[
https://issues.apache.org/jira/browse/HIVE-24751?focusedWorklogId=553589&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-553589
]
ASF GitHub Bot logged work on HIVE-24751:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 17/Feb/21 12:52
Start Date: 17/Feb/21 12:52
Worklog Time Spent: 10m
Work Description: ashish-kumar-sharma commented on a change in pull
request #1964:
URL: https://github.com/apache/hive/pull/1964#discussion_r577585597
##########
File path: service/src/java/org/apache/hive/service/server/KillQueryImpl.java
##########
@@ -116,9 +117,21 @@ public static void killChildYarnJobs(Configuration conf,
String tag, String doAs
private static boolean isAdmin() {
boolean isAdmin = false;
- if (SessionState.get().getAuthorizerV2() != null) {
+ SessionState ss = SessionState.get();
+ if(!HiveConf.getBoolVar(ss.getConf(),
HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED)) {
Review comment:
space between if and (
##########
File path: service/src/java/org/apache/hive/service/server/KillQueryImpl.java
##########
@@ -116,9 +117,21 @@ public static void killChildYarnJobs(Configuration conf,
String tag, String doAs
private static boolean isAdmin() {
boolean isAdmin = false;
- if (SessionState.get().getAuthorizerV2() != null) {
+ SessionState ss = SessionState.get();
+ if(!HiveConf.getBoolVar(ss.getConf(),
HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED)) {
+ // If authorization is disabled, hs2 process owner should have kill
privileges
try {
- SessionState.get().getAuthorizerV2()
+ String currentUser = ss.getUserName();
+ String loginUser =
UserGroupInformation.getCurrentUser().getShortUserName();
+ return (currentUser != null) && currentUser.equals(loginUser);
Review comment:
if loginUser will never be null then use "return
StringUtils.equals(currentUser, loginUser)". this will handle null values also.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 553589)
Time Spent: 20m (was: 10m)
> Workload Manager sees `No privilege` exception even when authorization is not
> enabled
> -------------------------------------------------------------------------------------
>
> Key: HIVE-24751
> URL: https://issues.apache.org/jira/browse/HIVE-24751
> Project: Hive
> Issue Type: Bug
> Affects Versions: 4.0.0
> Reporter: Nikhil Gupta
> Assignee: Nikhil Gupta
> Priority: Major
> Labels: pull-request-available
> Fix For: 4.0.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> At present it is not checked whether authorization is enabled or not for Kill
> Query access.
> This causes Workload Manager thread to end up with No privilege Exception
> when trying to kill a query in an environment where authorization is disabled.
> {code:java}
> org.apache.hadoop.hive.ql.metadata.HiveException: No privilege
> at
> org.apache.hive.service.server.KillQueryImpl.killQuery(KillQueryImpl.java:188)
> at
> org.apache.hadoop.hive.ql.exec.tez.WorkloadManager.lambda$scheduleWork$3(WorkloadManager.java:454)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: org.apache.hive.service.cli.HiveSQLException: No privilege
> at
> org.apache.hive.service.server.KillQueryImpl.killQuery(KillQueryImpl.java:167)
> ... 6 more{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
