[jira] [Created] (HIVE-12417) Support for exclamation mark missing in regexp
Olaf Flebbe created HIVE-12417: -- Summary: Support for exclamation mark missing in regexp Key: HIVE-12417 URL: https://issues.apache.org/jira/browse/HIVE-12417 Project: Hive Issue Type: Bug Affects Versions: 1.2.1 Reporter: Olaf Flebbe Assignee: Olaf Flebbe with HIVE-6013 gets support for regular expressions. However, die ! character is valid, too. It is needed for expressions like {code} set hive.support.quoted.identifiers = none; select '^(?!donotuseme).*$ from table; {code} which is the idiom to select all but column {{donotuseme}} . See http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html for a reference of supported chars in Java regexp. The patch simply fixes the lexer to support '!' as REGEX char. And does simply work. Please review. If you like to have an iTest for it, I beg you to help me. I tried several days on a different issue to figure out how it is supposed to work and failed miserably. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (HIVE-11175) create function using jar does not work with sql std authorization
Olaf Flebbe created HIVE-11175: -- Summary: create function using jar does not work with sql std authorization Key: HIVE-11175 URL: https://issues.apache.org/jira/browse/HIVE-11175 Project: Hive Issue Type: Bug Components: Authorization Affects Versions: 1.2.0 Reporter: Olaf Flebbe Fix For: 2.0.0 {{create function xxx as 'xxx' using jar 'file://foo.jar' }} gives error code for need of accessing a local foo.jar resource with ADMIN privileges. Same for HDFS (DFS_URI) . problem is that the semantic analysis enforces the ADMIN privilege for write but the jar is clearly input not output. Patch und Testcase appendend. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (HIVE-10240) Patch HIVE-9473 breaks KERBEROS
Olaf Flebbe created HIVE-10240: -- Summary: Patch HIVE-9473 breaks KERBEROS Key: HIVE-10240 URL: https://issues.apache.org/jira/browse/HIVE-10240 Project: Hive Issue Type: Bug Components: Authentication, HiveServer2 Affects Versions: 1.0.0 Reporter: Olaf Flebbe Fix For: 1.0.1 The patch from HIVE-9473 introduces a regression. Hive-Server2 does not start properly any more for our config (more or less the bigtop environment) sql std auth enabled, enableDoAs disabled, tez enabled, kerberos enabled. Problem seems to be that the kerberos ticket is not present when hive-server2 tries first to access HDFS. When HIVE-9473 is reverted getting the ticket is one of the first things hive-server2 does. Posting startup of vanilla hive-1.0.0 and startup of a hive-1.0.0 with this commit revoked, where hive-server2 correctly starts. {code} commit 35582c2065a6b90b003a656bdb3b0ff08b0c35b9 Author: Thejas Nair Date: Fri Jan 30 00:05:50 2015 + HIVE-9473 : sql std auth should disallow built-in udfs that allow any java methods to be called (Thejas Nair, reviewed by Jason Dere) git-svn-id: https://svn.apache.org/repos/asf/hive/branches/branch-1.0@1655891 13f79535-47bb-0310-9956-ffa450edef68 {code} revoked. Startup of vanilla hive-1.0.0 hive-server2 {code} STARTUP_MSG: build = git://os2-debian80/net/os2-debian80/fs1/olaf/bigtop/output/hive/hive-1.0.0 -r 813996292c9f966109f990127ddd5673cf813125; compiled by 'olaf' on Tue Apr 7 09:33:01 CEST 2015 / 2015-04-07 10:23:52,579 INFO [main]: server.HiveServer2 (HiveServer2.java:startHiveServer2(292)) - Starting HiveServer2 2015-04-07 10:23:53,104 INFO [main]: metastore.HiveMetaStore (HiveMetaStore.java:newRawStore(556)) - 0: Opening raw store with implemenation class:org.apache.hadoop.hive.metastore.ObjectStore 2015-04-07 10:23:53,135 INFO [main]: metastore.ObjectStore (ObjectStore.java:initialize(264)) - ObjectStore, initialize called 2015-04-07 10:23:54,775 INFO [main]: metastore.ObjectStore (ObjectStore.java:getPMF(345)) - Setting MetaStore object pin classes with hive.metastore.cache.pinobjtypes="Table,StorageDescriptor,SerDeInfo,Pa rtition,Database,Type,FieldSchema,Order" 2015-04-07 10:23:56,953 INFO [main]: metastore.MetaStoreDirectSql (MetaStoreDirectSql.java:(132)) - Using direct SQL, underlying DB is DERBY 2015-04-07 10:23:56,954 INFO [main]: metastore.ObjectStore (ObjectStore.java:setConf(247)) - Initialized ObjectStore 2015-04-07 10:23:57,275 INFO [main]: metastore.HiveMetaStore (HiveMetaStore.java:createDefaultRoles_core(630)) - Added admin role in metastore 2015-04-07 10:23:57,276 INFO [main]: metastore.HiveMetaStore (HiveMetaStore.java:createDefaultRoles_core(639)) - Added public role in metastore 2015-04-07 10:23:58,241 WARN [main]: ipc.Client (Client.java:run(675)) - Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)] 2015-04-07 10:23:58,248 WARN [main]: ipc.Client (Client.java:run(675)) - Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)] 2015-04-07 10:23:58,249 INFO [main]: retry.RetryInvocationHandler (RetryInvocationHandler.java:invoke(140)) - Exception while invoking getFileInfo of class ClientNamenodeProtocolTranslatorPB over node2.proto.bsi.de/192.168.100.22:8020 after 1 fail over attempts. Trying to fail over immediately. java.io.IOException: Failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]; Host Details : local host is: "node2.proto.bsi.de/192.168.100.22"; destination host is: "node2.proto.bsi.de":8020; at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:772) at org.apache.hadoop.ipc.Client.call(Client.java:1472) at org.apache.hadoop.ipc.Client.call(Client.java:1399) at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:232) at com.sun.proxy.$Proxy14.getFileInfo(Unknown Source) at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getFileInfo(ClientNamenodeProtocolTranslatorPB.java:752) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606)
[jira] [Created] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
Olaf Flebbe created HIVE-9941: - Summary: sql std authorization on partitioned table: truncate and insert Key: HIVE-9941 URL: https://issues.apache.org/jira/browse/HIVE-9941 Project: Hive Issue Type: Bug Components: Authorization Affects Versions: 0.14.0 Reporter: Olaf Flebbe sql std authorization works as expected. However if a table is partitioned any user can truncate it User foo: {code} create table bla (a string) partitioned by (b string); #.. loading values ... {code} Admin: {code} 0: jdbc:hive2://localhost:1/default> set role admin; No rows affected (0,074 seconds) 0: jdbc:hive2://localhost:1/default> show grant on bla; +---+++-+-+-++---++--+--+ | database | table | partition | column | principal_name | principal_type | privilege | grant_option | grant_time | grantor | +---+++-+-+-++---++--+--+ | default | bla|| | foo | USER | DELETE | true | 1426158997000 | foo | | default | bla|| | foo | USER | INSERT | true | 1426158997000 | foo | | default | bla|| | foo | USER | SELECT | true | 1426158997000 | foo | | default | bla|| | foo | USER | UPDATE | true | 1426158997000 | foo | +---+++-+-+-++---++--+--+ {code} now user olaf {code} 0: jdbc:hive2://localhost:1/default> select * from bla; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: Principal [name=olaf, type=USER] does not have following privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, name=default.bla]] (state=42000,code=4) {code} _BUT_ {code} 0: jdbc:hive2://localhost:1/default> truncate table bla; No rows affected (0,18 seconds) {code} And table is empty afterwards. Similarily: {{insert into table}} works, too. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-8953) 0.5.2-SNAPSHOT Dependency
[ https://issues.apache.org/jira/browse/HIVE-8953?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14225937#comment-14225937 ] Olaf Flebbe commented on HIVE-8953: --- Seems to be fixed in 0.14 branch. Any plans to release a 0.14.1 an urgent bug-fix release? > 0.5.2-SNAPSHOT Dependency > - > > Key: HIVE-8953 > URL: https://issues.apache.org/jira/browse/HIVE-8953 > Project: Hive > Issue Type: Bug >Affects Versions: 0.14.0 > Environment: Compiling for Apache BIGTOP. >Reporter: Olaf Flebbe > > I have the issue that hive shim 0.23 needs tez Version 0.5.2-SNAPSHOT. > Hm, I have no clue what SNAPSHOT of Apache Tez should be used. There is no > 0.5.2-SNAPSHOT in Maven Central Repository. > Can I use 0.5.2 ? (This seems to be released) > This relates to: [HIVE-8614] I have the same problem as the reporter. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (HIVE-8953) 0.5.2-SNAPSHOT Dependency
Olaf Flebbe created HIVE-8953: - Summary: 0.5.2-SNAPSHOT Dependency Key: HIVE-8953 URL: https://issues.apache.org/jira/browse/HIVE-8953 Project: Hive Issue Type: Bug Affects Versions: 0.14.0 Environment: Compiling for Apache BIGTOP. Reporter: Olaf Flebbe I have the issue that hive shim 0.23 needs tez Version 0.5.2-SNAPSHOT. Hm, I have no clue what SNAPSHOT of Apache Tez should be used. There is no 0.5.2-SNAPSHOT in Maven Central Repository. Can I use 0.5.2 ? (This seems to be released) This relates to: [HIVE-8614] I have the same problem as the reporter. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Resolved] (HIVE-8939) Liste der Dienste die Authentisierung benötigen
[ https://issues.apache.org/jira/browse/HIVE-8939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Olaf Flebbe resolved HIVE-8939. --- Resolution: Invalid Wrong JIRA ;-( > Liste der Dienste die Authentisierung benötigen > --- > > Key: HIVE-8939 > URL: https://issues.apache.org/jira/browse/HIVE-8939 > Project: Hive > Issue Type: Bug >Reporter: Olaf Flebbe > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (HIVE-8939) Liste der Dienste die Authentisierung benötigen
Olaf Flebbe created HIVE-8939: - Summary: Liste der Dienste die Authentisierung benötigen Key: HIVE-8939 URL: https://issues.apache.org/jira/browse/HIVE-8939 Project: Hive Issue Type: Bug Reporter: Olaf Flebbe -- This message was sent by Atlassian JIRA (v6.3.4#6332)