diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index 5bdcac88d0..c99cc2d7b7 100644 --- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -4380,6 +4380,12 @@ private static void populateLlapDaemonVarsSet(Set llapDaemonVarsSetLocal "yarn.bin.path,"+ "spark.home", "Comma separated list of configuration options which are immutable at runtime"), + HIVE_CONF_HIDDEN_LIST_ENABLED_TEZ("hive.conf.internal.hidden.list.tez", "true", + "Whether to enable or not stripping the hidden fields for the tez tasks. Ideally the hidden " + + "fields would be managed with the command 'hadoop credentials' and setting" + + " 'hadoop.security.credential.provider.path', but this may not always be " + + "possible or it may be convenient to set them directly in the configuration " + + "file. Please be aware that setting this property to false may be a security risk"), HIVE_CONF_HIDDEN_LIST("hive.conf.hidden.list", METASTOREPWD.varname + "," + HIVE_SERVER2_SSL_KEYSTORE_PASSWORD.varname + "," + DRUID_METADATA_DB_PASSWORD.varname diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/tez/DagUtils.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/tez/DagUtils.java index de0abd1b34..e28dbd91cf 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/exec/tez/DagUtils.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/tez/DagUtils.java @@ -1354,7 +1354,12 @@ public JobConf createConfiguration(HiveConf hiveConf) throws IOException { // Removing job credential entry/ cannot be set on the tasks conf.unset("mapreduce.job.credentials.binary"); - hiveConf.stripHiddenConfigurations(conf); + + boolean stripEnabled = conf.getBoolean( + ConfVars.HIVE_CONF_HIDDEN_LIST_ENABLED_TEZ.varname, true); + if (stripEnabled) { + hiveConf.stripHiddenConfigurations(conf); + } return conf; }