[jira] [Commented] (HIVE-7209) allow metastore authorization api calls to be restricted to certain invokers

Fri, 13 Jun 2014 21:51:18 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-7209?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14031462#comment-14031462
 ] 

Hive QA commented on HIVE-7209:
-------------------------------



{color:red}Overall{color}: -1 at least one tests failed

Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12650378/HIVE-7209.4.patch

{color:red}ERROR:{color} -1 due to 9 failed/errored test(s), 5630 tests executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_bucket_groupby
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_parquet_columnar
org.apache.hadoop.hive.cli.TestMiniTezCliDriver.testCliDriver_dynpart_sort_optimization
org.apache.hadoop.hive.cli.TestMiniTezCliDriver.testCliDriver_insert1
org.apache.hadoop.hive.cli.TestMiniTezCliDriver.testCliDriver_load_dyn_part1
org.apache.hadoop.hive.cli.TestMiniTezCliDriver.testCliDriver_scriptfile1
org.apache.hadoop.hive.cli.TestMinimrCliDriver.testCliDriver_root_dir_external_table
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testNegativeCliDriver_authorization_ctas
org.apache.hive.hcatalog.pig.TestOrcHCatLoader.testReadDataPrimitiveTypes
{noformat}

Test results: 
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-Build/459/testReport
Console output: 
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-Build/459/console
Test logs: 
http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-Build-459/

Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 9 tests failed
{noformat}

This message is automatically generated.

ATTACHMENT ID: 12650378

> allow metastore authorization api calls to be restricted to certain invokers
> ----------------------------------------------------------------------------
>
>                 Key: HIVE-7209
>                 URL: https://issues.apache.org/jira/browse/HIVE-7209
>             Project: Hive
>          Issue Type: Bug
>          Components: Authentication, Metastore
>            Reporter: Thejas M Nair
>            Assignee: Thejas M Nair
>              Labels: TODOC14
>         Attachments: HIVE-7209.1.patch, HIVE-7209.2.patch, HIVE-7209.3.patch, 
> HIVE-7209.4.patch
>
>
> Any user who has direct access to metastore can make metastore api calls that 
> modify the authorization policy. 
> The users who can make direct metastore api calls in a secure cluster 
> configuration are usually the 'cluster insiders' such as Pig and MR users, 
> who are not (securely) covered by the metastore based authorization policy. 
> But it makes sense to disallow access from such users as well.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to