[jira] [Commented] (HIVE-2712) Make ZooKeeper token store ACL configurable
[ https://issues.apache.org/jira/browse/HIVE-2712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13548131#comment-13548131 ] Hudson commented on HIVE-2712: -- Integrated in Hive-trunk-hadoop2 #54 (See [https://builds.apache.org/job/Hive-trunk-hadoop2/54/]) HIVE-2712: Make ZooKeeper token store ACL configurable (thw via hashutosh) (Revision 1293530) Result = ABORTED hashutosh : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1293530 Files : * /hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java * /hive/trunk/conf/hive-default.xml.template * /hive/trunk/shims/src/common-secure/java/org/apache/hadoop/hive/thrift/DelegationTokenStore.java * /hive/trunk/shims/src/common-secure/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java * /hive/trunk/shims/src/common-secure/java/org/apache/hadoop/hive/thrift/MemoryTokenStore.java * /hive/trunk/shims/src/common-secure/java/org/apache/hadoop/hive/thrift/TokenStoreDelegationTokenSecretManager.java * /hive/trunk/shims/src/common-secure/java/org/apache/hadoop/hive/thrift/ZooKeeperTokenStore.java * /hive/trunk/shims/src/test/org/apache/hadoop/hive/thrift/TestHadoop20SAuthBridge.java * /hive/trunk/shims/src/test/org/apache/hadoop/hive/thrift/TestZooKeeperTokenStore.java Make ZooKeeper token store ACL configurable --- Key: HIVE-2712 URL: https://issues.apache.org/jira/browse/HIVE-2712 Project: Hive Issue Type: Improvement Components: Metastore, Security, Server Infrastructure Affects Versions: 0.8.0, 0.8.1, 0.9.0 Reporter: Thomas Weise Assignee: Thomas Weise Fix For: 0.9.0 Attachments: ASF.LICENSE.NOT.GRANTED--HIVE-2712.D1401.1.patch, ASF.LICENSE.NOT.GRANTED--HIVE-2712.D1401.2.patch, ASF.LICENSE.NOT.GRANTED--HIVE-2712.D1401.3.patch, HIVE-2712.3.patch ACL needs to be set to secure the token store with ZK 3.4. The patch will also include the review changes from HIVE-2467 that were not committed. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HIVE-2712) Make ZooKeeper token store ACL configurable
[ https://issues.apache.org/jira/browse/HIVE-2712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13216387#comment-13216387 ] Hudson commented on HIVE-2712: -- Integrated in Hive-trunk-h0.21 #1275 (See [https://builds.apache.org/job/Hive-trunk-h0.21/1275/]) HIVE-2712: Make ZooKeeper token store ACL configurable (thw via hashutosh) (Revision 1293530) Result = SUCCESS hashutosh : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1293530 Files : * /hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java * /hive/trunk/conf/hive-default.xml.template * /hive/trunk/shims/src/common-secure/java/org/apache/hadoop/hive/thrift/DelegationTokenStore.java * /hive/trunk/shims/src/common-secure/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java * /hive/trunk/shims/src/common-secure/java/org/apache/hadoop/hive/thrift/MemoryTokenStore.java * /hive/trunk/shims/src/common-secure/java/org/apache/hadoop/hive/thrift/TokenStoreDelegationTokenSecretManager.java * /hive/trunk/shims/src/common-secure/java/org/apache/hadoop/hive/thrift/ZooKeeperTokenStore.java * /hive/trunk/shims/src/test/org/apache/hadoop/hive/thrift/TestHadoop20SAuthBridge.java * /hive/trunk/shims/src/test/org/apache/hadoop/hive/thrift/TestZooKeeperTokenStore.java Make ZooKeeper token store ACL configurable --- Key: HIVE-2712 URL: https://issues.apache.org/jira/browse/HIVE-2712 Project: Hive Issue Type: Improvement Components: Metastore, Security, Server Infrastructure Affects Versions: 0.8.0, 0.8.1, 0.9.0 Reporter: Thomas Weise Assignee: Thomas Weise Fix For: 0.9.0 Attachments: HIVE-2712.3.patch, HIVE-2712.D1401.1.patch, HIVE-2712.D1401.2.patch, HIVE-2712.D1401.3.patch ACL needs to be set to secure the token store with ZK 3.4. The patch will also include the review changes from HIVE-2467 that were not committed. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HIVE-2712) Make ZooKeeper token store ACL configurable
[ https://issues.apache.org/jira/browse/HIVE-2712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13216092#comment-13216092 ] Phabricator commented on HIVE-2712: --- ashutoshc has accepted the revision HIVE-2712 [jira] Make ZooKeeper token store ACL configurable. +1 Looks good. Lint is complaining about few lines being longer then 100 chars. Can you fix those and then upload the patch on jira granting perms? REVISION DETAIL https://reviews.facebook.net/D1401 BRANCH svn Make ZooKeeper token store ACL configurable --- Key: HIVE-2712 URL: https://issues.apache.org/jira/browse/HIVE-2712 Project: Hive Issue Type: Improvement Components: Metastore, Security, Server Infrastructure Affects Versions: 0.8.0, 0.8.1, 0.9.0 Reporter: Thomas Weise Assignee: Thomas Weise Fix For: 0.9.0 Attachments: HIVE-2712.D1401.1.patch, HIVE-2712.D1401.2.patch ACL needs to be set to secure the token store with ZK 3.4. The patch will also include the review changes from HIVE-2467 that were not committed. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HIVE-2712) Make ZooKeeper token store ACL configurable
[ https://issues.apache.org/jira/browse/HIVE-2712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13192710#comment-13192710 ] Phabricator commented on HIVE-2712: --- ashutoshc has requested changes to the revision HIVE-2712 [jira] Make ZooKeeper token store ACL configurable. I dont see any test cases. Any way to easily write unit tests for it? INLINE COMMENTS shims/src/common-secure/java/org/apache/hadoop/hive/thrift/DelegationTokenStore.java:35 Since its extending RuntimeException and not java.lang.Error I think it should be named TokenStoreException. shims/src/common-secure/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java:198-221 Since all of these properties can be configured via hive-site.xml shall we document them in hive-default.xml.template too and also their default values? shims/src/common-secure/java/org/apache/hadoop/hive/thrift/ZooKeeperTokenStore.java:130 Shall we open a jira on ZK for them to refactor that code in ZK to make it available as public util method to avoid code duplication here? shims/src/common-secure/java/org/apache/hadoop/hive/thrift/ZooKeeperTokenStore.java:154-155 Use LOG.error instead of System.err.println shims/src/common-secure/java/org/apache/hadoop/hive/thrift/ZooKeeperTokenStore.java:215 If conf is null, you should throw IllegalStateException, no point in continuing without a valid ZK connect string. You are doing those checks later on as well in init() those can be removed then as well. shims/src/test/org/apache/hadoop/hive/thrift/TestHadoop20SAuthBridge.java:86 Why is this required? To have an ability to test with external ZK? REVISION DETAIL https://reviews.facebook.net/D1401 Make ZooKeeper token store ACL configurable --- Key: HIVE-2712 URL: https://issues.apache.org/jira/browse/HIVE-2712 Project: Hive Issue Type: Improvement Components: Metastore, Security, Server Infrastructure Affects Versions: 0.8.0, 0.8.1, 0.9.0 Reporter: Thomas Weise Assignee: Thomas Weise Fix For: 0.9.0 Attachments: HIVE-2712.D1401.1.patch ACL needs to be set to secure the token store with ZK 3.4. The patch will also include the review changes from HIVE-2467 that were not committed. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
