You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@impala.apache.org by "Minghui Zhu (Code Review)" <ge...@cloudera.org> on 2022/09/26 11:55:17 UTC

[Impala-ASF-CR] IMPALA-11235: Support Pluggable Authentication for Impala

Minghui Zhu has uploaded this change for review. ( http://gerrit.cloudera.org:8080/19041


Change subject: IMPALA-11235: Support Pluggable Authentication for Impala
......................................................................

IMPALA-11235: Support Pluggable Authentication for Impala

When impala is accessed through the Standard JDBC Interface, I would like to authenticate through a Unix command that return code indicates whether the authenticate succeeded. The username and password are taken as the first and second arguments to the command.

eg.
command:
bash /opt/impala/authz.sh

/opt/impala/authz.sh:
if [ $# -ne 2 ];
then
    exit 1
fi
grep --quiet $1::$2 /opt/impala/passwd

/opt/impala/passwd:
user1::a1b1
user2::c1d1

Just run this script for authentication at `ImpalaServer::OpenSession`:
// cmd = "bash /opt/impala/authz.sh user1 a1b1"
impala::RunShellProcess(cmd, &msg, true, {"JAVA_TOOL_OPTIONS"})

Change-Id: I14f4cf647d419330166acf41d2dfb33c01008e18
---
M be/src/rpc/auth-provider.h
M be/src/rpc/authentication.cc
M be/src/transport/THttpServer.cpp
M be/src/transport/THttpServer.h
A bin/plugin_for_test.sh
A fe/src/test/java/org/apache/impala/customcluster/PluginHS2Test.java
A fe/src/test/java/org/apache/impala/customcluster/PluginImpalaShellTest.java
A fe/src/test/java/org/apache/impala/customcluster/PluginImpylaHttpTest.java
A fe/src/test/java/org/apache/impala/customcluster/PluginJdbcTest.java
A fe/src/test/java/org/apache/impala/testutil/PluginUtil.java
M shell/ImpalaHttpClient.py
M shell/impala_client.py
M shell/impala_shell.py
M shell/option_parser.py
M tests/shell/test_shell_commandline.py
15 files changed, 1,210 insertions(+), 28 deletions(-)



  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/41/19041/1
-- 
To view, visit http://gerrit.cloudera.org:8080/19041
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I14f4cf647d419330166acf41d2dfb33c01008e18
Gerrit-Change-Number: 19041
Gerrit-PatchSet: 1
Gerrit-Owner: Minghui Zhu <hu...@gmail.com>

[Impala-ASF-CR] IMPALA-11235: Support Pluggable Authentication for Impala

Posted by "Impala Public Jenkins (Code Review)" <ge...@cloudera.org>.

Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/19041 )

Change subject: IMPALA-11235: Support Pluggable Authentication for Impala
......................................................................


Patch Set 1:

(33 comments)

http://gerrit.cloudera.org:8080/#/c/19041/1/be/src/rpc/auth-provider.h
File be/src/rpc/auth-provider.h:

http://gerrit.cloudera.org:8080/#/c/19041/1/be/src/rpc/auth-provider.h@86
PS1, Line 86:     : has_ldap_(false), has_plugin_(false), has_saml_(false), has_jwt_(false), is_internal_(is_internal) {}
line too long (107 > 90)


http://gerrit.cloudera.org:8080/#/c/19041/1/be/src/rpc/authentication.cc
File be/src/rpc/authentication.cc:

http://gerrit.cloudera.org:8080/#/c/19041/1/be/src/rpc/authentication.cc@334
PS1, Line 334: // Wrapper around the function we use to check passwords with plugin which has the function
line too long (91 > 90)


http://gerrit.cloudera.org:8080/#/c/19041/1/be/src/rpc/authentication.cc@997
PS1, Line 997:       PLUGIN_EXT_CALLBACKS[0].context = reinterpret_cast<void*>(const_cast<char *>("PLUGIN"));
line too long (94 > 90)


http://gerrit.cloudera.org:8080/#/c/19041/1/be/src/rpc/authentication.cc@1247
PS1, Line 1247:         has_plugin_, has_kerberos, use_cookies, check_trusted_domain, check_trusted_auth_header,
line too long (96 > 90)


http://gerrit.cloudera.org:8080/#/c/19041/1/be/src/rpc/authentication.cc@1290
PS1, Line 1290:            << (has_ldap_ ? "LDAP " : " ") 
line has trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/be/src/rpc/authentication.cc@1291
PS1, Line 1291:            << (has_plugin_ ? "PLUGIN " : " ") 
line has trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/be/src/transport/THttpServer.h
File be/src/transport/THttpServer.h:

http://gerrit.cloudera.org:8080/#/c/19041/1/be/src/transport/THttpServer.h@36
PS1, Line 36:   // If 'has_ldap_' or 'has_plugin_' is true, metrics for the number of successful and failed Basic
line too long (99 > 90)


http://gerrit.cloudera.org:8080/#/c/19041/1/be/src/transport/THttpServer.h@76
PS1, Line 76:     // if authentication is successful. Must be set if 'has_ldap_' or 'has_plugin_' is true.
line too long (92 > 90)


http://gerrit.cloudera.org:8080/#/c/19041/1/be/src/transport/THttpServer.h@237
PS1, Line 237:      bool has_ldap, bool has_plugin, bool has_kerberos, bool use_cookies, bool check_trusted_domain,
line too long (100 > 90)


http://gerrit.cloudera.org:8080/#/c/19041/1/be/src/transport/THttpServer.h@243
PS1, Line 243:    return std::shared_ptr<TTransport>(new THttpServer(trans, has_ldap_, has_plugin_, has_kerberos_,
line too long (99 > 90)


http://gerrit.cloudera.org:8080/#/c/19041/1/bin/plugin_for_test.sh
File bin/plugin_for_test.sh:

http://gerrit.cloudera.org:8080/#/c/19041/1/bin/plugin_for_test.sh@5
PS1, Line 5: fi 
line has trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/fe/src/test/java/org/apache/impala/customcluster/PluginHS2Test.java
File fe/src/test/java/org/apache/impala/customcluster/PluginHS2Test.java:

http://gerrit.cloudera.org:8080/#/c/19041/1/fe/src/test/java/org/apache/impala/customcluster/PluginHS2Test.java@60
PS1, Line 60:     String pluginArgs = String.format("--enable_plugin_auth " + 
line has trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/fe/src/test/java/org/apache/impala/customcluster/PluginImpalaShellTest.java
File fe/src/test/java/org/apache/impala/customcluster/PluginImpalaShellTest.java:

http://gerrit.cloudera.org:8080/#/c/19041/1/fe/src/test/java/org/apache/impala/customcluster/PluginImpalaShellTest.java@36
PS1, Line 36:  * Impala shell connectivity tests for PLUGIN authentication. This class contains the common
line too long (92 > 90)


http://gerrit.cloudera.org:8080/#/c/19041/1/fe/src/test/java/org/apache/impala/customcluster/PluginImpalaShellTest.java@45
PS1, Line 45:     String pluginArgs = String.format("--enable_plugin_auth " + 
line has trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/fe/src/test/java/org/apache/impala/customcluster/PluginImpalaShellTest.java@95
PS1, Line 95:     
line has trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/fe/src/test/java/org/apache/impala/customcluster/PluginImpylaHttpTest.java
File fe/src/test/java/org/apache/impala/customcluster/PluginImpylaHttpTest.java:

http://gerrit.cloudera.org:8080/#/c/19041/1/fe/src/test/java/org/apache/impala/customcluster/PluginImpylaHttpTest.java@49
PS1, Line 49:     String pluginArgs = String.format("--enable_plugin_auth " + 
line has trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/fe/src/test/java/org/apache/impala/customcluster/PluginJdbcTest.java
File fe/src/test/java/org/apache/impala/customcluster/PluginJdbcTest.java:

http://gerrit.cloudera.org:8080/#/c/19041/1/fe/src/test/java/org/apache/impala/customcluster/PluginJdbcTest.java@49
PS1, Line 49:     String pluginArgs = String.format("--enable_plugin_auth " + 
line has trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/fe/src/test/java/org/apache/impala/customcluster/PluginJdbcTest.java@56
PS1, Line 56:         ImpalaJdbcClient.getLdapConnectionStr(connectionType_, TEST_USER_1, TEST_PASSWORD_1));
line too long (94 > 90)


http://gerrit.cloudera.org:8080/#/c/19041/1/shell/ImpalaHttpClient.py
File shell/ImpalaHttpClient.py:

http://gerrit.cloudera.org:8080/#/c/19041/1/shell/ImpalaHttpClient.py@223
PS1, Line 223:  
flake8: W291 trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/shell/ImpalaHttpClient.py@223
PS1, Line 223:     self.__get_custom_headers_func = self.getCustomHeadersWithBasicAuth 
line has trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/shell/impala_client.py
File shell/impala_client.py:

http://gerrit.cloudera.org:8080/#/c/19041/1/shell/impala_client.py@134
PS1, Line 134:  
flake8: W291 trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/shell/impala_client.py@134
PS1, Line 134:                ldap_password=None, use_ldap=False, plugin_password=None, 
line has trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/shell/impala_client.py@422
PS1, Line 422:  
flake8: W291 trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/shell/impala_client.py@422
PS1, Line 422:       user_passwd = "{0}:{1}".format(self.user, self.plugin_password) 
line has trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/shell/impala_client.py@424
PS1, Line 424:  
flake8: W291 trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/shell/impala_client.py@424
PS1, Line 424:       transport.setPluginAuth(auth) 
line has trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/shell/impala_client.py@493
PS1, Line 493:  
flake8: W291 trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/shell/impala_client.py@493
PS1, Line 493:         sasl_client.setAttr("password", self.plugin_password) 
line has trailing whitespace


http://gerrit.cloudera.org:8080/#/c/19041/1/shell/impala_shell.py
File shell/impala_shell.py:

http://gerrit.cloudera.org:8080/#/c/19041/1/shell/impala_shell.py@2037
PS1, Line 2037: +
flake8: W504 line break after binary operator


http://gerrit.cloudera.org:8080/#/c/19041/1/shell/impala_shell.py@2091
PS1, Line 2091: E
flake8: E501 line too long (92 > 90 characters)


http://gerrit.cloudera.org:8080/#/c/19041/1/shell/option_parser.py
File shell/option_parser.py:

http://gerrit.cloudera.org:8080/#/c/19041/1/shell/option_parser.py@326
PS1, Line 326: d
flake8: E501 line too long (92 > 90 characters)


http://gerrit.cloudera.org:8080/#/c/19041/1/tests/shell/test_shell_commandline.py
File tests/shell/test_shell_commandline.py:

http://gerrit.cloudera.org:8080/#/c/19041/1/tests/shell/test_shell_commandline.py@733
PS1, Line 733: x
flake8: E501 line too long (97 > 90 characters)


http://gerrit.cloudera.org:8080/#/c/19041/1/tests/shell/test_shell_commandline.py@742
PS1, Line 742: e
flake8: E501 line too long (102 > 90 characters)



-- 
To view, visit http://gerrit.cloudera.org:8080/19041
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I14f4cf647d419330166acf41d2dfb33c01008e18
Gerrit-Change-Number: 19041
Gerrit-PatchSet: 1
Gerrit-Owner: Minghui Zhu <hu...@gmail.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>
Gerrit-Comment-Date: Mon, 26 Sep 2022 11:56:09 +0000
Gerrit-HasComments: Yes

[Impala-ASF-CR] IMPALA-11235: Support Pluggable Authentication for Impala

Posted by "Minghui Zhu (Code Review)" <ge...@cloudera.org>.

Minghui Zhu has abandoned this change. ( http://gerrit.cloudera.org:8080/19041 )

Change subject: IMPALA-11235: Support Pluggable Authentication for Impala
......................................................................


Abandoned

Merge Conflict
-- 
To view, visit http://gerrit.cloudera.org:8080/19041
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: abandon
Gerrit-Change-Id: I14f4cf647d419330166acf41d2dfb33c01008e18
Gerrit-Change-Number: 19041
Gerrit-PatchSet: 1
Gerrit-Owner: Minghui Zhu <hu...@gmail.com>
Gerrit-Reviewer: Impala Public Jenkins <im...@cloudera.com>