Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: make auth for hive optional #10172

Merged
merged 3 commits into from
Jun 29, 2020
Merged

fix: make auth for hive optional #10172

merged 3 commits into from
Jun 29, 2020

Conversation

0xBADBAC0N
Copy link
Contributor

@0xBADBAC0N 0xBADBAC0N commented Jun 26, 2020
edited
Loading

This will make allow the admin to set up a root connection that can be impersonated.

SUMMARY

If a root Hive connection is used liked in Hue, we want to simply impersonate that single connection to allow Apache Sentry/Ranger to manage user rights regarding databases/tables. If we enforce the auth param, we also are forced to set credentials on that connection, although we want to use a dedicated hive-server and connection in combination with Apache Sentry/Range, similar to Hue.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TEST PLAN

Set up an unprotected Hive server and add that connection.

hive://myhive01.example:10000

Select impersonation.
Without the auth flags (eG the submitted fix) Superset is able to impersonate the connection properly.
If the auth setting is set (eG to LDAP or Kerberos) Superset expects username:password in the connection string, although it is not required.

To verify the correct behavior, set the connection, check impersonation, and do not modify the Extra settings.
An open connection should still be able to impersonate the connection.

ADDITIONAL INFORMATION

@0xBADBAC0N
fix: make auth for hive optional
3dbc8e1 
This will make allow the admin to setup a root connection which can be impersonated.
@0xBADBAC0N 0xBADBAC0N marked this pull request as ready for review June 26, 2020 14:42
villebro
villebro approved these changes Jun 26, 2020
View reviewed changes
Copy link
Member

@villebro villebro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. @john-bodley is this good to go?

@villebro villebro merged commit 6a8f441 into apache:master Jun 29, 2020
auxten pushed a commit to auxten/incubator-superset that referenced this pull request Nov 20, 2020
@0xBADBAC0N @auxten
fix: make auth for hive optional (apache#10172)
01903c0 
* fix: make auth for hive optional

This will make allow the admin to setup a root connection which can be impersonated.

* style: black lint conform

* style: clean up unnecessary condition expansion
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.37.0 labels Mar 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@john-bodley john-bodley john-bodley approved these changes

@villebro villebro villebro approved these changes

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/XS 🚢 0.37.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@0xBADBAC0N @john-bodley @villebro @mistercrunch