def get_security(cls, query_server): principal = query_server['principal'] impersonation_enabled = False if query_server['server_name'] == 'impala': cluster_conf = cluster.get_cluster_conf_for_job_submission() use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get() mechanism = HiveServerClient.HS2_MECHANISMS['KERBEROS'] impersonation_enabled = query_server['impersonation_enabled'] else: hive_mechanism = hive_site.get_hiveserver2_authentication() if hive_mechanism not in HiveServerClient.HS2_MECHANISMS: raise Exception(_('%s server authentication not supported. Valid are %s.' % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys()))) use_sasl = hive_mechanism in ('KERBEROS', 'NONE') mechanism = 'NOSASL' if use_sasl: mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism] impersonation_enabled = hive_site.hiveserver2_impersonation_enabled() if principal: kerberos_principal_short_name = principal.split('/', 1)[0] else: kerberos_principal_short_name = None return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled
def get_security(self): principal = self.query_server['principal'] impersonation_enabled = False ldap_username = None ldap_password = get_ldap_password() if ldap_password is not None: # Pass-through LDAP authentication ldap_username = LDAP_USERNAME.get() if principal: kerberos_principal_short_name = principal.split('/', 1)[0] else: kerberos_principal_short_name = None if self.query_server['server_name'] == 'impala': if ldap_password: # Force LDAP auth if ldap_password is provided use_sasl = True mechanism = HiveServerClient.HS2_MECHANISMS['NONE'] else: cluster_conf = cluster.get_cluster_conf_for_job_submission() use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get() mechanism = HiveServerClient.HS2_MECHANISMS['KERBEROS'] impersonation_enabled = self.query_server['impersonation_enabled'] else: hive_mechanism = hive_site.get_hiveserver2_authentication() if hive_mechanism not in HiveServerClient.HS2_MECHANISMS: raise Exception(_('%s server authentication not supported. Valid are %s.') % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys())) use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP') mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism] impersonation_enabled = hive_site.hiveserver2_impersonation_enabled() return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
def get_security(self): principal = self.query_server["principal"] impersonation_enabled = False if principal: kerberos_principal_short_name = principal.split("/", 1)[0] else: kerberos_principal_short_name = None if self.query_server["server_name"] == "impala": cluster_conf = cluster.get_cluster_conf_for_job_submission() use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get() mechanism = HiveServerClient.HS2_MECHANISMS["KERBEROS"] impersonation_enabled = self.query_server["impersonation_enabled"] else: hive_mechanism = hive_site.get_hiveserver2_authentication() if hive_mechanism not in HiveServerClient.HS2_MECHANISMS: raise Exception( _( "%s server authentication not supported. Valid are %s." % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys()) ) ) use_sasl = hive_mechanism in ("KERBEROS", "NONE") mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism] impersonation_enabled = hive_site.hiveserver2_impersonation_enabled() return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled
def get_security(self): principal = self.query_server['principal'] impersonation_enabled = False ldap_username = None ldap_password = None if principal: kerberos_principal_short_name = principal.split('/', 1)[0] else: kerberos_principal_short_name = None hive_mechanism = hive_site.get_hiveserver2_authentication() if hive_mechanism not in HiveServerClient.HS2_MECHANISMS: raise Exception(_('%s server authentication not supported. Valid are %s.' % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys()))) use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP') mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism] impersonation_enabled = hive_site.hiveserver2_impersonation_enabled() if LDAP_PASSWORD.get(): # Pass-through LDAP authentication ldap_username = LDAP_USERNAME.get() ldap_password = LDAP_PASSWORD.get() return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
def get_security(self): principal = self.query_server['principal'] impersonation_enabled = False ldap_username = None ldap_password = get_ldap_password() if ldap_password is not None: # Pass-through LDAP authentication ldap_username = LDAP_USERNAME.get() if principal: kerberos_principal_short_name = principal.split('/', 1)[0] else: kerberos_principal_short_name = None if self.query_server['server_name'] == 'impala': if ldap_password: # Force LDAP auth if ldap_password is provided use_sasl = True mechanism = HiveServerClient.HS2_MECHANISMS['NONE'] else: cluster_conf = cluster.get_cluster_conf_for_job_submission() use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get( ) mechanism = HiveServerClient.HS2_MECHANISMS['KERBEROS'] impersonation_enabled = self.query_server['impersonation_enabled'] else: hive_mechanism = hive_site.get_hiveserver2_authentication() if hive_mechanism not in HiveServerClient.HS2_MECHANISMS: raise Exception( _('%s server authentication not supported. Valid are %s.' % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys()))) use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP') mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism] impersonation_enabled = hive_site.hiveserver2_impersonation_enabled( ) return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
def get_query_server_config_via_connector(connector): # TODO: connector is actually a notebook interpreter connector_name = full_connector_name = connector['type'] compute_name = None if connector.get('compute'): compute_name = connector['compute']['name'] full_connector_name = '%s-%s' % (connector_name, compute_name) LOG.debug("Query cluster connector %s compute %s" % (connector_name, compute_name)) if connector['options'].get('has_ssh') == 'true': server_host = '127.0.0.1' server_port = connector['options']['server_port'] else: server_host = (connector['compute']['options'] if 'compute' in connector else connector['options'])['server_host'] server_port = int((connector['compute']['options'] if 'compute' in connector else connector['options'])['server_port']) if 'impersonation_enabled' in connector['options']: impersonation_enabled = connector['options']['impersonation_enabled'] == 'true' else: impersonation_enabled = hiveserver2_impersonation_enabled() return { 'dialect': connector['dialect'], 'server_name': full_connector_name, 'server_host': server_host, 'server_port': server_port, 'principal': 'TODO', 'auth_username': AUTH_USERNAME.get(), 'auth_password': AUTH_PASSWORD.get(), 'impersonation_enabled': impersonation_enabled, 'use_sasl': connector['options'].get('use_sasl', 'true') == 'true', 'SESSION_TIMEOUT_S': 15 * 60, 'querycache_rows': 1000, 'QUERY_TIMEOUT_S': 15 * 60, }
def get_security(self): principal = self.query_server['principal'] impersonation_enabled = False ldap_username = None ldap_password = None if principal: kerberos_principal_short_name = principal.split('/', 1)[0] else: kerberos_principal_short_name = None hive_mechanism = hive_site.get_hiveserver2_authentication() if hive_mechanism not in HiveServerClient.HS2_MECHANISMS: raise Exception( _('%s server authentication not supported. Valid are %s.' % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys()))) use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP') mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism] impersonation_enabled = hive_site.hiveserver2_impersonation_enabled() if LDAP_PASSWORD.get(): # Pass-through LDAP authentication ldap_username = LDAP_USERNAME.get() ldap_password = LDAP_PASSWORD.get() return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
'request': request, 'state_filter': state, 'user_filter': user, 'text_filter': text, 'retired': retired, 'filtered': not (state == 'all' and user == '' and text == ''), 'is_yarn': cluster.is_yarn(), 'hiveserver2_impersonation_enabled': hiveserver2_impersonation_enabled() }) def massage_job_for_json(job, request): job = { 'id': job.jobId, 'shortId': job.jobId_short, 'name': hasattr(job, 'jobName') and job.jobName or '', 'status': job.status, 'url': job.jobId
def apps(request): return render('job_browser.mako', request, { 'is_embeddable': request.GET.get('is_embeddable', False), 'is_mini': request.GET.get('is_mini', False), 'hiveserver2_impersonation_enabled': hiveserver2_impersonation_enabled() })
def apps(request): return render('apps.mako', request, { 'is_embeddable': request.GET.get('is_embeddable', False), 'hiveserver2_impersonation_enabled': hiveserver2_impersonation_enabled() })
else: raise PopupException(ex) json_jobs = { 'jobs': [massage_job_for_json(job, request) for job in jobs], } return JsonResponse(json_jobs, encoder=JSONEncoderForHTML) return render('jobs.mako', request, { 'request': request, 'state_filter': state, 'user_filter': user, 'text_filter': text, 'retired': retired, 'filtered': not (state == 'all' and user == '' and text == ''), 'is_yarn': cluster.is_yarn(), 'hiveserver2_impersonation_enabled': hiveserver2_impersonation_enabled() }) def massage_job_for_json(job, request): job = { 'id': job.jobId, 'shortId': job.jobId_short, 'name': hasattr(job, 'jobName') and job.jobName or '', 'status': job.status, 'url': job.jobId and reverse('jobbrowser.views.single_job', kwargs={'job': job.jobId}) or '', 'logs': job.jobId and reverse('jobbrowser.views.job_single_logs', kwargs={'job': job.jobId}) or '', 'queueName': hasattr(job, 'queueName') and job.queueName or _('N/A'), 'priority': hasattr(job, 'priority') and job.priority.lower() or _('N/A'), 'user': job.user, 'isRetired': job.is_retired,
def apps(request): return render('apps.mako', request, { 'hiveserver2_impersonation_enabled': hiveserver2_impersonation_enabled() })
raise PopupException(ex) json_jobs = {"jobs": [massage_job_for_json(job, request) for job in jobs]} return JsonResponse(json_jobs, encoder=JSONEncoderForHTML) return render( "jobs.mako", request, { "request": request, "state_filter": state, "user_filter": user, "text_filter": text, "retired": retired, "filtered": not (state == "all" and user == "" and text == ""), "is_yarn": cluster.is_yarn(), "hiveserver2_impersonation_enabled": hiveserver2_impersonation_enabled(), }, ) def massage_job_for_json(job, request): job = { "id": job.jobId, "shortId": job.jobId_short, "name": hasattr(job, "jobName") and job.jobName or "", "status": job.status, "url": job.jobId and reverse("jobbrowser.views.single_job", kwargs={"job": job.jobId}) or "", "logs": job.jobId and reverse("jobbrowser.views.job_single_logs", kwargs={"job": job.jobId}) or "", "queueName": hasattr(job, "queueName") and job.queueName or _("N/A"), "priority": hasattr(job, "priority") and job.priority.lower() or _("N/A"), "user": job.user,