[
https://issues.apache.org/jira/browse/HIVE-24059?focusedWorklogId=476435&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-476435
]
ASF GitHub Bot logged work on HIVE-24059:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 31/Aug/20 08:40
Start Date: 31/Aug/20 08:40
Worklog Time Spent: 10m
Work Description: ShubhamChaurasia commented on a change in pull request
#1418:
URL: https://github.com/apache/hive/pull/1418#discussion_r479982596
##########
File path:
llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/ContainerRunnerImpl.java
##########
@@ -342,6 +352,33 @@ public SubmitWorkResponseProto
submitWork(SubmitWorkRequestProto request) throws
.build();
}
+ // if request is coming from llap external client, verify the JWT
+ // as of now, JWT contains applicationId
Review comment:
added a comment in code which explains this -
In GenericUDTFGetSplits
// 6. Generate JWT for external clients if it's a cloud deployment
// we inject extClientAppId in JWT which is same as what fragment
contains.
// extClientAppId in JWT and in fragment are compared on LLAP when a
fragment is submitted.
// see method ContainerRunnerImpl#verifyJwtForExternalClient
In ContainerRunnerImpl#verifyJwtForExternalClient
// extClientAppId is injected in JWT and fragment request by initial
get_splits() call.
// so both of these - extClientAppIdFromJwt and
extClientAppIdFromSplit should be equal eventually if the signed JWT is valid
for this request.
// In get_splits, this extClientAppId is obtained via
LlapCoordinator#createExtClientAppId which generates a
// application Id to be used by external clients.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 476435)
Time Spent: 1h 10m (was: 1h)
> Llap external client - Initial changes for running in cloud environment
> -----------------------------------------------------------------------
>
> Key: HIVE-24059
> URL: https://issues.apache.org/jira/browse/HIVE-24059
> Project: Hive
> Issue Type: Sub-task
> Components: llap
> Reporter: Shubham Chaurasia
> Assignee: Shubham Chaurasia
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Please see problem description in
> https://issues.apache.org/jira/browse/HIVE-24058
> Initial changes include -
> 1. Moving LLAP discovery logic from client side to server (HS2 / get_splits)
> side.
> 2. Opening additional RPC port in LLAP Daemon.
> 3. JWT Based authentication on this port.
> cc [~prasanth_j] [~jdere] [~anishek] [~thejas]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
