def get_security(cls, query_server):
principal = query_server['principal']
impersonation_enabled = False
if query_server['server_name'] == 'impala':
cluster_conf = cluster.get_cluster_conf_for_job_submission()
use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get()
mechanism = HiveServerClient.HS2_MECHANISMS['KERBEROS']
impersonation_enabled = query_server['impersonation_enabled']
else:
hive_mechanism = hive_site.get_hiveserver2_authentication()
if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
raise Exception(_('%s server authentication not supported. Valid are %s.' % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys())))
use_sasl = hive_mechanism in ('KERBEROS', 'NONE')
mechanism = 'NOSASL'
if use_sasl:
mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
impersonation_enabled = hive_site.hiveserver2_impersonation_enabled()
if principal:
kerberos_principal_short_name = principal.split('/', 1)[0]
else:
kerberos_principal_short_name = None
return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled
def get_security(self):
principal = self.query_server['principal']
impersonation_enabled = False
ldap_username = None
ldap_password = get_ldap_password()
if ldap_password is not None: # Pass-through LDAP authentication
ldap_username = LDAP_USERNAME.get()
if principal:
kerberos_principal_short_name = principal.split('/', 1)[0]
else:
kerberos_principal_short_name = None
if self.query_server['server_name'] == 'impala':
if ldap_password: # Force LDAP auth if ldap_password is provided
use_sasl = True
mechanism = HiveServerClient.HS2_MECHANISMS['NONE']
else:
cluster_conf = cluster.get_cluster_conf_for_job_submission()
use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get()
mechanism = HiveServerClient.HS2_MECHANISMS['KERBEROS']
impersonation_enabled = self.query_server['impersonation_enabled']
else:
hive_mechanism = hive_site.get_hiveserver2_authentication()
if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
raise Exception(_('%s server authentication not supported. Valid are %s.') % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys()))
use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP')
mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
impersonation_enabled = hive_site.hiveserver2_impersonation_enabled()
return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
def get_security(self):
principal = self.query_server["principal"]
impersonation_enabled = False
if principal:
kerberos_principal_short_name = principal.split("/", 1)[0]
else:
kerberos_principal_short_name = None
if self.query_server["server_name"] == "impala":
cluster_conf = cluster.get_cluster_conf_for_job_submission()
use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get()
mechanism = HiveServerClient.HS2_MECHANISMS["KERBEROS"]
impersonation_enabled = self.query_server["impersonation_enabled"]
else:
hive_mechanism = hive_site.get_hiveserver2_authentication()
if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
raise Exception(
_(
"%s server authentication not supported. Valid are %s."
% (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys())
)
)
use_sasl = hive_mechanism in ("KERBEROS", "NONE")
mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
impersonation_enabled = hive_site.hiveserver2_impersonation_enabled()
return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled
def get_security(self):
principal = self.query_server['principal']
impersonation_enabled = False
ldap_username = None
ldap_password = None
if principal:
kerberos_principal_short_name = principal.split('/', 1)[0]
else:
kerberos_principal_short_name = None
hive_mechanism = hive_site.get_hiveserver2_authentication()
if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
raise Exception(_('%s server authentication not supported. Valid are %s.' % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys())))
use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP')
mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
impersonation_enabled = hive_site.hiveserver2_impersonation_enabled()
if LDAP_PASSWORD.get(): # Pass-through LDAP authentication
ldap_username = LDAP_USERNAME.get()
ldap_password = LDAP_PASSWORD.get()
return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
def get_security(self):
principal = self.query_server['principal']
impersonation_enabled = False
ldap_username = None
ldap_password = get_ldap_password()
if ldap_password is not None: # Pass-through LDAP authentication
ldap_username = LDAP_USERNAME.get()
if principal:
kerberos_principal_short_name = principal.split('/', 1)[0]
else:
kerberos_principal_short_name = None
if self.query_server['server_name'] == 'impala':
if ldap_password: # Force LDAP auth if ldap_password is provided
use_sasl = True
mechanism = HiveServerClient.HS2_MECHANISMS['NONE']
else:
cluster_conf = cluster.get_cluster_conf_for_job_submission()
use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get(
)
mechanism = HiveServerClient.HS2_MECHANISMS['KERBEROS']
impersonation_enabled = self.query_server['impersonation_enabled']
else:
hive_mechanism = hive_site.get_hiveserver2_authentication()
if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
raise Exception(
_('%s server authentication not supported. Valid are %s.' %
(hive_mechanism,
HiveServerClient.HS2_MECHANISMS.keys())))
use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP')
mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
impersonation_enabled = hive_site.hiveserver2_impersonation_enabled(
)
return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
def get_query_server_config_via_connector(connector):
# TODO: connector is actually a notebook interpreter
connector_name = full_connector_name = connector['type']
compute_name = None
if connector.get('compute'):
compute_name = connector['compute']['name']
full_connector_name = '%s-%s' % (connector_name, compute_name)
LOG.debug("Query cluster connector %s compute %s" % (connector_name, compute_name))
if connector['options'].get('has_ssh') == 'true':
server_host = '127.0.0.1'
server_port = connector['options']['server_port']
else:
server_host = (connector['compute']['options'] if 'compute' in connector else connector['options'])['server_host']
server_port = int((connector['compute']['options'] if 'compute' in connector else connector['options'])['server_port'])
if 'impersonation_enabled' in connector['options']:
impersonation_enabled = connector['options']['impersonation_enabled'] == 'true'
else:
impersonation_enabled = hiveserver2_impersonation_enabled()
return {
'dialect': connector['dialect'],
'server_name': full_connector_name,
'server_host': server_host,
'server_port': server_port,
'principal': 'TODO',
'auth_username': AUTH_USERNAME.get(),
'auth_password': AUTH_PASSWORD.get(),
'impersonation_enabled': impersonation_enabled,
'use_sasl': connector['options'].get('use_sasl', 'true') == 'true',
'SESSION_TIMEOUT_S': 15 * 60,
'querycache_rows': 1000,
'QUERY_TIMEOUT_S': 15 * 60,
}
def get_security(self):
principal = self.query_server['principal']
impersonation_enabled = False
ldap_username = None
ldap_password = None
if principal:
kerberos_principal_short_name = principal.split('/', 1)[0]
else:
kerberos_principal_short_name = None
hive_mechanism = hive_site.get_hiveserver2_authentication()
if hive_mechanism not in HiveServerClient.HS2_MECHANISMS:
raise Exception(
_('%s server authentication not supported. Valid are %s.' %
(hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys())))
use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP')
mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism]
impersonation_enabled = hive_site.hiveserver2_impersonation_enabled()
if LDAP_PASSWORD.get(): # Pass-through LDAP authentication
ldap_username = LDAP_USERNAME.get()
ldap_password = LDAP_PASSWORD.get()
return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
'request':
request,
'state_filter':
state,
'user_filter':
user,
'text_filter':
text,
'retired':
retired,
'filtered':
not (state == 'all' and user == '' and text == ''),
'is_yarn':
cluster.is_yarn(),
'hiveserver2_impersonation_enabled':
hiveserver2_impersonation_enabled()
})
def massage_job_for_json(job, request):
job = {
'id':
job.jobId,
'shortId':
job.jobId_short,
'name':
hasattr(job, 'jobName') and job.jobName or '',
'status':
job.status,
'url':
job.jobId
def apps(request):
return render('job_browser.mako', request, {
'is_embeddable': request.GET.get('is_embeddable', False),
'is_mini': request.GET.get('is_mini', False),
'hiveserver2_impersonation_enabled': hiveserver2_impersonation_enabled()
})
def apps(request):
return render('apps.mako', request, {
'is_embeddable': request.GET.get('is_embeddable', False),
'hiveserver2_impersonation_enabled': hiveserver2_impersonation_enabled()
})
else:
raise PopupException(ex)
json_jobs = {
'jobs': [massage_job_for_json(job, request) for job in jobs],
}
return JsonResponse(json_jobs, encoder=JSONEncoderForHTML)
return render('jobs.mako', request, {
'request': request,
'state_filter': state,
'user_filter': user,
'text_filter': text,
'retired': retired,
'filtered': not (state == 'all' and user == '' and text == ''),
'is_yarn': cluster.is_yarn(),
'hiveserver2_impersonation_enabled': hiveserver2_impersonation_enabled()
})
def massage_job_for_json(job, request):
job = {
'id': job.jobId,
'shortId': job.jobId_short,
'name': hasattr(job, 'jobName') and job.jobName or '',
'status': job.status,
'url': job.jobId and reverse('jobbrowser.views.single_job', kwargs={'job': job.jobId}) or '',
'logs': job.jobId and reverse('jobbrowser.views.job_single_logs', kwargs={'job': job.jobId}) or '',
'queueName': hasattr(job, 'queueName') and job.queueName or _('N/A'),
'priority': hasattr(job, 'priority') and job.priority.lower() or _('N/A'),
'user': job.user,
'isRetired': job.is_retired,
def apps(request):
return render('apps.mako', request, {
'hiveserver2_impersonation_enabled':
hiveserver2_impersonation_enabled()
})
raise PopupException(ex)
json_jobs = {"jobs": [massage_job_for_json(job, request) for job in jobs]}
return JsonResponse(json_jobs, encoder=JSONEncoderForHTML)
return render(
"jobs.mako",
request,
{
"request": request,
"state_filter": state,
"user_filter": user,
"text_filter": text,
"retired": retired,
"filtered": not (state == "all" and user == "" and text == ""),
"is_yarn": cluster.is_yarn(),
"hiveserver2_impersonation_enabled": hiveserver2_impersonation_enabled(),
},
)
def massage_job_for_json(job, request):
job = {
"id": job.jobId,
"shortId": job.jobId_short,
"name": hasattr(job, "jobName") and job.jobName or "",
"status": job.status,
"url": job.jobId and reverse("jobbrowser.views.single_job", kwargs={"job": job.jobId}) or "",
"logs": job.jobId and reverse("jobbrowser.views.job_single_logs", kwargs={"job": job.jobId}) or "",
"queueName": hasattr(job, "queueName") and job.queueName or _("N/A"),
"priority": hasattr(job, "priority") and job.priority.lower() or _("N/A"),
"user": job.user,
