Re: Review Request 69534: HIVE-20992: Split the property "hive.metastore.dbaccess.ssl.properties" into more coherent and user-friendly properties.

Mon, 10 Dec 2018 12:39:47 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69534/
-----------------------------------------------------------

(Updated Dec. 10, 2018, 8:39 p.m.)


Review request for hive, Adam Holley, Karthik Manamcheri, Peter Vary, and 
Vihang Karajgaonkar.


Changes
-------

I modified the parameter names to better clarify the difference between the HMS 
Clients params and the HMSDB params. I also added better descriptions for each 
of the properties, and better logs and warnings.


Bugs: HIVE-20992
    https://issues.apache.org/jira/browse/HIVE-20992


Repository: hive-git


Description (updated)
-------

The following new properties were added:

1. metastore.dbaccess.use.SSL (hive.metastore.dbaccess.use.SSL)
2. javax.net.ssl.trustStore
3. javax.net.ssl.trustStorePassword
4. javax.net.ssl.trustStoreType

This was in an effort to guide the user towards an easier SSL
configuration experience. This is the minimum requirement to set up SSL
encryption to the HMS backend store.

This also solves the issue of the truststore password being stored in
plain text. It can now be encrypted by default and loaded through the
MetastoreConf.getPassword() method which handles secure password access

The property "hive.metastore.dbaccess.ssl.properties" is now
deprecated, but it will still be kept for backwards-compatibility purposes.


Diffs (updated)
-----

  
standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/conf/MetastoreConf.java
 e25a8cf9a19d78c0cc00bb2e5e0abee4d851ad98 
  
standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java
 e598a43e4dc2d2a2c25886ae7cbafd29b47c1f24 
  
standalone-metastore/metastore-server/src/test/java/org/apache/hadoop/hive/metastore/TestObjectStore.java
 0cf113c927f2274d085e07cd72921fb35227e1f3 


Diff: https://reviews.apache.org/r/69534/diff/2/

Changes: https://reviews.apache.org/r/69534/diff/1-2/


Testing
-------

Tests:
1. Unit tests were added to cover the functionality of configuring the Java 
system properties.
2. Performed some manual and sanity tests to ensure that SSL was still 
configurable to a remote DB.


Thanks,

Morio Ramdenbourg

Reply via email to