[
https://issues.apache.org/jira/browse/HIVE-20992?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Work on HIVE-20992 started by Morio Ramdenbourg.
------------------------------------------------
> Split the config "hive.metastore.dbaccess.ssl.properties" into more
> meaningful configs
> --------------------------------------------------------------------------------------
>
> Key: HIVE-20992
> URL: https://issues.apache.org/jira/browse/HIVE-20992
> Project: Hive
> Issue Type: Improvement
> Components: Metastore, Security, Standalone Metastore
> Affects Versions: 4.0.0
> Reporter: Morio Ramdenbourg
> Assignee: Morio Ramdenbourg
> Priority: Minor
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> HIVE-13044 brought in the ability to enable TLS encryption from the HMS
> Service to the HMSDB by configuring the following two properties:
> # _javax.jdo.option.ConnectionURL_: JDBC connect string for a JDBC
> metastore. To use SSL to encrypt/authenticate the connection, provide
> database-specific SSL flag in the connection URL. (E.g.
> "jdbc:postgresql://myhost/db?ssl=true")
> # _hive.metastore.dbaccess.ssl.properties_: Comma-separated SSL properties
> for metastore to access database when JDO connection URL. (E.g.
> javax.net.ssl.trustStore=/tmp/truststore,javax.net.ssl.trustStorePassword=pwd)
> However, the latter configuration option is opaque and poses some problems.
> The most glaring of which is it takes in _any_
> [java.lang.System|https://docs.oracle.com/javase/7/docs/api/java/lang/System.html]
> system property, whether it is
> [TLS-related|https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#InstallationAndCustomization]
> or not. This can cause some unintended side-effects for other components of
> the HMS, especially if it overrides an already-set system property. If the
> user truly wishes to add an unrelated Java property, setting it statically
> using the "-D" option of the _java_ command is more appropriate. Secondly,
> the truststore password is stored in plain text. We should add Hadoop Shims
> back to the HMS to not expose it, but this can be done after this ticket.
> I propose we split _hive.metastore.dbaccess.ssl.properties_ into the
> following properties:
> * *_hive.metastore.dbaccess.ssl.use.SSL_*
> ** Set this to true to use TLS encryption from the HMS Service to the HMSDB
> * *_hive.metastore.dbaccess.ssl.truststore.path_*
> ** TLS truststore file location
> ** Java property: _javax.net.ssl.trustStore_
> * *_hive.metastore.dbaccess.ssl.truststore.password_*
> ** Password of the truststore file
> ** Java property: _javax.net.ssl.trustStorePassword_
> We should guide the user towards an easier TLS configuration experience. This
> is the minimum configuration necessary to configure TLS to the HMSDB. If we
> need other options, such as the keystore location/password for
> dual-authentication, then we can add those on afterwards.
> Also, document these changes -
> [javax.jdo.option.ConnectionURL|https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-javax.jdo.option.ConnectionURL]
> does not have up-to-date documentation, and these new parameters will need
> documentation as well.
> Note "TLS" refers to both SSL and TLS. TLS is simply the successor of SSL.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
