Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 commented on PR #5358: URL: https://github.com/apache/hive/pull/5358#issuecomment-2247058778 Thanks for the review -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
chinnaraolalam merged PR #5358: URL: https://github.com/apache/hive/pull/5358 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
chinnaraolalam commented on PR #5358: URL: https://github.com/apache/hive/pull/5358#issuecomment-2238674118 LGTM +1 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 closed pull request #5303: HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS URL: https://github.com/apache/hive/pull/5303 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
sonarcloud[bot] commented on PR #5303: URL: https://github.com/apache/hive/pull/5303#issuecomment-2236141138 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [12 New issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&issueStatuses=ACCEPTED) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=5303&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_coverage&view=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
sonarcloud[bot] commented on PR #5303: URL: https://github.com/apache/hive/pull/5303#issuecomment-2233116434 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [12 New issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&issueStatuses=ACCEPTED) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=5303&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_coverage&view=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
sonarcloud[bot] commented on PR #5303: URL: https://github.com/apache/hive/pull/5303#issuecomment-2232472595 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [12 New issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&issueStatuses=ACCEPTED) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=5303&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_coverage&view=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
sonarcloud[bot] commented on PR #5303: URL: https://github.com/apache/hive/pull/5303#issuecomment-2230969279 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [12 New issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&issueStatuses=ACCEPTED) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=5303&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_coverage&view=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
sonarcloud[bot] commented on PR #5303: URL: https://github.com/apache/hive/pull/5303#issuecomment-2226166724 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [12 New issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolutions=WONTFIX) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_coverage&view=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
sonarcloud[bot] commented on PR #5303: URL: https://github.com/apache/hive/pull/5303#issuecomment-2225245188 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [12 New issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolutions=WONTFIX) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_coverage&view=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
sonarcloud[bot] commented on PR #5303: URL: https://github.com/apache/hive/pull/5303#issuecomment-2223073763 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [12 New issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolutions=WONTFIX) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_coverage&view=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
sonarcloud[bot] commented on PR #5303: URL: https://github.com/apache/hive/pull/5303#issuecomment-2220700292 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [12 New issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolutions=WONTFIX) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_coverage&view=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1672347998 ## standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/TokenStoreDelegationTokenSecretManager.java: ## @@ -238,20 +248,33 @@ public synchronized void stopThreads() { */ protected void removeExpiredTokens() { long now = System.currentTimeMillis(); -Iterator i = tokenStore.getAllDelegationTokenIdentifiers() -.iterator(); -while (i.hasNext()) { - DelegationTokenIdentifier id = i.next(); +for (DelegationTokenIdentifier id : tokenStore.getAllDelegationTokenIdentifiers()) { if (now > id.getMaxDate()) { +LOGGER.info("Expiry Thread removing expired token: " + id); this.tokenStore.removeToken(id); // no need to look at token info } else { // get token info to check renew date -DelegationTokenInformation tokenInfo = tokenStore.getToken(id); -if (tokenInfo != null) { - if (now > tokenInfo.getRenewDate()) { -this.tokenStore.removeToken(id); - } +renewIfRequired(now, id, tokenStore.getToken(id)); Review Comment: I have put the renew call in a try-catch statement. This will make sure that for loop is run for all the tokens -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1672223166 ## itests/hive-unit-hadoop2/src/test/java/org/apache/hadoop/hive/metastore/security/TestHadoopAuthBridge23.java: ## @@ -204,13 +204,22 @@ public void testDelegationTokenSharedStore() throws Exception { // expected } -// token expiration +// token Renewal MyTokenStore.TOKEN_STORE.addToken(d, new DelegationTokenInformation(0, t.getPassword())); Assert.assertNotNull(MyTokenStore.TOKEN_STORE.getToken(d)); anotherManager.removeExpiredTokens(); +Assert.assertTrue(MyTokenStore.TOKEN_STORE.getToken(d).getRenewDate() > 0); Review Comment: No it will not give NPE here as maxDate is not zero here. In this case it is one hour actually. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
chinnaraolalam commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1670285383 ## standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/TokenStoreDelegationTokenSecretManager.java: ## @@ -238,20 +248,33 @@ public synchronized void stopThreads() { */ protected void removeExpiredTokens() { long now = System.currentTimeMillis(); -Iterator i = tokenStore.getAllDelegationTokenIdentifiers() -.iterator(); -while (i.hasNext()) { - DelegationTokenIdentifier id = i.next(); +for (DelegationTokenIdentifier id : tokenStore.getAllDelegationTokenIdentifiers()) { if (now > id.getMaxDate()) { +LOGGER.info("Expiry Thread removing expired token: " + id); this.tokenStore.removeToken(id); // no need to look at token info } else { // get token info to check renew date -DelegationTokenInformation tokenInfo = tokenStore.getToken(id); -if (tokenInfo != null) { - if (now > tokenInfo.getRenewDate()) { -this.tokenStore.removeToken(id); - } +renewIfRequired(now, id, tokenStore.getToken(id)); Review Comment: Renewal is needed here?, we can only remove expired tokens here and when ever token is accessed there we can check renewal is needed and renew only that token. If feel here we are going through all the tokens and unexpired tokens are renewed if needed and default value of expired thread interval is 15min. While renewing the token if it throws exception it will stop here and it will not check other expired tokens -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
chinnaraolalam commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1670275889 ## itests/hive-unit-hadoop2/src/test/java/org/apache/hadoop/hive/metastore/security/TestHadoopAuthBridge23.java: ## @@ -204,13 +204,22 @@ public void testDelegationTokenSharedStore() throws Exception { // expected } -// token expiration +// token Renewal MyTokenStore.TOKEN_STORE.addToken(d, new DelegationTokenInformation(0, t.getPassword())); Assert.assertNotNull(MyTokenStore.TOKEN_STORE.getToken(d)); anotherManager.removeExpiredTokens(); +Assert.assertTrue(MyTokenStore.TOKEN_STORE.getToken(d).getRenewDate() > 0); Review Comment: Its not about accessing maxtime, if maxtime is zero above statement "removeExpiredTokens()" will remove this token. After token removed calling getRenewDate() will throw NPE -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
sonarcloud[bot] commented on PR #5303: URL: https://github.com/apache/hive/pull/5303#issuecomment-2215119287 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [12 New issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolutions=WONTFIX) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_coverage&view=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
sonarcloud[bot] commented on PR #5303: URL: https://github.com/apache/hive/pull/5303#issuecomment-2214368779 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [13 New issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolutions=WONTFIX) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_coverage&view=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1668180682 ## standalone-metastore/metastore-server/src/test/java/org/apache/hadoop/hive/metastore/security/TestTokenStoreDelegationTokenSecretManager.java: ## @@ -99,19 +112,46 @@ private DelegationTokenIdentifier getID(String tokenStr) throws IOException { @Test public void testExpiry() throws IOException, InterruptedException { DelegationTokenStore tokenStore = new MemoryTokenStore(); -TokenStoreDelegationTokenSecretManager mgr = createTokenMgr(tokenStore, 1); +TokenStoreDelegationTokenSecretManager mgr = createTokenMgr(tokenStore, 1, 8, 2); try { mgr.startThreads(); String tokenStr = mgr.getDelegationToken(UserGroupInformation.getCurrentUser().getShortUserName(), UserGroupInformation.getCurrentUser().getShortUserName()); DelegationTokenIdentifier id = getID(tokenStr); Assert.assertNotNull(mgr.verifyDelegationToken(tokenStr)); - // Sleep for the renewal duration - Thread.sleep(1000); - SecretManager.InvalidToken ex = Assert.assertThrows(SecretManager.InvalidToken.class, + // Sleep for the expiration/maxlife duration duration + Thread.sleep(6000); + IllegalStateException ex = Assert.assertThrows(IllegalStateException.class, () -> mgr.verifyDelegationToken(tokenStr)); - Assert.assertTrue(ex.getMessage(), ex.getMessage().contains("has expired")); + Assert.assertTrue(ex.getMessage(), ex.getMessage().contains("Expiration time passed")); + Thread.sleep(6000); + //Expiry thread will remove the token as it has crossed the maxLifeTime. + Assert.assertEquals(tokenStore.getAllDelegationTokenIdentifiers().size(), 0); +} finally { + mgr.stopThreads(); +} + } + + @Test + public void testExpiryThreadRenewingAndRemovingToken() throws IOException, InterruptedException { +DelegationTokenStore tokenStore = new MemoryTokenStore(); Review Comment: Done, reduced the sleep time as well -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
sonarcloud[bot] commented on PR #5303: URL: https://github.com/apache/hive/pull/5303#issuecomment-2213527053 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [13 New issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolutions=WONTFIX) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_coverage&view=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=5303&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1668205080 ## standalone-metastore/metastore-server/src/test/java/org/apache/hadoop/hive/metastore/security/TestTokenStoreDelegationTokenSecretManager.java: ## @@ -60,6 +60,19 @@ private TokenStoreDelegationTokenSecretManager createTokenMgr(DelegationTokenSto tokenRenewInterval, tokenGcInterval, tokenStore); } + private TokenStoreDelegationTokenSecretManager createTokenMgr(DelegationTokenStore tokenStore, Review Comment: refactored -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1668180682 ## standalone-metastore/metastore-server/src/test/java/org/apache/hadoop/hive/metastore/security/TestTokenStoreDelegationTokenSecretManager.java: ## @@ -99,19 +112,46 @@ private DelegationTokenIdentifier getID(String tokenStr) throws IOException { @Test public void testExpiry() throws IOException, InterruptedException { DelegationTokenStore tokenStore = new MemoryTokenStore(); -TokenStoreDelegationTokenSecretManager mgr = createTokenMgr(tokenStore, 1); +TokenStoreDelegationTokenSecretManager mgr = createTokenMgr(tokenStore, 1, 8, 2); try { mgr.startThreads(); String tokenStr = mgr.getDelegationToken(UserGroupInformation.getCurrentUser().getShortUserName(), UserGroupInformation.getCurrentUser().getShortUserName()); DelegationTokenIdentifier id = getID(tokenStr); Assert.assertNotNull(mgr.verifyDelegationToken(tokenStr)); - // Sleep for the renewal duration - Thread.sleep(1000); - SecretManager.InvalidToken ex = Assert.assertThrows(SecretManager.InvalidToken.class, + // Sleep for the expiration/maxlife duration duration + Thread.sleep(6000); + IllegalStateException ex = Assert.assertThrows(IllegalStateException.class, () -> mgr.verifyDelegationToken(tokenStr)); - Assert.assertTrue(ex.getMessage(), ex.getMessage().contains("has expired")); + Assert.assertTrue(ex.getMessage(), ex.getMessage().contains("Expiration time passed")); + Thread.sleep(6000); + //Expiry thread will remove the token as it has crossed the maxLifeTime. + Assert.assertEquals(tokenStore.getAllDelegationTokenIdentifiers().size(), 0); +} finally { + mgr.stopThreads(); +} + } + + @Test + public void testExpiryThreadRenewingAndRemovingToken() throws IOException, InterruptedException { +DelegationTokenStore tokenStore = new MemoryTokenStore(); Review Comment: I have kept 2 tests only as both are doing different functionality, but reduced the sleep time by a lot. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1668179841 ## itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestAuthWithDigestMD5.java: ## @@ -0,0 +1,98 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hive.minikdc; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.hive.metastore.HiveMetaStoreClient; +import org.apache.hadoop.hive.metastore.MetaStoreTestUtils; +import org.apache.hadoop.hive.metastore.conf.MetastoreConf; +import org.apache.hadoop.hive.metastore.conf.MetastoreConf.ConfVars; +import org.apache.hadoop.hive.metastore.security.DelegationTokenIdentifier; +import org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge; +import org.apache.hadoop.io.Text; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.token.Token; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; + +import java.util.concurrent.TimeUnit; + +public class TestAuthWithDigestMD5 { + +MiniHiveKdc miniKDC = null; +private static HiveMetaStoreClient client; +private static final String HS2TOKEN = "HiveServer2ImpersonationToken"; +private static Configuration conf = null; +private static int port; + +@Before +public void setUp() throws Exception { +miniKDC = new MiniHiveKdc(); +String hiveMetastorePrincipal = miniKDC.getFullyQualifiedServicePrincipal(miniKDC.getHiveMetastoreServicePrincipal()); +String hiveMetastoreKeytab = miniKDC.getKeyTabFile( + miniKDC.getServicePrincipalForUser(miniKDC.getHiveMetastoreServicePrincipal())); +conf = MetastoreConf.newMetastoreConf(); + +String correctUser = "correct_user"; +String correctPassword = "correct_passwd"; + +MetastoreConf.setBoolVar(conf, ConfVars.EXECUTE_SET_UGI, false); +MetastoreConf.setVar(conf, ConfVars.THRIFT_AUTH_CONFIG_USERNAME, correctUser); +MetastoreConf.setVar(conf, ConfVars.THRIFT_AUTH_CONFIG_PASSWORD, correctPassword); +MetastoreConf.setBoolVar(conf, ConfVars.USE_THRIFT_SASL, true); +MetastoreConf.setVar(conf, ConfVars.KERBEROS_PRINCIPAL, hiveMetastorePrincipal); +MetastoreConf.setVar(conf, ConfVars.KERBEROS_KEYTAB_FILE, hiveMetastoreKeytab); + +MetastoreConf.setTimeVar(conf, ConfVars.DELEGATION_TOKEN_RENEW_INTERVAL,1, TimeUnit.MILLISECONDS); +MetastoreConf.setTimeVar(conf, ConfVars.DELEGATION_TOKEN_GC_INTERVAL,3000, TimeUnit.MILLISECONDS); + +port = MetaStoreTestUtils.startMetaStoreWithRetry(HadoopThriftAuthBridge.getBridge(), +conf); +System.out.println("Starting MetaStore Server on port " + port); + +MetastoreConf.setVar(conf, ConfVars.THRIFT_URIS, "thrift://localhost:" + port); +client = new HiveMetaStoreClient(conf); +} + + +@Test +public void testPostRenewalTimeThreadKickedIn() throws Exception { +String token = client.getDelegationToken("hive","hive"); +MetastoreConf.setVar(conf, ConfVars.TOKEN_SIGNATURE, HS2TOKEN); + +client = new HiveMetaStoreClient(conf); + +Token delegationToken = new Token(); +delegationToken.decodeFromUrlString(token); +delegationToken.setService(new Text(HS2TOKEN)); +UserGroupInformation.getCurrentUser().addToken(delegationToken); + +Thread.sleep(15000); Review Comment: done. Reduced the time. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1668177321 ## standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/TokenStoreDelegationTokenSecretManager.java: ## @@ -238,20 +248,33 @@ public synchronized void stopThreads() { */ protected void removeExpiredTokens() { long now = System.currentTimeMillis(); -Iterator i = tokenStore.getAllDelegationTokenIdentifiers() -.iterator(); -while (i.hasNext()) { - DelegationTokenIdentifier id = i.next(); +for (DelegationTokenIdentifier id : tokenStore.getAllDelegationTokenIdentifiers()) { if (now > id.getMaxDate()) { +LOGGER.info("Expiry Thread removing expired token: " + id); this.tokenStore.removeToken(id); // no need to look at token info } else { // get token info to check renew date -DelegationTokenInformation tokenInfo = tokenStore.getToken(id); -if (tokenInfo != null) { - if (now > tokenInfo.getRenewDate()) { -this.tokenStore.removeToken(id); - } +renewIfRequired(now, id, tokenStore.getToken(id)); + } +} + } + + private void renewIfRequired(long currentTime, DelegationTokenIdentifier id, DelegationTokenInformation tokenInfo) { +if (tokenInfo != null) { + if (currentTime > tokenInfo.getRenewDate() && currentTime < id.getMaxDate()) { +// This will be the case when now > tokenInfo.getRenewDate() but less than the token expiration/max time. +LOGGER.info("Trying to renew the token: " + id); +try { + DelegationKey key = getDelegationKey(id.getMasterKeyId()); + Token t = new Token<>(id.getBytes(), createPassword(id.getBytes(), key.getKey()), + id.getKind(), new Text()); + renewToken(t, UserGroupInformation.getCurrentUser().getShortUserName()); +} catch (IOException e) { + throw new IllegalStateException("Unable to renew token: " + id); } + } else if (currentTime >= id.getMaxDate()) { Review Comment: Yes, refactored the code -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1668175027 ## standalone-metastore/metastore-server/src/test/java/org/apache/hadoop/hive/metastore/security/TestTokenStoreDelegationTokenSecretManager.java: ## @@ -99,19 +112,46 @@ private DelegationTokenIdentifier getID(String tokenStr) throws IOException { @Test public void testExpiry() throws IOException, InterruptedException { DelegationTokenStore tokenStore = new MemoryTokenStore(); -TokenStoreDelegationTokenSecretManager mgr = createTokenMgr(tokenStore, 1); +TokenStoreDelegationTokenSecretManager mgr = createTokenMgr(tokenStore, 1, 8, 2); try { mgr.startThreads(); String tokenStr = mgr.getDelegationToken(UserGroupInformation.getCurrentUser().getShortUserName(), UserGroupInformation.getCurrentUser().getShortUserName()); DelegationTokenIdentifier id = getID(tokenStr); Assert.assertNotNull(mgr.verifyDelegationToken(tokenStr)); - // Sleep for the renewal duration - Thread.sleep(1000); - SecretManager.InvalidToken ex = Assert.assertThrows(SecretManager.InvalidToken.class, + // Sleep for the expiration/maxlife duration duration + Thread.sleep(6000); + IllegalStateException ex = Assert.assertThrows(IllegalStateException.class, Review Comment: done -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1668164171 ## itests/hive-unit-hadoop2/src/test/java/org/apache/hadoop/hive/metastore/security/TestHadoopAuthBridge23.java: ## @@ -204,13 +204,22 @@ public void testDelegationTokenSharedStore() throws Exception { // expected } -// token expiration +// token Renewal MyTokenStore.TOKEN_STORE.addToken(d, new DelegationTokenInformation(0, t.getPassword())); Assert.assertNotNull(MyTokenStore.TOKEN_STORE.getToken(d)); anotherManager.removeExpiredTokens(); +Assert.assertTrue(MyTokenStore.TOKEN_STORE.getToken(d).getRenewDate() > 0); Review Comment: We are not accessing maxtime here, it does not matter if it set or not in this part. It will not give NPE here. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1668163811 ## itests/hive-unit-hadoop2/src/test/java/org/apache/hadoop/hive/metastore/security/TestHadoopAuthBridge23.java: ## @@ -204,13 +204,22 @@ public void testDelegationTokenSharedStore() throws Exception { // expected } -// token expiration +// token Renewal MyTokenStore.TOKEN_STORE.addToken(d, new DelegationTokenInformation(0, t.getPassword())); Assert.assertNotNull(MyTokenStore.TOKEN_STORE.getToken(d)); anotherManager.removeExpiredTokens(); +Assert.assertTrue(MyTokenStore.TOKEN_STORE.getToken(d).getRenewDate() > 0); + +// test Expiration +DelegationTokenIdentifier e = new DelegationTokenIdentifier(); +e.setMaxDate(0); Review Comment: It's not being set explicitly in the code. Setting it just to be safe. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
chinnaraolalam commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1665552944 ## standalone-metastore/metastore-server/src/test/java/org/apache/hadoop/hive/metastore/security/TestTokenStoreDelegationTokenSecretManager.java: ## @@ -99,19 +112,46 @@ private DelegationTokenIdentifier getID(String tokenStr) throws IOException { @Test public void testExpiry() throws IOException, InterruptedException { DelegationTokenStore tokenStore = new MemoryTokenStore(); -TokenStoreDelegationTokenSecretManager mgr = createTokenMgr(tokenStore, 1); +TokenStoreDelegationTokenSecretManager mgr = createTokenMgr(tokenStore, 1, 8, 2); try { mgr.startThreads(); String tokenStr = mgr.getDelegationToken(UserGroupInformation.getCurrentUser().getShortUserName(), UserGroupInformation.getCurrentUser().getShortUserName()); DelegationTokenIdentifier id = getID(tokenStr); Assert.assertNotNull(mgr.verifyDelegationToken(tokenStr)); - // Sleep for the renewal duration - Thread.sleep(1000); - SecretManager.InvalidToken ex = Assert.assertThrows(SecretManager.InvalidToken.class, + // Sleep for the expiration/maxlife duration duration + Thread.sleep(6000); + IllegalStateException ex = Assert.assertThrows(IllegalStateException.class, () -> mgr.verifyDelegationToken(tokenStr)); - Assert.assertTrue(ex.getMessage(), ex.getMessage().contains("has expired")); + Assert.assertTrue(ex.getMessage(), ex.getMessage().contains("Expiration time passed")); + Thread.sleep(6000); + //Expiry thread will remove the token as it has crossed the maxLifeTime. + Assert.assertEquals(tokenStore.getAllDelegationTokenIdentifiers().size(), 0); +} finally { + mgr.stopThreads(); +} + } + + @Test + public void testExpiryThreadRenewingAndRemovingToken() throws IOException, InterruptedException { +DelegationTokenStore tokenStore = new MemoryTokenStore(); Review Comment: can we add this case on the above testcase itself -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
chinnaraolalam commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1665552248 ## standalone-metastore/metastore-server/src/test/java/org/apache/hadoop/hive/metastore/security/TestTokenStoreDelegationTokenSecretManager.java: ## @@ -99,19 +112,46 @@ private DelegationTokenIdentifier getID(String tokenStr) throws IOException { @Test public void testExpiry() throws IOException, InterruptedException { DelegationTokenStore tokenStore = new MemoryTokenStore(); -TokenStoreDelegationTokenSecretManager mgr = createTokenMgr(tokenStore, 1); +TokenStoreDelegationTokenSecretManager mgr = createTokenMgr(tokenStore, 1, 8, 2); try { mgr.startThreads(); String tokenStr = mgr.getDelegationToken(UserGroupInformation.getCurrentUser().getShortUserName(), UserGroupInformation.getCurrentUser().getShortUserName()); DelegationTokenIdentifier id = getID(tokenStr); Assert.assertNotNull(mgr.verifyDelegationToken(tokenStr)); - // Sleep for the renewal duration - Thread.sleep(1000); - SecretManager.InvalidToken ex = Assert.assertThrows(SecretManager.InvalidToken.class, + // Sleep for the expiration/maxlife duration duration + Thread.sleep(6000); + IllegalStateException ex = Assert.assertThrows(IllegalStateException.class, Review Comment: Removal thread not kickin why it will throw exception -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
chinnaraolalam commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1665534933 ## standalone-metastore/metastore-server/src/test/java/org/apache/hadoop/hive/metastore/security/TestTokenStoreDelegationTokenSecretManager.java: ## @@ -60,6 +60,19 @@ private TokenStoreDelegationTokenSecretManager createTokenMgr(DelegationTokenSto tokenRenewInterval, tokenGcInterval, tokenStore); } + private TokenStoreDelegationTokenSecretManager createTokenMgr(DelegationTokenStore tokenStore, Review Comment: refactor existing createTokenMgr. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
chinnaraolalam commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1665533819 ## standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/TokenStoreDelegationTokenSecretManager.java: ## @@ -238,20 +248,33 @@ public synchronized void stopThreads() { */ protected void removeExpiredTokens() { long now = System.currentTimeMillis(); -Iterator i = tokenStore.getAllDelegationTokenIdentifiers() -.iterator(); -while (i.hasNext()) { - DelegationTokenIdentifier id = i.next(); +for (DelegationTokenIdentifier id : tokenStore.getAllDelegationTokenIdentifiers()) { if (now > id.getMaxDate()) { +LOGGER.info("Expiry Thread removing expired token: " + id); this.tokenStore.removeToken(id); // no need to look at token info } else { // get token info to check renew date -DelegationTokenInformation tokenInfo = tokenStore.getToken(id); -if (tokenInfo != null) { - if (now > tokenInfo.getRenewDate()) { -this.tokenStore.removeToken(id); - } +renewIfRequired(now, id, tokenStore.getToken(id)); + } +} + } + + private void renewIfRequired(long currentTime, DelegationTokenIdentifier id, DelegationTokenInformation tokenInfo) { +if (tokenInfo != null) { + if (currentTime > tokenInfo.getRenewDate() && currentTime < id.getMaxDate()) { +// This will be the case when now > tokenInfo.getRenewDate() but less than the token expiration/max time. +LOGGER.info("Trying to renew the token: " + id); +try { + DelegationKey key = getDelegationKey(id.getMasterKeyId()); + Token t = new Token<>(id.getBytes(), createPassword(id.getBytes(), key.getKey()), + id.getKind(), new Text()); + renewToken(t, UserGroupInformation.getCurrentUser().getShortUserName()); +} catch (IOException e) { + throw new IllegalStateException("Unable to renew token: " + id); } + } else if (currentTime >= id.getMaxDate()) { Review Comment: If it equal to maxdate can remove token other case it can throw InvalidToken Exception not Illegalstatetexception -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
chinnaraolalam commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1665521934 ## itests/hive-unit-hadoop2/src/test/java/org/apache/hadoop/hive/metastore/security/TestHadoopAuthBridge23.java: ## @@ -204,13 +204,22 @@ public void testDelegationTokenSharedStore() throws Exception { // expected } -// token expiration +// token Renewal MyTokenStore.TOKEN_STORE.addToken(d, new DelegationTokenInformation(0, t.getPassword())); Assert.assertNotNull(MyTokenStore.TOKEN_STORE.getToken(d)); anotherManager.removeExpiredTokens(); +Assert.assertTrue(MyTokenStore.TOKEN_STORE.getToken(d).getRenewDate() > 0); + +// test Expiration +DelegationTokenIdentifier e = new DelegationTokenIdentifier(); +e.setMaxDate(0); Review Comment: I think default value of maxdate is zero -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
chinnaraolalam commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1665520211 ## itests/hive-unit-hadoop2/src/test/java/org/apache/hadoop/hive/metastore/security/TestHadoopAuthBridge23.java: ## @@ -204,13 +204,22 @@ public void testDelegationTokenSharedStore() throws Exception { // expected } -// token expiration +// token Renewal MyTokenStore.TOKEN_STORE.addToken(d, new DelegationTokenInformation(0, t.getPassword())); Assert.assertNotNull(MyTokenStore.TOKEN_STORE.getToken(d)); anotherManager.removeExpiredTokens(); +Assert.assertTrue(MyTokenStore.TOKEN_STORE.getToken(d).getRenewDate() > 0); Review Comment: It may throw NPE because maxtime was not set. Check token exist or not instead of renewal date -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
chinnaraolalam commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1665520211 ## itests/hive-unit-hadoop2/src/test/java/org/apache/hadoop/hive/metastore/security/TestHadoopAuthBridge23.java: ## @@ -204,13 +204,22 @@ public void testDelegationTokenSharedStore() throws Exception { // expected } -// token expiration +// token Renewal MyTokenStore.TOKEN_STORE.addToken(d, new DelegationTokenInformation(0, t.getPassword())); Assert.assertNotNull(MyTokenStore.TOKEN_STORE.getToken(d)); anotherManager.removeExpiredTokens(); +Assert.assertTrue(MyTokenStore.TOKEN_STORE.getToken(d).getRenewDate() > 0); Review Comment: It may throw NPE because maxtime was not set. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
chinnaraolalam commented on code in PR #5303: URL: https://github.com/apache/hive/pull/5303#discussion_r1665516561 ## itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestAuthWithDigestMD5.java: ## @@ -0,0 +1,98 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hive.minikdc; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.hive.metastore.HiveMetaStoreClient; +import org.apache.hadoop.hive.metastore.MetaStoreTestUtils; +import org.apache.hadoop.hive.metastore.conf.MetastoreConf; +import org.apache.hadoop.hive.metastore.conf.MetastoreConf.ConfVars; +import org.apache.hadoop.hive.metastore.security.DelegationTokenIdentifier; +import org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge; +import org.apache.hadoop.io.Text; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.token.Token; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; + +import java.util.concurrent.TimeUnit; + +public class TestAuthWithDigestMD5 { + +MiniHiveKdc miniKDC = null; +private static HiveMetaStoreClient client; +private static final String HS2TOKEN = "HiveServer2ImpersonationToken"; +private static Configuration conf = null; +private static int port; + +@Before +public void setUp() throws Exception { +miniKDC = new MiniHiveKdc(); +String hiveMetastorePrincipal = miniKDC.getFullyQualifiedServicePrincipal(miniKDC.getHiveMetastoreServicePrincipal()); +String hiveMetastoreKeytab = miniKDC.getKeyTabFile( + miniKDC.getServicePrincipalForUser(miniKDC.getHiveMetastoreServicePrincipal())); +conf = MetastoreConf.newMetastoreConf(); + +String correctUser = "correct_user"; +String correctPassword = "correct_passwd"; + +MetastoreConf.setBoolVar(conf, ConfVars.EXECUTE_SET_UGI, false); +MetastoreConf.setVar(conf, ConfVars.THRIFT_AUTH_CONFIG_USERNAME, correctUser); +MetastoreConf.setVar(conf, ConfVars.THRIFT_AUTH_CONFIG_PASSWORD, correctPassword); +MetastoreConf.setBoolVar(conf, ConfVars.USE_THRIFT_SASL, true); +MetastoreConf.setVar(conf, ConfVars.KERBEROS_PRINCIPAL, hiveMetastorePrincipal); +MetastoreConf.setVar(conf, ConfVars.KERBEROS_KEYTAB_FILE, hiveMetastoreKeytab); + +MetastoreConf.setTimeVar(conf, ConfVars.DELEGATION_TOKEN_RENEW_INTERVAL,1, TimeUnit.MILLISECONDS); +MetastoreConf.setTimeVar(conf, ConfVars.DELEGATION_TOKEN_GC_INTERVAL,3000, TimeUnit.MILLISECONDS); + +port = MetaStoreTestUtils.startMetaStoreWithRetry(HadoopThriftAuthBridge.getBridge(), +conf); +System.out.println("Starting MetaStore Server on port " + port); + +MetastoreConf.setVar(conf, ConfVars.THRIFT_URIS, "thrift://localhost:" + port); +client = new HiveMetaStoreClient(conf); +} + + +@Test +public void testPostRenewalTimeThreadKickedIn() throws Exception { +String token = client.getDelegationToken("hive","hive"); +MetastoreConf.setVar(conf, ConfVars.TOKEN_SIGNATURE, HS2TOKEN); + +client = new HiveMetaStoreClient(conf); + +Token delegationToken = new Token(); +delegationToken.decodeFromUrlString(token); +delegationToken.setService(new Text(HS2TOKEN)); +UserGroupInformation.getCurrentUser().addToken(delegationToken); + +Thread.sleep(15000); Review Comment: Instead of keeping 15s try to keep it minimal, according to that adjust renewal time and gc time. It will help to finish testcase fast. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 commented on PR #5303: URL: https://github.com/apache/hive/pull/5303#issuecomment-2172272008 @chinnaraolalam @zhangbutao @alanfgates, could you guys please review this PR? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
sonarcloud[bot] commented on PR #5303: URL: https://github.com/apache/hive/pull/5303#issuecomment-2168632152 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [16 New issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5303&resolutions=WONTFIX) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=5303&resolved=false&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Coverage ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/no-data-16px.png '') No data about Duplication [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5303) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 commented on PR #5049: URL: https://github.com/apache/hive/pull/5049#issuecomment-2168095944 I have aded another test in this patch. Since this PR is closed i have raised another PR now. @chinnaraolalam ,please review it once. New PR: https://github.com/apache/hive/pull/5303 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 commented on PR #5303: URL: https://github.com/apache/hive/pull/5303#issuecomment-2168096330 Continuation of Old PR: https://github.com/apache/hive/pull/5049 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
github-actions[bot] closed pull request #5049: HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS URL: https://github.com/apache/hive/pull/5049 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
github-actions[bot] commented on PR #5049: URL: https://github.com/apache/hive/pull/5049#issuecomment-2143167118 This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Feel free to reach out on the d...@hive.apache.org list if the patch is in need of reviews. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
chinnaraolalam commented on code in PR #5049: URL: https://github.com/apache/hive/pull/5049#discussion_r1546738985 ## standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/TokenStoreDelegationTokenSecretManager.java: ## @@ -103,6 +105,10 @@ public byte[] retrievePassword(DelegationTokenIdentifier identifier) throws Inva if (info == null) { throw new InvalidToken("token expired or does not exist: " + identifier); } + renewIfRequired(System.currentTimeMillis(), identifier, info); Review Comment: You are able to reproduce this scenario? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
chinnaraolalam commented on code in PR #5049: URL: https://github.com/apache/hive/pull/5049#discussion_r1546734698 ## standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java: ## @@ -956,14 +986,16 @@ private TTransport createAuthBinaryTransport(URI store, TTransport underlyingTra // tokenSig could be null tokenStrForm = SecurityUtils.getTokenStrForm(tokenSig); -if (tokenStrForm != null) { +if (tokenStrForm != null && !fallbackToKerberos) { Review Comment: Earlier tokenStrForm is null, it will fallback to kerberos without fallbackToKerberos token -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
vikramahuja1001 commented on PR #5049: URL: https://github.com/apache/hive/pull/5049#issuecomment-2006183303 @nrg4878 and @ayushtkn, could you please have a look around this PR? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
zhangbutao commented on PR #5049: URL: https://github.com/apache/hive/pull/5049#issuecomment-1952750432 Did you see the same issue in case of other long running framework accessing the HMS? Such as Spark streaming. I am not very familar this part, but i think this fix deserves more attention. Waitting for other folks to give some valuable comments. :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]
sonarcloud[bot] commented on PR #5049: URL: https://github.com/apache/hive/pull/5049#issuecomment-1917316346 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5049) **Quality Gate passed** The SonarCloud Quality Gate passed, but some issues were introduced. [18 New issues](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=5049&resolved=false&inNewCodePeriod=true) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=5049&resolved=false&inNewCodePeriod=true) No data about Coverage No data about Duplication [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=5049) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org