Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hive, mail # dev - Review Request 13845: HIVE-5155: Support secure proxy user access to HiveServer2


Copy link to this message
-
Review Request 13845: HIVE-5155: Support secure proxy user access to HiveServer2
Prasad Mujumdar 2013-08-27, 08:44

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/13845/
-----------------------------------------------------------

Review request for hive.
Bugs: HIVE-5155
    https://issues.apache.org/jira/browse/HIVE-5155
Repository: hive-git
Description
-------

Delegation token support -
Enable delegation token connection for HiveServer2
Enhance the TCLIService interface to support delegation token requests
Support passing the delegation token connection type via JDBC URL and Beeline option

Direct proxy access -
Define new proxy user property
Shim interfaces to validate proxy access for a given user

Note that the diff doesn't include thrift generated code.
Diffs
-----

  beeline/src/java/org/apache/hive/beeline/BeeLine.java 4c6eb9b
  beeline/src/java/org/apache/hive/beeline/BeeLineOpts.java 61bdeee
  beeline/src/java/org/apache/hive/beeline/Commands.java c574cd4
  beeline/src/java/org/apache/hive/beeline/DatabaseConnection.java c70003d
  common/src/java/org/apache/hadoop/hive/conf/HiveConf.java abbc655
  jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java 9fbc8ad
  jdbc/src/java/org/apache/hive/jdbc/Utils.java 3df3bd7
  service/if/TCLIService.thrift 8dc2a90
  service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java 5a66a6c
  service/src/java/org/apache/hive/service/auth/KerberosSaslHelper.java 519556c
  service/src/java/org/apache/hive/service/cli/CLIService.java 035e689
  service/src/java/org/apache/hive/service/cli/CLIServiceClient.java fe49025
  service/src/java/org/apache/hive/service/cli/EmbeddedCLIServiceClient.java 38d64c8
  service/src/java/org/apache/hive/service/cli/ICLIService.java 7e863b5
  service/src/java/org/apache/hive/service/cli/session/HiveSession.java 5fa8fa1
  service/src/java/org/apache/hive/service/cli/session/HiveSessionImpl.java 7254491
  service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java ae7bb6b
  service/src/java/org/apache/hive/service/cli/session/SessionManager.java 47023ad
  service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java 0788ead
  service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIServiceClient.java 5eb6157
  shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java d2bb34d
  shims/src/common-secure/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java 28843e0
  shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java 30c9fc1

Diff: https://reviews.apache.org/r/13845/diff/
Testing
-------

Since this requires kerberos setup, its tested by a standalone test program that runs various existing and new secure connection scenarios. The test code is attached to the ticket at https://issues.apache.org/jira/secure/attachment/12600119/ProxyAuth.java
Thanks,

Prasad Mujumdar