Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-6738

HiveServer2 secure Thrift/HTTP needs to accept doAs parameter from proxying intermediary

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.13.0
    • Fix Version/s: 0.13.0
    • Component/s: HiveServer2
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      See already implemented JIra
      https://issues.apache.org/jira/browse/HIVE-5155
      Support secure proxy user access to HiveServer2

      That fix expects the hive.server2.proxy.user parameter to come in Thrift body.

      When an intermediary gateway like Apache Knox is authenticating the end client and then proxying the request to HiveServer2, it is not practical for the intermediary like Apache Knox to modify thrift content.

      Intermediary like Apache Knox should be able to assert doAs in a query parameter. This paradigm is already established by other Hadoop ecosystem components like WebHDFS, WebHCat, Oozie and HBase and Hive needs to be aligned with them.

      The doAs asserted in query parameter should override if doAs specified in Thrift body.

        Attachments

        1. HIVE-6738.1.patch
          6 kB
          Dilli Arumugam
        2. hive-6738-req-impl-verify-rev1.md
          4 kB
          Dilli Arumugam
        3. HIVE-6738.patch
          6 kB
          Dilli Arumugam
        4. hive-6738-req-impl-verify.md
          4 kB
          Dilli Arumugam

          Issue Links

            Activity

              People

              • Assignee:
                darumugam Dilli Arumugam
                Reporter:
                darumugam Dilli Arumugam
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: