> On Dec. 12, 2018, 10:54 p.m., Karthik Manamcheri wrote: > > standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/conf/MetastoreConf.java > > Lines 472 (patched) > > <https://reviews.apache.org/r/69534/diff/3/?file=2112828#file2112828line472> > > > > Is this specific to a Java version?
It looks like Java 8 and beyond can actually read more types than this - I found this resource here: https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore I'll update this to use only the types specific to Java 8. > On Dec. 12, 2018, 10:54 p.m., Karthik Manamcheri wrote: > > standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/conf/MetastoreConf.java > > Lines 473-474 (patched) > > <https://reviews.apache.org/r/69534/diff/3/?file=2112828#file2112828line473> > > > > Move this to the top and state that if this is set to false, we'll > > ignore the other SSL properties. Wanted to keep alphabetical order :) Will put a comment on top though > On Dec. 12, 2018, 10:54 p.m., Karthik Manamcheri wrote: > > standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java > > Line 332 (original), 398 (patched) > > <https://reviews.apache.org/r/69534/diff/3/?file=2112829#file2112829line398> > > > > State that this is deprecated here and maybe increase the LOG to warn > > and note that this might be changed in next version of hive. Done - Morio ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69534/#review211260 ----------------------------------------------------------- On Dec. 14, 2018, 1:23 a.m., Morio Ramdenbourg wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69534/ > ----------------------------------------------------------- > > (Updated Dec. 14, 2018, 1:23 a.m.) > > > Review request for hive, Adam Holley, Karthik Manamcheri, Peter Vary, and > Vihang Karajgaonkar. > > > Bugs: HIVE-20992 > https://issues.apache.org/jira/browse/HIVE-20992 > > > Repository: hive-git > > > Description > ------- > > The following new properties were added: > > 1. metastore.dbaccess.use.SSL (hive.metastore.dbaccess.use.SSL) > 2. javax.net.ssl.trustStore > 3. javax.net.ssl.trustStorePassword > 4. javax.net.ssl.trustStoreType > > This was in an effort to guide the user towards an easier SSL > configuration experience. This is the minimum requirement to set up SSL > encryption to the HMS backend store. > > This also solves the issue of the truststore password being stored in > plain text. It can now be encrypted by default and loaded through the > MetastoreConf.getPassword() method which handles secure password access > > The property "hive.metastore.dbaccess.ssl.properties" is now > deprecated, but it will still be kept for backwards-compatibility purposes. > > Modified comments to clearly reflect what is / is not deprecated > > > Diffs > ----- > > > standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/conf/MetastoreConf.java > e25a8cf9a19d78c0cc00bb2e5e0abee4d851ad98 > > standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java > e598a43e4dc2d2a2c25886ae7cbafd29b47c1f24 > > standalone-metastore/metastore-server/src/test/java/org/apache/hadoop/hive/metastore/TestObjectStore.java > 0cf113c927f2274d085e07cd72921fb35227e1f3 > > > Diff: https://reviews.apache.org/r/69534/diff/4/ > > > Testing > ------- > > Tests: > 1. Unit tests were added to cover the functionality of configuring the Java > system properties. > 2. Performed some manual and sanity tests to ensure that SSL was still > configurable to a remote DB. > > > Thanks, > > Morio Ramdenbourg > >