Skip to content

HIVE-29293: Restrict config 'mapreduce.job.queuename' at tez session #6155

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
saihemanth-cloudera wants to merge 4 commits into
base: master
Choose a base branch
from
Open

HIVE-29293: Restrict config 'mapreduce.job.queuename' at tez session #6155

saihemanth-cloudera wants to merge 4 commits into from
+9 −3

Conversation

@saihemanth-cloudera
Copy link
Contributor

@saihemanth-cloudera saihemanth-cloudera commented Oct 27, 2025
edited
Loading

What changes were proposed in this pull request?

Verify config 'mapreduce.job.queuename' value, if tez.queue.name is null.

Why are the changes needed?

When tez.queue.name is null, setting 'mapreduce.job.queuename' creates security issue because any user can submit job to this queue. TezSessionPoolManager is currently not verifying the queue since null is being passed. This patch addresses this concern by verifying that if tez.queue.name is null, then we verify 'mapreduce.job.queuename'.

Does this PR introduce any user-facing change?

No

How was this patch tested?

Remote cluster.

ayushtkn
ayushtkn reviewed Oct 28, 2025
View reviewed changes
Copy link
Member

@ayushtkn ayushtkn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this an intentional behaviour?

hive/ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionState.java

Lines 559 to 560 in 4669cd5

String queueName = conf.get(JobContext.QUEUE_NAME, YarnConfiguration.DEFAULT_QUEUE_NAME);
conf.setIfUnset(TezConfiguration.TEZ_QUEUE_NAME, queueName);

The Javadoc of this method even states:

  /**
   * This takes settings from MR and applies them to the appropriate Tez configuration. This is
   * similar to what Pig on Tez does (refer MRToTezHelper.java).
   *
   * @param conf configuration with MR settings

@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 3, 2025

Quality Gate Passed Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@saihemanth-cloudera
Copy link
Contributor Author

saihemanth-cloudera commented Nov 12, 2025

@ayushtkn - can you review this patch again?

@saihemanth-cloudera
Copy link
Contributor Author

saihemanth-cloudera commented Nov 24, 2025

@ayushtkn @abstractdog - Can you please review this patch? Thanks

soumyakanti3578
soumyakanti3578 requested changes Dec 16, 2025
View reviewed changes
common/src/java/org/apache/hadoop/hive/conf/HiveConf.java Outdated
"exception will be thrown."),
"The configuration settings that cannot be set when submitting jobs to HiveServer2. If\n" +
"any of these are set to values different from those in the server configuration, an\n" +
"exception will be thrown."),
Copy link
Contributor

@soumyakanti3578 soumyakanti3578 Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These changes seem unrelated to the issue, and may lead to merge conflict later. Please consider reverting these.

Copy link
Contributor

@soumyakanti3578 soumyakanti3578 Dec 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like the indentation has changed for these in the new commits. Although minor, it would be nice to revert these changes completely as it's unrelated to the issue. Otherwise, everything LGTM.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 29, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@soumyakanti3578 soumyakanti3578 soumyakanti3578 requested changes

@abstractdog abstractdog Awaiting requested review from abstractdog

@ayushtkn ayushtkn Awaiting requested review from ayushtkn

Assignees

No one assigned

Labels

tests unstable

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@saihemanth-cloudera @ayushtkn @soumyakanti3578 @asf-ci-hive