[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16662601#comment-16662601 ] ASF GitHub Bot commented on NIFI-5714: -- Github user asfgit closed the pull request at: https://github.com/apache/nifi/pull/3086 > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > Fix For: 1.9.0 > > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16662599#comment-16662599 ] ASF subversion and git services commented on NIFI-5714: --- Commit 2201f7746fd16874aefbd12d546565f5d105ab04 in nifi's branch refs/heads/master from [~pvillard] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=2201f77 ] NIFI-5714 - Hive[3]ConnectionPool - Kerberos Authentication issue/misleading add @Ignore on unit test... Signed-off-by: Matthew Burgess This closes #3086 > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > Fix For: 1.9.0 > > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16662598#comment-16662598 ] ASF GitHub Bot commented on NIFI-5714: -- Github user mattyb149 commented on the issue: https://github.com/apache/nifi/pull/3086 +1 LGTM, tested successfully. Thanks for the fix! Merging to master > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > Fix For: 1.9.0 > > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16661848#comment-16661848 ] ASF GitHub Bot commented on NIFI-5714: -- Github user pvillard31 commented on the issue: https://github.com/apache/nifi/pull/3086 Hey @mattyb149 - I gave up on the unit test and added the Ignore annotation. I confirmed in my environment that the controller service won't be enabled if Kerberos authentication fails and that we are not logging the "authentication successful" message anymore. > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16661008#comment-16661008 ] ASF GitHub Bot commented on NIFI-5714: -- Github user mattyb149 commented on the issue: https://github.com/apache/nifi/pull/3086 Not sure if you want to try another rebase to see if the repo problem is gone (and the realm problem is fixed), or just Ignore the test. I'm fine with either, let me know when you're happy with it (and have tested it even if there's no unit test enabled) and I'll finish the review/merge. Thanks! > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16655475#comment-16655475 ] ASF GitHub Bot commented on NIFI-5714: -- Github user pvillard31 commented on the issue: https://github.com/apache/nifi/pull/3086 tried to squash everything and force push, but same result - tried to look in the code if something is different and should be initialized differently but didn't find anything obvious :( > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0, > 1.7.0, 1.7.1 >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16655394#comment-16655394 ] ASF GitHub Bot commented on NIFI-5714: -- Github user mattyb149 commented on the issue: https://github.com/apache/nifi/pull/3086 Doesn't look like the tests were run due to a bad artifact. Maybe rebase the PR (squashing just the commits where you tried individual things?) and force push, hopefully it'll go through this time :( Sorry this is such a pain. > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0, > 1.7.0, 1.7.1 >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16655231#comment-16655231 ] ASF GitHub Bot commented on NIFI-5714: -- Github user mattyb149 commented on the issue: https://github.com/apache/nifi/pull/3086 The krb5.conf from the TestRangerNiFiAuthorizer looks like this: ``` [libdefaults] default_realm = EXAMPLE.COM dns_lookup_kdc = false dns_lookup_realm = false [realms] EXAMPLE.COM = { kdc = kerberos.example.com admin_server = kerberos.example.com } ``` And doesn't have the setting of the `java.security.krb5.realm` or `java.security.krb5.kdc` (I assume because they are unnecessary based on the dns_lookup_* properties?). Might be worth a try... > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0, > 1.7.0, 1.7.1 >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16654779#comment-16654779 ] ASF GitHub Bot commented on NIFI-5714: -- Github user pvillard31 commented on the issue: https://github.com/apache/nifi/pull/3086 Tried few things... no luck :( > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0, > 1.7.0, 1.7.1 >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16654091#comment-16654091 ] ASF GitHub Bot commented on NIFI-5714: -- Github user mattyb149 commented on the issue: https://github.com/apache/nifi/pull/3086 First one didn't work :( > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0, > 1.7.0, 1.7.1 >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16654006#comment-16654006 ] ASF GitHub Bot commented on NIFI-5714: -- Github user mattyb149 commented on the issue: https://github.com/apache/nifi/pull/3086 Same here, the relevant error in the Travis log is "Cannot locate default realm". Looking at other tests that load krb5.conf, one (TestHBase_1_1_2_ClientService) has this: ``` // needed for calls to UserGroupInformation.setConfiguration() to work when passing in // config with Kerberos authentication enabled System.setProperty("java.security.krb5.realm", "nifi.com"); System.setProperty("java.security.krb5.kdc", "nifi.kdc"); ``` and another (TestRangerNiFiAuthorizer) has this: ``` // have to initialize this system property before anything else File krb5conf = new File("src/test/resources/krb5.conf"); assertTrue(krb5conf.exists()); System.setProperty("java.security.krb5.conf", krb5conf.getAbsolutePath()); ``` Perhaps one or both of these would fix the issue? Not sure how to reproduce, I guess you could try one and push the commit to see if Travis succeeds... > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0, > 1.7.0, 1.7.1 >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16653884#comment-16653884 ] ASF GitHub Bot commented on NIFI-5714: -- Github user pvillard31 commented on the issue: https://github.com/apache/nifi/pull/3086 The unit test is working fine locally on my side but does not work in Travis. I assume it could be because I've Kerberos related configs on my laptop. Didn't find any similar testing in other processors? Not sure how to address it (tried few things). What do you think? Just adding @Ignore on the test? =/ > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0, > 1.7.0, 1.7.1 >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16653712#comment-16653712 ] ASF GitHub Bot commented on NIFI-5714: -- Github user mattyb149 commented on the issue: https://github.com/apache/nifi/pull/3086 Looks like the unit test is throwing the wrong exception, IllegalArgumentException instead of InitializationException > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0, > 1.7.0, 1.7.1 >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16653080#comment-16653080 ] ASF GitHub Bot commented on NIFI-5714: -- Github user pvillard31 commented on the issue: https://github.com/apache/nifi/pull/3086 hold on - just realized that the unit test does not work in the Travis env for the kerb stuff > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0, > 1.7.0, 1.7.1 >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16652613#comment-16652613 ] ASF GitHub Bot commented on NIFI-5714: -- GitHub user pvillard31 opened a pull request: https://github.com/apache/nifi/pull/3086 NIFI-5714 - Hive[3]ConnectionPool - Kerberos Authentication issue/mis… …leading Thank you for submitting a contribution to Apache NiFi. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [ ] Does your PR title start with NIFI- where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [ ] Has your PR been rebased against the latest commit within the target branch (typically master)? - [ ] Is your initial contribution a single, squashed commit? ### For code changes: - [ ] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder? - [ ] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly? - [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly? - [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties? ### For documentation related changes: - [ ] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. You can merge this pull request into a Git repository by running: $ git pull https://github.com/pvillard31/nifi NIFI-5714 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/3086.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #3086 commit 0fc99a19057bbbc7e1c8123e8cbc8e408c53873c Author: Pierre Villard Date: 2018-10-16T23:04:16Z NIFI-5714 - Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0, > 1.7.0, 1.7.1 >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-5714) Hive[3]ConnectionPool - Kerberos Authentication issue/misleading
[ https://issues.apache.org/jira/browse/NIFI-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16652614#comment-16652614 ] ASF GitHub Bot commented on NIFI-5714: -- Github user pvillard31 commented on the issue: https://github.com/apache/nifi/pull/3086 Hey @mattyb149 - could you let me know if this LGTY ;) > Hive[3]ConnectionPool - Kerberos Authentication issue/misleading > > > Key: NIFI-5714 > URL: https://issues.apache.org/jira/browse/NIFI-5714 > Project: Apache NiFi > Issue Type: Bug > Components: Extensions >Affects Versions: 1.1.0, 1.2.0, 1.1.1, 1.0.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0, > 1.7.0, 1.7.1 >Reporter: Pierre Villard >Assignee: Pierre Villard >Priority: Major > > In {{HiveConnectionPool}} and {{Hive3ConnectionPool}}, in the {{@OnEnabled}} > method, we have: > {code:java} > log.info("Hive Security Enabled, logging in as principal {} with keytab {}", > new Object[] {resolvedPrincipal, resolvedKeytab}); > try { > ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, > resolvedKeytab); > } catch (AuthenticationFailedException ae) { > log.error(ae.getMessage(), ae); > } > getLogger().info("Successfully logged in as principal {} with keytab {}", new > Object[] {resolvedPrincipal, resolvedKeytab});{code} > Which causes two issues: > * we're logging the successful message even though the authentication failed > * the Hive connection is created using the NiFi user identity (this would > need to be confirmed but that's what I observed during a test - it could be > due to the environment though) > In my opinion, an {{InitializationException}} should be thrown so that the > controller service is not enabled. -- This message was sent by Atlassian JIRA (v7.6.3#76005)