You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hcatalog-commits@incubator.apache.org by da...@apache.org on 2012/06/05 22:20:03 UTC
svn commit: r1346627 - in /incubator/hcatalog/trunk: CHANGES.txt
src/java/org/apache/hcatalog/security/HdfsAuthorizationProvider.java
Author: daijy
Date: Tue Jun 5 22:20:03 2012
New Revision: 1346627
URL: http://svn.apache.org/viewvc?rev=1346627&view=rev
Log:
HCATALOG-410 support proxy user in hcat client
Modified:
incubator/hcatalog/trunk/CHANGES.txt
incubator/hcatalog/trunk/src/java/org/apache/hcatalog/security/HdfsAuthorizationProvider.java
Modified: incubator/hcatalog/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/CHANGES.txt?rev=1346627&r1=1346626&r2=1346627&view=diff
==============================================================================
--- incubator/hcatalog/trunk/CHANGES.txt (original)
+++ incubator/hcatalog/trunk/CHANGES.txt Tue Jun 5 22:20:03 2012
@@ -153,6 +153,8 @@ Release 0.4.0 - Release May 16 2012
OPTIMIZATIONS
BUG FIXES
+ HCATALOG-410 support proxy user in hcat client (thejas via daijy)
+
HCAT-380 If pig script does load then order by, hive-site.xml doesn't seem to propagate properly (toffer)
HCAT-396 src-release leaves out lib directory (gates)
Modified: incubator/hcatalog/trunk/src/java/org/apache/hcatalog/security/HdfsAuthorizationProvider.java
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/src/java/org/apache/hcatalog/security/HdfsAuthorizationProvider.java?rev=1346627&r1=1346626&r2=1346627&view=diff
==============================================================================
--- incubator/hcatalog/trunk/src/java/org/apache/hcatalog/security/HdfsAuthorizationProvider.java (original)
+++ incubator/hcatalog/trunk/src/java/org/apache/hcatalog/security/HdfsAuthorizationProvider.java Tue Jun 5 22:20:03 2012
@@ -49,12 +49,17 @@ import org.apache.hadoop.security.Access
import org.apache.hadoop.security.UserGroupInformation;
/**
- * An AuthorizationProvider, which checks against the data access level permissions on HDFS.
+ * An AuthorizationProvider, which checks against the data access level permissions on HDFS.
+ * It makes sense to eventually move this class to Hive, so that all hive users can
+ * use this authorization model.
*/
public class HdfsAuthorizationProvider extends HiveAuthorizationProviderBase {
protected Warehouse wh;
+ //Config variables : create an enum to store them if we have more
+ private static final String PROXY_USER_NAME = "proxy.user.name";
+
public HdfsAuthorizationProvider() {
super();
}
@@ -234,17 +239,21 @@ public class HdfsAuthorizationProvider e
* Checks the permissions for the given path and current user on Hadoop FS. If the given path
* does not exists, it checks for it's parent folder.
*/
- public static void checkPermissions(final Configuration conf, final Path path,
+ protected static void checkPermissions(final Configuration conf, final Path path,
final EnumSet<FsAction> actions) throws IOException, LoginException {
if (path == null) {
throw new IllegalArgumentException("path is null");
}
-
- final UserGroupInformation ugi;
-
+
HadoopShims shims = ShimLoader.getHadoopShims();
- ugi = shims.getUGIForConf(conf);
+ final UserGroupInformation ugi;
+ if(conf.get(PROXY_USER_NAME) != null){
+ ugi = UserGroupInformation.createRemoteUser(conf.get(PROXY_USER_NAME));
+ }
+ else {
+ ugi = shims.getUGIForConf(conf);
+ }
final String user = shims.getShortUserName(ugi);
final FileSystem fs = path.getFileSystem(conf);
@@ -270,7 +279,7 @@ public class HdfsAuthorizationProvider e
* does not exists, it returns.
*/
@SuppressWarnings("deprecation")
- public static void checkPermissions(final FileSystem fs, final Path path,
+ protected static void checkPermissions(final FileSystem fs, final Path path,
final EnumSet<FsAction> actions, String user, String[] groups) throws IOException,
AccessControlException {