[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16662601#comment-16662601
]
ASF GitHub Bot commented on NIFI-5714:
--
Github user asfgit closed the pull request at:
https://github.com/apache/nifi/pull/3086
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
> Fix For: 1.9.0
>
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16662599#comment-16662599
]
ASF subversion and git services commented on NIFI-5714:
---
Commit 2201f7746fd16874aefbd12d546565f5d105ab04 in nifi's branch
refs/heads/master from [~pvillard]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=2201f77 ]
NIFI-5714 - Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
add @Ignore on unit test...
Signed-off-by: Matthew Burgess
This closes #3086
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
> Fix For: 1.9.0
>
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16662598#comment-16662598
]
ASF GitHub Bot commented on NIFI-5714:
--
Github user mattyb149 commented on the issue:
https://github.com/apache/nifi/pull/3086
+1 LGTM, tested successfully. Thanks for the fix! Merging to master
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
> Fix For: 1.9.0
>
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16661848#comment-16661848
]
ASF GitHub Bot commented on NIFI-5714:
--
Github user pvillard31 commented on the issue:
https://github.com/apache/nifi/pull/3086
Hey @mattyb149 - I gave up on the unit test and added the Ignore
annotation. I confirmed in my environment that the controller service won't be
enabled if Kerberos authentication fails and that we are not logging the
"authentication successful" message anymore.
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16661008#comment-16661008
]
ASF GitHub Bot commented on NIFI-5714:
--
Github user mattyb149 commented on the issue:
https://github.com/apache/nifi/pull/3086
Not sure if you want to try another rebase to see if the repo problem is
gone (and the realm problem is fixed), or just Ignore the test. I'm fine with
either, let me know when you're happy with it (and have tested it even if
there's no unit test enabled) and I'll finish the review/merge. Thanks!
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16655475#comment-16655475
]
ASF GitHub Bot commented on NIFI-5714:
--
Github user pvillard31 commented on the issue:
https://github.com/apache/nifi/pull/3086
tried to squash everything and force push, but same result - tried to look
in the code if something is different and should be initialized differently but
didn't find anything obvious :(
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0,
> 1.7.0, 1.7.1
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16655394#comment-16655394
]
ASF GitHub Bot commented on NIFI-5714:
--
Github user mattyb149 commented on the issue:
https://github.com/apache/nifi/pull/3086
Doesn't look like the tests were run due to a bad artifact. Maybe rebase
the PR (squashing just the commits where you tried individual things?) and
force push, hopefully it'll go through this time :( Sorry this is such a pain.
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0,
> 1.7.0, 1.7.1
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16655231#comment-16655231
]
ASF GitHub Bot commented on NIFI-5714:
--
Github user mattyb149 commented on the issue:
https://github.com/apache/nifi/pull/3086
The krb5.conf from the TestRangerNiFiAuthorizer looks like this:
```
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_kdc = false
dns_lookup_realm = false
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com
admin_server = kerberos.example.com
}
```
And doesn't have the setting of the `java.security.krb5.realm` or
`java.security.krb5.kdc` (I assume because they are unnecessary based on the
dns_lookup_* properties?). Might be worth a try...
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0,
> 1.7.0, 1.7.1
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16654779#comment-16654779
]
ASF GitHub Bot commented on NIFI-5714:
--
Github user pvillard31 commented on the issue:
https://github.com/apache/nifi/pull/3086
Tried few things... no luck :(
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0,
> 1.7.0, 1.7.1
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16654091#comment-16654091
]
ASF GitHub Bot commented on NIFI-5714:
--
Github user mattyb149 commented on the issue:
https://github.com/apache/nifi/pull/3086
First one didn't work :(
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0,
> 1.7.0, 1.7.1
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16654006#comment-16654006
]
ASF GitHub Bot commented on NIFI-5714:
--
Github user mattyb149 commented on the issue:
https://github.com/apache/nifi/pull/3086
Same here, the relevant error in the Travis log is "Cannot locate default
realm". Looking at other tests that load krb5.conf, one
(TestHBase_1_1_2_ClientService) has this:
```
// needed for calls to UserGroupInformation.setConfiguration() to work when
passing in
// config with Kerberos authentication enabled
System.setProperty("java.security.krb5.realm", "nifi.com");
System.setProperty("java.security.krb5.kdc", "nifi.kdc");
```
and another (TestRangerNiFiAuthorizer) has this:
```
// have to initialize this system property before anything else
File krb5conf = new File("src/test/resources/krb5.conf");
assertTrue(krb5conf.exists());
System.setProperty("java.security.krb5.conf", krb5conf.getAbsolutePath());
```
Perhaps one or both of these would fix the issue? Not sure how to
reproduce, I guess you could try one and push the commit to see if Travis
succeeds...
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0,
> 1.7.0, 1.7.1
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16653884#comment-16653884
]
ASF GitHub Bot commented on NIFI-5714:
--
Github user pvillard31 commented on the issue:
https://github.com/apache/nifi/pull/3086
The unit test is working fine locally on my side but does not work in
Travis. I assume it could be because I've Kerberos related configs on my
laptop. Didn't find any similar testing in other processors? Not sure how to
address it (tried few things). What do you think? Just adding @Ignore on the
test? =/
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0,
> 1.7.0, 1.7.1
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16653712#comment-16653712
]
ASF GitHub Bot commented on NIFI-5714:
--
Github user mattyb149 commented on the issue:
https://github.com/apache/nifi/pull/3086
Looks like the unit test is throwing the wrong exception,
IllegalArgumentException instead of InitializationException
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0,
> 1.7.0, 1.7.1
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16653080#comment-16653080
]
ASF GitHub Bot commented on NIFI-5714:
--
Github user pvillard31 commented on the issue:
https://github.com/apache/nifi/pull/3086
hold on - just realized that the unit test does not work in the Travis env
for the kerb stuff
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0,
> 1.7.0, 1.7.1
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16652613#comment-16652613
]
ASF GitHub Bot commented on NIFI-5714:
--
GitHub user pvillard31 opened a pull request:
https://github.com/apache/nifi/pull/3086
NIFI-5714 - Hive[3]ConnectionPool - Kerberos Authentication issue/mis…
…leading
Thank you for submitting a contribution to Apache NiFi.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
- [ ] Does your PR title start with NIFI- where is the JIRA number
you are trying to resolve? Pay particular attention to the hyphen "-" character.
- [ ] Has your PR been rebased against the latest commit within the target
branch (typically master)?
- [ ] Is your initial contribution a single, squashed commit?
### For code changes:
- [ ] Have you ensured that the full suite of tests is executed via mvn
-Pcontrib-check clean install at the root nifi folder?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the LICENSE file, including the main
LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main
NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to
.name (programmatic access) for each of the new properties?
### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in
which it is rendered?
### Note:
Please ensure that once the PR is submitted, you check travis-ci for build
issues and submit an update to your PR as soon as possible.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/pvillard31/nifi NIFI-5714
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/3086.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #3086
commit 0fc99a19057bbbc7e1c8123e8cbc8e408c53873c
Author: Pierre Villard
Date: 2018-10-16T23:04:16Z
NIFI-5714 - Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0,
> 1.7.0, 1.7.1
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[
https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16652614#comment-16652614
]
ASF GitHub Bot commented on NIFI-5714:
--
Github user pvillard31 commented on the issue:
https://github.com/apache/nifi/pull/3086
Hey @mattyb149 - could you let me know if this LGTY ;)
> Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
>
>
> Key: NIFI-5714
> URL: https://issues.apache.org/jira/browse/NIFI-5714
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
>Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0,
> 1.7.0, 1.7.1
>Reporter: Pierre Villard
>Assignee: Pierre Villard
>Priority: Major
>
> In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}}
> method, we have:
> {code:java}
> log.info("Hive Security Enabled, logging in as principal {} with keytab {}",
> new Object[] {resolvedPrincipal, resolvedKeytab});
> try {
> ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal,
> resolvedKeytab);
> } catch (AuthenticationFailedException ae) {
> log.error(ae.getMessage(), ae);
> }
> getLogger().info("Successfully logged in as principal {} with keytab {}", new
> Object[] {resolvedPrincipal, resolvedKeytab});{code}
> Which causes two issues:
> * we're logging the successful message even though the authentication failed
> * the Hive connection is created using the NiFi user identity (this would
> need to be confirmed but that's what I observed during a test - it could be
> due to the environment though)
> In my opinion, an {{InitializationException}} should be thrown so that the
> controller service is not enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
