[jira] [Commented] (HIVE-18841) Support authorization of UDF usage in hive
[ https://issues.apache.org/jira/browse/HIVE-18841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16426013#comment-16426013 ] Thejas M Nair commented on HIVE-18841: -- 2.patch - Updated q.out files, fixed checkstyle issues > Support authorization of UDF usage in hive > -- > > Key: HIVE-18841 > URL: https://issues.apache.org/jira/browse/HIVE-18841 > Project: Hive > Issue Type: New Feature >Reporter: Thejas M Nair >Assignee: Thejas M Nair >Priority: Critical > Attachments: HIVE-18841.1.patch, HIVE-18841.1.patch, > HIVE-18841.2.patch > > > It should be possible to create authorization policies on UDF usage. > ie, it should be possible to control who can use certain UDF in their queries. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-18841) Support authorization of UDF usage in hive
[ https://issues.apache.org/jira/browse/HIVE-18841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16423634#comment-16423634 ] Hive QA commented on HIVE-18841: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12917234/HIVE-18841.1.patch {color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified. {color:red}ERROR:{color} -1 due to 219 failed/errored test(s), 13695 tests executed *Failed tests:* {noformat} TestCopyUtils - did not produce a TEST-*.xml file (likely timed out) (batchId=230) TestDbNotificationListener - did not produce a TEST-*.xml file (likely timed out) (batchId=246) TestExportImport - did not produce a TEST-*.xml file (likely timed out) (batchId=230) TestHCatHiveCompatibility - did not produce a TEST-*.xml file (likely timed out) (batchId=246) TestNegativeCliDriver - did not produce a TEST-*.xml file (likely timed out) (batchId=96)
[jira] [Commented] (HIVE-18841) Support authorization of UDF usage in hive
[ https://issues.apache.org/jira/browse/HIVE-18841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16423576#comment-16423576 ] Hive QA commented on HIVE-18841: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || || || || || {color:brown} Prechecks {color} || | {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m 0s{color} | {color:blue} Findbugs executables are not available. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | || || || || {color:brown} master Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 49s{color} | {color:blue} Maven dependency ordering for branch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m 25s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m 57s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 1m 6s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 31s{color} | {color:green} master passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 9s{color} | {color:blue} Maven dependency ordering for patch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 2m 19s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m 54s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 1m 54s{color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 0m 18s{color} | {color:red} itests/hive-unit: The patch generated 2 new + 12 unchanged - 1 fixed = 14 total (was 13) {color} | | {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 0m 47s{color} | {color:red} ql: The patch generated 2 new + 554 unchanged - 2 fixed = 556 total (was 556) {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 31s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} asflicense {color} | {color:red} 0m 15s{color} | {color:red} The patch generated 49 ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 20m 29s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Optional Tests | asflicense javac javadoc findbugs checkstyle compile | | uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux | | Build tool | maven | | Personality | /data/hiveptest/working/yetus_PreCommit-HIVE-Build-9968/dev-support/hive-personality.sh | | git revision | master / ad9852c | | Default Java | 1.8.0_111 | | checkstyle | http://104.198.109.242/logs//PreCommit-HIVE-Build-9968/yetus/diff-checkstyle-itests_hive-unit.txt | | checkstyle | http://104.198.109.242/logs//PreCommit-HIVE-Build-9968/yetus/diff-checkstyle-ql.txt | | asflicense | http://104.198.109.242/logs//PreCommit-HIVE-Build-9968/yetus/patch-asflicense-problems.txt | | modules | C: itests/hive-unit ql U: . | | Console output | http://104.198.109.242/logs//PreCommit-HIVE-Build-9968/yetus.txt | | Powered by | Apache Yetushttp://yetus.apache.org | This message was automatically generated. > Support authorization of UDF usage in hive > -- > > Key: HIVE-18841 > URL: https://issues.apache.org/jira/browse/HIVE-18841 > Project: Hive > Issue Type: New Feature >Reporter: Thejas M Nair >Assignee: Thejas M Nair >Priority: Critical > Attachments: HIVE-18841.1.patch, HIVE-18841.1.patch > > > It should be possible to create authorization policies on UDF usage. > ie, it should be possible to control who can use certain UDF in their queries. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-18841) Support authorization of UDF usage in hive
[ https://issues.apache.org/jira/browse/HIVE-18841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16423550#comment-16423550 ] Hive QA commented on HIVE-18841: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12917234/HIVE-18841.1.patch {color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified. {color:red}ERROR:{color} -1 due to 200 failed/errored test(s), 13221 tests executed *Failed tests:* {noformat} TestBeeLineExceptionHandling - did not produce a TEST-*.xml file (likely timed out) (batchId=190) TestBeeLineHistory - did not produce a TEST-*.xml file (likely timed out) (batchId=190) TestBeelineArgParsing - did not produce a TEST-*.xml file (likely timed out) (batchId=190) TestClientCommandHookFactory - did not produce a TEST-*.xml file (likely timed out) (batchId=190) TestCopyUtils - did not produce a TEST-*.xml file (likely timed out) (batchId=230) TestDbNotificationListener - did not produce a TEST-*.xml file (likely timed out) (batchId=246) TestExportImport - did not produce a TEST-*.xml file (likely timed out) (batchId=230) TestHCatHiveCompatibility - did not produce a TEST-*.xml file (likely timed out) (batchId=246) TestHiveCli - did not produce a TEST-*.xml file (likely timed out) (batchId=190) TestHiveSchemaTool - did not produce a TEST-*.xml file (likely timed out) (batchId=190) TestIncrementalRows - did not produce a TEST-*.xml file (likely timed out) (batchId=190) TestNegativeCliDriver - did not produce a TEST-*.xml file (likely timed out) (batchId=95)
[jira] [Commented] (HIVE-18841) Support authorization of UDF usage in hive
[ https://issues.apache.org/jira/browse/HIVE-18841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16423492#comment-16423492 ] Hive QA commented on HIVE-18841: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || || || || || {color:brown} Prechecks {color} || | {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m 0s{color} | {color:blue} Findbugs executables are not available. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | || || || || {color:brown} master Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 45s{color} | {color:blue} Maven dependency ordering for branch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m 54s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m 58s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 1m 6s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 32s{color} | {color:green} master passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 9s{color} | {color:blue} Maven dependency ordering for patch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 2m 33s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 2m 0s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 2m 0s{color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 0m 18s{color} | {color:red} itests/hive-unit: The patch generated 2 new + 12 unchanged - 1 fixed = 14 total (was 13) {color} | | {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 0m 49s{color} | {color:red} ql: The patch generated 2 new + 554 unchanged - 2 fixed = 556 total (was 556) {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 30s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} asflicense {color} | {color:red} 0m 15s{color} | {color:red} The patch generated 49 ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 21m 21s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Optional Tests | asflicense javac javadoc findbugs checkstyle compile | | uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux | | Build tool | maven | | Personality | /data/hiveptest/working/yetus_PreCommit-HIVE-Build-9967/dev-support/hive-personality.sh | | git revision | master / ad9852c | | Default Java | 1.8.0_111 | | checkstyle | http://104.198.109.242/logs//PreCommit-HIVE-Build-9967/yetus/diff-checkstyle-itests_hive-unit.txt | | checkstyle | http://104.198.109.242/logs//PreCommit-HIVE-Build-9967/yetus/diff-checkstyle-ql.txt | | asflicense | http://104.198.109.242/logs//PreCommit-HIVE-Build-9967/yetus/patch-asflicense-problems.txt | | modules | C: itests/hive-unit ql U: . | | Console output | http://104.198.109.242/logs//PreCommit-HIVE-Build-9967/yetus.txt | | Powered by | Apache Yetushttp://yetus.apache.org | This message was automatically generated. > Support authorization of UDF usage in hive > -- > > Key: HIVE-18841 > URL: https://issues.apache.org/jira/browse/HIVE-18841 > Project: Hive > Issue Type: New Feature >Reporter: Thejas M Nair >Assignee: Thejas M Nair >Priority: Critical > Attachments: HIVE-18841.1.patch, HIVE-18841.1.patch > > > It should be possible to create authorization policies on UDF usage. > ie, it should be possible to control who can use certain UDF in their queries. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-18841) Support authorization of UDF usage in hive
[ https://issues.apache.org/jira/browse/HIVE-18841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16422998#comment-16422998 ] Thejas M Nair commented on HIVE-18841: -- Attaching again for test run. > Support authorization of UDF usage in hive > -- > > Key: HIVE-18841 > URL: https://issues.apache.org/jira/browse/HIVE-18841 > Project: Hive > Issue Type: New Feature >Reporter: Thejas M Nair >Assignee: Thejas M Nair >Priority: Critical > Attachments: HIVE-18841.1.patch, HIVE-18841.1.patch > > > It should be possible to create authorization policies on UDF usage. > ie, it should be possible to control who can use certain UDF in their queries. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-18841) Support authorization of UDF usage in hive
[ https://issues.apache.org/jira/browse/HIVE-18841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16421987#comment-16421987 ] Hive QA commented on HIVE-18841: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12916760/HIVE-18841.1.patch {color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified. {color:red}ERROR:{color} -1 due to 270 failed/errored test(s), 13694 tests executed *Failed tests:* {noformat} TestCopyUtils - did not produce a TEST-*.xml file (likely timed out) (batchId=230) TestDbNotificationListener - did not produce a TEST-*.xml file (likely timed out) (batchId=246) TestExportImport - did not produce a TEST-*.xml file (likely timed out) (batchId=230) TestHCatHiveCompatibility - did not produce a TEST-*.xml file (likely timed out) (batchId=246) TestNegativeCliDriver - did not produce a TEST-*.xml file (likely timed out) (batchId=95)
[jira] [Commented] (HIVE-18841) Support authorization of UDF usage in hive
[ https://issues.apache.org/jira/browse/HIVE-18841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16421958#comment-16421958 ] Hive QA commented on HIVE-18841: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || || || || || {color:brown} Prechecks {color} || | {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m 0s{color} | {color:blue} Findbugs executables are not available. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | || || || || {color:brown} master Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 49s{color} | {color:blue} Maven dependency ordering for branch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 8m 1s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 2m 0s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 1m 5s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 32s{color} | {color:green} master passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 9s{color} | {color:blue} Maven dependency ordering for patch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 2m 29s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 2m 5s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 2m 5s{color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 0m 19s{color} | {color:red} itests/hive-unit: The patch generated 2 new + 12 unchanged - 1 fixed = 14 total (was 13) {color} | | {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 0m 47s{color} | {color:red} ql: The patch generated 2 new + 554 unchanged - 2 fixed = 556 total (was 556) {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 32s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} asflicense {color} | {color:red} 0m 16s{color} | {color:red} The patch generated 49 ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 21m 29s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Optional Tests | asflicense javac javadoc findbugs checkstyle compile | | uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux | | Build tool | maven | | Personality | /data/hiveptest/working/yetus_PreCommit-HIVE-Build-9955/dev-support/hive-personality.sh | | git revision | master / 59483bc | | Default Java | 1.8.0_111 | | checkstyle | http://104.198.109.242/logs//PreCommit-HIVE-Build-9955/yetus/diff-checkstyle-itests_hive-unit.txt | | checkstyle | http://104.198.109.242/logs//PreCommit-HIVE-Build-9955/yetus/diff-checkstyle-ql.txt | | asflicense | http://104.198.109.242/logs//PreCommit-HIVE-Build-9955/yetus/patch-asflicense-problems.txt | | modules | C: itests/hive-unit ql U: . | | Console output | http://104.198.109.242/logs//PreCommit-HIVE-Build-9955/yetus.txt | | Powered by | Apache Yetushttp://yetus.apache.org | This message was automatically generated. > Support authorization of UDF usage in hive > -- > > Key: HIVE-18841 > URL: https://issues.apache.org/jira/browse/HIVE-18841 > Project: Hive > Issue Type: New Feature >Reporter: Thejas M Nair >Assignee: Thejas M Nair >Priority: Critical > Attachments: HIVE-18841.1.patch > > > It should be possible to create authorization policies on UDF usage. > ie, it should be possible to control who can use certain UDF in their queries. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-18841) Support authorization of UDF usage in hive
[ https://issues.apache.org/jira/browse/HIVE-18841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16420115#comment-16420115 ] Daniel Dai commented on HIVE-18841: --- +1 pending test. > Support authorization of UDF usage in hive > -- > > Key: HIVE-18841 > URL: https://issues.apache.org/jira/browse/HIVE-18841 > Project: Hive > Issue Type: New Feature >Reporter: Thejas M Nair >Assignee: Thejas M Nair >Priority: Critical > Attachments: HIVE-18841.1.patch > > > It should be possible to create authorization policies on UDF usage. > ie, it should be possible to control who can use certain UDF in their queries. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-18841) Support authorization of UDF usage in hive
[ https://issues.apache.org/jira/browse/HIVE-18841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16419994#comment-16419994 ] Thejas M Nair commented on HIVE-18841: -- I think we can add that as well in follow up patch, if we see asks for this. The current ask from users that we have seen is to be able to allow/deny access to permanent functions (eg encryption related ones), by name of the functions. > Support authorization of UDF usage in hive > -- > > Key: HIVE-18841 > URL: https://issues.apache.org/jira/browse/HIVE-18841 > Project: Hive > Issue Type: New Feature >Reporter: Thejas M Nair >Assignee: Thejas M Nair >Priority: Critical > Attachments: HIVE-18841.1.patch > > > It should be possible to create authorization policies on UDF usage. > ie, it should be possible to control who can use certain UDF in their queries. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-18841) Support authorization of UDF usage in hive
[ https://issues.apache.org/jira/browse/HIVE-18841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16419897#comment-16419897 ] Daniel Dai commented on HIVE-18841: --- I imagine authorize all UDFs in a particular jar might be useful, is it possible to pass function resources as a parameter to ReadEntity? > Support authorization of UDF usage in hive > -- > > Key: HIVE-18841 > URL: https://issues.apache.org/jira/browse/HIVE-18841 > Project: Hive > Issue Type: New Feature >Reporter: Thejas M Nair >Assignee: Thejas M Nair >Priority: Critical > Attachments: HIVE-18841.1.patch > > > It should be possible to create authorization policies on UDF usage. > ie, it should be possible to control who can use certain UDF in their queries. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-18841) Support authorization of UDF usage in hive
[ https://issues.apache.org/jira/browse/HIVE-18841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16419636#comment-16419636 ] Thejas M Nair commented on HIVE-18841: -- Note that only permanent UDF are passed with this patch for authorization. That would address the primary use cases for this feature (encryption related UDFs provided by 3rd party vendors/cluster admins). It doesn't make sense to do usage authorization for temporary UDF as the user already has to have permissions to create them (you have to create it every time to use it). In case of built-in UDF, a lot of these UDFs are implicitly used (eg. cast one type to another), so it doesn't make sense to authorize their usage, as it would be very confusing for users. > Support authorization of UDF usage in hive > -- > > Key: HIVE-18841 > URL: https://issues.apache.org/jira/browse/HIVE-18841 > Project: Hive > Issue Type: New Feature >Reporter: Thejas M Nair >Assignee: Thejas M Nair >Priority: Critical > Attachments: HIVE-18841.1.patch > > > It should be possible to create authorization policies on UDF usage. > ie, it should be possible to control who can use certain UDF in their queries. -- This message was sent by Atlassian JIRA (v7.6.3#76005)