TCLIService interface to support delegation token requests
> Support passing the delegation token connection type via JDBC URL and Beeline option
>
> Direct proxy access -
> Define new proxy user property
> Shim interfaces to validate proxy access for a given user
>
> Note that the diff doesn't include thrift generated code.
>
>
> Diffs
> -----
>
> beeline/src/java/org/apache/hive/beeline/BeeLine.java c5e36a5
> beeline/src/java/org/apache/hive/beeline/BeeLineOpts.java c3abba3
> beeline/src/java/org/apache/hive/beeline/Commands.java d2d7fd3
> beeline/src/java/org/apache/hive/beeline/DatabaseConnection.java 1de5829
> common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 36503fa
> conf/hive-default.xml.template c61a0bb
> itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java 7b1c9da
> jdbc/src/java/org/apache/hadoop/hive/jdbc/HiveConnection.java d08e05b
> jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java ef39573
> jdbc/src/java/org/apache/hive/jdbc/Utils.java 4d75d98
> service/if/TCLIService.thrift 62a9730
> service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java d80649f
> service/src/java/org/apache/hive/service/auth/KerberosSaslHelper.java 519556c
> service/src/java/org/apache/hive/service/auth/PlainSaslHelper.java 15b1675
> service/src/java/org/apache/hive/service/cli/CLIService.java 8c85386
> service/src/java/org/apache/hive/service/cli/CLIServiceClient.java 14ef54f
> service/src/java/org/apache/hive/service/cli/EmbeddedCLIServiceClient.java 9dca874
> service/src/java/org/apache/hive/service/cli/ICLIService.java f647ce6
> service/src/java/org/apache/hive/service/cli/session/HiveSession.java 00058cc
> service/src/java/org/apache/hive/service/cli/session/HiveSessionImpl.java cfda752
> service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java 708f4e4
> service/src/java/org/apache/hive/service/cli/session/SessionManager.java e262b72
> service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java 9df110e
> service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIServiceClient.java 9bb2a0f
> service/src/test/org/apache/hive/service/auth/TestPlainSaslHelper.java 8fa4afd
> service/src/test/org/apache/hive/service/cli/session/TestSessionHooks.java 2fac800
> shims/0.20/src/main/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 6ff1a84
> shims/common-secure/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java 84f3ddc
> shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java dc89de1
> shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java 0d5615c
> shims/common/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java 03f4e51
>
> Diff: https://reviews.apache.org/r/13845/diff/
>
>
> Testing
> -------
>
> Since this requires kerberos setup, its tested by a standalone test program that runs various existing and new secure connection scenarios. The test code is attached to the ticket at https://issues.apache.org/jira/secure/attachment/12600119/ProxyAuth.java
>
>
> Thanks,
>
> Prasad Mujumdar
>
>
Re: Review Request 13845: HIVE-5155: Support secure proxy user access to
HiveServer2
Posted by Prasad Mujumdar <pr...@cloudera.com>.
> On Feb. 23, 2014, 9:47 a.m., Lefty Leverenz wrote:
> > conf/hive-default.xml.template, line 2111
> > <https://reviews.apache.org/r/13845/diff/4/?file=394500#file394500line2111>
> >
> > Agreed on both points. But as typos go, "requestion" is such a lovely word that it ought to be added to the English language. ;)
>
> Lefty Leverenz wrote:
> Oops, thought this would appear with Thejas's comment (the points are "altername" -> "alternate" and "requestion" -> "request").
:) My linguistic creativity is inversely proportional to my blood caffeine level ...
sorry about the typos.
- Prasad
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/13845/#review35241
-----------------------------------------------------------
On Dec. 5, 2013, 8:08 p.m., Prasad Mujumdar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/13845/
> -----------------------------------------------------------
>
> (Updated Dec. 5, 2013, 8:08 p.m.)
>
>
> Review request for hive, Brock Noland, Carl Steinbach, and Thejas Nair.
>
>
> Bugs: HIVE-5155
> https://issues.apache.org/jira/browse/HIVE-5155
>
>
> Repository: hive-git
>
>
> Description
> -------
>
> Delegation token support -
> Enable delegation token connection for HiveServer2
> Enhance the TCLIService interface to support delegation token requests
> Support passing the delegation token connection type via JDBC URL and Beeline option
>
> Direct proxy access -
> Define new proxy user property
> Shim interfaces to validate proxy access for a given user
>
> Note that the diff doesn't include thrift generated code.
>
>
> Diffs
> -----
>
> beeline/src/java/org/apache/hive/beeline/BeeLine.java c5e36a5
> beeline/src/java/org/apache/hive/beeline/BeeLineOpts.java c3abba3
> beeline/src/java/org/apache/hive/beeline/Commands.java d2d7fd3
> beeline/src/java/org/apache/hive/beeline/DatabaseConnection.java 1de5829
> common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 36503fa
> conf/hive-default.xml.template c61a0bb
> itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java 7b1c9da
> jdbc/src/java/org/apache/hadoop/hive/jdbc/HiveConnection.java d08e05b
> jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java ef39573
> jdbc/src/java/org/apache/hive/jdbc/Utils.java 4d75d98
> service/if/TCLIService.thrift 62a9730
> service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java d80649f
> service/src/java/org/apache/hive/service/auth/KerberosSaslHelper.java 519556c
> service/src/java/org/apache/hive/service/auth/PlainSaslHelper.java 15b1675
> service/src/java/org/apache/hive/service/cli/CLIService.java 8c85386
> service/src/java/org/apache/hive/service/cli/CLIServiceClient.java 14ef54f
> service/src/java/org/apache/hive/service/cli/EmbeddedCLIServiceClient.java 9dca874
> service/src/java/org/apache/hive/service/cli/ICLIService.java f647ce6
> service/src/java/org/apache/hive/service/cli/session/HiveSession.java 00058cc
> service/src/java/org/apache/hive/service/cli/session/HiveSessionImpl.java cfda752
> service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java 708f4e4
> service/src/java/org/apache/hive/service/cli/session/SessionManager.java e262b72
> service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java 9df110e
> service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIServiceClient.java 9bb2a0f
> service/src/test/org/apache/hive/service/auth/TestPlainSaslHelper.java 8fa4afd
> service/src/test/org/apache/hive/service/cli/session/TestSessionHooks.java 2fac800
> shims/0.20/src/main/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 6ff1a84
> shims/common-secure/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java 84f3ddc
> shims/common-secure/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java dc89de1
> shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java 0d5615c
> shims/common/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java 03f4e51
>
> Diff: https://reviews.apache.org/r/13845/diff/
>
>
> Testing
> -------
>
> Since this requires kerberos setup, its tested by a standalone test program that runs various existing and new secure connection scenarios. The test code is attached to the ticket at https://issues.apache.org/jira/secure/attachment/12600119/ProxyAuth.java
>
>
> Thanks,
>
> Prasad Mujumdar
>
>