[GitHub] [hive] okumin commented on a diff in pull request #4731: HIVE-27169: New Locked List to prevent configuration change at runtime without throwing error

Sat, 30 Sep 2023 06:07:12 -0700 


okumin commented on code in PR #4731:
URL: https://github.com/apache/hive/pull/4731#discussion_r1341957484


##########
common/src/java/org/apache/hadoop/hive/conf/HiveConf.java:
##########
@@ -850,6 +851,10 @@ public static enum ConfVars {
 
     HIVEIGNOREMAPJOINHINT("hive.ignore.mapjoin.hint", true, "Ignore the 
mapjoin hint"),
 
+    HIVE_CONF_LOCKED_LIST("hive.conf.locked.list", "", "Comma separated " +
+            "list of configuration options which are locked and can not be 
changed at runtime. Warning is logged and the " +
+            "change is ignored when user try to set these configs during 
runtime"),

Review Comment:
   There might be some security holes. This is the case where the parameter is 
empty.
   
   ```
   $ beeline
   ...
   0: jdbc:hive2://hive-hiveserver2:10000/defaul> set hive.conf.locked.list;
   +-------------------------------------+
   |                 set                 |
   +-------------------------------------+
   | hive.conf.locked.list is undefined  |
   +-------------------------------------+
   1 row selected (0.179 seconds)
   0: jdbc:hive2://hive-hiveserver2:10000/defaul> set 
hive.conf.locked.list=hive.execution.engine;
   No rows affected (0.011 seconds)
   0: jdbc:hive2://hive-hiveserver2:10000/defaul> set hive.conf.locked.list;
   +----------------------------------------------+
   |                     set                      |
   +----------------------------------------------+
   | hive.conf.locked.list=hive.execution.engine  |
   +----------------------------------------------+
   1 row selected (0.013 seconds)
   ```
   
   This is the case where I configured it in hive-site.xml, and then tried to 
update the param.
   
   ```
   $ beeline
   ...
   0: jdbc:hive2://hive-hiveserver2:10000/defaul> set hive.conf.locked.list;
   +----------------------------------------------+
   |                     set                      |
   +----------------------------------------------+
   | hive.conf.locked.list=hive.execution.engine  |
   +----------------------------------------------+
   1 row selected (0.071 seconds)
   0: jdbc:hive2://hive-hiveserver2:10000/defaul> set 
hive.conf.locked.list=hive.auto.convert.join;
   No rows affected (0.007 seconds)
   0: jdbc:hive2://hive-hiveserver2:10000/defaul> set hive.conf.locked.list;
   +-----------------------------------------------+
   |                      set                      |
   +-----------------------------------------------+
   | hive.conf.locked.list=hive.auto.convert.join  |
   +-----------------------------------------------+
   1 row selected (0.011 seconds)
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For additional commands, e-mail: gitbox-h...@hive.apache.org

Reply via email to