[hive] branch master updated: HIVE-27063: Allow JWT auth to be set independently (#4049) (Naveen Gangam, reviewed by Zhihua Deng, Sai Hemanth G)

Fri, 10 Feb 2023 09:51:54 -0800 

This is an automated email from the ASF dual-hosted git repository.

gsaihemanth pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git


The following commit(s) were added to refs/heads/master by this push:
     new 20903a6d4e1 HIVE-27063: Allow JWT auth to be set independently (#4049) 
(Naveen Gangam, reviewed by Zhihua Deng, Sai Hemanth G)
20903a6d4e1 is described below

commit 20903a6d4e1922f8dfb91faa9ad03875d8753512
Author: Naveen Gangam <ngan...@cloudera.com>
AuthorDate: Fri Feb 10 12:50:36 2023 -0500

    HIVE-27063: Allow JWT auth to be set independently (#4049) (Naveen Gangam, 
reviewed by Zhihua Deng, Sai Hemanth G)
---
 .../org/apache/hive/service/auth/AuthType.java     |  2 +-
 .../org/apache/hive/service/auth/TestAuthType.java | 58 ++++++++++++++++++++++
 2 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/service/src/java/org/apache/hive/service/auth/AuthType.java 
b/service/src/java/org/apache/hive/service/auth/AuthType.java
index b0c571123de..281c9a67d62 100644
--- a/service/src/java/org/apache/hive/service/auth/AuthType.java
+++ b/service/src/java/org/apache/hive/service/auth/AuthType.java
@@ -58,7 +58,7 @@ public class AuthType {
       // single authentication type has no conflicts
       return;
     }
-    if (typeBits.get(HiveAuthConstants.AuthTypes.SAML.ordinal()) &&
+    if ((typeBits.get(HiveAuthConstants.AuthTypes.SAML.ordinal()) || 
typeBits.get(HiveAuthConstants.AuthTypes.JWT.ordinal())) &&
         !typeBits.get(HiveAuthConstants.AuthTypes.NOSASL.ordinal()) &&
         !typeBits.get(HiveAuthConstants.AuthTypes.KERBEROS.ordinal()) &&
         !typeBits.get(HiveAuthConstants.AuthTypes.NONE.ordinal()) &&
diff --git a/service/src/test/org/apache/hive/service/auth/TestAuthType.java 
b/service/src/test/org/apache/hive/service/auth/TestAuthType.java
index 08db27bfc42..c3eebdff12f 100644
--- a/service/src/test/org/apache/hive/service/auth/TestAuthType.java
+++ b/service/src/test/org/apache/hive/service/auth/TestAuthType.java
@@ -55,6 +55,13 @@ public class TestAuthType {
     testOnePasswordAuthWithSAML(HiveAuthConstants.AuthTypes.CUSTOM);
   }
 
+  @Test
+  public void testOnePasswordAuthWithJWT() throws Exception {
+    testOnePasswordAuthWithJWT(HiveAuthConstants.AuthTypes.LDAP);
+    testOnePasswordAuthWithJWT(HiveAuthConstants.AuthTypes.PAM);
+    testOnePasswordAuthWithJWT(HiveAuthConstants.AuthTypes.CUSTOM);
+  }
+
   private void testOnePasswordAuthWithSAML(HiveAuthConstants.AuthTypes type) 
throws Exception {
     AuthType authType = new AuthType("SAML," + type.getAuthName());
     Assert.assertTrue(authType.isEnabled(HiveAuthConstants.AuthTypes.SAML));
@@ -70,6 +77,21 @@ public class TestAuthType {
     Assert.assertEquals(type.getAuthName(), 
authType.getPasswordBasedAuthStr());
   }
 
+  private void testOnePasswordAuthWithJWT(HiveAuthConstants.AuthTypes type) 
throws Exception {
+    AuthType authType = new AuthType("JWT," + type.getAuthName());
+    Assert.assertTrue(authType.isEnabled(HiveAuthConstants.AuthTypes.JWT));
+    Assert.assertTrue(authType.isEnabled(type));
+
+    Set<HiveAuthConstants.AuthTypes> disabledAuthTypes = 
Arrays.stream(HiveAuthConstants.AuthTypes.values())
+        .collect(Collectors.toSet());
+    disabledAuthTypes.remove(HiveAuthConstants.AuthTypes.JWT);
+    disabledAuthTypes.remove(type);
+    for (HiveAuthConstants.AuthTypes disabledType : disabledAuthTypes) {
+      Assert.assertFalse(authType.isEnabled(disabledType));
+    }
+    Assert.assertEquals(type.getAuthName(), 
authType.getPasswordBasedAuthStr());
+  }
+
   @Test(expected = Exception.class)
   public void testKerberosWithSAML() throws Exception {
     AuthType authType = new AuthType("KERBEROS,SAML");
@@ -108,5 +130,41 @@ public class TestAuthType {
   @Test(expected = Exception.class)
   public void testNotExistAuth() throws Exception {
     AuthType authType = new AuthType("SAML,OTHER");
+    authType = new AuthType("JWT,OTHER");
+  }
+
+  @Test(expected = Exception.class)
+  public void testKerberosWithJWT() throws Exception {
+    AuthType authType = new AuthType("KERBEROS,JWT");
+  }
+
+  @Test(expected = Exception.class)
+  public void testKerberosWithJWTAndLdap() throws Exception {
+    AuthType authType = new AuthType("KERBEROS,JWT,LDAP");
+  }
+
+  @Test(expected = Exception.class)
+  public void testNoneWithJWT() throws Exception {
+    AuthType authType = new AuthType("NONE,JWT");
+  }
+
+  @Test(expected = Exception.class)
+  public void testNoSaslWithJWT() throws Exception {
+    AuthType authType = new AuthType("NOSASL,JWT");
+  }
+
+  @Test(expected = Exception.class)
+  public void testMultiPasswordAuthWithJWT() throws Exception {
+    AuthType authType = new AuthType("JWT,LDAP,PAM,CUSTOM");
+  }
+
+  @Test
+  public void testLDAPWithSAMLAndJWT() throws Exception {
+    AuthType authType = new AuthType("JWT,SAML,LDAP");
+  }
+
+  @Test
+  public void testSAMLWithJWT() throws Exception {
+    AuthType authType = new AuthType("JWT,SAML");
   }
 }

Reply via email to