[jira] [Updated] (HIVE-6738) HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying intermediary
[ https://issues.apache.org/jira/browse/HIVE-6738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thejas M Nair updated HIVE-6738: Resolution: Fixed Status: Resolved (was: Patch Available) Verified that tests pass with the patch. Patch committed to trunk and 0.13 branch. > HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying > intermediary > > > Key: HIVE-6738 > URL: https://issues.apache.org/jira/browse/HIVE-6738 > Project: Hive > Issue Type: Improvement > Components: HiveServer2 >Affects Versions: 0.13.0 >Reporter: Dilli Arumugam >Assignee: Dilli Arumugam > Fix For: 0.13.0 > > Attachments: HIVE-6738.1.patch, HIVE-6738.patch, > hive-6738-req-impl-verify-rev1.md, hive-6738-req-impl-verify.md > > > See already implemented JIra > https://issues.apache.org/jira/browse/HIVE-5155 > Support secure proxy user access to HiveServer2 > That fix expects the hive.server2.proxy.user parameter to come in Thrift body. > When an intermediary gateway like Apache Knox is authenticating the end > client and then proxying the request to HiveServer2, it is not practical for > the intermediary like Apache Knox to modify thrift content. > Intermediary like Apache Knox should be able to assert doAs in a query > parameter. This paradigm is already established by other Hadoop ecosystem > components like WebHDFS, WebHCat, Oozie and HBase and Hive needs to be > aligned with them. > The doAs asserted in query parameter should override if doAs specified in > Thrift body. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HIVE-6738) HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying intermediary
[ https://issues.apache.org/jira/browse/HIVE-6738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dilli Arumugam updated HIVE-6738: - Hadoop Flags: Reviewed Status: Patch Available (was: In Progress) > HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying > intermediary > > > Key: HIVE-6738 > URL: https://issues.apache.org/jira/browse/HIVE-6738 > Project: Hive > Issue Type: Improvement > Components: HiveServer2 >Affects Versions: 0.13.0 >Reporter: Dilli Arumugam >Assignee: Dilli Arumugam > Fix For: 0.13.0 > > Attachments: HIVE-6738.1.patch, HIVE-6738.patch, > hive-6738-req-impl-verify-rev1.md, hive-6738-req-impl-verify.md > > > See already implemented JIra > https://issues.apache.org/jira/browse/HIVE-5155 > Support secure proxy user access to HiveServer2 > That fix expects the hive.server2.proxy.user parameter to come in Thrift body. > When an intermediary gateway like Apache Knox is authenticating the end > client and then proxying the request to HiveServer2, it is not practical for > the intermediary like Apache Knox to modify thrift content. > Intermediary like Apache Knox should be able to assert doAs in a query > parameter. This paradigm is already established by other Hadoop ecosystem > components like WebHDFS, WebHCat, Oozie and HBase and Hive needs to be > aligned with them. > The doAs asserted in query parameter should override if doAs specified in > Thrift body. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HIVE-6738) HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying intermediary
[ https://issues.apache.org/jira/browse/HIVE-6738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vaibhav Gumashta updated HIVE-6738: --- Fix Version/s: 0.13.0 > HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying > intermediary > > > Key: HIVE-6738 > URL: https://issues.apache.org/jira/browse/HIVE-6738 > Project: Hive > Issue Type: Improvement > Components: HiveServer2 >Affects Versions: 0.13.0 >Reporter: Dilli Arumugam >Assignee: Dilli Arumugam > Fix For: 0.13.0 > > Attachments: HIVE-6738.1.patch, HIVE-6738.patch, > hive-6738-req-impl-verify-rev1.md, hive-6738-req-impl-verify.md > > > See already implemented JIra > https://issues.apache.org/jira/browse/HIVE-5155 > Support secure proxy user access to HiveServer2 > That fix expects the hive.server2.proxy.user parameter to come in Thrift body. > When an intermediary gateway like Apache Knox is authenticating the end > client and then proxying the request to HiveServer2, it is not practical for > the intermediary like Apache Knox to modify thrift content. > Intermediary like Apache Knox should be able to assert doAs in a query > parameter. This paradigm is already established by other Hadoop ecosystem > components like WebHDFS, WebHCat, Oozie and HBase and Hive needs to be > aligned with them. > The doAs asserted in query parameter should override if doAs specified in > Thrift body. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HIVE-6738) HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying intermediary
[ https://issues.apache.org/jira/browse/HIVE-6738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vaibhav Gumashta updated HIVE-6738: --- Affects Version/s: 0.13.0 > HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying > intermediary > > > Key: HIVE-6738 > URL: https://issues.apache.org/jira/browse/HIVE-6738 > Project: Hive > Issue Type: Improvement > Components: HiveServer2 >Affects Versions: 0.13.0 >Reporter: Dilli Arumugam >Assignee: Dilli Arumugam > Fix For: 0.13.0 > > Attachments: HIVE-6738.1.patch, HIVE-6738.patch, > hive-6738-req-impl-verify-rev1.md, hive-6738-req-impl-verify.md > > > See already implemented JIra > https://issues.apache.org/jira/browse/HIVE-5155 > Support secure proxy user access to HiveServer2 > That fix expects the hive.server2.proxy.user parameter to come in Thrift body. > When an intermediary gateway like Apache Knox is authenticating the end > client and then proxying the request to HiveServer2, it is not practical for > the intermediary like Apache Knox to modify thrift content. > Intermediary like Apache Knox should be able to assert doAs in a query > parameter. This paradigm is already established by other Hadoop ecosystem > components like WebHDFS, WebHCat, Oozie and HBase and Hive needs to be > aligned with them. > The doAs asserted in query parameter should override if doAs specified in > Thrift body. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HIVE-6738) HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying intermediary
[ https://issues.apache.org/jira/browse/HIVE-6738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dilli Arumugam updated HIVE-6738: - Attachment: HIVE-6738.1.patch revised patch based on review comments from [~thejas] > HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying > intermediary > > > Key: HIVE-6738 > URL: https://issues.apache.org/jira/browse/HIVE-6738 > Project: Hive > Issue Type: Improvement > Components: HiveServer2 >Reporter: Dilli Arumugam >Assignee: Dilli Arumugam > Attachments: HIVE-6738.1.patch, HIVE-6738.patch, > hive-6738-req-impl-verify-rev1.md, hive-6738-req-impl-verify.md > > > See already implemented JIra > https://issues.apache.org/jira/browse/HIVE-5155 > Support secure proxy user access to HiveServer2 > That fix expects the hive.server2.proxy.user parameter to come in Thrift body. > When an intermediary gateway like Apache Knox is authenticating the end > client and then proxying the request to HiveServer2, it is not practical for > the intermediary like Apache Knox to modify thrift content. > Intermediary like Apache Knox should be able to assert doAs in a query > parameter. This paradigm is already established by other Hadoop ecosystem > components like WebHDFS, WebHCat, Oozie and HBase and Hive needs to be > aligned with them. > The doAs asserted in query parameter should override if doAs specified in > Thrift body. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HIVE-6738) HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying intermediary
[ https://issues.apache.org/jira/browse/HIVE-6738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dilli Arumugam updated HIVE-6738: - Attachment: hive-6738-req-impl-verify-rev1.md description revised based on review input from [~vaibhavgumashta] > HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying > intermediary > > > Key: HIVE-6738 > URL: https://issues.apache.org/jira/browse/HIVE-6738 > Project: Hive > Issue Type: Improvement > Components: HiveServer2 >Reporter: Dilli Arumugam >Assignee: Dilli Arumugam > Attachments: HIVE-6738.patch, hive-6738-req-impl-verify-rev1.md, > hive-6738-req-impl-verify.md > > > See already implemented JIra > https://issues.apache.org/jira/browse/HIVE-5155 > Support secure proxy user access to HiveServer2 > That fix expects the hive.server2.proxy.user parameter to come in Thrift body. > When an intermediary gateway like Apache Knox is authenticating the end > client and then proxying the request to HiveServer2, it is not practical for > the intermediary like Apache Knox to modify thrift content. > Intermediary like Apache Knox should be able to assert doAs in a query > parameter. This paradigm is already established by other Hadoop ecosystem > components like WebHDFS, WebHCat, Oozie and HBase and Hive needs to be > aligned with them. > The doAs asserted in query parameter should override if doAs specified in > Thrift body. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HIVE-6738) HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying intermediary
[ https://issues.apache.org/jira/browse/HIVE-6738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dilli Arumugam updated HIVE-6738: - Attachment: HIVE-6738.patch Patch implementing the enhancement. This has to go in after the patch for HIVE-6697 that is pending in queue is merged. > HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying > intermediary > > > Key: HIVE-6738 > URL: https://issues.apache.org/jira/browse/HIVE-6738 > Project: Hive > Issue Type: Improvement > Components: HiveServer2 >Reporter: Dilli Arumugam >Assignee: Dilli Arumugam > Attachments: HIVE-6738.patch, hive-6738-req-impl-verify.md > > > See already implemented JIra > https://issues.apache.org/jira/browse/HIVE-5155 > Support secure proxy user access to HiveServer2 > That fix expects the hive.server2.proxy.user parameter to come in Thrift body. > When an intermediary gateway like Apache Knox is authenticating the end > client and then proxying the request to HiveServer2, it is not practical for > the intermediary like Apache Knox to modify thrift content. > Intermediary like Apache Knox should be able to assert doAs in a query > parameter. This paradigm is already established by other Hadoop ecosystem > components like WebHDFS, WebHCat, Oozie and HBase and Hive needs to be > aligned with them. > The doAs asserted in query parameter should override if doAs specified in > Thrift body. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HIVE-6738) HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying intermediary
[ https://issues.apache.org/jira/browse/HIVE-6738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dilli Arumugam updated HIVE-6738: - Attachment: hive-6738-req-impl-verify.md short description of requirement, some implementation details and verification of the enhancement > HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying > intermediary > > > Key: HIVE-6738 > URL: https://issues.apache.org/jira/browse/HIVE-6738 > Project: Hive > Issue Type: Improvement > Components: HiveServer2 >Reporter: Dilli Arumugam >Assignee: Dilli Arumugam > Attachments: hive-6738-req-impl-verify.md > > > See already implemented JIra > https://issues.apache.org/jira/browse/HIVE-5155 > Support secure proxy user access to HiveServer2 > That fix expects the hive.server2.proxy.user parameter to come in Thrift body. > When an intermediary gateway like Apache Knox is authenticating the end > client and then proxying the request to HiveServer2, it is not practical for > the intermediary like Apache Knox to modify thrift content. > Intermediary like Apache Knox should be able to assert doAs in a query > parameter. This paradigm is already established by other Hadoop ecosystem > components like WebHDFS, WebHCat, Oozie and HBase and Hive needs to be > aligned with them. > The doAs asserted in query parameter should override if doAs specified in > Thrift body. -- This message was sent by Atlassian JIRA (v6.2#6252)
