Beispiel #1
0
  def get_security(self):
    principal = self.query_server['principal']
    impersonation_enabled = False
    ldap_username = None
    ldap_password = None

    if principal:
      kerberos_principal_short_name = principal.split('/', 1)[0]
    else:
      kerberos_principal_short_name = None

    if self.query_server['server_name'] == 'impala':
      cluster_conf = cluster.get_cluster_conf_for_job_submission()
      use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get()
      mechanism = HiveServerClient.HS2_MECHANISMS['KERBEROS']
      impersonation_enabled = self.query_server['impersonation_enabled']
    else:
      hive_mechanism = hive_site.get_hiveserver2_authentication()
      if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
        raise Exception(_('%s server authentication not supported. Valid are %s.' % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys())))
      use_sasl = hive_mechanism in ('KERBEROS', 'NONE')
      mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
      impersonation_enabled = hive_site.hiveserver2_impersonation_enabled()
      if LDAP_PASSWORD.get(): # HiveServer2 supports pass-through LDAP authentication.
        ldap_username = LDAP_USERNAME.get()
        ldap_password = LDAP_PASSWORD.get()

    return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
Beispiel #2
0
  def get_security(self):
    principal = self.query_server['principal']
    impersonation_enabled = False
    ldap_username = None
    ldap_password = None

    if principal:
      kerberos_principal_short_name = principal.split('/', 1)[0]
    else:
      kerberos_principal_short_name = None

    if self.query_server['server_name'] == 'impala':
      cluster_conf = cluster.get_cluster_conf_for_job_submission()
      use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get()
      mechanism = HiveServerClient.HS2_MECHANISMS['KERBEROS']
      impersonation_enabled = self.query_server['impersonation_enabled']
    else:
      hive_mechanism = hive_site.get_hiveserver2_authentication()
      if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
        raise Exception(_('%s server authentication not supported. Valid are %s.' % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys())))
      use_sasl = hive_mechanism in ('KERBEROS', 'NONE')
      mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
      impersonation_enabled = hive_site.hiveserver2_impersonation_enabled()
      if LDAP_PASSWORD.get(): # HiveServer2 supports pass-through LDAP authentication.
        ldap_username = LDAP_USERNAME.get()
        ldap_password = LDAP_PASSWORD.get()

    return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
Beispiel #3
0
    def open_session(self, user):
        kwargs = {
            'client_protocol': 4,  ##TODO: support latest column protocol
            'username': user.
            username,  # If SASL, it gets the username from the authentication mechanism" since it dependents on it.
            'configuration': {},
        }

        if self.impersonation_enabled:
            kwargs.update({'username': '******'})

            if self.query_server[
                    'server_name'] == 'impala':  # Only when Impala accepts it
                kwargs['configuration'].update(
                    {'impala.doas.user': user.username})

        if self.query_server['server_name'] == 'beeswax':  # All the time
            kwargs['configuration'].update(
                {'hive.server2.proxy.user': user.username})
            if LDAP_PASSWORD.get(
            ):  # HiveServer2 supports pass-through LDAP authentication.
                kwargs['username'] = LDAP_USERNAME.get()
                kwargs['password'] = LDAP_PASSWORD.get()

        req = TOpenSessionReq(**kwargs)
        res = self._client.OpenSession(req)

        if res.status is not None and res.status.statusCode not in (
                TStatusCode.SUCCESS_STATUS, ):
            if hasattr(res.status, 'errorMessage') and res.status.errorMessage:
                message = res.status.errorMessage
            else:
                message = ''
            raise QueryServerException(Exception(
                'Bad status for request %s:\n%s' % (req, res)),
                                       message=message)

        sessionId = res.sessionHandle.sessionId
        LOG.info('Opening session %s' % sessionId)

        encoded_status, encoded_guid = HiveServerQueryHandle(
            secret=sessionId.secret, guid=sessionId.guid).get()

        return Session.objects.create(
            owner=user,
            application=self.query_server['server_name'],
            status_code=res.status.statusCode,
            secret=encoded_status,
            guid=encoded_guid,
            server_protocol_version=res.serverProtocolVersion)
Beispiel #4
0
    def open_session(self, user):
        kwargs = {
            "username": user.username,  # If SASL, it gets the username from the authentication mechanism" since it dependents on it.
            "configuration": {},
        }

        if self.impersonation_enabled:
            kwargs.update({"username": "******"})

            if self.query_server["server_name"] == "impala":  # Only when Impala accepts it
                kwargs["configuration"].update({"impala.doas.user": user.username})

        if self.query_server["server_name"] == "beeswax":  # All the time
            kwargs["configuration"].update({"hive.server2.proxy.user": user.username})
            if LDAP_PASSWORD.get():  # HiveServer2 supports pass-through LDAP authentication.
                kwargs["username"] = "******"
                kwargs["password"] = LDAP_PASSWORD.get()

        req = TOpenSessionReq(**kwargs)
        res = self._client.OpenSession(req)

        if res.status is not None and res.status.statusCode not in (TStatusCode.SUCCESS_STATUS,):
            if hasattr(res.status, "errorMessage") and res.status.errorMessage:
                message = res.status.errorMessage
            else:
                message = ""
            raise QueryServerException(Exception("Bad status for request %s:\n%s" % (req, res)), message=message)

        sessionId = res.sessionHandle.sessionId
        LOG.info("Opening session %s" % sessionId)

        encoded_status, encoded_guid = HiveServerQueryHandle(secret=sessionId.secret, guid=sessionId.guid).get()

        return Session.objects.create(
            owner=user,
            application=self.query_server["server_name"],
            status_code=res.status.statusCode,
            secret=encoded_status,
            guid=encoded_guid,
            server_protocol_version=res.serverProtocolVersion,
        )
  def open_session(self, user):
    kwargs = {
      'client_protocol': 4, ##TODO: support latest column protocol
      'username': user.username, # If SASL, it gets the username from the authentication mechanism" since it dependents on it.
      'configuration': {},
    }

    if self.impersonation_enabled:
      kwargs.update({'username': '******'})

      if self.query_server['server_name'] == 'impala': # Only when Impala accepts it
        kwargs['configuration'].update({'impala.doas.user': user.username})

    if self.query_server['server_name'] == 'beeswax': # All the time
      kwargs['configuration'].update({'hive.server2.proxy.user': user.username})
      if LDAP_PASSWORD.get(): # HiveServer2 supports pass-through LDAP authentication.
        kwargs['username'] = LDAP_USERNAME.get()
        kwargs['password'] = LDAP_PASSWORD.get()

    req = TOpenSessionReq(**kwargs)
    res = self._client.OpenSession(req)

    if res.status is not None and res.status.statusCode not in (TStatusCode.SUCCESS_STATUS,):
      if hasattr(res.status, 'errorMessage') and res.status.errorMessage:
        message = res.status.errorMessage
      else:
        message = ''
      raise QueryServerException(Exception('Bad status for request %s:\n%s' % (req, res)), message=message)

    sessionId = res.sessionHandle.sessionId
    LOG.info('Opening session %s' % sessionId)

    encoded_status, encoded_guid = HiveServerQueryHandle(secret=sessionId.secret, guid=sessionId.guid).get()

    return Session.objects.create(owner=user,
                                  application=self.query_server['server_name'],
                                  status_code=res.status.statusCode,
                                  secret=encoded_status,
                                  guid=encoded_guid,
                                  server_protocol_version=res.serverProtocolVersion)
  def get_security(self):
    principal = self.query_server['principal']
    impersonation_enabled = False
    ldap_username = None
    ldap_password = None

    if principal:
      kerberos_principal_short_name = principal.split('/', 1)[0]
    else:
      kerberos_principal_short_name = None

    hive_mechanism = hive_site.get_hiveserver2_authentication()
    if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
      raise Exception(_('%s server authentication not supported. Valid are %s.' % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys())))
    use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP')
    mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
    impersonation_enabled = hive_site.hiveserver2_impersonation_enabled()

    if LDAP_PASSWORD.get(): # Pass-through LDAP authentication
      ldap_username = LDAP_USERNAME.get()
      ldap_password = LDAP_PASSWORD.get()
    return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
Beispiel #7
0
    def get_security(self):
        principal = self.query_server['principal']
        impersonation_enabled = False
        ldap_username = None
        ldap_password = None

        if principal:
            kerberos_principal_short_name = principal.split('/', 1)[0]
        else:
            kerberos_principal_short_name = None

        hive_mechanism = hive_site.get_hiveserver2_authentication()
        if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
            raise Exception(
                _('%s server authentication not supported. Valid are %s.' %
                  (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys())))
        use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP')
        mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
        impersonation_enabled = hive_site.hiveserver2_impersonation_enabled()

        if LDAP_PASSWORD.get():  # Pass-through LDAP authentication
            ldap_username = LDAP_USERNAME.get()
            ldap_password = LDAP_PASSWORD.get()
        return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password