[NIFI-5714] Hive[3]ConnectionPool - Kerberos Authentication issue/misleading - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.9.0
Component/s: Extensions
Labels:
None

Description

In HiveConnectionPool and Hive3ConnectionPool, in the @OnEnabled method, we have:

log.info("Hive Security Enabled, logging in as principal {} with keytab {}", new Object[] {resolvedPrincipal, resolvedKeytab});
try {
    ugi = hiveConfigurator.authenticate(hiveConfig, resolvedPrincipal, resolvedKeytab);
} catch (AuthenticationFailedException ae) {
    log.error(ae.getMessage(), ae);
}
getLogger().info("Successfully logged in as principal {} with keytab {}", new Object[] {resolvedPrincipal, resolvedKeytab});

Which causes two issues:

we're logging the successful message even though the authentication failed
the Hive connection is created using the NiFi user identity (this would need to be confirmed but that's what I observed during a test - it could be due to the environment though)

In my opinion, an InitializationException should be thrown so that the controller service is not enabled.

Attachments

Issue Links

links to

GitHub Pull Request #3086

Activity

People

Assignee:: Pierre Villard

Reporter:: Pierre Villard

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 16/Oct/18 22:03

Updated:: 24/Oct/18 17:39

Resolved:: 24/Oct/18 17:39