[jira] [Created] (IMPALA-8921) Use kerberos short name for ranger requests.

Thu, 05 Sep 2019 21:13:16 -0700 

bharath v created IMPALA-8921:
---------------------------------

             Summary: Use kerberos short name for ranger requests.
                 Key: IMPALA-8921
                 URL: https://issues.apache.org/jira/browse/IMPALA-8921
             Project: IMPALA
          Issue Type: Bug
          Components: Catalog, Frontend
    Affects Versions: Impala 3.2.0, Impala 3.3.0
            Reporter: bharath v
            Assignee: bharath v


For certain grant/revoke requests, we are using the full name, which is a fully 
qualified user principal.

{noformat}
@Override
  public void grantPrivilegeToUser(TCatalogServiceRequestHeader header,
      TGrantRevokePrivParams params, TDdlExecResponse response) throws 
ImpalaException {
    List<GrantRevokeRequest> requests = createGrantRevokeRequests(
====>        header.getRequesting_user(), true, params.getPrincipal_name(),
        Collections.emptyList(), plugin_.get().getClusterName(),
        header.getClient_ip(), params.getPrivileges());


@Override
  public void revokePrivilegeFromUser(TCatalogServiceRequestHeader header,
      TGrantRevokePrivParams params, TDdlExecResponse response) throws 
ImpalaException {
    List<GrantRevokeRequest> requests = createGrantRevokeRequests(
====>        header.getRequesting_user(), false, params.getPrincipal_name(),
        Collections.emptyList(), plugin_.get().getClusterName(),
        header.getClient_ip(), params.getPrivileges());

@Override
  public void grantPrivilegeToGroup(TCatalogServiceRequestHeader header,
      TGrantRevokePrivParams params, TDdlExecResponse response) throws 
ImpalaException {
    List<GrantRevokeRequest> requests = createGrantRevokeRequests(
=>>>        header.getRequesting_user(), true, null,
        Collections.singletonList(params.getPrincipal_name()),
        plugin_.get().getClusterName(), header.getClient_ip(), 
params.getPrivileges());

  @Override
  public void revokePrivilegeFromGroup(TCatalogServiceRequestHeader header,
      TGrantRevokePrivParams params, TDdlExecResponse response) throws 
ImpalaException {
    List<GrantRevokeRequest> requests = createGrantRevokeRequests(
===>        header.getRequesting_user(), false, null,
        Collections.singletonList(params.getPrincipal_name()),
        plugin_.get().getClusterName(), header.getClient_ip(), 
params.getPrivileges());

{noformat}

Ranger expects a short name instead. The bug existed since the original 
implementation [1], but the code has been later refactored.

[1] https://gerrit.cloudera.org/#/c/12914/




--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Reply via email to