Tim Armstrong has uploaded this change for review. ( http://gerrit.cloudera.org:8080/13452
Change subject: IMPALA-8605: clean up HS2/beeswax session management ...................................................................... IMPALA-8605: clean up HS2/beeswax session management Session/operation secrets are part of the HS2 handle but we haven't made use of them up until now. This patch checks the value and treats it as part of the session key, as originally intended. I.e. if the secret is missing, the session lookup fails. The operation secret is the same as the session secret to save having to generate and store extra secrets (there's no real benefit). A secret is added to each Beeswax session. This secret is internal to the server and not exposed. Adds validation that client requests accessed via Beeswax belong to the same user as the session. We switch uuid_generator_ to use boost::random_device, which uses /dev/urandom as its source of randomness. We rely on the IDs being unique and the non-cryptographic generator might not be strong enough. For requests - GetRuntimeProfile() and GetExecSummary() that provide both a session and query ID, the code already checks that the session's user matches the query. An exception to the validation mechanisms above is added for Close() and Cancel() beeswax operations, because impala-shell and some administrative tools allow cancellation of queries on different threads and from different tools. We skip validating the session secret when cancelling queries from the web UI, since web UI users don't have the secret. Testing: * Add tests for all HS2 RPCs that provide invalid session secrets. * Add tests for HS2 RPCs that provide both session and query ID to ensure that query belongs to the session. * Add basic test for beeswax testing accessing a query from different connections. Change-Id: Ib32927d803df7c27947960e9133e7e458ccc39bf --- M CMakeLists.txt M be/src/service/child-query.cc M be/src/service/impala-beeswax-server.cc M be/src/service/impala-hs2-server.cc M be/src/service/impala-http-handler.cc M be/src/service/impala-server.cc M be/src/service/impala-server.h M tests/beeswax/impala_beeswax.py M tests/common/impala_connection.py M tests/hs2/hs2_test_suite.py M tests/hs2/test_fetch.py M tests/hs2/test_hs2.py A tests/query_test/test_beeswax.py 13 files changed, 688 insertions(+), 133 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/52/13452/9 -- To view, visit http://gerrit.cloudera.org:8080/13452 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: Ib32927d803df7c27947960e9133e7e458ccc39bf Gerrit-Change-Number: 13452 Gerrit-PatchSet: 9 Gerrit-Owner: Tim Armstrong <[email protected]> Gerrit-Reviewer: Tim Armstrong <[email protected]>
