[
https://issues.apache.org/jira/browse/HIVE-13442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15265206#comment-15265206
]
Siddharth Seth commented on HIVE-13442:
---------------------------------------
Couple of comments, mostly minor.
{code}optional bytes credentials_binary = 8;{code}
After HIVE-13391 - we should stop sending any credentials from HiveServer2.
That would be a separate jira.
If HS2 is sending over any credentials - those should not be visible to the
user. This would typically include the hive token - and gives the client access
to whatever they want to read.
I don't think we need to allow users to send in credentials. If we do - it
would be better to separate credentials which are setup by HS2 for LLAP into a
separate field which will be signed. A new field can be used for user specified
credentials. External clients will need access to a token to talk to LLAP - so
that would have to be sent over in a readable field.
In ContainerRunnerImpl.submitWork - logging some basic information before
trying to convert to relevant fields would be useful - in case something breaks
over the wire, or there's invalid input. HistroyLogger used to do that -
reading data directly of the proto, without applying any conversions. Adding a
log line here would fix that.
Rest looks good.
> LLAP: refactor submit API to be amenable to signing
> ---------------------------------------------------
>
> Key: HIVE-13442
> URL: https://issues.apache.org/jira/browse/HIVE-13442
> Project: Hive
> Issue Type: Sub-task
> Reporter: Sergey Shelukhin
> Assignee: Sergey Shelukhin
> Attachments: HIVE-13442.nogen.patch, HIVE-13442.patch,
> HIVE-13442.patch, HIVE-13442.protobuf.patch
>
>
> This is going to be a wire compat breaking change.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
