def get_security(self): principal = self.query_server['principal'] impersonation_enabled = False if principal: kerberos_principal_short_name = principal.split('/', 1)[0] else: kerberos_principal_short_name = None if self.query_server['server_name'] == 'impala': cluster_conf = cluster.get_cluster_conf_for_job_submission() use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get( ) mechanism = HiveServerClient.HS2_MECHANISMS['KERBEROS'] impersonation_enabled = self.query_server['impersonation_enabled'] else: hive_mechanism = hive_site.get_hiveserver2_authentication() if hive_mechanism not in HiveServerClient.HS2_MECHANISMS: raise Exception( _('%s server authentication not supported. Valid are %s.' % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys()))) use_sasl = hive_mechanism in ('KERBEROS', 'NONE') mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism] impersonation_enabled = hive_site.hiveserver2_impersonation_enabled( ) return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled
def get_security(self): principal = self.query_server['principal'] impersonation_enabled = False ldap_username = None ldap_password = get_ldap_password() if ldap_password is not None: # Pass-through LDAP authentication ldap_username = LDAP_USERNAME.get() if principal: kerberos_principal_short_name = principal.split('/', 1)[0] else: kerberos_principal_short_name = None if self.query_server['server_name'] == 'impala': if ldap_password: # Force LDAP auth if ldap_password is provided use_sasl = True mechanism = HiveServerClient.HS2_MECHANISMS['NONE'] else: cluster_conf = cluster.get_cluster_conf_for_job_submission() use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get() mechanism = HiveServerClient.HS2_MECHANISMS['KERBEROS'] impersonation_enabled = self.query_server['impersonation_enabled'] else: hive_mechanism = hive_site.get_hiveserver2_authentication() if hive_mechanism not in HiveServerClient.HS2_MECHANISMS: raise Exception(_('%s server authentication not supported. Valid are %s.') % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys())) use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP') mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism] impersonation_enabled = hive_site.hiveserver2_impersonation_enabled() return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
def get_security(cls, query_server): principal = query_server['principal'] impersonation_enabled = False if query_server['server_name'] == 'impala': cluster_conf = cluster.get_cluster_conf_for_job_submission() use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get() mechanism = HiveServerClient.HS2_MECHANISMS['KERBEROS'] impersonation_enabled = query_server['impersonation_enabled'] else: hive_mechanism = hive_site.get_hiveserver2_authentication() if hive_mechanism not in HiveServerClient.HS2_MECHANISMS: raise Exception(_('%s server authentication not supported. Valid are %s.' % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys()))) use_sasl = hive_mechanism in ('KERBEROS', 'NONE') mechanism = 'NOSASL' if use_sasl: mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism] impersonation_enabled = hive_site.hiveserver2_impersonation_enabled() if principal: kerberos_principal_short_name = principal.split('/', 1)[0] else: kerberos_principal_short_name = None return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled
def get_security(self): principal = self.query_server["principal"] impersonation_enabled = False if principal: kerberos_principal_short_name = principal.split("/", 1)[0] else: kerberos_principal_short_name = None if self.query_server["server_name"] == "impala": cluster_conf = cluster.get_cluster_conf_for_job_submission() use_sasl = cluster_conf is not None and cluster_conf.SECURITY_ENABLED.get() mechanism = HiveServerClient.HS2_MECHANISMS["KERBEROS"] impersonation_enabled = self.query_server["impersonation_enabled"] else: hive_mechanism = hive_site.get_hiveserver2_authentication() if hive_mechanism not in HiveServerClient.HS2_MECHANISMS: raise Exception( _( "%s server authentication not supported. Valid are %s." % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys()) ) ) use_sasl = hive_mechanism in ("KERBEROS", "NONE") mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism] impersonation_enabled = hive_site.hiveserver2_impersonation_enabled() return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled
def get_use_sasl_default(): """Get from hive_site or backward compatibility""" from beeswax.hive_site import get_hiveserver2_authentication, get_use_sasl # Cyclic dependency use_sasl = get_use_sasl() if use_sasl is not None: return use_sasl.upper() == 'TRUE' return get_hiveserver2_authentication() in ('KERBEROS', 'NONE', 'LDAP', 'PAM') # list for backward compatibility
def get_security(self): principal = self.query_server['principal'] impersonation_enabled = False ldap_username = None ldap_password = None if principal: kerberos_principal_short_name = principal.split('/', 1)[0] else: kerberos_principal_short_name = None hive_mechanism = hive_site.get_hiveserver2_authentication() if hive_mechanism not in HiveServerClient.HS2_MECHANISMS: raise Exception(_('%s server authentication not supported. Valid are %s.' % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys()))) use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP') mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism] impersonation_enabled = hive_site.hiveserver2_impersonation_enabled() if LDAP_PASSWORD.get(): # Pass-through LDAP authentication ldap_username = LDAP_USERNAME.get() ldap_password = LDAP_PASSWORD.get() return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password
def get_security(self): principal = self.query_server['principal'] impersonation_enabled = False ldap_username = None ldap_password = None if principal: kerberos_principal_short_name = principal.split('/', 1)[0] else: kerberos_principal_short_name = None hive_mechanism = hive_site.get_hiveserver2_authentication() if hive_mechanism not in HiveServerClient.HS2_MECHANISMS: raise Exception( _('%s server authentication not supported. Valid are %s.' % (hive_mechanism, HiveServerClient.HS2_MECHANISMS.keys()))) use_sasl = hive_mechanism in ('KERBEROS', 'NONE', 'LDAP') mechanism = HiveServerClient.HS2_MECHANISMS[hive_mechanism] impersonation_enabled = hive_site.hiveserver2_impersonation_enabled() if LDAP_PASSWORD.get(): # Pass-through LDAP authentication ldap_username = LDAP_USERNAME.get() ldap_password = LDAP_PASSWORD.get() return use_sasl, mechanism, kerberos_principal_short_name, impersonation_enabled, ldap_username, ldap_password