[jira] [Commented] (HIVE-5485) SBAP errors on null partition being passed into partition level authorization
[
https://issues.apache.org/jira/browse/HIVE-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13793970#comment-13793970
]
Hudson commented on HIVE-5485:
--
ABORTED: Integrated in Hive-trunk-hadoop2 #500 (See
[https://builds.apache.org/job/Hive-trunk-hadoop2/500/])
HIVE-5485 : SBAP errors on null partition being passed into partition level
authorization (Sushanth Sowmyan via Ashutosh Chauhan) (hashutosh:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1531707)
*
/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java
> SBAP errors on null partition being passed into partition level authorization
> -
>
> Key: HIVE-5485
> URL: https://issues.apache.org/jira/browse/HIVE-5485
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 0.12.0
>Reporter: Sushanth Sowmyan
>Assignee: Sushanth Sowmyan
> Fix For: 0.13.0
>
> Attachments: HIVE-5485.patch
>
>
> SBAP causes an NPE when null is passed in as a partition for partition-level
> or column-level authorization.
> Personally, in my opinion, this is not a SBAP bug, but incorrect usage of
> AuthorizationProviders - one should not be calling the column-level authorize
> (given that column-level is more basic than partition-level) function and
> pass in a null as the partition value. However, that happens on code
> introduced by HIVE-1887, and unless we rewrite that (and possibly a whole
> bunch more(will need evaluation)), we have to accommodate that null and
> appropriately attempt to fall back to table-level authorization in that case.
> The offending code section is in Driver.java:685
> {code}
> 678 // if we reach here, it means it needs to do a table
> authorization
> 679 // check, and the table authorization may already happened
> because of other
> 680 // partitions
> 681 if (tbl != null &&
> !tableAuthChecked.contains(tbl.getTableName()) &&
> 682 !(tableUsePartLevelAuth.get(tbl.getTableName()) ==
> Boolean.TRUE)) {
> 683 List cols = tab2Cols.get(tbl);
> 684 if (cols != null && cols.size() > 0) {
> 685 ss.getAuthorizer().authorize(tbl, null, cols,
> 686 op.getInputRequiredPrivileges(), null);
> 687 } else {
> 688 ss.getAuthorizer().authorize(tbl,
> op.getInputRequiredPrivileges(),
> 689 null);
> 690 }
> 691 tableAuthChecked.add(tbl.getTableName());
> 692 }
> {code}
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (HIVE-5485) SBAP errors on null partition being passed into partition level authorization
[
https://issues.apache.org/jira/browse/HIVE-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13793805#comment-13793805
]
Hudson commented on HIVE-5485:
--
FAILURE: Integrated in Hive-trunk-hadoop2-ptest #138 (See
[https://builds.apache.org/job/Hive-trunk-hadoop2-ptest/138/])
HIVE-5485 : SBAP errors on null partition being passed into partition level
authorization (Sushanth Sowmyan via Ashutosh Chauhan) (hashutosh:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1531707)
*
/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java
> SBAP errors on null partition being passed into partition level authorization
> -
>
> Key: HIVE-5485
> URL: https://issues.apache.org/jira/browse/HIVE-5485
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 0.12.0
>Reporter: Sushanth Sowmyan
>Assignee: Sushanth Sowmyan
> Fix For: 0.13.0
>
> Attachments: HIVE-5485.patch
>
>
> SBAP causes an NPE when null is passed in as a partition for partition-level
> or column-level authorization.
> Personally, in my opinion, this is not a SBAP bug, but incorrect usage of
> AuthorizationProviders - one should not be calling the column-level authorize
> (given that column-level is more basic than partition-level) function and
> pass in a null as the partition value. However, that happens on code
> introduced by HIVE-1887, and unless we rewrite that (and possibly a whole
> bunch more(will need evaluation)), we have to accommodate that null and
> appropriately attempt to fall back to table-level authorization in that case.
> The offending code section is in Driver.java:685
> {code}
> 678 // if we reach here, it means it needs to do a table
> authorization
> 679 // check, and the table authorization may already happened
> because of other
> 680 // partitions
> 681 if (tbl != null &&
> !tableAuthChecked.contains(tbl.getTableName()) &&
> 682 !(tableUsePartLevelAuth.get(tbl.getTableName()) ==
> Boolean.TRUE)) {
> 683 List cols = tab2Cols.get(tbl);
> 684 if (cols != null && cols.size() > 0) {
> 685 ss.getAuthorizer().authorize(tbl, null, cols,
> 686 op.getInputRequiredPrivileges(), null);
> 687 } else {
> 688 ss.getAuthorizer().authorize(tbl,
> op.getInputRequiredPrivileges(),
> 689 null);
> 690 }
> 691 tableAuthChecked.add(tbl.getTableName());
> 692 }
> {code}
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (HIVE-5485) SBAP errors on null partition being passed into partition level authorization
[
https://issues.apache.org/jira/browse/HIVE-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13793768#comment-13793768
]
Hudson commented on HIVE-5485:
--
FAILURE: Integrated in Hive-trunk-h0.21 #2398 (See
[https://builds.apache.org/job/Hive-trunk-h0.21/2398/])
HIVE-5485 : SBAP errors on null partition being passed into partition level
authorization (Sushanth Sowmyan via Ashutosh Chauhan) (hashutosh:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1531707)
*
/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java
> SBAP errors on null partition being passed into partition level authorization
> -
>
> Key: HIVE-5485
> URL: https://issues.apache.org/jira/browse/HIVE-5485
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 0.12.0
>Reporter: Sushanth Sowmyan
>Assignee: Sushanth Sowmyan
> Fix For: 0.13.0
>
> Attachments: HIVE-5485.patch
>
>
> SBAP causes an NPE when null is passed in as a partition for partition-level
> or column-level authorization.
> Personally, in my opinion, this is not a SBAP bug, but incorrect usage of
> AuthorizationProviders - one should not be calling the column-level authorize
> (given that column-level is more basic than partition-level) function and
> pass in a null as the partition value. However, that happens on code
> introduced by HIVE-1887, and unless we rewrite that (and possibly a whole
> bunch more(will need evaluation)), we have to accommodate that null and
> appropriately attempt to fall back to table-level authorization in that case.
> The offending code section is in Driver.java:685
> {code}
> 678 // if we reach here, it means it needs to do a table
> authorization
> 679 // check, and the table authorization may already happened
> because of other
> 680 // partitions
> 681 if (tbl != null &&
> !tableAuthChecked.contains(tbl.getTableName()) &&
> 682 !(tableUsePartLevelAuth.get(tbl.getTableName()) ==
> Boolean.TRUE)) {
> 683 List cols = tab2Cols.get(tbl);
> 684 if (cols != null && cols.size() > 0) {
> 685 ss.getAuthorizer().authorize(tbl, null, cols,
> 686 op.getInputRequiredPrivileges(), null);
> 687 } else {
> 688 ss.getAuthorizer().authorize(tbl,
> op.getInputRequiredPrivileges(),
> 689 null);
> 690 }
> 691 tableAuthChecked.add(tbl.getTableName());
> 692 }
> {code}
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (HIVE-5485) SBAP errors on null partition being passed into partition level authorization
[
https://issues.apache.org/jira/browse/HIVE-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13793738#comment-13793738
]
Hudson commented on HIVE-5485:
--
FAILURE: Integrated in Hive-trunk-hadoop1-ptest #203 (See
[https://builds.apache.org/job/Hive-trunk-hadoop1-ptest/203/])
HIVE-5485 : SBAP errors on null partition being passed into partition level
authorization (Sushanth Sowmyan via Ashutosh Chauhan) (hashutosh:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1531707)
*
/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java
> SBAP errors on null partition being passed into partition level authorization
> -
>
> Key: HIVE-5485
> URL: https://issues.apache.org/jira/browse/HIVE-5485
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 0.12.0
>Reporter: Sushanth Sowmyan
>Assignee: Sushanth Sowmyan
> Fix For: 0.13.0
>
> Attachments: HIVE-5485.patch
>
>
> SBAP causes an NPE when null is passed in as a partition for partition-level
> or column-level authorization.
> Personally, in my opinion, this is not a SBAP bug, but incorrect usage of
> AuthorizationProviders - one should not be calling the column-level authorize
> (given that column-level is more basic than partition-level) function and
> pass in a null as the partition value. However, that happens on code
> introduced by HIVE-1887, and unless we rewrite that (and possibly a whole
> bunch more(will need evaluation)), we have to accommodate that null and
> appropriately attempt to fall back to table-level authorization in that case.
> The offending code section is in Driver.java:685
> {code}
> 678 // if we reach here, it means it needs to do a table
> authorization
> 679 // check, and the table authorization may already happened
> because of other
> 680 // partitions
> 681 if (tbl != null &&
> !tableAuthChecked.contains(tbl.getTableName()) &&
> 682 !(tableUsePartLevelAuth.get(tbl.getTableName()) ==
> Boolean.TRUE)) {
> 683 List cols = tab2Cols.get(tbl);
> 684 if (cols != null && cols.size() > 0) {
> 685 ss.getAuthorizer().authorize(tbl, null, cols,
> 686 op.getInputRequiredPrivileges(), null);
> 687 } else {
> 688 ss.getAuthorizer().authorize(tbl,
> op.getInputRequiredPrivileges(),
> 689 null);
> 690 }
> 691 tableAuthChecked.add(tbl.getTableName());
> 692 }
> {code}
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (HIVE-5485) SBAP errors on null partition being passed into partition level authorization
[
https://issues.apache.org/jira/browse/HIVE-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13793400#comment-13793400
]
Ashutosh Chauhan commented on HIVE-5485:
+1
> SBAP errors on null partition being passed into partition level authorization
> -
>
> Key: HIVE-5485
> URL: https://issues.apache.org/jira/browse/HIVE-5485
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 0.12.0
>Reporter: Sushanth Sowmyan
>Assignee: Sushanth Sowmyan
> Attachments: HIVE-5485.patch
>
>
> SBAP causes an NPE when null is passed in as a partition for partition-level
> or column-level authorization.
> Personally, in my opinion, this is not a SBAP bug, but incorrect usage of
> AuthorizationProviders - one should not be calling the column-level authorize
> (given that column-level is more basic than partition-level) function and
> pass in a null as the partition value. However, that happens on code
> introduced by HIVE-1887, and unless we rewrite that (and possibly a whole
> bunch more(will need evaluation)), we have to accommodate that null and
> appropriately attempt to fall back to table-level authorization in that case.
> The offending code section is in Driver.java:685
> {code}
> 678 // if we reach here, it means it needs to do a table
> authorization
> 679 // check, and the table authorization may already happened
> because of other
> 680 // partitions
> 681 if (tbl != null &&
> !tableAuthChecked.contains(tbl.getTableName()) &&
> 682 !(tableUsePartLevelAuth.get(tbl.getTableName()) ==
> Boolean.TRUE)) {
> 683 List cols = tab2Cols.get(tbl);
> 684 if (cols != null && cols.size() > 0) {
> 685 ss.getAuthorizer().authorize(tbl, null, cols,
> 686 op.getInputRequiredPrivileges(), null);
> 687 } else {
> 688 ss.getAuthorizer().authorize(tbl,
> op.getInputRequiredPrivileges(),
> 689 null);
> 690 }
> 691 tableAuthChecked.add(tbl.getTableName());
> 692 }
> {code}
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (HIVE-5485) SBAP errors on null partition being passed into partition level authorization
[
https://issues.apache.org/jira/browse/HIVE-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13792090#comment-13792090
]
Hive QA commented on HIVE-5485:
---
{color:green}Overall{color}: +1 all checks pass
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12607281/HIVE-5485.patch
{color:green}SUCCESS:{color} +1 4364 tests passed
Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/1098/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/1098/console
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
{noformat}
This message is automatically generated.
> SBAP errors on null partition being passed into partition level authorization
> -
>
> Key: HIVE-5485
> URL: https://issues.apache.org/jira/browse/HIVE-5485
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 0.12.0
>Reporter: Sushanth Sowmyan
>Assignee: Sushanth Sowmyan
> Attachments: HIVE-5485.patch
>
>
> SBAP causes an NPE when null is passed in as a partition for partition-level
> or column-level authorization.
> Personally, in my opinion, this is not a SBAP bug, but incorrect usage of
> AuthorizationProviders - one should not be calling the column-level authorize
> (given that column-level is more basic than partition-level) function and
> pass in a null as the partition value. However, that happens on code
> introduced by HIVE-1887, and unless we rewrite that (and possibly a whole
> bunch more(will need evaluation)), we have to accommodate that null and
> appropriately attempt to fall back to table-level authorization in that case.
> The offending code section is in Driver.java:685
> {code}
> 678 // if we reach here, it means it needs to do a table
> authorization
> 679 // check, and the table authorization may already happened
> because of other
> 680 // partitions
> 681 if (tbl != null &&
> !tableAuthChecked.contains(tbl.getTableName()) &&
> 682 !(tableUsePartLevelAuth.get(tbl.getTableName()) ==
> Boolean.TRUE)) {
> 683 List cols = tab2Cols.get(tbl);
> 684 if (cols != null && cols.size() > 0) {
> 685 ss.getAuthorizer().authorize(tbl, null, cols,
> 686 op.getInputRequiredPrivileges(), null);
> 687 } else {
> 688 ss.getAuthorizer().authorize(tbl,
> op.getInputRequiredPrivileges(),
> 689 null);
> 690 }
> 691 tableAuthChecked.add(tbl.getTableName());
> 692 }
> {code}
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (HIVE-5485) SBAP errors on null partition being passed into partition level authorization
[
https://issues.apache.org/jira/browse/HIVE-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13792012#comment-13792012
]
Sushanth Sowmyan commented on HIVE-5485:
Also, note that this is currently tested by e2e tests TestHive_6 and TestHive_7
in hcatalog/src/test/e2e/templeton/tests/jobsubmission.conf when SBAP is used.
> SBAP errors on null partition being passed into partition level authorization
> -
>
> Key: HIVE-5485
> URL: https://issues.apache.org/jira/browse/HIVE-5485
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 0.12.0
>Reporter: Sushanth Sowmyan
>Assignee: Sushanth Sowmyan
> Attachments: HIVE-5485.patch
>
>
> SBAP causes an NPE when null is passed in as a partition for partition-level
> or column-level authorization.
> Personally, in my opinion, this is not a SBAP bug, but incorrect usage of
> AuthorizationProviders - one should not be calling the column-level authorize
> (given that column-level is more basic than partition-level) function and
> pass in a null as the partition value. However, that happens on code
> introduced by HIVE-1887, and unless we rewrite that (and possibly a whole
> bunch more(will need evaluation)), we have to accommodate that null and
> appropriately attempt to fall back to table-level authorization in that case.
> The offending code section is in Driver.java:685
> {code}
> 678 // if we reach here, it means it needs to do a table
> authorization
> 679 // check, and the table authorization may already happened
> because of other
> 680 // partitions
> 681 if (tbl != null &&
> !tableAuthChecked.contains(tbl.getTableName()) &&
> 682 !(tableUsePartLevelAuth.get(tbl.getTableName()) ==
> Boolean.TRUE)) {
> 683 List cols = tab2Cols.get(tbl);
> 684 if (cols != null && cols.size() > 0) {
> 685 ss.getAuthorizer().authorize(tbl, null, cols,
> 686 op.getInputRequiredPrivileges(), null);
> 687 } else {
> 688 ss.getAuthorizer().authorize(tbl,
> op.getInputRequiredPrivileges(),
> 689 null);
> 690 }
> 691 tableAuthChecked.add(tbl.getTableName());
> 692 }
> {code}
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (HIVE-5485) SBAP errors on null partition being passed into partition level authorization
[
https://issues.apache.org/jira/browse/HIVE-5485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13791984#comment-13791984
]
Sushanth Sowmyan commented on HIVE-5485:
Verifiable by setting hive.security.authorization.manager to SBAP and turning
client-side auth on before running hive -e CTAS onto an unpartitioned table.
> SBAP errors on null partition being passed into partition level authorization
> -
>
> Key: HIVE-5485
> URL: https://issues.apache.org/jira/browse/HIVE-5485
> Project: Hive
> Issue Type: Bug
> Components: Authorization
>Affects Versions: 0.12.0
>Reporter: Sushanth Sowmyan
>Assignee: Sushanth Sowmyan
> Attachments: HIVE-5485.patch
>
>
> SBAP causes an NPE when null is passed in as a partition for partition-level
> or column-level authorization.
> Personally, in my opinion, this is not a SBAP bug, but incorrect usage of
> AuthorizationProviders - one should not be calling the column-level authorize
> (given that column-level is more basic than partition-level) function and
> pass in a null as the partition value. However, that happens on code
> introduced by HIVE-1887, and unless we rewrite that (and possibly a whole
> bunch more(will need evaluation)), we have to accommodate that null and
> appropriately attempt to fall back to table-level authorization in that case.
> The offending code section is in Driver.java:685
> {code}
> 678 // if we reach here, it means it needs to do a table
> authorization
> 679 // check, and the table authorization may already happened
> because of other
> 680 // partitions
> 681 if (tbl != null &&
> !tableAuthChecked.contains(tbl.getTableName()) &&
> 682 !(tableUsePartLevelAuth.get(tbl.getTableName()) ==
> Boolean.TRUE)) {
> 683 List cols = tab2Cols.get(tbl);
> 684 if (cols != null && cols.size() > 0) {
> 685 ss.getAuthorizer().authorize(tbl, null, cols,
> 686 op.getInputRequiredPrivileges(), null);
> 687 } else {
> 688 ss.getAuthorizer().authorize(tbl,
> op.getInputRequiredPrivileges(),
> 689 null);
> 690 }
> 691 tableAuthChecked.add(tbl.getTableName());
> 692 }
> {code}
--
This message was sent by Atlassian JIRA
(v6.1#6144)
