----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/55425/#review161243 -----------------------------------------------------------
Ship it! Ship It! - Robert Levas On Jan. 11, 2017, 9:24 a.m., Attila Magyar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/55425/ > ----------------------------------------------------------- > > (Updated Jan. 11, 2017, 9:24 a.m.) > > > Review request for Ambari, Laszlo Puskas, Oliver Szabo, Robert Levas, and > Sebastian Toader. > > > Bugs: AMBARI-19462 > https://issues.apache.org/jira/browse/AMBARI-19462 > > > Repository: ambari > > > Description > ------- > > Hive protects its znode with secure permissions when kerberos is enabled. > These permissions should be removed during dekerberization (if the znode is > not an ephemeral node). > > I added a disable_security method to hive_server that sets world:anyone:crdwa > permission on 3 different znodes. One of them has a name like > /zkdtsm_<calculated_suffix>, therefore I modified the zkmigrator to support > wildcard characters in the path. > > > Diffs > ----- > > ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkAcl.java 420ab0a > ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkMigrator.java > b4da1ed > ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkPathPattern.java > PRE-CREATION > ambari-agent/src/test/java/org/apache/ambari/tools/zk/ZkMigratorTest.java > b2c9899 > > ambari-common/src/main/python/resource_management/core/resources/zkmigrator.py > 5e86e05 > > ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py > ea21c49 > > ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py > 12743ec > > ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py > 4e5ae36 > > ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/templates/zkmigrator_jaas.conf.j2 > PRE-CREATION > ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_client.py 265f040 > ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_metastore.py > 4d0f89f > ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py 36fcc52 > ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py > bbacbf5 > > Diff: https://reviews.apache.org/r/55425/diff/ > > > Testing > ------- > > Added new unittests + modified existing ones. > Manual testing: > - created a cluster with hive ha + hive interactive > - enabled kerberos > - checked if ACLs had secure permissions > - disabled kerberos > - checked if ACLS had world:anyone:crdwa permissions > > Existing tests: > > Ambari-Sever: > Results : > Tests run: 4838, Failures: 0, Errors: 0, Skipped: 38 > > OK > ---------------------------------------------------------------------- > Total run:1157 > Total errors:0 > Total failures:0 > > Ambari Agent > ---------------------------------------------------------------------- > Ran 452 tests in 11.960s > > > Thanks, > > Attila Magyar > >