Updated Branches: refs/heads/trunk 49f10119a -> 0af2dcba3
AMBARI-3643: Ambari should set correct authorization and authenticator manager for Hive in secure environment.(jaimin) Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/0af2dcba Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/0af2dcba Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/0af2dcba Branch: refs/heads/trunk Commit: 0af2dcba321f1d2c48b2300b0d516eadd16159ac Parents: 49f1011 Author: Jaimin Jetly <[email protected]> Authored: Tue Nov 5 15:07:28 2013 -0800 Committer: Jaimin Jetly <[email protected]> Committed: Tue Nov 5 15:07:36 2013 -0800 ---------------------------------------------------------------------- .../1.3.2/services/HIVE/configuration/hive-site.xml | 2 +- .../1.3.3/services/HIVE/configuration/hive-site.xml | 2 +- .../2.0.6/services/HIVE/configuration/hive-site.xml | 14 +++++++++++++- .../1.3.2/services/HIVE/configuration/hive-site.xml | 2 +- .../1.3.3/services/HIVE/configuration/hive-site.xml | 2 +- .../2.0.6/services/HIVE/configuration/hive-site.xml | 14 +++++++++++++- .../app/controllers/main/admin/security/disable.js | 3 +++ ambari-web/app/data/HDP2/secure_mapping.js | 8 ++++++++ ambari-web/app/data/secure_mapping.js | 8 ++++++++ 9 files changed, 49 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/0af2dcba/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HIVE/configuration/hive-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HIVE/configuration/hive-site.xml b/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HIVE/configuration/hive-site.xml index 3baeee3..1e17d7f 100644 --- a/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HIVE/configuration/hive-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HIVE/configuration/hive-site.xml @@ -101,7 +101,7 @@ limitations under the License. <property> <name>hive.security.authorization.enabled</name> - <value>true</value> + <value>false</value> <description>enable or disable the hive client authorization</description> </property> http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/0af2dcba/ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/configuration/hive-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/configuration/hive-site.xml b/ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/configuration/hive-site.xml index 3baeee3..1e17d7f 100644 --- a/ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/configuration/hive-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/1.3.3/services/HIVE/configuration/hive-site.xml @@ -101,7 +101,7 @@ limitations under the License. <property> <name>hive.security.authorization.enabled</name> - <value>true</value> + <value>false</value> <description>enable or disable the hive client authorization</description> </property> http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/0af2dcba/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/configuration/hive-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/configuration/hive-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/configuration/hive-site.xml index 053eccd..eb57179 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/configuration/hive-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/configuration/hive-site.xml @@ -107,12 +107,24 @@ limitations under the License. <property> <name>hive.security.authorization.manager</name> - <value>org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider</value> + <value>org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider</value> <description>the hive client authorization manager class name. The user defined authorization class should implement interface org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider. </description> </property> <property> + <name>hive.security.metastore.authorization.manager</name> + <value>org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider</value> + <description>The authorization manager class name to be used in the metastore for authorization. The user-defined authorization class should implement interface org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider. </description> + </property> + + <property> + <name>hive.security.authenticator.manager</name> + <value>org.apache.hadoop.hive.ql.security.ProxyUserAuthenticator</value> + <description>Hive client authenticator manager class name. The user-defined authenticator class should implement interface org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider. </description> + </property> + + <property> <name>hive.server2.enable.doAs</name> <value>true</value> </property> http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/0af2dcba/ambari-server/src/main/resources/stacks/HDPLocal/1.3.2/services/HIVE/configuration/hive-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDPLocal/1.3.2/services/HIVE/configuration/hive-site.xml b/ambari-server/src/main/resources/stacks/HDPLocal/1.3.2/services/HIVE/configuration/hive-site.xml index 7ee89b9..5a42279 100644 --- a/ambari-server/src/main/resources/stacks/HDPLocal/1.3.2/services/HIVE/configuration/hive-site.xml +++ b/ambari-server/src/main/resources/stacks/HDPLocal/1.3.2/services/HIVE/configuration/hive-site.xml @@ -101,7 +101,7 @@ limitations under the License. <property> <name>hive.security.authorization.enabled</name> - <value>true</value> + <value>false</value> <description>enable or disable the hive client authorization</description> </property> http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/0af2dcba/ambari-server/src/main/resources/stacks/HDPLocal/1.3.3/services/HIVE/configuration/hive-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDPLocal/1.3.3/services/HIVE/configuration/hive-site.xml b/ambari-server/src/main/resources/stacks/HDPLocal/1.3.3/services/HIVE/configuration/hive-site.xml index 7ee89b9..5a42279 100644 --- a/ambari-server/src/main/resources/stacks/HDPLocal/1.3.3/services/HIVE/configuration/hive-site.xml +++ b/ambari-server/src/main/resources/stacks/HDPLocal/1.3.3/services/HIVE/configuration/hive-site.xml @@ -101,7 +101,7 @@ limitations under the License. <property> <name>hive.security.authorization.enabled</name> - <value>true</value> + <value>false</value> <description>enable or disable the hive client authorization</description> </property> http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/0af2dcba/ambari-server/src/main/resources/stacks/HDPLocal/2.0.6/services/HIVE/configuration/hive-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDPLocal/2.0.6/services/HIVE/configuration/hive-site.xml b/ambari-server/src/main/resources/stacks/HDPLocal/2.0.6/services/HIVE/configuration/hive-site.xml index 1b5fa9c..9b2ff48 100644 --- a/ambari-server/src/main/resources/stacks/HDPLocal/2.0.6/services/HIVE/configuration/hive-site.xml +++ b/ambari-server/src/main/resources/stacks/HDPLocal/2.0.6/services/HIVE/configuration/hive-site.xml @@ -107,12 +107,24 @@ limitations under the License. <property> <name>hive.security.authorization.manager</name> - <value>org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider</value> + <value>org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider</value> <description>the hive client authorization manager class name. The user defined authorization class should implement interface org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider. </description> </property> <property> + <name>hive.security.metastore.authorization.manager</name> + <value>org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider</value> + <description>The authorization manager class name to be used in the metastore for authorization. The user-defined authorization class should implement interface org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider. </description> + </property> + + <property> + <name>hive.security.authenticator.manager</name> + <value>org.apache.hadoop.hive.ql.security.ProxyUserAuthenticator</value> + <description>Hive client authenticator manager class name. The user-defined authenticator class should implement interface org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider. </description> + </property> + + <property> <name>hive.server2.enable.doAs</name> <value>true</value> </property> http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/0af2dcba/ambari-web/app/controllers/main/admin/security/disable.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/controllers/main/admin/security/disable.js b/ambari-web/app/controllers/main/admin/security/disable.js index 00006fd..d15265d 100644 --- a/ambari-web/app/controllers/main/admin/security/disable.js +++ b/ambari-web/app/controllers/main/admin/security/disable.js @@ -411,6 +411,9 @@ App.MainAdminSecurityDisableController = Em.Controller.extend({ case 'zookeeper.znode.parent': _serviceConfigTags.configs[configName] = '/hbase-unsecure'; break; + case 'hive.security.authorization.enabled': + _serviceConfigTags.configs[configName] = 'false'; + break; default: delete _serviceConfigTags.configs[configName]; } http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/0af2dcba/ambari-web/app/data/HDP2/secure_mapping.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/HDP2/secure_mapping.js b/ambari-web/app/data/HDP2/secure_mapping.js index 6da4112..421cf06 100644 --- a/ambari-web/app/data/HDP2/secure_mapping.js +++ b/ambari-web/app/data/HDP2/secure_mapping.js @@ -306,6 +306,14 @@ module.exports = [ "serviceName": "HIVE" }, { + "name": "hive.security.authorization.enabled", + "templateName": [], + "foreignKey": null, + "value": "true", + "filename": "hive-site.xml", + "serviceName": "HIVE" + }, + { "name": "hive.server2.authentication", "templateName": [], "foreignKey": null, http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/0af2dcba/ambari-web/app/data/secure_mapping.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/secure_mapping.js b/ambari-web/app/data/secure_mapping.js index 781ae3b..8fb49eb 100644 --- a/ambari-web/app/data/secure_mapping.js +++ b/ambari-web/app/data/secure_mapping.js @@ -235,6 +235,14 @@ module.exports = [ "serviceName": "HIVE" }, { + "name": "hive.security.authorization.enabled", + "templateName": [], + "foreignKey": null, + "value": "true", + "filename": "hive-site.xml", + "serviceName": "HIVE" + }, + { "name": "hive.server2.authentication", "templateName": [], "foreignKey": null,
