You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Szehon Ho (Jira)" <ji...@apache.org> on 2020/02/13 14:26:00 UTC
[jira] [Commented] (HIVE-22033) HiveServer2: fix delegation token
renewal
[ https://issues.apache.org/jira/browse/HIVE-22033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17036265#comment-17036265 ]
Szehon Ho commented on HIVE-22033:
----------------------------------
Rebasing on behalf of Jon. This is an important patch that we have had in prod for awhile at Criteo. It seems important to update the expiry date on the store-side, maybe in our environment as the token is accessed via different metastore instances.
> HiveServer2: fix delegation token renewal
> -----------------------------------------
>
> Key: HIVE-22033
> URL: https://issues.apache.org/jira/browse/HIVE-22033
> Project: Hive
> Issue Type: Bug
> Affects Versions: 2.3.5
> Reporter: Ion Alberdi
> Assignee: Ion Alberdi
> Priority: Major
> Attachments: HIVE-22033.2.patch, HIVE-22033.patch
>
>
> Hello, the issue we faced (and a proposal for a fix) in our hive instances is depicted at
> [https://github.com/criteo-forks/hive/pull/24]
> Reading the master branch of the project
> [https://github.com/apache/hive/blob/master/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/TokenStoreDelegationTokenSecretManager.java#L147]
> I think the same behavior is replicated there.
> Long story short, *TokenStoreDelegationTokenSecretManager.renewToken*, does not update the expiry date of a given token (as it does not get the updated DelegationTokenInformation from *super.currentTokens*).
> This makes any call to renewToken ineffective (the expiry date of the token is not postponed).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)