[ https://issues.apache.org/jira/browse/HIVE-13445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15256168#comment-15256168 ]
Siddharth Seth commented on HIVE-13445: --------------------------------------- bq. Is the yarn option already used somewhere? We could just change the utility method to use it too. Think this should be a separate jira. Will create one. bq. Don't understand. Can you elaborate? A token can be obtained in case of Tez as well, with the hive sessionId passed in, instead of having an alternate path where appId is sent is as null. This would require a lot more work on the LLAP side to associate queries with a sessionId rather than an appId, so it may not be worthwhile right now. bq. Separate JIRA? Think it's worthwhile adding basic tests as part of the patch itself, and a separate jira for more comprehensive system tests. More comments on RB. Thinking on loud on appId in the token... With default and recommended settings post HIVE-13446, only HS2 can obtain delegation tokens or a CLI instance / client which has the hiveserver/llap user kerberos credentials. In this case, users cannot easily fake the appSecret in a token - and llap should be able to trust the appSecret from the token without it being explicitly signed. Also, should we pass in a user in the getDelegationToken request either in place of appSecret or along with it. HS2 can set this user to the actual requesting user, otherwise the token is being issued with the user set to hive. getRealUser does not work afaik without proxy users being setup correctly. On the association of TokenUser / TokenApp on the first request QueryInfo already contains the appIdString and username. The token should be a duplicate of this. If anything we can verify the submitRequest and the token match like you mentioned. Subsequent requests already have the associated username / appId. I don't think the new fields in QueryInfo are required. > LLAP: token should encode application and cluster ids > ----------------------------------------------------- > > Key: HIVE-13445 > URL: https://issues.apache.org/jira/browse/HIVE-13445 > Project: Hive > Issue Type: Bug > Reporter: Sergey Shelukhin > Assignee: Sergey Shelukhin > Attachments: HIVE-13445.01.patch, HIVE-13445.02.patch, > HIVE-13445.03.patch, HIVE-13445.patch > > -- This message was sent by Atlassian JIRA (v6.3.4#6332)