-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69834/
-----------------------------------------------------------
(Updated Jan. 24, 2019, 11:13 p.m.)
Review request for hive, Adam Holley, Karthik Manamcheri, Na Li, and Vihang
Karajgaonkar.
Bugs: HIVE-21083
https://issues.apache.org/jira/browse/HIVE-21083
Repository: hive-git
Description
-------
It was identified that a valid way of configuring TLS is by using the Java
default truststore. The previous HMS implementation did not support this.
Modified the TLS properties in the following ways:
- Removed the requirement for metastore.dbaccess.ssl.truststore.path. If the
user does not specify a custom one, then it will default to the Java truststore.
- Removed the logs / warnings on metastore.dbaccess.ssl.truststore.password.
This used to generate a lot of noise if the user did not provide one. Also, the
contents of the truststore is certificates, which is public information and
doesn't require strict security.
- Removed the unit test that checks for an empty truststore path.
Diffs
-----
standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/conf/MetastoreConf.java
75f0c0a356f3b894408aa54b9cce5220d47d7f26
standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java
9f721243c94d48eef35acdcbd0c2e143ab6d23ec
standalone-metastore/metastore-server/src/test/java/org/apache/hadoop/hive/metastore/TestObjectStore.java
29738ba19b0d5ed9ec224d2288c0c1c922d0674c
Diff: https://reviews.apache.org/r/69834/diff/1/
Testing
-------
- Existing unit test coverage
- Manual testing by verifying that these properties can configure TLS to a
MySQL DB
Thanks,
Morio Ramdenbourg
