apache/kyuubi
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
2a39d697c0
kyuubi/docs/deployment/migration-guide.md
fwang12 3478fc9dfb [KYUUBI #5717] Infer the proxy user automatically for delete batch operation 
# 🔍 Description
Infer the batch user from session or metadata, user do not need to specify the proxy user anymore.

This pr also align the behavior of BatchesResource with that of SessionsResource and OperationsResource(no proxy user parameter).

For Kyuubi Batch, Session and Operation, these resources have the user attiribute.

So we only need to check whether the authentication user has the permission to access the resource.

## Issue References 🔗

This pull request fixes #

## Describe Your Solution 🔧

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

## Types of changes 🔖

- [ ] Bugfix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to change)

## Test Plan 🧪

#### Behavior Without This Pull Request ⚰️

#### Behavior With This Pull Request 🎉

#### Related Unit Tests

---

# Checklists
## 📝 Author Self Checklist

- [x] My code follows the [style guidelines](https://kyuubi.readthedocs.io/en/master/contributing/code/style.html) of this project
- [x] I have performed a self-review
- [x] I have commented my code, particularly in hard-to-understand areas
- [x] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my feature works
- [x] New and existing unit tests pass locally with my changes
- [x] This patch was not authored or co-authored using [Generative Tooling](https://www.apache.org/legal/generative-tooling.html)

## 📝 Committer Pre-Merge Checklist

- [x] Pull request title is okay.
- [x] No license issues.
- [x] Milestone correctly set?
- [ ] Test coverage is ok
- [x] Assignees are selected.
- [x] Minimum number of approvals
- [x] No changes are requested

**Be nice. Be informative.**

Closes #5717 from turboFei/hive_server2_proxy_user.

Closes #5717

70ad7e76d [fwang12] comment
c721a751a [fwang12] ignore
da92bd5a1 [fwang12] fix ut
9a197d005 [fwang12] doc
c8ed5f9cf [fwang12] ut
cef9e329c [fwang12] do not use proxy user

Authored-by: fwang12 <fwang12@ebay.com>
Signed-off-by: fwang12 <fwang12@ebay.com>
2023-11-17 20:52:40 +08:00

4.3 KiB
Raw Blame History

Kyuubi Migration Guide

Upgrading from Kyuubi 1.8 to 1.9

  • Since Kyuubi 1.9.0, kyuubi.session.conf.advisor can be set as a sequence, Kyuubi supported chaining SessionConfAdvisors.

Upgrading from Kyuubi 1.8.0 to 1.8.1

  • Since Kyuubi 1.8.1, for DELETE /batches/${batchId}, hive.server2.proxy.user is not needed in the request parameters.

Upgrading from Kyuubi 1.7 to 1.8

  • Since Kyuubi 1.8, SQLite is added and becomes the default database type of Kyuubi metastore, as Derby has been deprecated. Both Derby and SQLite are mainly for testing purposes, and they're not supposed to be used in production. To restore previous behavior, set kyuubi.metadata.store.jdbc.database.type=DERBY and kyuubi.metadata.store.jdbc.url=jdbc:derby:memory:kyuubi_state_store_db;create=true.
  • Since Kyuubi 1.8, if the directory of the embedded zookeeper configuration (kyuubi.zookeeper.embedded.directory & kyuubi.zookeeper.embedded.data.dir & kyuubi.zookeeper.embedded.data.log.dir) is a relative path, it is resolved relative to $KYUUBI_HOME instead of $PWD.
  • Since Kyuubi 1.8, PROMETHEUS is changed as the default metrics reporter. To restore previous behavior, set kyuubi.metrics.reporters=JSON.

Upgrading from Kyuubi 1.7.1 to 1.7.2

  • Since Kyuubi 1.7.2, for Kyuubi BeeLine, please use --python-mode option to run python code or script.

Upgrading from Kyuubi 1.7.0 to 1.7.1

  • Since Kyuubi 1.7.1, protocolVersion is removed from the request parameters of the REST API Open(create) a session. All removed or unknown parameters will be silently ignored and affects nothing.
  • Since Kyuubi 1.7.1, confOverlay is supported in the request parameters of the REST API Create an operation with EXECUTE_STATEMENT type.

Upgrading from Kyuubi 1.6 to 1.7

  • In Kyuubi 1.7, kyuubi.ha.zookeeper.engine.auth.type does not fallback to kyuubi.ha.zookeeper.auth.type.
    When Kyuubi engine does Kerberos authentication with Zookeeper, user needs to explicitly set kyuubi.ha.zookeeper.engine.auth.type to KERBEROS.
  • Since Kyuubi 1.7, Kyuubi returns engine's information for GetInfo request instead of server. To restore the previous behavior, set kyuubi.server.info.provider to SERVER.
  • Since Kyuubi 1.7, Kyuubi session type SQL is refactored to INTERACTIVE, because Kyuubi supports not only SQL session, but also SCALA and PYTHON sessions. User need to use INTERACTIVE sessionType to look up the session event.
  • Since Kyuubi 1.7, the REST API of Open(create) a session will not contain parameters user password and IpAddr. User and password should be set in Authorization of http request if needed.

Upgrading from Kyuubi 1.6.0 to 1.6.1

  • Since Kyuubi 1.6.1, kyuubi.ha.zookeeper.engine.auth.type does not fallback to kyuubi.ha.zookeeper.auth.type.
    When Kyuubi engine does Kerberos authentication with Zookeeper, user needs to explicitly set kyuubi.ha.zookeeper.engine.auth.type to KERBEROS.

Upgrading from Kyuubi 1.5 to 1.6

  • Kyuubi engine gets Zookeeper principal & keytab from kyuubi.ha.zookeeper.auth.principal & kyuubi.ha.zookeeper.auth.keytab.
    kyuubi.ha.zookeeper.auth.principal & kyuubi.ha.zookeeper.auth.keytab fallback to kyuubi.kinit.principal & kyuubi.kinit.keytab when not set.
    Since Kyuubi 1.6, kyuubi.kinit.principal & kyuubi.kinit.keytab are filtered out from Kyuubi engine's conf for better security.
    When Kyuubi engine does Kerberos authentication with Zookeeper, user needs to explicitly set kyuubi.ha.zookeeper.auth.principal & kyuubi.ha.zookeeper.auth.keytab.