[jira] [Updated] (HIVE-13867) restore HiveAuthorizer interface changes
[ https://issues.apache.org/jira/browse/HIVE-13867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jesus Camacho Rodriguez updated HIVE-13867: --- Fix Version/s: (was: 2.2.0) > restore HiveAuthorizer interface changes > > > Key: HIVE-13867 > URL: https://issues.apache.org/jira/browse/HIVE-13867 > Project: Hive > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Thejas M Nair >Assignee: Thejas M Nair >Priority: Blocker > Fix For: 2.1.0 > > Attachments: HIVE-13867.1.patch > > > TLDR: Some of the changes to hive authorizer interface made as part of > HIVE-13360 are inappropriate and need to be restored. > Regarding the move of ip address from the query context object > (HiveAuthzContext) to HiveAuthenticationProvider. That isn't the right place > for it. > In HS2 HTTP mode, when proxies and knox servers are between end user and HS2 > , every request for single session does not have to come via a single IP > address. > Current assumption in hive code base is that the IP address is valid for the > entire session. This might not hold true for ever. > A limitation in HS2 that it holds state for the session would currently force > the user configure proxies and knox to remember which next Host it was using, > because they need to have state to remember the HS2 instance to be used! But > that is a limitation that ideally goes away some day, and when that happens, > HiveAuthzContext would be the right place for keeping the IP address! -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HIVE-13867) restore HiveAuthorizer interface changes
[ https://issues.apache.org/jira/browse/HIVE-13867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sushanth Sowmyan updated HIVE-13867: Resolution: Fixed Fix Version/s: 2.2.0 2.1.0 Status: Resolved (was: Patch Available) Committed to branch-2.1 and master. > restore HiveAuthorizer interface changes > > > Key: HIVE-13867 > URL: https://issues.apache.org/jira/browse/HIVE-13867 > Project: Hive > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Thejas M Nair >Assignee: Thejas M Nair >Priority: Blocker > Fix For: 2.1.0, 2.2.0 > > Attachments: HIVE-13867.1.patch > > > TLDR: Some of the changes to hive authorizer interface made as part of > HIVE-13360 are inappropriate and need to be restored. > Regarding the move of ip address from the query context object > (HiveAuthzContext) to HiveAuthenticationProvider. That isn't the right place > for it. > In HS2 HTTP mode, when proxies and knox servers are between end user and HS2 > , every request for single session does not have to come via a single IP > address. > Current assumption in hive code base is that the IP address is valid for the > entire session. This might not hold true for ever. > A limitation in HS2 that it holds state for the session would currently force > the user configure proxies and knox to remember which next Host it was using, > because they need to have state to remember the HS2 instance to be used! But > that is a limitation that ideally goes away some day, and when that happens, > HiveAuthzContext would be the right place for keeping the IP address! -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HIVE-13867) restore HiveAuthorizer interface changes
[ https://issues.apache.org/jira/browse/HIVE-13867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sushanth Sowmyan updated HIVE-13867: Assignee: Thejas M Nair (was: Sushanth Sowmyan) > restore HiveAuthorizer interface changes > > > Key: HIVE-13867 > URL: https://issues.apache.org/jira/browse/HIVE-13867 > Project: Hive > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Thejas M Nair >Assignee: Thejas M Nair >Priority: Blocker > Attachments: HIVE-13867.1.patch > > > TLDR: Some of the changes to hive authorizer interface made as part of > HIVE-13360 are inappropriate and need to be restored. > Regarding the move of ip address from the query context object > (HiveAuthzContext) to HiveAuthenticationProvider. That isn't the right place > for it. > In HS2 HTTP mode, when proxies and knox servers are between end user and HS2 > , every request for single session does not have to come via a single IP > address. > Current assumption in hive code base is that the IP address is valid for the > entire session. This might not hold true for ever. > A limitation in HS2 that it holds state for the session would currently force > the user configure proxies and knox to remember which next Host it was using, > because they need to have state to remember the HS2 instance to be used! But > that is a limitation that ideally goes away some day, and when that happens, > HiveAuthzContext would be the right place for keeping the IP address! -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HIVE-13867) restore HiveAuthorizer interface changes
[ https://issues.apache.org/jira/browse/HIVE-13867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thejas M Nair updated HIVE-13867: - Affects Version/s: 2.1.0 Status: Patch Available (was: Open) > restore HiveAuthorizer interface changes > > > Key: HIVE-13867 > URL: https://issues.apache.org/jira/browse/HIVE-13867 > Project: Hive > Issue Type: Bug >Affects Versions: 2.1.0 >Reporter: Thejas M Nair >Assignee: Sushanth Sowmyan >Priority: Blocker > Attachments: HIVE-13867.1.patch > > > TLDR: Some of the changes to hive authorizer interface made as part of > HIVE-13360 are inappropriate and need to be restored. > Regarding the move of ip address from the query context object > (HiveAuthzContext) to HiveAuthenticationProvider. That isn't the right place > for it. > In HS2 HTTP mode, when proxies and knox servers are between end user and HS2 > , every request for single session does not have to come via a single IP > address. > Current assumption in hive code base is that the IP address is valid for the > entire session. This might not hold true for ever. > A limitation in HS2 that it holds state for the session would currently force > the user configure proxies and knox to remember which next Host it was using, > because they need to have state to remember the HS2 instance to be used! But > that is a limitation that ideally goes away some day, and when that happens, > HiveAuthzContext would be the right place for keeping the IP address! -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HIVE-13867) restore HiveAuthorizer interface changes
[ https://issues.apache.org/jira/browse/HIVE-13867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thejas M Nair updated HIVE-13867: - Attachment: HIVE-13867.1.patch The patch restores HiveAuthzContext.java in the api (which had been renamed to QueryContext.java). It also brings back the getIPAddress method back to HiveAuthzContext/QueryContext > restore HiveAuthorizer interface changes > > > Key: HIVE-13867 > URL: https://issues.apache.org/jira/browse/HIVE-13867 > Project: Hive > Issue Type: Bug >Reporter: Thejas M Nair >Assignee: Sushanth Sowmyan >Priority: Blocker > Attachments: HIVE-13867.1.patch > > > TLDR: Some of the changes to hive authorizer interface made as part of > HIVE-13360 are inappropriate and need to be restored. > Regarding the move of ip address from the query context object > (HiveAuthzContext) to HiveAuthenticationProvider. That isn't the right place > for it. > In HS2 HTTP mode, when proxies and knox servers are between end user and HS2 > , every request for single session does not have to come via a single IP > address. > Current assumption in hive code base is that the IP address is valid for the > entire session. This might not hold true for ever. > A limitation in HS2 that it holds state for the session would currently force > the user configure proxies and knox to remember which next Host it was using, > because they need to have state to remember the HS2 instance to be used! But > that is a limitation that ideally goes away some day, and when that happens, > HiveAuthzContext would be the right place for keeping the IP address! -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HIVE-13867) restore HiveAuthorizer interface changes
[ https://issues.apache.org/jira/browse/HIVE-13867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thejas M Nair updated HIVE-13867: - Assignee: Sushanth Sowmyan (was: Thejas M Nair) > restore HiveAuthorizer interface changes > > > Key: HIVE-13867 > URL: https://issues.apache.org/jira/browse/HIVE-13867 > Project: Hive > Issue Type: Bug >Reporter: Thejas M Nair >Assignee: Sushanth Sowmyan >Priority: Blocker > > TLDR: Some of the changes to hive authorizer interface made as part of > HIVE-13360 are inappropriate and need to be restored. > Regarding the move of ip address from the query context object > (HiveAuthzContext) to HiveAuthenticationProvider. That isn't the right place > for it. > In HS2 HTTP mode, when proxies and knox servers are between end user and HS2 > , every request for single session does not have to come via a single IP > address. > Current assumption in hive code base is that the IP address is valid for the > entire session. This might not hold true for ever. > A limitation in HS2 that it holds state for the session would currently force > the user configure proxies and knox to remember which next Host it was using, > because they need to have state to remember the HS2 instance to be used! But > that is a limitation that ideally goes away some day, and when that happens, > HiveAuthzContext would be the right place for keeping the IP address! -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (HIVE-13867) restore HiveAuthorizer interface changes
[ https://issues.apache.org/jira/browse/HIVE-13867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thejas M Nair updated HIVE-13867: - Description: TLDR: Some of the changes to hive authorizer interface made as part of HIVE-13360 are inappropriate and need to be restored. Regarding the move of ip address from the query context object (HiveAuthzContext) to HiveAuthenticationProvider. That isn't the right place for it. In HS2 HTTP mode, when proxies and knox servers are between end user and HS2 , every request for single session does not have to come via a single IP address. Current assumption in hive code base is that the IP address is valid for the entire session. This might not hold true for ever. A limitation in HS2 that it holds state for the session would currently force the user configure proxies and knox to remember which next Host it was using, because they need to have state to remember the HS2 instance to be used! But that is a limitation that ideally goes away some day, and when that happens, HiveAuthzContext would be the right place for keeping the IP address! was: TLDR: Some of the changes to hive authorizer interface made as part of HIVE-13360 are inappropriate and need to be restored. Pasting comments from Thejas in an email: Regarding the plans to move ip address from the query context object (HiveAuthzContext) to HiveAuthenticationProvider. I don't think that is a clear right place for it. In HS2 HTTP mode, when proxies and knox servers are between end user and HS2 , every request for single session does not have to come via a single IP address. Current assumption in hive code base is that the IP address is valid for the entire session. This might not hold true for ever. A limitation in HS2 that it holds state for the session would currently force the user configure proxies and knox to remember which next Host it was using, because they need to have state to remember the HS2 instance to be used! But that is a limitation that ideally goes away some day, and when that happens, HiveAuthzContext would be the right place for keeping the IP address! > restore HiveAuthorizer interface changes > > > Key: HIVE-13867 > URL: https://issues.apache.org/jira/browse/HIVE-13867 > Project: Hive > Issue Type: Bug >Reporter: Thejas M Nair >Priority: Blocker > > TLDR: Some of the changes to hive authorizer interface made as part of > HIVE-13360 are inappropriate and need to be restored. > Regarding the move of ip address from the query context object > (HiveAuthzContext) to HiveAuthenticationProvider. That isn't the right place > for it. > In HS2 HTTP mode, when proxies and knox servers are between end user and HS2 > , every request for single session does not have to come via a single IP > address. > Current assumption in hive code base is that the IP address is valid for the > entire session. This might not hold true for ever. > A limitation in HS2 that it holds state for the session would currently force > the user configure proxies and knox to remember which next Host it was using, > because they need to have state to remember the HS2 instance to be used! But > that is a limitation that ideally goes away some day, and when that happens, > HiveAuthzContext would be the right place for keeping the IP address! -- This message was sent by Atlassian JIRA (v6.3.4#6332)
