[
https://issues.apache.org/jira/browse/HIVE-25829?focusedWorklogId=706477&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-706477
]
ASF GitHub Bot logged work on HIVE-25829:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 10/Jan/22 21:23
Start Date: 10/Jan/22 21:23
Worklog Time Spent: 10m
Work Description: abstractdog commented on a change in pull request #2911:
URL: https://github.com/apache/hive/pull/2911#discussion_r781557895
##########
File path: ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionState.java
##########
@@ -350,6 +351,16 @@ protected void openInternal(String[]
additionalFilesNotFromConf,
setupSessionAcls(tezConfig, conf);
+ /*
+ * Update HADOOP_CREDSTORE_PASSWORD for the TezAM.
+ * If there is a job specific credential store, it will be set.
+ * HiveConfUtil.updateJobCredentialProviders should not be used here,
+ * as it changes the credential store path too, which causes the dag
submission fail,
+ * as this config has an effect in HS2 (on TezClient codepath), and the
original hadoop
+ * credential store should be used.
+ */
+ HiveConfUtil.updateCredentialProviderPasswordForJobs(tezConfig);
Review comment:
the credential store password appears in the launch-container.sh script,
which is created by yarn, and it contains the environment variables, I think
this should be the same as in case of any other execution engines that's
localized by yarn, but I'm sure that launch-container.sh is not included into
application logs, so it's only readable of somebody having access to the
cluster nodes
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 706477)
Time Spent: 1.5h (was: 1h 20m)
> Tez exec mode support for credential provider for jobs
> ------------------------------------------------------
>
> Key: HIVE-25829
> URL: https://issues.apache.org/jira/browse/HIVE-25829
> Project: Hive
> Issue Type: Improvement
> Components: HiveServer2
> Reporter: Ádám Szita
> Assignee: László Bodor
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> HIVE-14822 introduced support to securely forward a job specific java
> credential store path, and a corresponding password to the backend executors.
> This is currently implemented for only MR2 and Spark execution engines. I
> propose we extend this feature by adding Tez mode to said list.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
