[jira] [Created] (HIVE-2698) Enable Hadoop-1.0.0 in Hive
Enable Hadoop-1.0.0 in Hive --- Key: HIVE-2698 URL: https://issues.apache.org/jira/browse/HIVE-2698 Project: Hive Issue Type: New Feature Components: Security, Shims Affects Versions: 0.9.0 Reporter: Enis Soztutar Hadoop-1.0.0 is recently released, which is AFAIK, API compatible to the 0.20S release. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Created] (HIVE-2716) Move retry logic in HiveMetaStore to a separe class
Move retry logic in HiveMetaStore to a separe class --- Key: HIVE-2716 URL: https://issues.apache.org/jira/browse/HIVE-2716 Project: Hive Issue Type: Sub-task Components: Metastore Affects Versions: 0.9.0 Reporter: Enis Soztutar Assignee: Enis Soztutar In HIVE-1219, method retrying for raw store operation are introduced to handle jdo operations more robustly. However, the abstraction for the RawStore operations can be moved to a separate class implementing RawStore, which should clean up the code base for HiveMetaStore. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Created] (HIVE-2720) Merge MetaStoreListener and HiveMetaHook interfaces
Merge MetaStoreListener and HiveMetaHook interfaces --- Key: HIVE-2720 URL: https://issues.apache.org/jira/browse/HIVE-2720 Project: Hive Issue Type: Sub-task Reporter: Enis Soztutar Assignee: Enis Soztutar MetaStoreListener and HiveMetaHook both serve as a notification mechanism for metastore-related events. The former is used by hcat and the latter is by the hbase-storage handler, and invoked by the client. I propose to merge these interfaces, and extend the MetaStoreListener, to add most of the on- and pre- methods at the Thrift interface. This way, extending metastore will be easier, and validation, storage-driver notification, and enforcement can be delegated to individual listeners. Besides, more functionality can be plugged-in by Hcat at this level. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Created] (HIVE-2731) Precommit builds at Jenkins
Precommit builds at Jenkins Key: HIVE-2731 URL: https://issues.apache.org/jira/browse/HIVE-2731 Project: Hive Issue Type: Improvement Components: Build Infrastructure, Testing Infrastructure Reporter: Enis Soztutar Precommit builds, similar to what Hadoop/Hbase/ZK do is a great developer tool, so that we can enforce tests, test coverage, audit checks, etc. I guess we can ask Yahoo folks to use one of the Hadoop build machines. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Created] (HIVE-2764) Obtain delegation tokens for MR jobs in secure hbase setup
Obtain delegation tokens for MR jobs in secure hbase setup Key: HIVE-2764 URL: https://issues.apache.org/jira/browse/HIVE-2764 Project: Hive Issue Type: Improvement Components: HBase Handler, Security Reporter: Enis Soztutar Assignee: Enis Soztutar As discussed in HCATALOG-244, in a secure hbase setup with 0.92, we need to obtain delegation tokens for hbase and save it in jobconf, so that tasks can access region servers. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Created] (HIVE-2809) StorageHandler authorization providers
StorageHandler authorization providers -- Key: HIVE-2809 URL: https://issues.apache.org/jira/browse/HIVE-2809 Project: Hive Issue Type: New Feature Affects Versions: 0.9.0 Reporter: Enis Soztutar Assignee: Enis Soztutar In this issue, we would like to discuss the possibility of supplementing the Hive authorization model with authorization at the storage level. As discussed in HIVE-1943, Hive should also check for operation permissions in hdfs and hbase, since otherwise, data and metadata can be in an inconsistent state or be orphaned. Going a step further, some of the setups might not need the full featured auth model by Hive, but want to rely on managing the permissions at the data layer. In this model, the metadata operations are checked first from hdfs/hbase and it is allowed only if they are allowed at the data layer. The semantics are documented at https://cwiki.apache.org/confluence/display/HCATALOG/Hcat+Security+Design. So, the goals of this issue are: - Port storage handler specific authorization providers, and the StorageDelegationAuthorizationProvider from HCATALOG-245 and HCATALOG-260 to Hive. - Keep current Hive's default authorization provider, and enable user to use this and/or the storage one. auth providers are already configurable. - Move the manual checks that had to be performed about authorization in Hcat to Hive, specifically: -- CREATE DATABASE/TABLE, ADD PARTITION statements does not call HiveAuthorizationProvider.authorize() with the candidate objects, which means that we cannot do checks against defined LOCATION. -- HiveOperation does not define sufficient Privileges for most of the operations, especially database operations. -- For some of the operations, Hive SemanticAnalyzer does not add the changed object as a WriteEntity or ReadEntity. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
