def get_security(self):
principal = self.query_server['principal']
impersonation_enabled = False
if principal:
kerberos_principal_short_name = principal.split('/', 1)[0]
else:
kerberos_principal_short_name = None
if self.query_server['server_name'] == 'impala':
cluster_conf = cluster.get_cluster_conf_for_job_submission()
use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get(
)
mechanism = HiveServerClient.HS2_MECHANISMS['KERBEROS']
impersonation_enabled = self.query_server['impersonation_enabled']
else:
hive_mechanism = hive_site.get_hiveserver2_authentication()
if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
raise Exception(
_('%s server authentication not supported. Valid are %s.' %
(hive_mechanism,
HiveServerClient.HS2_MECHANISMS.keys())))
use_sasl = hive_mechanism in ('KERBEROS', 'NONE')
mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
impersonation_enabled = hive_site.hiveserver2_impersonation_enabled(
)
return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled
def get_security(self):
principal = self.query_server['principal']
impersonation_enabled = False
ldap_username = None
ldap_password = get_ldap_password()
if ldap_password is not None: # Pass-through LDAP authentication
ldap_username = LDAP_USERNAME.get()
if principal:
kerberos_principal_short_name = principal.split('/', 1)[0]
else:
kerberos_principal_short_name = None
if self.query_server['server_name'] == 'impala':
if ldap_password: # Force LDAP auth if ldap_password is provided
use_sasl = True
mechanism = HiveServerClient.HS2_MECHANISMS['NONE']
else:
cluster_conf = cluster.get_cluster_conf_for_job_submission()
use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get()
mechanism = HiveServerClient.HS2_MECHANISMS['KERBEROS']
impersonation_enabled = self.query_server['impersonation_enabled']
else:
hive_mechanism = hive_site.get_hiveserver2_authentication()
if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
raise Exception(_('%s server authentication not supported. Valid are %s.') % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys()))
use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP')
mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
impersonation_enabled = hive_site.hiveserver2_impersonation_enabled()
return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
def get_security(cls, query_server):
principal = query_server['principal']
impersonation_enabled = False
if query_server['server_name'] == 'impala':
cluster_conf = cluster.get_cluster_conf_for_job_submission()
use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get()
mechanism = HiveServerClient.HS2_MECHANISMS['KERBEROS']
impersonation_enabled = query_server['impersonation_enabled']
else:
hive_mechanism = hive_site.get_hiveserver2_authentication()
if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
raise Exception(_('%s server authentication not supported. Valid are %s.' % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys())))
use_sasl = hive_mechanism in ('KERBEROS', 'NONE')
mechanism = 'NOSASL'
if use_sasl:
mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
impersonation_enabled = hive_site.hiveserver2_impersonation_enabled()
if principal:
kerberos_principal_short_name = principal.split('/', 1)[0]
else:
kerberos_principal_short_name = None
return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled
def get_security(self):
principal = self.query_server["principal"]
impersonation_enabled = False
if principal:
kerberos_principal_short_name = principal.split("/", 1)[0]
else:
kerberos_principal_short_name = None
if self.query_server["server_name"] == "impala":
cluster_conf = cluster.get_cluster_conf_for_job_submission()
use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get()
mechanism = HiveServerClient.HS2_MECHANISMS["KERBEROS"]
impersonation_enabled = self.query_server["impersonation_enabled"]
else:
hive_mechanism = hive_site.get_hiveserver2_authentication()
if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
raise Exception(
_(
"%s server authentication not supported. Valid are %s."
% (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys())
)
)
use_sasl = hive_mechanism in ("KERBEROS", "NONE")
mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
impersonation_enabled = hive_site.hiveserver2_impersonation_enabled()
return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled
def get_use_sasl_default():
"""Get from hive_site or backward compatibility"""
from beeswax.hive_site import get_hiveserver2_authentication, get_use_sasl # Cyclic dependency
use_sasl = get_use_sasl()
if use_sasl is not None:
return use_sasl.upper() == 'TRUE'
return get_hiveserver2_authentication() in ('KERBEROS', 'NONE', 'LDAP', 'PAM') # list for backward compatibility
def get_security(self):
principal = self.query_server['principal']
impersonation_enabled = False
ldap_username = None
ldap_password = None
if principal:
kerberos_principal_short_name = principal.split('/', 1)[0]
else:
kerberos_principal_short_name = None
hive_mechanism = hive_site.get_hiveserver2_authentication()
if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
raise Exception(_('%s server authentication not supported. Valid are %s.' % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys())))
use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP')
mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
impersonation_enabled = hive_site.hiveserver2_impersonation_enabled()
if LDAP_PASSWORD.get(): # Pass-through LDAP authentication
ldap_username = LDAP_USERNAME.get()
ldap_password = LDAP_PASSWORD.get()
return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
def get_security(self):
principal = self.query_server['principal']
impersonation_enabled = False
ldap_username = None
ldap_password = None
if principal:
kerberos_principal_short_name = principal.split('/', 1)[0]
else:
kerberos_principal_short_name = None
hive_mechanism = hive_site.get_hiveserver2_authentication()
if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
raise Exception(
_('%s server authentication not supported. Valid are %s.' %
(hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys())))
use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP')
mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
impersonation_enabled = hive_site.hiveserver2_impersonation_enabled()
if LDAP_PASSWORD.get(): # Pass-through LDAP authentication
ldap_username = LDAP_USERNAME.get()
ldap_password = LDAP_PASSWORD.get()
return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
