Re: Review Request 13845: HIVE-5155: Support secure proxy user access to HiveServer2

Tue, 10 Sep 2013 20:56:48 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/13845/
-----------------------------------------------------------

(Updated Sept. 11, 2013, 3:55 a.m.)


Review request for hive.


Changes
-------

Minor formatting update.
(Diff doesn't include code generated by Thrift)


Bugs: HIVE-5155
    https://issues.apache.org/jira/browse/HIVE-5155


Repository: hive-git


Description
-------

Delegation token support -
Enable delegation token connection for HiveServer2
Enhance the TCLIService interface to support delegation token requests
Support passing the delegation token connection type via JDBC URL and Beeline 
option

Direct proxy access -
Define new proxy user property
Shim interfaces to validate proxy access for a given user

Note that the diff doesn't include thrift generated code.


Diffs (updated)
-----

  beeline/src/java/org/apache/hive/beeline/BeeLine.java 4c6eb9b 
  beeline/src/java/org/apache/hive/beeline/BeeLineOpts.java 61bdeee 
  beeline/src/java/org/apache/hive/beeline/Commands.java c574cd4 
  beeline/src/java/org/apache/hive/beeline/DatabaseConnection.java c70003d 
  common/src/java/org/apache/hadoop/hive/conf/HiveConf.java abbc655 
  jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java 9fbc8ad 
  jdbc/src/java/org/apache/hive/jdbc/Utils.java 3df3bd7 
  service/if/TCLIService.thrift 8dc2a90 
  service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java 5a66a6c 
  service/src/java/org/apache/hive/service/auth/KerberosSaslHelper.java 519556c 
  service/src/java/org/apache/hive/service/cli/CLIService.java 035e689 
  service/src/java/org/apache/hive/service/cli/CLIServiceClient.java fe49025 
  service/src/java/org/apache/hive/service/cli/EmbeddedCLIServiceClient.java 
38d64c8 
  service/src/java/org/apache/hive/service/cli/ICLIService.java 7e863b5 
  service/src/java/org/apache/hive/service/cli/session/HiveSession.java 5fa8fa1 
  service/src/java/org/apache/hive/service/cli/session/HiveSessionImpl.java 
7254491 
  
service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java
 ae7bb6b 
  service/src/java/org/apache/hive/service/cli/session/SessionManager.java 
47023ad 
  service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIService.java 
0788ead 
  
service/src/java/org/apache/hive/service/cli/thrift/ThriftCLIServiceClient.java 
5eb6157 
  shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java d2bb34d 
  
shims/src/common-secure/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java
 28843e0 
  shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java 30c9fc1 

Diff: https://reviews.apache.org/r/13845/diff/


Testing
-------

Since this requires kerberos setup, its tested by a standalone test program 
that runs various existing and new secure connection scenarios. The test code 
is attached to the ticket at 
https://issues.apache.org/jira/secure/attachment/12600119/ProxyAuth.java


Thanks,

Prasad Mujumdar

Reply via email to