Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-18024

Driver.compile() should fallback to SessionState.getUserName() when userName=null

    XMLWordPrintableJSON

    Details

    • Flags:
      Patch

      Description

      When Driver.compile() is invoked for the execution of a hive command. A HiveSemanticAnalyzerHookContext will be initialized and later used by a HiveSemanticAnalyzerHook for various purposes (e.g. when integrated with Apache Sentry, its HiveSemanticAnalyzerHook can authorize this command)

      In current versions, the data in this HiveSemanticAnalyzerHookContext will come from different and inconsistent resources. e.g. ipAddress will be copied from SessionState.getUserIPAddress, but userName will be copied from Driver.userName.

      This has effectively caused HiveSemanticAnalyzerHook to be useless for several authentication/authorization patterns. E.g. When hive.security.authentication.manager is set to SessionStateUserAuthenticator, the userName carried by such SessionState will be invisible to the Hook, which may cause it to yield incorrect result(s).

      proposed fix: when Driver.userName=null, the userName of HiveSemanticAnalyzerHookContext should be set to SessionState.get().getUserName() as a fallback measure.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              peng Peng Cheng
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: