diff --git a/impala/_thrift_api.py b/impala/_thrift_api.py index 0c0699e08..a18270d65 100644 --- a/impala/_thrift_api.py +++ b/impala/_thrift_api.py @@ -20,14 +20,14 @@ from __future__ import absolute_import +import getpass import os import sys + import six -import getpass from impala.util import get_logger_and_init_null - log = get_logger_and_init_null(__name__) @@ -94,7 +94,7 @@ ThriftClient = TClient -def get_socket(host, port, use_ssl, ca_cert): +def get_socket(host, port, use_ssl, ca_cert, ssl_verify_cert): # based on the Impala shell impl log.debug('get_socket: host=%s port=%s use_ssl=%s ca_cert=%s', host, port, use_ssl, ca_cert) @@ -103,15 +103,15 @@ def get_socket(host, port, use_ssl, ca_cert): if six.PY2: from thrift.transport.TSSLSocket import TSSLSocket if ca_cert is None: - return TSSLSocket(host, port, validate=False) + return TSSLSocket(host, port, ssl_verify_cert=False) else: - return TSSLSocket(host, port, validate=True, ca_certs=ca_cert) + return TSSLSocket(host, port, ssl_verify_cert=ssl_verify_cert, ca_certs=ca_cert) else: from thriftpy.transport.sslsocket import TSSLSocket if ca_cert is None: - return TSSLSocket(host, port, validate=False) + return TSSLSocket(host, port, ssl_verify_cert=False) else: - return TSSLSocket(host, port, validate=True, cafile=ca_cert) + return TSSLSocket(host, port, ssl_verify_cert=ssl_verify_cert, cafile=ca_cert) else: return TSocket(host, port) diff --git a/impala/dbapi.py b/impala/dbapi.py index d11ff38e5..2dde9d9a7 100644 --- a/impala/dbapi.py +++ b/impala/dbapi.py @@ -38,7 +38,8 @@ def connect(host='localhost', port=21050, database=None, timeout=None, - use_ssl=False, ca_cert=None, auth_mechanism='NOSASL', user=None, + use_ssl=False, ca_cert=None, validate=True, + auth_mechanism='NOSASL', user=None, password=None, kerberos_service_name='impala', use_ldap=None, ldap_user=None, ldap_password=None, use_kerberos=None, protocol=None): @@ -65,6 +66,8 @@ def connect(host='localhost', port=21050, database=None, timeout=None, Local path to the the third-party CA certificate. If SSL is enabled but the certificate is not specified, the server certificate will not be validated. + validate : bool, optional + hostname should be checked or not for SSL connection auth_mechanism : {'NOSASL', 'PLAIN', 'GSSAPI', 'LDAP'} Specify the authentication mechanism. `'NOSASL'` for unsecured Impala. `'PLAIN'` for unsecured Hive (because Hive requires the SASL @@ -141,8 +144,8 @@ def connect(host='localhost', port=21050, database=None, timeout=None, "supported".format(protocol)) service = hs2.connect(host=host, port=port, - timeout=timeout, use_ssl=use_ssl, - ca_cert=ca_cert, user=user, password=password, + timeout=timeout, use_ssl=use_ssl, ca_cert=ca_cert, + validate=validate, user=user, password=password, kerberos_service_name=kerberos_service_name, auth_mechanism=auth_mechanism) return hs2.HiveServer2Connection(service, default_db=database) diff --git a/impala/hiveserver2.py b/impala/hiveserver2.py index 308fb7012..80dff7039 100644 --- a/impala/hiveserver2.py +++ b/impala/hiveserver2.py @@ -736,12 +736,12 @@ def threaded(func): raise NotImplementedError -def connect(host, port, timeout=None, use_ssl=False, ca_cert=None, - user=None, password=None, kerberos_service_name='impala', +def connect(host, port, timeout=None, use_ssl=False, ca_cert=None, user=None, + validate=True, password=None, kerberos_service_name='impala', auth_mechanism=None): log.debug('Connecting to HiveServer2 %s:%s with %s authentication ' 'mechanism', host, port, auth_mechanism) - sock = get_socket(host, port, use_ssl, ca_cert) + sock = get_socket(host, port, use_ssl, ca_cert, validate) if timeout is not None: timeout = timeout * 1000. # TSocket expects millis if six.PY2: