Hive
  1. Hive
  2. HIVE-3805

Resolve TODO in TUGIBasedProcessor

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.11.0
    • Fix Version/s: 0.11.0
    • Component/s: Metastore
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      There's a TODO in TUGIBasedProcessor

      // TODO get rid of following reflection after THRIFT-1465 is fixed.

      Now that we have upgraded to Thrift 9 THRIFT-1465 is available.

      This will also fix an issue where fb303 counters cannot be collected if the TUGIBasedProcessor is used.

        Issue Links

          Activity

          Show
          Kevin Wilfong added a comment - https://reviews.facebook.net/D7407
          Hide
          Ashutosh Chauhan added a comment - - edited

          If you look at hiveserver2 implementation over at HIVE-2935, it has an implementation of Plain sasl server. Plain server means sasl server doesn't use kerberos (or any authentication mechanism) for authenticating thrift client and at the same time client transfers end user identity to server. Server just trusts client, since its unsecure mode anyways. This Sasl server is used for thrift client and server transport in HiveServer2. That is much more cleaner approach than the current implementation which is really hacky which does an rpc call to transfer ugi (introduced in HIVE-2616 ), instead of transferring it at connection setup time. Though, current hacky approach works, its a twisted design and harder to understand. If there is any interest in wider adoption of transferring ugi for unsecure connection between thrift client and server, we should use HS2 mechanism. Further, since HiveServer2 already uses that, we will have parity in transport layer between HS2 client-server transport and metastore client-server transport. That way we can reuse code between these two transports, instead of having two parallel implementations of same feature.

          Show
          Ashutosh Chauhan added a comment - - edited If you look at hiveserver2 implementation over at HIVE-2935 , it has an implementation of Plain sasl server. Plain server means sasl server doesn't use kerberos (or any authentication mechanism) for authenticating thrift client and at the same time client transfers end user identity to server. Server just trusts client, since its unsecure mode anyways. This Sasl server is used for thrift client and server transport in HiveServer2. That is much more cleaner approach than the current implementation which is really hacky which does an rpc call to transfer ugi (introduced in HIVE-2616 ), instead of transferring it at connection setup time. Though, current hacky approach works, its a twisted design and harder to understand. If there is any interest in wider adoption of transferring ugi for unsecure connection between thrift client and server, we should use HS2 mechanism. Further, since HiveServer2 already uses that, we will have parity in transport layer between HS2 client-server transport and metastore client-server transport. That way we can reuse code between these two transports, instead of having two parallel implementations of same feature.
          Hide
          Kevin Wilfong added a comment -

          Thanks for pointing that out Ashutosh. We will likely be interested in something like that in the near future.

          In the immediate future, we just have one use case for which this quick and dirty solution should be sufficient.

          Show
          Kevin Wilfong added a comment - Thanks for pointing that out Ashutosh. We will likely be interested in something like that in the near future. In the immediate future, we just have one use case for which this quick and dirty solution should be sufficient.
          Hide
          Ashutosh Chauhan added a comment -

          Ok. I am fine with this current patch. We can track correct fix in a separate jira.

          Show
          Ashutosh Chauhan added a comment - Ok. I am fine with this current patch. We can track correct fix in a separate jira.
          Hide
          Namit Jain added a comment -

          +1

          Show
          Namit Jain added a comment - +1
          Hide
          Namit Jain added a comment -

          Committed. Thanks Kevin

          Show
          Namit Jain added a comment - Committed. Thanks Kevin
          Hide
          Hudson added a comment -

          Integrated in Hive-trunk-h0.21 #1893 (See https://builds.apache.org/job/Hive-trunk-h0.21/1893/)
          HIVE-3805 Resolve TODO in TUGIBasedProcessor
          (Kevin Wilfong via namit) (Revision 1428705)

          Result = SUCCESS
          namit : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1428705
          Files :

          • /hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
          Show
          Hudson added a comment - Integrated in Hive-trunk-h0.21 #1893 (See https://builds.apache.org/job/Hive-trunk-h0.21/1893/ ) HIVE-3805 Resolve TODO in TUGIBasedProcessor (Kevin Wilfong via namit) (Revision 1428705) Result = SUCCESS namit : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1428705 Files : /hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
          Hide
          Hudson added a comment -

          Integrated in Hive-trunk-hadoop2 #54 (See https://builds.apache.org/job/Hive-trunk-hadoop2/54/)
          HIVE-3805 Resolve TODO in TUGIBasedProcessor
          (Kevin Wilfong via namit) (Revision 1428705)

          Result = ABORTED
          namit : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1428705
          Files :

          • /hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
          Show
          Hudson added a comment - Integrated in Hive-trunk-hadoop2 #54 (See https://builds.apache.org/job/Hive-trunk-hadoop2/54/ ) HIVE-3805 Resolve TODO in TUGIBasedProcessor (Kevin Wilfong via namit) (Revision 1428705) Result = ABORTED namit : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1428705 Files : /hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java

            People

            • Assignee:
              Kevin Wilfong
              Reporter:
              Kevin Wilfong
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development