[HUE-953] [beeswax] Hue security setup may be limited to using the "hue" principal short name - Cloudera Open Source

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Duplicate
Affects Version/s: 2.1.0
Fix Version/s: None
Component/s: con.hive
Labels:
None

Target Version:

2.3.0

Description

I noticed in apps/beeswax/src/beeswax/db_utils.py, the following lines when it fetches a thrift connection client to the Beeswax java server:

 client = thrift_util.get_client(BeeswaxService.Client,
                                conf.BEESWAX_SERVER_HOST.get(),
                                conf.BEESWAX_SERVER_PORT.get(),
                                service_name="Beeswax (Hive UI) Server",
                                kerberos_principal="hue",
                                use_sasl=use_sasl,
                                timeout_seconds=conf.BEESWAX_SERVER_CONN_TIMEOUT.get())                               return UnicodeBeeswaxClient(client)

Note the kwarg: kerberos_principal="hue". It is a hard-coded constant which would fail on environments not using the "hue" username as the principal. Ideally, that short name should come from the configuration (extracted from existing princ. configs, ideally).

Attachments

Issue Links

duplicates

HUE-770 [beeswax] Improve secured cluster configuration experience

Resolved

Activity

People

Assignee:

Unassigned

Reporter:

Harsh J

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

04/Dec/12 6:26 PM

Updated:

09/May/16 7:52 PM

Resolved:

05/Dec/12 2:50 AM