[jira] [Commented] (HIVE-8534) sql std auth : update configuration whitelist for 0.14
[ https://issues.apache.org/jira/browse/HIVE-8534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14245285#comment-14245285 ] Lefty Leverenz commented on HIVE-8534: -- Partially documented: * [Configuration Properties -- hive.security.authorization.sqlstd.confwhitelist | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.security.authorization.sqlstd.confwhitelist] sql std auth : update configuration whitelist for 0.14 -- Key: HIVE-8534 URL: https://issues.apache.org/jira/browse/HIVE-8534 Project: Hive Issue Type: Bug Components: Authorization, SQLStandardAuthorization Reporter: Thejas M Nair Assignee: Thejas M Nair Priority: Blocker Labels: TODOC14 Fix For: 0.14.0 Attachments: HIVE-8534.1.patch, HIVE-8534.2.patch, HIVE-8534.3.patch, HIVE-8534.4.patch, HIVE-8534.5.patch New config parameters have been introduced in hive 0.14. SQL standard authorization needs to be updated to allow some new parameters to be set, when the authorization mode is enabled. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-8534) sql std auth : update configuration whitelist for 0.14
[ https://issues.apache.org/jira/browse/HIVE-8534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14220569#comment-14220569 ] Thejas M Nair commented on HIVE-8534: - [~stone_xy] Thanks for pointing that out. Looks like I changed the patch addressing review comments, but forgot to update the description. Created HIVE-8937 to fix that. sql std auth : update configuration whitelist for 0.14 -- Key: HIVE-8534 URL: https://issues.apache.org/jira/browse/HIVE-8534 Project: Hive Issue Type: Bug Components: Authorization, SQLStandardAuthorization Reporter: Thejas M Nair Assignee: Thejas M Nair Priority: Blocker Labels: TODOC14 Fix For: 0.14.0 Attachments: HIVE-8534.1.patch, HIVE-8534.2.patch, HIVE-8534.3.patch, HIVE-8534.4.patch, HIVE-8534.5.patch New config parameters have been introduced in hive 0.14. SQL standard authorization needs to be updated to allow some new parameters to be set, when the authorization mode is enabled. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-8534) sql std auth : update configuration whitelist for 0.14
[ https://issues.apache.org/jira/browse/HIVE-8534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14218942#comment-14218942 ] nicolas commented on HIVE-8534: --- how can this be matched by regex if hive.security.authorization.sqlstd.confwhitelist is a COMMA separated list of java regex ? I am not sure whether this is a issue, so i comment here. sql std auth : update configuration whitelist for 0.14 -- Key: HIVE-8534 URL: https://issues.apache.org/jira/browse/HIVE-8534 Project: Hive Issue Type: Bug Components: Authorization, SQLStandardAuthorization Reporter: Thejas M Nair Assignee: Thejas M Nair Priority: Blocker Labels: TODOC14 Fix For: 0.14.0 Attachments: HIVE-8534.1.patch, HIVE-8534.2.patch, HIVE-8534.3.patch, HIVE-8534.4.patch, HIVE-8534.5.patch New config parameters have been introduced in hive 0.14. SQL standard authorization needs to be updated to allow some new parameters to be set, when the authorization mode is enabled. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-8534) sql std auth : update configuration whitelist for 0.14
[ https://issues.apache.org/jira/browse/HIVE-8534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14194140#comment-14194140 ] Lefty Leverenz commented on HIVE-8534: -- Glitch in the description of *hive.security.authorization.sqlstd.confwhitelist*: angle brackets don't convert well for the template file, so 'set param' comes out as 'set lt;param gt;' (spaces added to workaround jira formatting). Not a show stopper. sql std auth : update configuration whitelist for 0.14 -- Key: HIVE-8534 URL: https://issues.apache.org/jira/browse/HIVE-8534 Project: Hive Issue Type: Bug Components: Authorization, SQLStandardAuthorization Reporter: Thejas M Nair Assignee: Thejas M Nair Priority: Blocker Labels: TODOC14 Fix For: 0.14.0 Attachments: HIVE-8534.1.patch, HIVE-8534.2.patch, HIVE-8534.3.patch, HIVE-8534.4.patch, HIVE-8534.5.patch New config parameters have been introduced in hive 0.14. SQL standard authorization needs to be updated to allow some new parameters to be set, when the authorization mode is enabled. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-8534) sql std auth : update configuration whitelist for 0.14
[ https://issues.apache.org/jira/browse/HIVE-8534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14182571#comment-14182571 ] Lefty Leverenz commented on HIVE-8534: -- Doc note: This adds *hive.security.authorization.sqlstd.confwhitelist.append* and changes the description of *hive.security.authorization.sqlstd.confwhitelist* in HiveConf.java, so they need to be documented in the wiki. * [Configuration Properties -- SQL Standard Based Authorization | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-SQLStandardBasedAuthorization] * [SQL Standard Based Hive Authorization -- Restrictions on Hive Commands and Statements | https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization#SQLStandardBasedHiveAuthorization-RestrictionsonHiveCommandsandStatements] * and optionally [SQL Standard Based Hive Authorization -- Configuration | https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization#SQLStandardBasedHiveAuthorization-Configuration] sql std auth : update configuration whitelist for 0.14 -- Key: HIVE-8534 URL: https://issues.apache.org/jira/browse/HIVE-8534 Project: Hive Issue Type: Bug Components: Authorization, SQLStandardAuthorization Reporter: Thejas M Nair Assignee: Thejas M Nair Priority: Blocker Labels: TODOC14 Fix For: 0.14.0 Attachments: HIVE-8534.1.patch, HIVE-8534.2.patch, HIVE-8534.3.patch, HIVE-8534.4.patch, HIVE-8534.5.patch New config parameters have been introduced in hive 0.14. SQL standard authorization needs to be updated to allow some new parameters to be set, when the authorization mode is enabled. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-8534) sql std auth : update configuration whitelist for 0.14
[ https://issues.apache.org/jira/browse/HIVE-8534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14181679#comment-14181679 ] Thejas M Nair commented on HIVE-8534: - Thanks for the reviews [~leftylev] [~hagleitn] sql std auth : update configuration whitelist for 0.14 -- Key: HIVE-8534 URL: https://issues.apache.org/jira/browse/HIVE-8534 Project: Hive Issue Type: Bug Components: Authorization, SQLStandardAuthorization Reporter: Thejas M Nair Assignee: Thejas M Nair Priority: Blocker Fix For: 0.14.0 Attachments: HIVE-8534.1.patch, HIVE-8534.2.patch, HIVE-8534.3.patch, HIVE-8534.4.patch, HIVE-8534.5.patch New config parameters have been introduced in hive 0.14. SQL standard authorization needs to be updated to allow some new parameters to be set, when the authorization mode is enabled. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-8534) sql std auth : update configuration whitelist for 0.14
[ https://issues.apache.org/jira/browse/HIVE-8534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14180447#comment-14180447 ] Gunther Hagleitner commented on HIVE-8534: -- Updated the review. Some smaller things. Have you considered adding a q file test (end-to-end) for the whitelist, in addition to the junit test? I still think the flat regex list would be simpler and more beneficial. In that case, we'd create a hive-site file from it, which gives users a better idea of what's happening - also they'd have a template for modifying it. You're hiding the settings hard coded in the class file. That list or regex would also be the single source of truth, without transformations or merging of lists. On the other hand we can probably switch that at any time w/o much compatibility overhead, so I think either way is better than what we have now. +1 sql std auth : update configuration whitelist for 0.14 -- Key: HIVE-8534 URL: https://issues.apache.org/jira/browse/HIVE-8534 Project: Hive Issue Type: Bug Components: Authorization, SQLStandardAuthorization Reporter: Thejas M Nair Assignee: Thejas M Nair Priority: Blocker Fix For: 0.14.0 Attachments: HIVE-8534.1.patch, HIVE-8534.2.patch, HIVE-8534.3.patch, HIVE-8534.4.patch New config parameters have been introduced in hive 0.14. SQL standard authorization needs to be updated to allow some new parameters to be set, when the authorization mode is enabled. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-8534) sql std auth : update configuration whitelist for 0.14
[
https://issues.apache.org/jira/browse/HIVE-8534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14180949#comment-14180949
]
Hive QA commented on HIVE-8534:
---
{color:red}Overall{color}: -1 at least one tests failed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12676443/HIVE-8534.5.patch
{color:red}ERROR:{color} -1 due to 3 failed/errored test(s), 6578 tests executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_annotate_stats_join_pkfk
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_udaf_histogram_numeric
org.apache.hive.minikdc.TestJdbcWithMiniKdc.testNegativeTokenAuth
{noformat}
Test results:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/1404/testReport
Console output:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/1404/console
Test logs:
http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-1404/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 3 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12676443 - PreCommit-HIVE-TRUNK-Build
sql std auth : update configuration whitelist for 0.14
--
Key: HIVE-8534
URL: https://issues.apache.org/jira/browse/HIVE-8534
Project: Hive
Issue Type: Bug
Components: Authorization, SQLStandardAuthorization
Reporter: Thejas M Nair
Assignee: Thejas M Nair
Priority: Blocker
Fix For: 0.14.0
Attachments: HIVE-8534.1.patch, HIVE-8534.2.patch, HIVE-8534.3.patch,
HIVE-8534.4.patch, HIVE-8534.5.patch
New config parameters have been introduced in hive 0.14. SQL standard
authorization needs to be updated to allow some new parameters to be set,
when the authorization mode is enabled.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-8534) sql std auth : update configuration whitelist for 0.14
[
https://issues.apache.org/jira/browse/HIVE-8534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14178258#comment-14178258
]
Hive QA commented on HIVE-8534:
---
{color:red}Overall{color}: -1 at least one tests failed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12676024/HIVE-8534.1.patch
{color:red}ERROR:{color} -1 due to 2 failed/errored test(s), 6568 tests executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestNegativeCliDriver.testNegativeCliDriver_authorization_disallow_transform
org.apache.hive.minikdc.TestJdbcWithMiniKdc.testNegativeTokenAuth
{noformat}
Test results:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/1371/testReport
Console output:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/1371/console
Test logs:
http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-1371/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 2 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12676024 - PreCommit-HIVE-TRUNK-Build
sql std auth : update configuration whitelist for 0.14
--
Key: HIVE-8534
URL: https://issues.apache.org/jira/browse/HIVE-8534
Project: Hive
Issue Type: Bug
Components: Authorization, SQLStandardAuthorization
Reporter: Thejas M Nair
Assignee: Thejas M Nair
Priority: Blocker
Fix For: 0.14.0
Attachments: HIVE-8534.1.patch
New config parameters have been introduced in hive 0.14. SQL standard
authorization needs to be updated to allow some new parameters to be set,
when the authorization mode is enabled.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-8534) sql std auth : update configuration whitelist for 0.14
[ https://issues.apache.org/jira/browse/HIVE-8534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14178684#comment-14178684 ] Gunther Hagleitner commented on HIVE-8534: -- [~thejas] do you have a rb link? sql std auth : update configuration whitelist for 0.14 -- Key: HIVE-8534 URL: https://issues.apache.org/jira/browse/HIVE-8534 Project: Hive Issue Type: Bug Components: Authorization, SQLStandardAuthorization Reporter: Thejas M Nair Assignee: Thejas M Nair Priority: Blocker Fix For: 0.14.0 Attachments: HIVE-8534.1.patch New config parameters have been introduced in hive 0.14. SQL standard authorization needs to be updated to allow some new parameters to be set, when the authorization mode is enabled. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-8534) sql std auth : update configuration whitelist for 0.14
[
https://issues.apache.org/jira/browse/HIVE-8534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14179297#comment-14179297
]
Hive QA commented on HIVE-8534:
---
{color:red}Overall{color}: -1 at least one tests failed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12676143/HIVE-8534.2.patch
{color:red}ERROR:{color} -1 due to 2 failed/errored test(s), 6575 tests executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_udaf_histogram_numeric
org.apache.hive.minikdc.TestJdbcWithMiniKdc.testNegativeTokenAuth
{noformat}
Test results:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/1377/testReport
Console output:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/1377/console
Test logs:
http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-1377/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 2 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12676143 - PreCommit-HIVE-TRUNK-Build
sql std auth : update configuration whitelist for 0.14
--
Key: HIVE-8534
URL: https://issues.apache.org/jira/browse/HIVE-8534
Project: Hive
Issue Type: Bug
Components: Authorization, SQLStandardAuthorization
Reporter: Thejas M Nair
Assignee: Thejas M Nair
Priority: Blocker
Fix For: 0.14.0
Attachments: HIVE-8534.1.patch, HIVE-8534.2.patch
New config parameters have been introduced in hive 0.14. SQL standard
authorization needs to be updated to allow some new parameters to be set,
when the authorization mode is enabled.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (HIVE-8534) sql std auth : update configuration whitelist for 0.14
[ https://issues.apache.org/jira/browse/HIVE-8534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14179592#comment-14179592 ] Lefty Leverenz commented on HIVE-8534: -- +1 (just for parameter descriptions) sql std auth : update configuration whitelist for 0.14 -- Key: HIVE-8534 URL: https://issues.apache.org/jira/browse/HIVE-8534 Project: Hive Issue Type: Bug Components: Authorization, SQLStandardAuthorization Reporter: Thejas M Nair Assignee: Thejas M Nair Priority: Blocker Fix For: 0.14.0 Attachments: HIVE-8534.1.patch, HIVE-8534.2.patch, HIVE-8534.3.patch, HIVE-8534.4.patch New config parameters have been introduced in hive 0.14. SQL standard authorization needs to be updated to allow some new parameters to be set, when the authorization mode is enabled. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-8534) sql std auth : update configuration whitelist for 0.14
[ https://issues.apache.org/jira/browse/HIVE-8534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14179594#comment-14179594 ] Thejas M Nair commented on HIVE-8534: - [~hagleitn] I have moved setting of the regex param value to HiveConf, but I am still using the ConfVar list to generate the regex instead of putting a hardcoded flattened string there, as I feel using the ConfVar list is less error prone. Let me know what you think. sql std auth : update configuration whitelist for 0.14 -- Key: HIVE-8534 URL: https://issues.apache.org/jira/browse/HIVE-8534 Project: Hive Issue Type: Bug Components: Authorization, SQLStandardAuthorization Reporter: Thejas M Nair Assignee: Thejas M Nair Priority: Blocker Fix For: 0.14.0 Attachments: HIVE-8534.1.patch, HIVE-8534.2.patch, HIVE-8534.3.patch, HIVE-8534.4.patch New config parameters have been introduced in hive 0.14. SQL standard authorization needs to be updated to allow some new parameters to be set, when the authorization mode is enabled. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-8534) sql std auth : update configuration whitelist for 0.14
[ https://issues.apache.org/jira/browse/HIVE-8534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14177923#comment-14177923 ] Thejas M Nair commented on HIVE-8534: - To make it easier to manage the whitelist, the patch now supports whitelist. The change is backward compatible for this config param use. Also adds support for an extra parameter, that lets users add additional parameters to whitelist, instead of having to customize the entire list. Also updates the config with restrictions only if authorization is enabled. sql std auth : update configuration whitelist for 0.14 -- Key: HIVE-8534 URL: https://issues.apache.org/jira/browse/HIVE-8534 Project: Hive Issue Type: Bug Components: Authorization, SQLStandardAuthorization Reporter: Thejas M Nair Assignee: Thejas M Nair Priority: Blocker Fix For: 0.14.0 Attachments: HIVE-8534.1.patch New config parameters have been introduced in hive 0.14. SQL standard authorization needs to be updated to allow some new parameters to be set, when the authorization mode is enabled. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-8534) sql std auth : update configuration whitelist for 0.14
[
https://issues.apache.org/jira/browse/HIVE-8534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14177943#comment-14177943
]
Lefty Leverenz commented on HIVE-8534:
--
My eagle eye spots an extra space between two words:
{code}
++ regexes can be modified by user when sql std auth is enabled.
Default value is
{code}
And would you please spell out sql std auth?
Also, most parameter descriptions in HiveConf.java put the + for concatenating
strings at the end of a line, not at the beginning of the next line. And
newlines would be good for long descriptions.
And while I'm quibbling, how about capitalizing java here:
{code}
+List of comma separated java regexes, to be appended to list set in
{code}
sql std auth : update configuration whitelist for 0.14
--
Key: HIVE-8534
URL: https://issues.apache.org/jira/browse/HIVE-8534
Project: Hive
Issue Type: Bug
Components: Authorization, SQLStandardAuthorization
Reporter: Thejas M Nair
Assignee: Thejas M Nair
Priority: Blocker
Fix For: 0.14.0
Attachments: HIVE-8534.1.patch
New config parameters have been introduced in hive 0.14. SQL standard
authorization needs to be updated to allow some new parameters to be set,
when the authorization mode is enabled.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
