Uploaded image for project: 'Hue'
  1. Hue
  2. HUE-953

[beeswax] Hue security setup may be limited to using the "hue" principal short name

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 2.1.0
    • Fix Version/s: None
    • Component/s: con.hive
    • Labels:
      None

      Description

      I noticed in apps/beeswax/src/beeswax/db_utils.py, the following lines when it fetches a thrift connection client to the Beeswax java server:

       client = thrift_util.get_client(BeeswaxService.Client,
                                      conf.BEESWAX_SERVER_HOST.get(),
                                      conf.BEESWAX_SERVER_PORT.get(),
                                      service_name="Beeswax (Hive UI) Server",
                                      kerberos_principal="hue",
                                      use_sasl=use_sasl,
                                      timeout_seconds=conf.BEESWAX_SERVER_CONN_TIMEOUT.get())                               return UnicodeBeeswaxClient(client)
      

      Note the kwarg: kerberos_principal="hue". It is a hard-coded constant which would fail on environments not using the "hue" username as the principal. Ideally, that short name should come from the configuration (extracted from existing princ. configs, ideally).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                harsh Harsh J
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: