You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by sz...@apache.org on 2019/10/25 14:23:06 UTC
[hive] branch master updated: HIVE-22354: LLAP status driver may
look for worker registration on 'unsecure' ZK nodes (Adam Szita,
reviewed by Peter Vary)
This is an automated email from the ASF dual-hosted git repository.
szita pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push:
new 6517872 HIVE-22354: LLAP status driver may look for worker registration on 'unsecure' ZK nodes (Adam Szita, reviewed by Peter Vary)
6517872 is described below
commit 65178723dcd88ee14cd890a458ab774dc89a0573
Author: Adam Szita <sz...@cloudera.com>
AuthorDate: Tue Oct 22 11:41:38 2019 +0200
HIVE-22354: LLAP status driver may look for worker registration on 'unsecure' ZK nodes (Adam Szita, reviewed by Peter Vary)
---
.../apache/hadoop/hive/registry/impl/ZookeeperUtils.java | 6 +++---
.../hadoop/hive/registry/impl/TestZookeeperUtils.java | 13 +++++++++++--
.../org/apache/hadoop/hive/ql/exec/tez/TezSessionState.java | 7 ++++++-
.../hadoop/hive/metastore/security/ZooKeeperTokenStore.java | 2 +-
4 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/llap-client/src/java/org/apache/hadoop/hive/registry/impl/ZookeeperUtils.java b/llap-client/src/java/org/apache/hadoop/hive/registry/impl/ZookeeperUtils.java
index 2ac0fbe..be7657a 100644
--- a/llap-client/src/java/org/apache/hadoop/hive/registry/impl/ZookeeperUtils.java
+++ b/llap-client/src/java/org/apache/hadoop/hive/registry/impl/ZookeeperUtils.java
@@ -58,7 +58,7 @@ public class ZookeeperUtils {
*/
public static boolean isKerberosEnabled(Configuration conf) {
try {
- return UserGroupInformation.getLoginUser().isFromKeytab() &&
+ return UserGroupInformation.getLoginUser().hasKerberosCredentials() &&
HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS);
} catch (IOException e) {
return false;
@@ -68,8 +68,8 @@ public class ZookeeperUtils {
/**
* Dynamically sets up the JAAS configuration that uses kerberos.
*
- * @param principal
- * @param keyTabFile
+ * @param zkPrincipal
+ * @param zkKeytab
* @throws IOException
*/
private static String setZookeeperClientKerberosJaasConfig(
diff --git a/llap-client/src/test/org/apache/hadoop/hive/registry/impl/TestZookeeperUtils.java b/llap-client/src/test/org/apache/hadoop/hive/registry/impl/TestZookeeperUtils.java
index eb80cea..46e7438 100644
--- a/llap-client/src/test/org/apache/hadoop/hive/registry/impl/TestZookeeperUtils.java
+++ b/llap-client/src/test/org/apache/hadoop/hive/registry/impl/TestZookeeperUtils.java
@@ -43,21 +43,30 @@ public class TestZookeeperUtils {
@Test
public void testHadoopAuthKerberosAndZookeeperUseKerberos() {
+ Mockito.when(ugi.hasKerberosCredentials()).thenReturn(true);
Mockito.when(ugi.isFromKeytab()).thenReturn(true);
Assert.assertTrue(HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS));
Assert.assertTrue(ZookeeperUtils.isKerberosEnabled(conf));
}
@Test
+ public void testHadoopAuthKerberosFromTicketAndZookeeperUseKerberos() {
+ Mockito.when(ugi.hasKerberosCredentials()).thenReturn(true);
+ Mockito.when(ugi.isFromKeytab()).thenReturn(false);
+ Assert.assertTrue(HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS));
+ Assert.assertTrue(ZookeeperUtils.isKerberosEnabled(conf));
+ }
+
+ @Test
public void testHadoopAuthKerberosAndZookeeperNoKerberos(){
- Mockito.when(ugi.isFromKeytab()).thenReturn(true);
+ Mockito.when(ugi.hasKerberosCredentials()).thenReturn(true);
conf.setBoolean(HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS.varname, false);
Assert.assertFalse(ZookeeperUtils.isKerberosEnabled(conf));
}
@Test
public void testHadoopAuthSimpleAndZookeeperKerberos(){
- Mockito.when(ugi.isFromKeytab()).thenReturn(false);
+ Mockito.when(ugi.hasKerberosCredentials()).thenReturn(false);
conf.setBoolean(HiveConf.ConfVars.HIVE_ZOOKEEPER_USE_KERBEROS.varname, false);
Assert.assertFalse(ZookeeperUtils.isKerberosEnabled(conf));
}
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionState.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionState.java
index baef0fe..b4cdcb5 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionState.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionState.java
@@ -393,7 +393,12 @@ public class TezSessionState {
}
private boolean isKerberosEnabled(Configuration conf) {
- return UserGroupInformation.isSecurityEnabled() && HiveConf.getBoolVar(conf, ConfVars.LLAP_USE_KERBEROS);
+ try {
+ return UserGroupInformation.getLoginUser().hasKerberosCredentials() &&
+ HiveConf.getBoolVar(conf, ConfVars.LLAP_USE_KERBEROS);
+ } catch (IOException e) {
+ return false;
+ }
}
private static Token<LlapTokenIdentifier> getLlapToken(
diff --git a/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/ZooKeeperTokenStore.java b/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/ZooKeeperTokenStore.java
index c9e85a6..785fa02 100644
--- a/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/ZooKeeperTokenStore.java
+++ b/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/ZooKeeperTokenStore.java
@@ -95,7 +95,7 @@ public class ZooKeeperTokenStore implements DelegationTokenStore {
private boolean isKerberosEnabled(Configuration conf) {
try {
- return UserGroupInformation.getLoginUser().isFromKeytab() &&
+ return UserGroupInformation.getLoginUser().hasKerberosCredentials() &&
MetastoreConf.getBoolVar(conf, MetastoreConf.ConfVars.THRIFT_ZOOKEEPER_USE_KERBEROS);
} catch (IOException e) {
return false;