Skip to content

Commit b6998d6

Browse files
HIVE-28838: Remove sensitive jdbc properties from JdbcStorageHandler tables
1 parent 28abf17 commit b6998d6

File tree

5 files changed

+64
-4
lines changed

5 files changed

+64
-4
lines changed

jdbc-handler/src/main/java/org/apache/hive/storage/jdbc/conf/JdbcStorageConfigManager.java

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,9 @@ public class JdbcStorageConfigManager {
4545
public static final String CONFIG_PWD_KEYSTORE = Constants.JDBC_KEYSTORE;
4646
public static final String CONFIG_PWD_KEY = Constants.JDBC_KEY;
4747
public static final String CONFIG_PWD_URI = Constants.JDBC_PASSWORD_URI;
48+
public static final String CONFIG_JDBC_URL = Constants.JDBC_URL;
49+
public static final String CONFIG_JDBC_USERNAME = Constants.JDBC_USERNAME;
50+
4851
private static final EnumSet<JdbcStorageConfig> DEFAULT_REQUIRED_PROPERTIES =
4952
EnumSet.of(JdbcStorageConfig.DATABASE_TYPE,
5053
JdbcStorageConfig.JDBC_URL,
@@ -66,7 +69,10 @@ public static void copyConfigurationToJob(Properties props, Map<String, String>
6669
if (!key.equals(CONFIG_PWD) &&
6770
!key.equals(CONFIG_PWD_KEYSTORE) &&
6871
!key.equals(CONFIG_PWD_KEY) &&
69-
!key.equals(CONFIG_PWD_URI)) {
72+
!key.equals(CONFIG_PWD_URI) &&
73+
!key.equals(CONFIG_JDBC_USERNAME) &&
74+
!key.equals(CONFIG_JDBC_URL)
75+
) {
7076
jobProps.put(String.valueOf(entry.getKey()), String.valueOf(entry.getValue()));
7177
}
7278
}

jdbc-handler/src/test/java/org/apache/hive/storage/jdbc/conf/TestJdbcStorageConfigManager.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525
import static org.hamcrest.Matchers.equalTo;
2626
import static org.hamcrest.Matchers.is;
2727
import static org.hamcrest.Matchers.notNullValue;
28+
import static org.hamcrest.Matchers.nullValue;
2829

2930
public class TestJdbcStorageConfigManager {
3031

@@ -40,9 +41,9 @@ public void testWithAllRequiredSettingsDefined() throws Exception {
4041
JdbcStorageConfigManager.copyConfigurationToJob(props, jobMap);
4142

4243
assertThat(jobMap, is(notNullValue()));
43-
assertThat(jobMap.size(), is(equalTo(4)));
44+
assertThat(jobMap.size(), is(equalTo(3)));
4445
assertThat(jobMap.get(JdbcStorageConfig.DATABASE_TYPE.getPropertyName()), is(equalTo("MYSQL")));
45-
assertThat(jobMap.get(JdbcStorageConfig.JDBC_URL.getPropertyName()), is(equalTo("jdbc://localhost:3306/hive")));
46+
assertThat(jobMap.get(JdbcStorageConfig.JDBC_URL.getPropertyName()), is(nullValue()));
4647
assertThat(jobMap.get(JdbcStorageConfig.QUERY.getPropertyName()),
4748
is(equalTo("SELECT col1,col2,col3 FROM sometable")));
4849
}

ql/src/java/org/apache/hadoop/hive/ql/plan/PlanUtils.java

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,9 @@
1919
package org.apache.hadoop.hive.ql.plan;
2020

2121
import static org.apache.commons.lang3.StringUtils.isNotBlank;
22+
import static org.apache.hadoop.hive.conf.Constants.JDBC_PASSWORD;
23+
import static org.apache.hadoop.hive.conf.Constants.JDBC_URL;
24+
import static org.apache.hadoop.hive.conf.Constants.JDBC_USERNAME;
2225
import static org.apache.hadoop.hive.metastore.api.hive_metastoreConstants.META_TABLE_LOCATION;
2326
import static org.apache.hadoop.hive.metastore.api.hive_metastoreConstants.TABLE_IS_CTAS;
2427
import static org.apache.hive.common.util.HiveStringUtils.quoteComments;
@@ -1230,7 +1233,12 @@ public static Class<? extends AbstractSerDe> getDefaultSerDe() {
12301233
return LazySimpleSerDe.class;
12311234
}
12321235

1233-
private static final String[] FILTER_OUT_FROM_EXPLAIN = {TABLE_IS_CTAS};
1236+
private static final String[] FILTER_OUT_FROM_EXPLAIN = {
1237+
TABLE_IS_CTAS,
1238+
JDBC_USERNAME,
1239+
JDBC_PASSWORD,
1240+
JDBC_URL
1241+
};
12341242

12351243
/**
12361244
* Get a Map of table or partition properties to be used in explain extended output.
Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
--! qt:sysdb
2+
3+
select 1
4+
from sys.TBLS t
5+
join sys.DBS d on t.DB_ID = d.DB_ID
6+
limit 1;
7+
8+
explain extended
9+
select 1
10+
from sys.TBLS t
11+
join sys.DBS d on t.DB_ID = d.DB_ID
12+
limit 1;
13+
14+
show create table sys.DBS;
15+
16+
describe formatted sys.DBS;
17+
18+
create table if not exists ctas_dbs as select * from sys.DBS;
19+
20+
select 1
21+
from sys.TBLS t
22+
join ctas_dbs d on t.DB_ID = d.DB_ID
23+
limit 1;
24+
25+
explain extended
26+
select 1
27+
from sys.TBLS t
28+
join ctas_dbs d on t.DB_ID = d.DB_ID
29+
limit 1;
30+
31+
create table if not exists ctlt_dbs like sys.DBS;
32+
33+
insert into ctlt_dbs
34+
select * from sys.DBS;
35+
36+
select 1
37+
from sys.TBLS t
38+
join ctlt_dbs d on t.DB_ID = d.DB_ID
39+
limit 1;
40+
41+
explain extended
42+
select 1
43+
from sys.TBLS t
44+
join ctlt_dbs d on t.DB_ID = d.DB_ID
45+
limit 1;
Binary file not shown.

0 commit comments

Comments
 (0)