You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "bharath v (Jira)" <ji...@apache.org> on 2019/09/06 04:13:00 UTC
[jira] [Created] (IMPALA-8921) Use kerberos short name for ranger
requests.
bharath v created IMPALA-8921:
---------------------------------
Summary: Use kerberos short name for ranger requests.
Key: IMPALA-8921
URL: https://issues.apache.org/jira/browse/IMPALA-8921
Project: IMPALA
Issue Type: Bug
Components: Catalog, Frontend
Affects Versions: Impala 3.2.0, Impala 3.3.0
Reporter: bharath v
Assignee: bharath v
For certain grant/revoke requests, we are using the full name, which is a fully qualified user principal.
{noformat}
@Override
public void grantPrivilegeToUser(TCatalogServiceRequestHeader header,
TGrantRevokePrivParams params, TDdlExecResponse response) throws ImpalaException {
List<GrantRevokeRequest> requests = createGrantRevokeRequests(
====> header.getRequesting_user(), true, params.getPrincipal_name(),
Collections.emptyList(), plugin_.get().getClusterName(),
header.getClient_ip(), params.getPrivileges());
@Override
public void revokePrivilegeFromUser(TCatalogServiceRequestHeader header,
TGrantRevokePrivParams params, TDdlExecResponse response) throws ImpalaException {
List<GrantRevokeRequest> requests = createGrantRevokeRequests(
====> header.getRequesting_user(), false, params.getPrincipal_name(),
Collections.emptyList(), plugin_.get().getClusterName(),
header.getClient_ip(), params.getPrivileges());
@Override
public void grantPrivilegeToGroup(TCatalogServiceRequestHeader header,
TGrantRevokePrivParams params, TDdlExecResponse response) throws ImpalaException {
List<GrantRevokeRequest> requests = createGrantRevokeRequests(
=>>> header.getRequesting_user(), true, null,
Collections.singletonList(params.getPrincipal_name()),
plugin_.get().getClusterName(), header.getClient_ip(), params.getPrivileges());
@Override
public void revokePrivilegeFromGroup(TCatalogServiceRequestHeader header,
TGrantRevokePrivParams params, TDdlExecResponse response) throws ImpalaException {
List<GrantRevokeRequest> requests = createGrantRevokeRequests(
===> header.getRequesting_user(), false, null,
Collections.singletonList(params.getPrincipal_name()),
plugin_.get().getClusterName(), header.getClient_ip(), params.getPrivileges());
{noformat}
Ranger expects a short name instead. The bug existed since the original implementation [1], but the code has been later refactored.
[1] https://gerrit.cloudera.org/#/c/12914/
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org