Philip Zeyliger has posted comments on this change. ( http://gerrit.cloudera.org:8080/10510 )
Change subject: IMPALA-5522: Add support for authorized proxy groups ...................................................................... Patch Set 2: (2 comments) http://gerrit.cloudera.org:8080/#/c/10510/2/be/src/service/impala-server.cc File be/src/service/impala-server.cc: http://gerrit.cloudera.org:8080/#/c/10510/2/be/src/service/impala-server.cc@319 PS2, Line 319: [](const string& config) { : return Substitute("Invalid proxy user configuration. No mapping value " : "specified for the proxy user. For more information review usage of the " : "--authorized_proxy_user_config flag: $0", config); : }); > I don't think we can call CLEAN_EXIT_WITH_ERROR since it needs the config o The error can be more generic saying that there's something invalid about the configuration. This isn't a huge deal, but I've not seen use use lambdas for error handling. http://gerrit.cloudera.org:8080/#/c/10510/2/fe/src/main/java/org/apache/impala/service/JniFrontend.java File fe/src/main/java/org/apache/impala/service/JniFrontend.java: http://gerrit.cloudera.org:8080/#/c/10510/2/fe/src/main/java/org/apache/impala/service/JniFrontend.java@623 PS2, Line 623: result.setGroups(GROUPS.getGroups(request.getUser())); > It depends on the Hadoop mapping provider implementation and yes it can inv For common Impala deployments, do you know what's in use? For the deployment that I checked, on a nightly cluster at my employer, I found that Cloudera Manager seems to default to org.apache.hadoop.security.ShellBasedUnixGroupsMapping. If that's the case, we'll be forking per-query, and my sense of the comments at https://issues.apache.org/jira/browse/IMPALA-5624 is that we've been trying pretty hard to avoid it. I'd go so far as saying that we should check to see what class the user group mapping provider is, and, if it's in a list of well-known forkers, we should fail. -- To view, visit http://gerrit.cloudera.org:8080/10510 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I6953f89c293b06b72f523b11802232133d9d6cbb Gerrit-Change-Number: 10510 Gerrit-PatchSet: 2 Gerrit-Owner: Fredy Wijaya <fwij...@cloudera.com> Gerrit-Reviewer: Fredy Wijaya <fwij...@cloudera.com> Gerrit-Reviewer: Philip Zeyliger <phi...@cloudera.com> Gerrit-Reviewer: Sailesh Mukil <sail...@cloudera.com> Gerrit-Reviewer: Vuk Ercegovac <vercego...@cloudera.com> Gerrit-Comment-Date: Wed, 30 May 2018 03:00:26 +0000 Gerrit-HasComments: Yes
