Repository: hive Updated Branches: refs/heads/standalone-metastore bd212257f -> b3cb8526b (forced update)
HIVE-18228: Azure credential properties should be added to the HiveConf hidden list (Andrew Sherman, via Peter Vary) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/e86c77af Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/e86c77af Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/e86c77af Branch: refs/heads/standalone-metastore Commit: e86c77af5ffa80b55f46eb3b69b0365fbf79ab5a Parents: 095e6bf Author: Peter Vary <[email protected]> Authored: Wed Dec 13 13:04:24 2017 +0100 Committer: Peter Vary <[email protected]> Committed: Wed Dec 13 13:04:24 2017 +0100 ---------------------------------------------------------------------- .../org/apache/hadoop/hive/conf/HiveConf.java | 4 +- .../apache/hadoop/hive/conf/TestHiveConf.java | 43 +++++++++++++------- 2 files changed, 31 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/e86c77af/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java ---------------------------------------------------------------------- diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index dc31505..7a81612 100644 --- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -3617,7 +3617,9 @@ public class HiveConf extends Configuration { + ",fs.s3n.awsSecretAccessKey" + ",fs.s3a.access.key" + ",fs.s3a.secret.key" - + ",fs.s3a.proxy.password", + + ",fs.s3a.proxy.password" + + ",dfs.adls.oauth2.credential" + + ",fs.adl.oauth2.credential", "Comma separated list of configuration options which should not be read by normal user like passwords"), HIVE_CONF_INTERNAL_VARIABLE_LIST("hive.conf.internal.variable.list", "hive.added.files.path,hive.added.jars.path,hive.added.archives.path", http://git-wip-us.apache.org/repos/asf/hive/blob/e86c77af/common/src/test/org/apache/hadoop/hive/conf/TestHiveConf.java ---------------------------------------------------------------------- diff --git a/common/src/test/org/apache/hadoop/hive/conf/TestHiveConf.java b/common/src/test/org/apache/hadoop/hive/conf/TestHiveConf.java index d24668f..6a67809 100644 --- a/common/src/test/org/apache/hadoop/hive/conf/TestHiveConf.java +++ b/common/src/test/org/apache/hadoop/hive/conf/TestHiveConf.java @@ -17,6 +17,7 @@ */ package org.apache.hadoop.hive.conf; +import com.google.common.collect.Lists; import org.apache.hadoop.mapred.JobConf; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hive.conf.HiveConf.ConfVars; @@ -27,6 +28,7 @@ import org.junit.Test; import java.io.UnsupportedEncodingException; import java.net.URLEncoder; +import java.util.ArrayList; import java.util.concurrent.TimeUnit; @@ -130,11 +132,8 @@ public class TestHiveConf { @Test public void testHiddenConfig() throws Exception { HiveConf conf = new HiveConf(); - // check password configs are hidden - Assert.assertTrue(conf.isHiddenConfig(HiveConf.ConfVars.METASTOREPWD.varname)); - Assert.assertTrue(conf.isHiddenConfig( - HiveConf.ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PASSWORD.varname)); - // check change hidden list should fail + + // check that a change to the hidden list should fail try { final String name = HiveConf.ConfVars.HIVE_CONF_HIDDEN_LIST.varname; conf.verifyAndSet(name, ""); @@ -143,16 +142,30 @@ public class TestHiveConf { } catch (IllegalArgumentException e) { // the verifyAndSet in this case is expected to fail with the IllegalArgumentException } - // check stripHiddenConfigurations - Configuration conf2 = new Configuration(conf); - conf2.set(HiveConf.ConfVars.METASTOREPWD.varname, "password"); - conf2.set(HiveConf.ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PASSWORD.varname, "password"); - conf.stripHiddenConfigurations(conf2); - Assert.assertTrue(conf.isHiddenConfig(HiveConf.ConfVars.METASTOREPWD.varname + "postfix")); - Assert.assertTrue( - conf.isHiddenConfig(HiveConf.ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PASSWORD.varname + "postfix")); - Assert.assertEquals("", conf2.get(HiveConf.ConfVars.METASTOREPWD.varname)); - Assert.assertEquals("", conf2.get(HiveConf.ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PASSWORD.varname)); + + ArrayList<String> hiddenList = Lists.newArrayList( + HiveConf.ConfVars.METASTOREPWD.varname, + HiveConf.ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PASSWORD.varname, + "fs.s3.awsSecretAccessKey", + "fs.s3n.awsSecretAccessKey", + "dfs.adls.oauth2.credential", + "fs.adl.oauth2.credential" + ); + + for (String hiddenConfig : hiddenList) { + // check configs are hidden + Assert.assertTrue("config " + hiddenConfig + " should be hidden", + conf.isHiddenConfig(hiddenConfig)); + // check stripHiddenConfigurations removes the property + Configuration conf2 = new Configuration(conf); + conf2.set(hiddenConfig, "password"); + conf.stripHiddenConfigurations(conf2); + // check that a property that begins the same is also hidden + Assert.assertTrue(conf.isHiddenConfig( + hiddenConfig + "postfix")); + // Check the stripped property is the empty string + Assert.assertEquals("", conf2.get(hiddenConfig)); + } } @Test
