Review Request 56543: ATLAS-1546 : Hive hook should choose appropriate JAAS config if host uses kerberos ticket-cache

Fri, 10 Feb 2017 06:27:01 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56543/
-----------------------------------------------------------

Review request for atlas, keval bhatt, Madhan Neethiraj, Suma Shivaprasad, and 
Vimal Sharma.


Bugs: ATLAS-1546
    https://issues.apache.org/jira/browse/ATLAS-1546


Repository: atlas


Description
-------

In a kerberized environment, Atlas hook uses JAAS configuration section named 
"KakfaClient" to authenticate with Kafka broker. In a typical Hive deployment 
this configuration section is set to use the keytab and principal of 
HiveServer2 process. The hook running in HiveCLI might fail to authenticate 
with Kafka if the user can't read the configured keytab.
Given that HiveCLI users would have performed kinit, the hook in HiveCLI should 
use the ticket-cache generated by kinit. When ticket cache is not available 
(for example in HiveServer2), the hook should use the configuration provided in 
KafkaClient JAAS section.


Atlas Jaas properties

atlas.jaas.ticketBased-KafkaClient.loginModuleControlFlag=required
atlas.jaas.ticketBased-KafkaClient.loginModuleName=com.sun.security.auth.module.Krb5LoginModule
atlas.jaas.ticketBased-KafkaClient.option.useTicketCache=true


Diffs
-----

  common/src/main/java/org/apache/atlas/security/InMemoryJAASConfiguration.java 
ff80eca 
  
common/src/test/java/org/apache/atlas/security/InMemoryJAASConfigurationTicketBasedKafkaClientTest.java
 PRE-CREATION 
  common/src/test/resources/atlas-jaas.properties 90a5682 
  notification/src/main/java/org/apache/atlas/hook/AtlasHook.java 0534910 

Diff: https://reviews.apache.org/r/56543/diff/


Testing
-------

Maven build completed without issue & executed mvn clean install and all the 
testcases are passing except few.
Added a new unit testcase for TicketBasedKafkaClient.

Deployed the new jars ( atlas-common & atlas-notification 
in??/usr/hdp/current/atlas-client/hook/hive/atlas-hive-plugin-impl/ and tested 
hive hook on secure and simple env for HiveCli,Beeline clients. Entities on 
Atlas are created  for tables created in Hive.


Thanks,

Nixon Rodrigues

Reply via email to