[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[Zhuoluo (Clark) Yang (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13660463#comment-13660463
 ] 

Zhuoluo (Clark) Yang commented on HIVE-2616:


Hi!
I am curious about this patch, what will happen if 
hive.metastore.sasl.enabled is NOT enabled and 
hive.metastore.execute.setugi is set.
Look into it from the code, I think the ugi is passed to the HMS and meaning 
nothing. The HMS will create/delete HDFS dir use the server side UGI.
Is there a way to use client side ugi to let HMS manipulate HDFS without 
hive.metastore.sasl.enabled?

 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: New Feature
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Fix For: 0.8.1, 0.9.0

 Attachments: hive-2616_1.patch, hive-2616_3.patch, hive-2616_4.patch, 
 hive-2616_5.patch, hive-2616.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[Zhuoluo (Clark) Yang (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13660466#comment-13660466
 ] 

Zhuoluo (Clark) Yang commented on HIVE-2616:


Is there a way to let user create their table/part dir based on their own UGI?

 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: New Feature
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Fix For: 0.8.1, 0.9.0

 Attachments: hive-2616_1.patch, hive-2616_3.patch, hive-2616_4.patch, 
 hive-2616_5.patch, hive-2616.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[Zhuoluo (Clark) Yang (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13660474#comment-13660474
 ] 

Zhuoluo (Clark) Yang commented on HIVE-2616:


I think I've got the point. 
Is TUGIBasedProcessor.process() doing this?

  try {
shim.doAs(clientUgi, pvea);
return true;
  } catch (RuntimeException rte) {

 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: New Feature
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Fix For: 0.8.1, 0.9.0

 Attachments: hive-2616_1.patch, hive-2616_3.patch, hive-2616_4.patch, 
 hive-2616_5.patch, hive-2616.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[Hudson (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13548289#comment-13548289
 ] 

Hudson commented on HIVE-2616:
--

Integrated in Hive-trunk-hadoop2 #54 (See 
[https://builds.apache.org/job/Hive-trunk-hadoop2/54/])
HIVE-2616 : Passing user identity from metastore client to server in 
non-secure mode (Ashutosh Chauhan) (Revision 1225683)

 Result = ABORTED
hashutosh : 
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1225683
Files : 
* /hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
* /hive/trunk/conf/hive-default.xml.template
* /hive/trunk/metastore/if/hive_metastore.thrift
* /hive/trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp
* /hive/trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h
* 
/hive/trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp
* 
/hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
* 
/hive/trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php
* 
/hive/trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote
* 
/hive/trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py
* /hive/trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb
* 
/hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
* 
/hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
* 
/hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
* 
/hive/trunk/metastore/src/test/org/apache/hadoop/hive/metastore/TestRemoteHiveMetaStore.java
* 
/hive/trunk/metastore/src/test/org/apache/hadoop/hive/metastore/TestSetUGIOnBothClientServer.java
* 
/hive/trunk/metastore/src/test/org/apache/hadoop/hive/metastore/TestSetUGIOnOnlyClient.java
* 
/hive/trunk/metastore/src/test/org/apache/hadoop/hive/metastore/TestSetUGIOnOnlyServer.java
* /hive/trunk/shims/ivy.xml
* 
/hive/trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java
* 
/hive/trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java
* 
/hive/trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
* /hive/trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/client
* 
/hive/trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/client/TUGIAssumingTransport.java
* 
/hive/trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java
* 
/hive/trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java
* 
/hive/trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java


 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Fix For: 0.8.1, 0.9.0

 Attachments: hive-2616_1.patch, hive-2616_3.patch, hive-2616_4.patch, 
 hive-2616_5.patch, hive-2616.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[Hudson (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13189119#comment-13189119
 ] 

Hudson commented on HIVE-2616:
--

Integrated in Hive-0.8.1-SNAPSHOT-h0.21 #166 (See 
[https://builds.apache.org/job/Hive-0.8.1-SNAPSHOT-h0.21/166/])
HIVE-2616. Merge -r 1225682:1225683 
https://svn.apache.org/repos/asf/hive/trunk .

amareshwari : 
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1233260
Files : 
* 
/hive/branches/branch-0.8-r2/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
* /hive/branches/branch-0.8-r2/conf/hive-default.xml.template
* /hive/branches/branch-0.8-r2/metastore/if/hive_metastore.thrift
* 
/hive/branches/branch-0.8-r2/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp
* 
/hive/branches/branch-0.8-r2/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h
* 
/hive/branches/branch-0.8-r2/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp
* 
/hive/branches/branch-0.8-r2/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
* 
/hive/branches/branch-0.8-r2/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php
* 
/hive/branches/branch-0.8-r2/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote
* 
/hive/branches/branch-0.8-r2/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py
* 
/hive/branches/branch-0.8-r2/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb
* 
/hive/branches/branch-0.8-r2/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
* 
/hive/branches/branch-0.8-r2/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
* 
/hive/branches/branch-0.8-r2/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
* 
/hive/branches/branch-0.8-r2/metastore/src/test/org/apache/hadoop/hive/metastore/TestRemoteHiveMetaStore.java
* 
/hive/branches/branch-0.8-r2/metastore/src/test/org/apache/hadoop/hive/metastore/TestSetUGIOnBothClientServer.java
* 
/hive/branches/branch-0.8-r2/metastore/src/test/org/apache/hadoop/hive/metastore/TestSetUGIOnOnlyClient.java
* 
/hive/branches/branch-0.8-r2/metastore/src/test/org/apache/hadoop/hive/metastore/TestSetUGIOnOnlyServer.java
* /hive/branches/branch-0.8-r2/shims/ivy.xml
* 
/hive/branches/branch-0.8-r2/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java
* 
/hive/branches/branch-0.8-r2/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java
* 
/hive/branches/branch-0.8-r2/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
* 
/hive/branches/branch-0.8-r2/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/client
* 
/hive/branches/branch-0.8-r2/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/client/TUGIAssumingTransport.java
* 
/hive/branches/branch-0.8-r2/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java
* 
/hive/branches/branch-0.8-r2/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java
* 
/hive/branches/branch-0.8-r2/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java


 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Fix For: 0.8.1, 0.9.0

 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch, 
 hive-2616_4.patch, hive-2616_5.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[Carl Steinbach (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13188313#comment-13188313
 ] 

Carl Steinbach commented on HIVE-2616:
--

+1

 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Fix For: 0.8.1, 0.9.0

 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch, 
 hive-2616_4.patch, hive-2616_5.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[Hudson (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13177573#comment-13177573
 ] 

Hudson commented on HIVE-2616:
--

Integrated in Hive-trunk-h0.21 #1176 (See 
[https://builds.apache.org/job/Hive-trunk-h0.21/1176/])
HIVE-2616 : Passing user identity from metastore client to server in 
non-secure mode (Ashutosh Chauhan)

hashutosh : 
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1225683
Files : 
* /hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
* /hive/trunk/conf/hive-default.xml.template
* /hive/trunk/metastore/if/hive_metastore.thrift
* /hive/trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp
* /hive/trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h
* 
/hive/trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp
* 
/hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
* 
/hive/trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php
* 
/hive/trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote
* 
/hive/trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py
* /hive/trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb
* 
/hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
* 
/hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
* 
/hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
* 
/hive/trunk/metastore/src/test/org/apache/hadoop/hive/metastore/TestRemoteHiveMetaStore.java
* 
/hive/trunk/metastore/src/test/org/apache/hadoop/hive/metastore/TestSetUGIOnBothClientServer.java
* 
/hive/trunk/metastore/src/test/org/apache/hadoop/hive/metastore/TestSetUGIOnOnlyClient.java
* 
/hive/trunk/metastore/src/test/org/apache/hadoop/hive/metastore/TestSetUGIOnOnlyServer.java
* /hive/trunk/shims/ivy.xml
* 
/hive/trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java
* 
/hive/trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java
* 
/hive/trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
* /hive/trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/client
* 
/hive/trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/client/TUGIAssumingTransport.java
* 
/hive/trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java
* 
/hive/trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java
* 
/hive/trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java


 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Fix For: 0.9.0

 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch, 
 hive-2616_4.patch, hive-2616_5.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[Carl Steinbach (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13175345#comment-13175345
 ] 

Carl Steinbach commented on HIVE-2616:
--

+1. Will commit if tests pass.

 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch, 
 hive-2616_4.patch, hive-2616_5.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[Ashutosh Chauhan (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13172662#comment-13172662
 ] 

Ashutosh Chauhan commented on HIVE-2616:


{code}
BUILD SUCCESSFUL
Total time: 302 minutes 28 seconds
{code}

All the tests passed.

 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch, 
 hive-2616_4.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[jirapos...@reviews.apache.org (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13172668#comment-13172668
 ] 

jirapos...@reviews.apache.org commented on HIVE-2616:
-


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/#review3984
---


Is it possible to add some testcases? Specifically I'd like to see a test that 
has a client with setugi enabled connect to a server with setugi disabled and 
vice-versa.



trunk/conf/hive-default.xml.template
https://reviews.apache.org/r/2975/#comment9004

This describes the action instead of the effect. Please change to something 
like In unsecure mode, setting this property to true will cause the metastore 
to execute DFS operations using the client's reported user and group 
permissions. Note that this property must be set on both the client and server 
sides.

Also, it may be easier to understand if you separate this out into to 
separate properties: hive.metastore.client.setugi and 
hive.metastore.server.setugi



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
https://reviews.apache.org/r/2975/#comment9005

Spacing.



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
https://reviews.apache.org/r/2975/#comment9000

The formatting/indentation in this method is still not correct. Please use 
2 character indents, nested 'else' operators, etc.



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
https://reviews.apache.org/r/2975/#comment9009

Please add some logging statements here, e.g.

Starting DB backed MetaStore Server in Secure Mode

Starting DB backed MetaStore Server

Starting DB backed MetaStore Server with SetUGI enabled
 



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
https://reviews.apache.org/r/2975/#comment9001

If the call to set_ugi() fails, is logging a message and continuing really 
the right behavior? Why not just fail outright?

Also, if you think that continuing is the correct behavior, then I think 
the description of metastore.execute.setugi should be updated to explain that 
this is a best effort approach, and it's possible that your setting will not be 
honored.



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
https://reviews.apache.org/r/2975/#comment8999

There's a TAB character here and on line 285. Please remove.



trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java
https://reviews.apache.org/r/2975/#comment9013

Add a newline.


- Carl


On 2011-12-17 02:42:36, Ashutosh Chauhan wrote:
bq.  
bq.  ---
bq.  This is an automatically generated e-mail. To reply, visit:
bq.  https://reviews.apache.org/r/2975/
bq.  ---
bq.  
bq.  (Updated 2011-12-17 02:42:36)
bq.  
bq.  
bq.  Review request for hive.
bq.  
bq.  
bq.  Summary
bq.  ---
bq.  
bq.  Pass user identity in metastore connection in unsecure mode
bq.  
bq.  
bq.  This addresses bug HIVE-2616.
bq.  https://issues.apache.org/jira/browse/HIVE-2616
bq.  
bq.  
bq.  Diffs
bq.  -
bq.  
bq.trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1215380 
bq.trunk/conf/hive-default.xml.template 1215380 
bq.trunk/metastore/if/hive_metastore.thrift 1215380 
bq.trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1215380 
bq.trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1215380 
bq.
trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp 
1215380 
bq.
trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
 1215380 
bq.
trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php 
1215380 
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote 
1215380 
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py 
1215380 
bq.trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1215380 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 
1215380 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
 1215380 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
 PRE-CREATION 
bq.trunk/shims/ivy.xml 1215380 
bq.
trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 
1215380 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 
1215380 
bq.

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[jirapos...@reviews.apache.org (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13172691#comment-13172691
 ] 

jirapos...@reviews.apache.org commented on HIVE-2616:
-


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/#review3985
---


About testing, see my earlier comment. To do any real tests for this, one needs 
to do 'sudo' and then run tests. I have not found an easy way to do that in 
Hive. HCatalog has test infrastructure which makes this kind of thing possible, 
where I am adding these tests. See, HCATALOG-181 Also, I have manually verified 
all four combinations of new/old client and new/old server and results were of 
my satisfaction. 


trunk/conf/hive-default.xml.template
https://reviews.apache.org/r/2975/#comment9018

I will update the text. But, I think splitting it in two properties will be 
more confusing then useful. If ever some one uses them and both client and 
server somehow uses same hive-site.xml, then having one property make sure its 
either turned on or off for both client and server. 



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
https://reviews.apache.org/r/2975/#comment9019

will fix



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
https://reviews.apache.org/r/2975/#comment9020

will fix



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
https://reviews.apache.org/r/2975/#comment9024

Will add.



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
https://reviews.apache.org/r/2975/#comment9021

In my opinion thats a right behavior because you dont want existing 
application to break when server is upgraded and is running with setugi on. I 
will update the text about best effort.



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
https://reviews.apache.org/r/2975/#comment9022

Will remove.



trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java
https://reviews.apache.org/r/2975/#comment9023

Will add.


- Ashutosh


On 2011-12-17 02:42:36, Ashutosh Chauhan wrote:
bq.  
bq.  ---
bq.  This is an automatically generated e-mail. To reply, visit:
bq.  https://reviews.apache.org/r/2975/
bq.  ---
bq.  
bq.  (Updated 2011-12-17 02:42:36)
bq.  
bq.  
bq.  Review request for hive.
bq.  
bq.  
bq.  Summary
bq.  ---
bq.  
bq.  Pass user identity in metastore connection in unsecure mode
bq.  
bq.  
bq.  This addresses bug HIVE-2616.
bq.  https://issues.apache.org/jira/browse/HIVE-2616
bq.  
bq.  
bq.  Diffs
bq.  -
bq.  
bq.trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1215380 
bq.trunk/conf/hive-default.xml.template 1215380 
bq.trunk/metastore/if/hive_metastore.thrift 1215380 
bq.trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1215380 
bq.trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1215380 
bq.
trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp 
1215380 
bq.
trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
 1215380 
bq.
trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php 
1215380 
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote 
1215380 
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py 
1215380 
bq.trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1215380 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 
1215380 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
 1215380 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
 PRE-CREATION 
bq.trunk/shims/ivy.xml 1215380 
bq.
trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 
1215380 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 
1215380 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
 1215380 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/client/TUGIAssumingTransport.java
 PRE-CREATION 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java 
1215380 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java 
PRE-CREATION 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
 PRE-CREATION 
bq.  
bq.  Diff: 

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[jirapos...@reviews.apache.org (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13172698#comment-13172698
 ] 

jirapos...@reviews.apache.org commented on HIVE-2616:
-


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/#review3987
---



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
https://reviews.apache.org/r/2975/#comment9030

 you dont want existing application to break when server is upgraded and 
is running with setugi on

Right, but this is the client-side, which is a little different. If the 
client requests set_ugi and doesn't get it I think it may be better to throw an 
exception. Right now it doesn't seem like the client has any way of knowing 
whether or not their set_ugi request has been honored.


- Carl


On 2011-12-17 02:42:36, Ashutosh Chauhan wrote:
bq.  
bq.  ---
bq.  This is an automatically generated e-mail. To reply, visit:
bq.  https://reviews.apache.org/r/2975/
bq.  ---
bq.  
bq.  (Updated 2011-12-17 02:42:36)
bq.  
bq.  
bq.  Review request for hive.
bq.  
bq.  
bq.  Summary
bq.  ---
bq.  
bq.  Pass user identity in metastore connection in unsecure mode
bq.  
bq.  
bq.  This addresses bug HIVE-2616.
bq.  https://issues.apache.org/jira/browse/HIVE-2616
bq.  
bq.  
bq.  Diffs
bq.  -
bq.  
bq.trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1215380 
bq.trunk/conf/hive-default.xml.template 1215380 
bq.trunk/metastore/if/hive_metastore.thrift 1215380 
bq.trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1215380 
bq.trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1215380 
bq.
trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp 
1215380 
bq.
trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
 1215380 
bq.
trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php 
1215380 
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote 
1215380 
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py 
1215380 
bq.trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1215380 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 
1215380 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
 1215380 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
 PRE-CREATION 
bq.trunk/shims/ivy.xml 1215380 
bq.
trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 
1215380 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 
1215380 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
 1215380 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/client/TUGIAssumingTransport.java
 PRE-CREATION 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java 
1215380 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java 
PRE-CREATION 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
 PRE-CREATION 
bq.  
bq.  Diff: https://reviews.apache.org/r/2975/diff
bq.  
bq.  
bq.  Testing
bq.  ---
bq.  
bq.  All the tests in metastore dir passes. Manually tested that file on hdfs 
is owned by user running the client and not by user running metastore server.
bq.  
bq.  
bq.  Thanks,
bq.  
bq.  Ashutosh
bq.  
bq.



 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch, 
 hive-2616_4.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please 

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[jirapos...@reviews.apache.org (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13172703#comment-13172703
 ] 

jirapos...@reviews.apache.org commented on HIVE-2616:
-



bq.  On 2011-12-19 22:45:48, Carl Steinbach wrote:
bq.   
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java,
 line 279
bq.   https://reviews.apache.org/r/2975/diff/3/?file=65044#file65044line279
bq.  
bq.you dont want existing application to break when server is 
upgraded and is running with setugi on
bq.   
bq.   Right, but this is the client-side, which is a little different. If 
the client requests set_ugi and doesn't get it I think it may be better to 
throw an exception. Right now it doesn't seem like the client has any way of 
knowing whether or not their set_ugi request has been honored.

bq.  Right, but this is the client-side, which is a little different. If the 
client requests set_ugi and doesn't get it I think it may be better to throw an 
exception. 
Since this is a current behavior, I am inclined to keep it that way. If we 
throw an exception, this will be change of behavior and will surprise those 
apps. 

bq.  Right now it doesn't seem like the client has any way of knowing whether 
or not their set_ugi request has been honored.
Client catches TException and logs it, so client can know about it, if it wants 
to.


- Ashutosh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/#review3987
---


On 2011-12-17 02:42:36, Ashutosh Chauhan wrote:
bq.  
bq.  ---
bq.  This is an automatically generated e-mail. To reply, visit:
bq.  https://reviews.apache.org/r/2975/
bq.  ---
bq.  
bq.  (Updated 2011-12-17 02:42:36)
bq.  
bq.  
bq.  Review request for hive.
bq.  
bq.  
bq.  Summary
bq.  ---
bq.  
bq.  Pass user identity in metastore connection in unsecure mode
bq.  
bq.  
bq.  This addresses bug HIVE-2616.
bq.  https://issues.apache.org/jira/browse/HIVE-2616
bq.  
bq.  
bq.  Diffs
bq.  -
bq.  
bq.trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1215380 
bq.trunk/conf/hive-default.xml.template 1215380 
bq.trunk/metastore/if/hive_metastore.thrift 1215380 
bq.trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1215380 
bq.trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1215380 
bq.
trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp 
1215380 
bq.
trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
 1215380 
bq.
trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php 
1215380 
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote 
1215380 
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py 
1215380 
bq.trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1215380 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 
1215380 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
 1215380 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
 PRE-CREATION 
bq.trunk/shims/ivy.xml 1215380 
bq.
trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 
1215380 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 
1215380 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
 1215380 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/client/TUGIAssumingTransport.java
 PRE-CREATION 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java 
1215380 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java 
PRE-CREATION 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
 PRE-CREATION 
bq.  
bq.  Diff: https://reviews.apache.org/r/2975/diff
bq.  
bq.  
bq.  Testing
bq.  ---
bq.  
bq.  All the tests in metastore dir passes. Manually tested that file on hdfs 
is owned by user running the client and not by user running metastore server.
bq.  
bq.  
bq.  Thanks,
bq.  
bq.  Ashutosh
bq.  
bq.



 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
   

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[jirapos...@reviews.apache.org (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13172705#comment-13172705
 ] 

jirapos...@reviews.apache.org commented on HIVE-2616:
-



bq.  On 2011-12-19 22:35:15, Ashutosh Chauhan wrote:
bq.   About testing, see my earlier comment. To do any real tests for this, 
one needs to do 'sudo' and then run tests. I have not found an easy way to do 
that in Hive. HCatalog has test infrastructure which makes this kind of thing 
possible, where I am adding these tests. See, HCATALOG-181 Also, I have 
manually verified all four combinations of new/old client and new/old server 
and results were of my satisfaction.

Wouldn't it make more sense to add this test infrastructure directly to Hive 
where the feature is implemented? Also, manually testing this feature today 
does nothing to prevent someone from breaking it tomorrow. That's why we need 
automated test coverage for this patch.


- Carl


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/#review3985
---


On 2011-12-17 02:42:36, Ashutosh Chauhan wrote:
bq.  
bq.  ---
bq.  This is an automatically generated e-mail. To reply, visit:
bq.  https://reviews.apache.org/r/2975/
bq.  ---
bq.  
bq.  (Updated 2011-12-17 02:42:36)
bq.  
bq.  
bq.  Review request for hive.
bq.  
bq.  
bq.  Summary
bq.  ---
bq.  
bq.  Pass user identity in metastore connection in unsecure mode
bq.  
bq.  
bq.  This addresses bug HIVE-2616.
bq.  https://issues.apache.org/jira/browse/HIVE-2616
bq.  
bq.  
bq.  Diffs
bq.  -
bq.  
bq.trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1215380 
bq.trunk/conf/hive-default.xml.template 1215380 
bq.trunk/metastore/if/hive_metastore.thrift 1215380 
bq.trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1215380 
bq.trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1215380 
bq.
trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp 
1215380 
bq.
trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
 1215380 
bq.
trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php 
1215380 
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote 
1215380 
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py 
1215380 
bq.trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1215380 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 
1215380 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
 1215380 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
 PRE-CREATION 
bq.trunk/shims/ivy.xml 1215380 
bq.
trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 
1215380 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 
1215380 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
 1215380 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/client/TUGIAssumingTransport.java
 PRE-CREATION 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java 
1215380 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java 
PRE-CREATION 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
 PRE-CREATION 
bq.  
bq.  Diff: https://reviews.apache.org/r/2975/diff
bq.  
bq.  
bq.  Testing
bq.  ---
bq.  
bq.  All the tests in metastore dir passes. Manually tested that file on hdfs 
is owned by user running the client and not by user running metastore server.
bq.  
bq.  
bq.  Thanks,
bq.  
bq.  Ashutosh
bq.  
bq.



 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch, 
 hive-2616_4.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[jirapos...@reviews.apache.org (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13172848#comment-13172848
 ] 

jirapos...@reviews.apache.org commented on HIVE-2616:
-


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/
---

(Updated 2011-12-20 02:05:22.736212)


Review request for hive.


Changes
---

Updated patch incorporating Carl's comments.
Also added tests as requested by Carl.


Summary
---

Pass user identity in metastore connection in unsecure mode


This addresses bug HIVE-2616.
https://issues.apache.org/jira/browse/HIVE-2616


Diffs (updated)
-

  trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1221059 
  trunk/conf/hive-default.xml.template 1221059 
  trunk/metastore/if/hive_metastore.thrift 1221059 
  trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1221059 
  trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1221059 
  
trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp 
1221059 
  
trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
 1221059 
  trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php 
1221059 
  
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote 
1221059 
  trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py 
1221059 
  trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1221059 
  trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 
1221059 
  
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
 1221059 
  
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
 PRE-CREATION 
  
trunk/metastore/src/test/org/apache/hadoop/hive/metastore/TestRemoteHiveMetaStore.java
 1221059 
  
trunk/metastore/src/test/org/apache/hadoop/hive/metastore/TestSetUGIOnBothClientServer.java
 PRE-CREATION 
  
trunk/metastore/src/test/org/apache/hadoop/hive/metastore/TestSetUGIOnOnlyClient.java
 PRE-CREATION 
  
trunk/metastore/src/test/org/apache/hadoop/hive/metastore/TestSetUGIOnOnlyServer.java
 PRE-CREATION 
  trunk/shims/ivy.xml 1221059 
  trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 
1221059 
  trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 
1221059 
  
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
 1221059 
  
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/client/TUGIAssumingTransport.java
 PRE-CREATION 
  trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java 
1221059 
  
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java 
PRE-CREATION 
  
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
 PRE-CREATION 

Diff: https://reviews.apache.org/r/2975/diff


Testing
---

All the tests in metastore dir passes. Manually tested that file on hdfs is 
owned by user running the client and not by user running metastore server.


Thanks,

Ashutosh



 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch, 
 hive-2616_4.patch, hive-2616_5.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[jirapos...@reviews.apache.org (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13171419#comment-13171419
 ] 

jirapos...@reviews.apache.org commented on HIVE-2616:
-



bq.  On 2011-12-16 10:03:39, Thomas wrote:
bq.   Instead of introducing set_ugi into the metastore thrift interface, 
could this not be solved through SASL (looks like a prime use case for SASL)? 
bq.   
bq.   Have the server request transmission of ugi when configured to do so and 
the client react accordingly. Similar to how delegation token is transmitted 
(SaslClientCallbackHandler).

I am not sure, how SASL could be used to solve this problem. Furthermore, even 
if it does it will require lock-step upgrade of *all* clients, which is not 
desirable, whereas current approach doesn't have this drawback. 


- Ashutosh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/#review3947
---


On 2011-12-03 00:07:25, Ashutosh Chauhan wrote:
bq.  
bq.  ---
bq.  This is an automatically generated e-mail. To reply, visit:
bq.  https://reviews.apache.org/r/2975/
bq.  ---
bq.  
bq.  (Updated 2011-12-03 00:07:25)
bq.  
bq.  
bq.  Review request for hive.
bq.  
bq.  
bq.  Summary
bq.  ---
bq.  
bq.  Pass user identity in metastore connection in unsecure mode
bq.  
bq.  
bq.  This addresses bug HIVE-2616.
bq.  https://issues.apache.org/jira/browse/HIVE-2616
bq.  
bq.  
bq.  Diffs
bq.  -
bq.  
bq.trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1209772 
bq.trunk/metastore/if/hive_metastore.thrift 1209772 
bq.trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1209772 
bq.trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1209772 
bq.
trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp 
1209772 
bq.
trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
 1209772 
bq.
trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php 
1209772 
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote 
1209772 
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py 
1209772 
bq.trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1209772 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 
1209772 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
 1209772 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
 PRE-CREATION 
bq.trunk/shims/ivy.xml 1209772 
bq.
trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 
1209772 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 
1209772 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
 1209772 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/TUGIAssumingTransport.java
 PRE-CREATION 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java 
1209772 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java
 1209772 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java 
PRE-CREATION 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
 PRE-CREATION 
bq.  
bq.  Diff: https://reviews.apache.org/r/2975/diff
bq.  
bq.  
bq.  Testing
bq.  ---
bq.  
bq.  All the tests in metastore dir passes. Manually tested that file on hdfs 
is owned by user running the client and not by user running metastore server.
bq.  
bq.  
bq.  Thanks,
bq.  
bq.  Ashutosh
bq.  
bq.



 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[jirapos...@reviews.apache.org (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13171421#comment-13171421
 ] 

jirapos...@reviews.apache.org commented on HIVE-2616:
-



bq.  On 2011-12-16 03:06:59, Carl Steinbach wrote:
bq.   trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java, line 237
bq.   https://reviews.apache.org/r/2975/diff/2/?file=61777#file61777line237
bq.  
bq.   All properties that appear in HiveConf also need to appear in 
conf/hive-default.xml.template along with a description.
bq.  

Done.


bq.  On 2011-12-16 03:06:59, Carl Steinbach wrote:
bq.   trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java, line 238
bq.   https://reviews.apache.org/r/2975/diff/2/?file=61777#file61777line238
bq.  
bq.   
bq.   I think it would make sense to change the name to 
'hive.metastore.client.enable.setugi'. Also, I think this feature should be 
disabled by default.
bq.   
bq.  

Done. False by default.


bq.  On 2011-12-16 03:06:59, Carl Steinbach wrote:
bq.   trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java, line 239
bq.   https://reviews.apache.org/r/2975/diff/2/?file=61777#file61777line239
bq.  
bq.   Please add a new property hive.metastore.server.enable.setugi that 
allows this RPC to be disabled on the server side, and set the default value to 
false.

I reused same config hive.metastore.execute.setugi at both client and server 
which is off by default.


bq.  On 2011-12-16 03:06:59, Carl Steinbach wrote:
bq.   trunk/metastore/if/hive_metastore.thrift, line 438
bq.   https://reviews.apache.org/r/2975/diff/2/?file=61778#file61778line438
bq.  
bq.   Please add a comment explaining what this call does.

Added comment.


bq.  On 2011-12-16 03:06:59, Carl Steinbach wrote:
bq.   
trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java,
 line 145
bq.   https://reviews.apache.org/r/2975/diff/2/?file=61782#file61782line145
bq.  
bq.   When I apply your changes and run the thriftif ant target I see a 
small diff in this file. Did you use Thrift 0.7.0 to generate these files?

I am not sure how that happened. I reran ant thriftif again. So, those should 
go away now.


bq.  On 2011-12-16 03:06:59, Carl Steinbach wrote:
bq.   
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java, 
line 3589
bq.   https://reviews.apache.org/r/2975/diff/2/?file=61787#file61787line3589
bq.  
bq.   Indentation.

Fixed.


bq.  On 2011-12-16 03:06:59, Carl Steinbach wrote:
bq.   
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java, 
line 3743
bq.   https://reviews.apache.org/r/2975/diff/2/?file=61787#file61787line3743
bq.  
bq.   So instead of checking the hive.metastore.sasl.enabled property we 
now just check to see if we're using a security enabled shim, and if so assume 
that the user wants to enable security? I don't think this is correct behavior 
since the fact that we're using a secure version of Hadoop does not necessarily 
imply that we actually have security enabled.
bq.   
bq.   Also, it looks like this change deprecates the 
hive.metastore.sasl.enabled configuration property. In line with my comment 
above I think it makes sense to leave this property in, but if you do remove it 
then you need to release note the change and remove this property from HiveConf 
and conf/hive-default.xml.template.

Reverted back to use old config variables to avoid the issues outlined. 


bq.  On 2011-12-16 03:06:59, Carl Steinbach wrote:
bq.   
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java, 
line 3751
bq.   https://reviews.apache.org/r/2975/diff/2/?file=61787#file61787line3751
bq.  
bq.   Indentation.

Fixed.


bq.  On 2011-12-16 03:06:59, Carl Steinbach wrote:
bq.   
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java, 
line 3756
bq.   https://reviews.apache.org/r/2975/diff/2/?file=61787#file61787line3756
bq.  
bq.   We're initializing SASL even if isSecure=false?

Fixed.


bq.  On 2011-12-16 03:06:59, Carl Steinbach wrote:
bq.   
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java, 
line 3758
bq.   https://reviews.apache.org/r/2975/diff/2/?file=61787#file61787line3758
bq.  
bq.   Formatting.

Fixed.


bq.  On 2011-12-16 03:06:59, Carl Steinbach wrote:
bq.   
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java,
 line 263
bq.   https://reviews.apache.org/r/2975/diff/2/?file=61788#file61788line263
bq.  
bq.   Formatting: please add spaces.

Fixed.


bq.  On 2011-12-16 03:06:59, Carl Steinbach wrote:
bq.   
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java,
 line 280
bq.   https://reviews.apache.org/r/2975/diff/2/?file=61788#file61788line280
bq.  
bq.   Should this be Failed to login to the 

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[jirapos...@reviews.apache.org (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13171423#comment-13171423
 ] 

jirapos...@reviews.apache.org commented on HIVE-2616:
-


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/
---

(Updated 2011-12-17 02:42:36.039580)


Review request for hive.


Changes
---

Updated the patch to address Carl's comments.


Summary
---

Pass user identity in metastore connection in unsecure mode


This addresses bug HIVE-2616.
https://issues.apache.org/jira/browse/HIVE-2616


Diffs (updated)
-

  trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1215380 
  trunk/conf/hive-default.xml.template 1215380 
  trunk/metastore/if/hive_metastore.thrift 1215380 
  trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1215380 
  trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1215380 
  
trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp 
1215380 
  
trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
 1215380 
  trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php 
1215380 
  
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote 
1215380 
  trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py 
1215380 
  trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1215380 
  trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 
1215380 
  
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
 1215380 
  
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
 PRE-CREATION 
  trunk/shims/ivy.xml 1215380 
  trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 
1215380 
  trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 
1215380 
  
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
 1215380 
  
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/client/TUGIAssumingTransport.java
 PRE-CREATION 
  trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java 
1215380 
  
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java 
PRE-CREATION 
  
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
 PRE-CREATION 

Diff: https://reviews.apache.org/r/2975/diff


Testing
---

All the tests in metastore dir passes. Manually tested that file on hdfs is 
owned by user running the client and not by user running metastore server.


Thanks,

Ashutosh



 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch, 
 hive-2616_4.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[John Sichi (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13170521#comment-13170521
 ] 

John Sichi commented on HIVE-2616:
--

OK, can you submit the thrift patch?  If we'll be able to uptake that 
eventually, then I'm fine with the current approach.  I was thinking dynamic 
proxy would allow us to do the necessary method interception without needing to 
futz with method accessibility.

Carl, are you good with this?


 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[Ashutosh Chauhan (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13170682#comment-13170682
 ] 

Ashutosh Chauhan commented on HIVE-2616:


Sure. I uploaded the patch on THRIFT-1465

 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[Carl Steinbach (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13170685#comment-13170685
 ] 

Carl Steinbach commented on HIVE-2616:
--

@John: I'm looking at the patch now. Will respond soon with some comments.

 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[jirapos...@reviews.apache.org (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13170726#comment-13170726
 ] 

jirapos...@reviews.apache.org commented on HIVE-2616:
-


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/#review3939
---



trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
https://reviews.apache.org/r/2975/#comment8885

All properties that appear in HiveConf also need to appear in 
conf/hive-default.xml.template along with a description.




trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
https://reviews.apache.org/r/2975/#comment8893


I think it would make sense to change the name to 
'hive.metastore.client.enable.setugi'. Also, I think this feature should be 
disabled by default.





trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
https://reviews.apache.org/r/2975/#comment8894

Please add a new property hive.metastore.server.enable.setugi that allows 
this RPC to be disabled on the server side, and set the default value to false.



trunk/metastore/if/hive_metastore.thrift
https://reviews.apache.org/r/2975/#comment8895

Please add a comment explaining what this call does.



trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
https://reviews.apache.org/r/2975/#comment8886

When I apply your changes and run the thriftif ant target I see a small 
diff in this file. Did you use Thrift 0.7.0 to generate these files?



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
https://reviews.apache.org/r/2975/#comment8887

Indentation.



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
https://reviews.apache.org/r/2975/#comment

So instead of checking the hive.metastore.sasl.enabled property we now just 
check to see if we're using a security enabled shim, and if so assume that the 
user wants to enable security? I don't think this is correct behavior since the 
fact that we're using a secure version of Hadoop does not necessarily imply 
that we actually have security enabled.

Also, it looks like this change deprecates the hive.metastore.sasl.enabled 
configuration property. In line with my comment above I think it makes sense to 
leave this property in, but if you do remove it then you need to release note 
the change and remove this property from HiveConf and 
conf/hive-default.xml.template.



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
https://reviews.apache.org/r/2975/#comment8896

Indentation.



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
https://reviews.apache.org/r/2975/#comment8897

We're initializing SASL even if isSecure=false?



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
https://reviews.apache.org/r/2975/#comment8889

Formatting.



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
https://reviews.apache.org/r/2975/#comment8891

Formatting: please add spaces.



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
https://reviews.apache.org/r/2975/#comment8898

new client talking to old metastore seems to imply that we're able to 
determine whether or not we're talking to an old server, which isn't true. In 
reality, the onus is on the admin to ensure that both sides support this 
feature. What happens if the client calls set_ugi(), but the server doesn't 
support it? Is the error message helpful?



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
https://reviews.apache.org/r/2975/#comment8892

Should this be Failed to login to the MetaStore Server...?



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
https://reviews.apache.org/r/2975/#comment8901

I think it's more accurate to say that the processor *checks* to see if 
the first call is to set_ugi()... instead of saying that it *expects* the 
first call to be to set_ugi().



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
https://reviews.apache.org/r/2975/#comment8902

+1 to referencing the THRIFT JIRA. I think the class comment should call 
out that this is a temporary workaround cite a TODO.



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
https://reviews.apache.org/r/2975/#comment8899

Formatting: '} else {'



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
https://reviews.apache.org/r/2975/#comment8900

There's a TAB here. Please remove.

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[Ashutosh Chauhan (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13169510#comment-13169510
 ] 

Ashutosh Chauhan commented on HIVE-2616:


@John,
I don't see how Dynamic Proxy will be better then current approach. Would you 
like to expand a bit on that?

 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[Ashutosh Chauhan (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13168668#comment-13168668
 ] 

Ashutosh Chauhan commented on HIVE-2616:


Any feedback on this will be appreciated. Since, it was easier to add a test 
case using hcatalog test harness, I have added a test there on HCATALOG-181

 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[jirapos...@reviews.apache.org (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13168782#comment-13168782
 ] 

jirapos...@reviews.apache.org commented on HIVE-2616:
-


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/#review3886
---



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
https://reviews.apache.org/r/2975/#comment8718

Typos:  it's, don't



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
https://reviews.apache.org/r/2975/#comment8719

Need ASF header on all new files.



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
https://reviews.apache.org/r/2975/#comment8720

remove extra spaces



trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
https://reviews.apache.org/r/2975/#comment8721

I don't think we should commit this without at least a reference to a 
Thrift patch to get the necessary enhancement for making this brittle jankiness 
unnecessary.

Alternatively, is it possible to use a dynamic proxy to avoid this?


- John


On 2011-12-03 00:07:25, Ashutosh Chauhan wrote:
bq.  
bq.  ---
bq.  This is an automatically generated e-mail. To reply, visit:
bq.  https://reviews.apache.org/r/2975/
bq.  ---
bq.  
bq.  (Updated 2011-12-03 00:07:25)
bq.  
bq.  
bq.  Review request for hive.
bq.  
bq.  
bq.  Summary
bq.  ---
bq.  
bq.  Pass user identity in metastore connection in unsecure mode
bq.  
bq.  
bq.  This addresses bug HIVE-2616.
bq.  https://issues.apache.org/jira/browse/HIVE-2616
bq.  
bq.  
bq.  Diffs
bq.  -
bq.  
bq.trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1209772 
bq.trunk/metastore/if/hive_metastore.thrift 1209772 
bq.trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1209772 
bq.trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1209772 
bq.
trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp 
1209772 
bq.
trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
 1209772 
bq.
trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php 
1209772 
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote 
1209772 
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py 
1209772 
bq.trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1209772 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 
1209772 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
 1209772 
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
 PRE-CREATION 
bq.trunk/shims/ivy.xml 1209772 
bq.
trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 
1209772 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 
1209772 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
 1209772 
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/TUGIAssumingTransport.java
 PRE-CREATION 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java 
1209772 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java
 1209772 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java 
PRE-CREATION 
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
 PRE-CREATION 
bq.  
bq.  Diff: https://reviews.apache.org/r/2975/diff
bq.  
bq.  
bq.  Testing
bq.  ---
bq.  
bq.  All the tests in metastore dir passes. Manually tested that file on hdfs 
is owned by user running the client and not by user running metastore server.
bq.  
bq.  
bq.  Thanks,
bq.  
bq.  Ashutosh
bq.  
bq.



 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by 

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[jirapos...@reviews.apache.org (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13161934#comment-13161934
 ] 

jirapos...@reviews.apache.org commented on HIVE-2616:
-


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/
---

(Updated 2011-12-02 23:46:56.664874)


Review request for hive.


Changes
---

Updated patch


Summary
---

Pass user identity in metastore connection in unsecure mode


This addresses bug HIVE-2616.
https://issues.apache.org/jira/browse/HIVE-2616


Diffs (updated)
-

  trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1209772 
  trunk/metastore/if/hive_metastore.thrift 1209772 
  trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1209772 
  trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1209772 
  
trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp 
1209772 
  
trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
 1209772 
  trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php 
1209772 
  
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote 
1209772 
  trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py 
1209772 
  trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1209772 
  trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 
1209772 
  
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
 1209772 
  
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
 PRE-CREATION 
  trunk/shims/ivy.xml 1209772 
  trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 
1209772 
  trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 
1209772 
  
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
 1209772 
  
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/TUGIAssumingTransport.java
 PRE-CREATION 
  trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java 
1209772 
  
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java
 1209772 
  
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java 
PRE-CREATION 
  
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
 PRE-CREATION 

Diff: https://reviews.apache.org/r/2975/diff


Testing
---

Design patch, not much tested yet.


Thanks,

Ashutosh



 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[Ashutosh Chauhan (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13159862#comment-13159862
 ] 

Ashutosh Chauhan commented on HIVE-2616:


Some details:
Currently metastore client when connecting with metastore server doesn't pass 
on its identity in unsecure mode. In secure mode connection is wrapped into 
sasl connection which does passes the user identity but only after doing 
kerberos based authentication. Hadoop also has similar requirements where 
dfsclient request namenode to perform certain operations on user's behalf. In 
secure mode, user identity is passed through sasl layer and in unsecure mode it 
is passed through connection header. Thrift metastore client-server connection 
however doesn't pass on any connection header at a time of a connection setup. 
So, mimicking what hadoop does can not yield desired result in backward 
compatible way. This patch takes an approach where it sends ugi information as 
a first rpc call from client to server straight after connection setup, which 
server then caches and uses for subsequent rpcs. As a result a new thrift api 
set_ugi() is added. This ensures backward compatibility since old client will 
never make this rpc, so server will continue with its previous behavior, but 
will perform doAs() when ugi information is indeed made available by new 
clients.  


 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode

[jirapos...@reviews.apache.org (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13159865#comment-13159865
 ] 

jirapos...@reviews.apache.org commented on HIVE-2616:
-


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/
---

Review request for hive.


Summary
---

Pass user identity in metastore connection in unsecure mode


This addresses bug HIVE-2616.
https://issues.apache.org/jira/browse/HIVE-2616


Diffs
-

  trunk/metastore/if/hive_metastore.thrift 1205119 
  trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1205119 
  trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1205119 
  
trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp 
1205119 
  
trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
 1205119 
  trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php 
1205119 
  
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote 
1205119 
  trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py 
1205119 
  trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1205119 
  trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 
1205119 
  
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
 1207966 
  
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIContainingTransport.java
 PRE-CREATION 
  
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/UGIBasedProcessor.java
 PRE-CREATION 

Diff: https://reviews.apache.org/r/2975/diff


Testing
---

Design patch, not much tested yet.


Thanks,

Ashutosh



 Passing user identity from metastore client to server in non-secure mode
 

 Key: HIVE-2616
 URL: https://issues.apache.org/jira/browse/HIVE-2616
 Project: Hive
  Issue Type: Bug
  Components: Metastore
Reporter: Ashutosh Chauhan
Assignee: Ashutosh Chauhan
 Attachments: hive-2616.patch


 Currently in unsecure mode client don't pass on user identity. As a result 
 hdfs and other operations done by server gets executed by user running 
 metastore process instead of being done in context of client. This results in 
 problem as reported here: 
 http://mail-archives.apache.org/mod_mbox/hive-user/20.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira