bharath v created IMPALA-8921: --------------------------------- Summary: Use kerberos short name for ranger requests. Key: IMPALA-8921 URL: https://issues.apache.org/jira/browse/IMPALA-8921 Project: IMPALA Issue Type: Bug Components: Catalog, Frontend Affects Versions: Impala 3.2.0, Impala 3.3.0 Reporter: bharath v Assignee: bharath v
For certain grant/revoke requests, we are using the full name, which is a fully qualified user principal. {noformat} @Override public void grantPrivilegeToUser(TCatalogServiceRequestHeader header, TGrantRevokePrivParams params, TDdlExecResponse response) throws ImpalaException { List<GrantRevokeRequest> requests = createGrantRevokeRequests( ====> header.getRequesting_user(), true, params.getPrincipal_name(), Collections.emptyList(), plugin_.get().getClusterName(), header.getClient_ip(), params.getPrivileges()); @Override public void revokePrivilegeFromUser(TCatalogServiceRequestHeader header, TGrantRevokePrivParams params, TDdlExecResponse response) throws ImpalaException { List<GrantRevokeRequest> requests = createGrantRevokeRequests( ====> header.getRequesting_user(), false, params.getPrincipal_name(), Collections.emptyList(), plugin_.get().getClusterName(), header.getClient_ip(), params.getPrivileges()); @Override public void grantPrivilegeToGroup(TCatalogServiceRequestHeader header, TGrantRevokePrivParams params, TDdlExecResponse response) throws ImpalaException { List<GrantRevokeRequest> requests = createGrantRevokeRequests( =>>> header.getRequesting_user(), true, null, Collections.singletonList(params.getPrincipal_name()), plugin_.get().getClusterName(), header.getClient_ip(), params.getPrivileges()); @Override public void revokePrivilegeFromGroup(TCatalogServiceRequestHeader header, TGrantRevokePrivParams params, TDdlExecResponse response) throws ImpalaException { List<GrantRevokeRequest> requests = createGrantRevokeRequests( ===> header.getRequesting_user(), false, null, Collections.singletonList(params.getPrincipal_name()), plugin_.get().getClusterName(), header.getClient_ip(), params.getPrivileges()); {noformat} Ranger expects a short name instead. The bug existed since the original implementation [1], but the code has been later refactored. [1] https://gerrit.cloudera.org/#/c/12914/ -- This message was sent by Atlassian Jira (v8.3.2#803003)