ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yus...@apache.org
Subject ambari git commit: AMBARI-14503. Hive views does not honour auth_to_local rules when running queries. (Gaurav Nagar via yusaku)
Date Wed, 13 Jan 2016 11:32:12 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.2 d12ac74de -> f5dd66310


AMBARI-14503. Hive views does not honour auth_to_local rules when running queries. (Gaurav
Nagar via yusaku)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f5dd6631
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f5dd6631
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f5dd6631

Branch: refs/heads/branch-2.2
Commit: f5dd6631057a527fdc757632b7ecafd0f631e70c
Parents: d12ac74
Author: Yusaku Sako <yusaku@hortonworks.com>
Authored: Wed Jan 13 03:31:45 2016 -0800
Committer: Yusaku Sako <yusaku@hortonworks.com>
Committed: Wed Jan 13 03:31:45 2016 -0800

----------------------------------------------------------------------
 ambari-server/pom.xml                           |  6 +++
 .../ambari/server/view/ViewContextImpl.java     | 45 ++++++++++++++++++++
 .../org/apache/ambari/view/ViewContext.java     |  9 +++-
 contrib/views/files/src/main/resources/view.xml |  7 +++
 contrib/views/hive/src/main/resources/view.xml  |  8 ++++
 contrib/views/pig/src/main/resources/view.xml   |  9 ++++
 contrib/views/tez/src/main/resources/view.xml   |  7 +++
 7 files changed, 90 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/f5dd6631/ambari-server/pom.xml
----------------------------------------------------------------------
diff --git a/ambari-server/pom.xml b/ambari-server/pom.xml
index a3f03b4..fc57ebd 100644
--- a/ambari-server/pom.xml
+++ b/ambari-server/pom.xml
@@ -46,6 +46,7 @@
     <commonServicesSrcLocation>target/classes/common-services</commonServicesSrcLocation>
     <stacksSrcLocation>target/classes/stacks/${stack.distribution}</stacksSrcLocation>
     <tarballResourcesFolder>src/main/resources</tarballResourcesFolder>
+    <hadoop.version>2.7.1</hadoop.version>
   </properties>
   <build>
     <plugins>
@@ -1960,6 +1961,11 @@
       <artifactId>ehcache</artifactId>
       <version>2.10.0</version>
     </dependency>
+    <dependency>
+      <groupId>org.apache.hadoop</groupId>
+      <artifactId>hadoop-auth</artifactId>
+      <version>${hadoop.version}</version>
+    </dependency>
   </dependencies>
 
   <pluginRepositories>

http://git-wip-us.apache.org/repos/asf/ambari/blob/f5dd6631/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java
index a22c514..72da333 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java
@@ -48,9 +48,13 @@ import org.apache.ambari.view.events.Event;
 import org.apache.ambari.view.events.Listener;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.directory.api.util.Strings;
+import org.apache.hadoop.security.authentication.util.KerberosName;
+import org.apache.hadoop.security.authentication.util.KerberosUtil;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.Velocity;
 import org.apache.velocity.exception.ParseErrorException;
+import sun.security.krb5.KrbException;
 
 import java.io.StringWriter;
 import java.io.Writer;
@@ -71,6 +75,10 @@ public class ViewContextImpl implements ViewContext, ViewController {
    */
   private static final Log LOG = LogFactory.getLog(ViewContextImpl.class);
 
+  public static final String HADOOP_SECURITY_AUTH_TO_LOCAL = "hadoop.security.auth_to_local";
+  public static final String CORE_SITE = "core-site";
+  public static final String HDFS_AUTH_TO_LOCAL = "hdfs.auth_to_local";
+
   /**
    * The associated view definition.
    */
@@ -218,6 +226,36 @@ public class ViewContextImpl implements ViewContext, ViewController {
 
   @Override
   public String getUsername() {
+    String shortName = getLoggedinUser();
+    try {
+      String authToLocalRules = getAuthToLocalRules();
+      //Getting ambari server realm. Ideally this should come from user
+      String defaultRealm = KerberosUtil.getDefaultRealm();
+      if(Strings.isNotEmpty(authToLocalRules) && Strings.isNotEmpty(defaultRealm)){
+        synchronized (KerberosName.class){
+          KerberosName.setRules(authToLocalRules);
+          shortName = new KerberosName(shortName+"@"+defaultRealm).getShortName();
+        }
+      }
+    } catch (Exception e) {
+      LOG.error("Failed to get username",e);
+    }
+    return shortName;
+  }
+
+  private String getAuthToLocalRules(){
+    Cluster cluster = getCluster();
+    String authToLocalRules = null;
+    if (cluster != null) {
+      authToLocalRules = cluster.getConfigurationValue(CORE_SITE, HADOOP_SECURITY_AUTH_TO_LOCAL);
+    }else if(viewInstanceEntity != null) {
+      authToLocalRules = viewInstanceEntity.getPropertyMap().get(HDFS_AUTH_TO_LOCAL);
+    }
+    return authToLocalRules;
+  }
+
+  @Override
+  public String getLoggedinUser(){
     return viewInstanceEntity != null ? viewInstanceEntity.getUsername() : null;
   }
 
@@ -465,6 +503,13 @@ public class ViewContextImpl implements ViewContext, ViewController {
             return viewContext.getInstanceName();
           }
         });
+    context.put("loggedinUser",
+            new ParameterResolver() {
+              @Override
+              protected String getValue() {
+                return viewContext.getLoggedinUser();
+              }
+            });
     return context;
   }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/f5dd6631/ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java
----------------------------------------------------------------------
diff --git a/ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java b/ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java
index c0cae80..7b7b025 100644
--- a/ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java
+++ b/ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java
@@ -36,13 +36,20 @@ public interface ViewContext {
   public static final String CONTEXT_ATTRIBUTE = "ambari-view-context";
 
   /**
-   * Get the current user name.
+   * Get the current user name after auth_to_local conversion
    *
    * @return the current user name
    */
   public String getUsername();
 
   /**
+   * Get the current ambari user.
+   *
+   * @return the current user name
+   */
+  public String getLoggedinUser();
+
+  /**
    * Determine whether or not the access specified by the given permission name
    * is permitted for the given user.
    *

http://git-wip-us.apache.org/repos/asf/ambari/blob/f5dd6631/contrib/views/files/src/main/resources/view.xml
----------------------------------------------------------------------
diff --git a/contrib/views/files/src/main/resources/view.xml b/contrib/views/files/src/main/resources/view.xml
index 58a7682..f594fbe 100644
--- a/contrib/views/files/src/main/resources/view.xml
+++ b/contrib/views/files/src/main/resources/view.xml
@@ -87,6 +87,13 @@
         <required>false</required>
         <cluster-config>fake</cluster-config>
     </parameter>
+    <parameter>
+        <name>hdfs.auth_to_local</name>
+        <description>Auth to Local Configuration</description>
+        <label>Auth To Local</label>
+        <required>false</required>
+        <cluster-config>core-site/hadoop.security.auth_to_local</cluster-config>
+    </parameter>
 
     <parameter>
         <name>webhdfs.username</name>

http://git-wip-us.apache.org/repos/asf/ambari/blob/f5dd6631/contrib/views/hive/src/main/resources/view.xml
----------------------------------------------------------------------
diff --git a/contrib/views/hive/src/main/resources/view.xml b/contrib/views/hive/src/main/resources/view.xml
index b6f03ad..e3aea70 100644
--- a/contrib/views/hive/src/main/resources/view.xml
+++ b/contrib/views/hive/src/main/resources/view.xml
@@ -166,6 +166,14 @@
         <required>false</required>
     </parameter>
 
+    <parameter>
+        <name>hdfs.auth_to_local</name>
+        <description>Auth to Local Configuration</description>
+        <label>Auth To Local</label>
+        <required>false</required>
+        <cluster-config>core-site/hadoop.security.auth_to_local</cluster-config>
+    </parameter>
+
     <!-- General Configs -->
 
     <parameter>

http://git-wip-us.apache.org/repos/asf/ambari/blob/f5dd6631/contrib/views/pig/src/main/resources/view.xml
----------------------------------------------------------------------
diff --git a/contrib/views/pig/src/main/resources/view.xml b/contrib/views/pig/src/main/resources/view.xml
index 30efae8..8dd4a4f 100644
--- a/contrib/views/pig/src/main/resources/view.xml
+++ b/contrib/views/pig/src/main/resources/view.xml
@@ -107,6 +107,14 @@
         <required>false</required>
     </parameter>
 
+    <parameter>
+        <name>hdfs.auth_to_local</name>
+        <description>Auth to Local Configuration</description>
+        <label>Auth To Local</label>
+        <required>false</required>
+        <cluster-config>core-site/hadoop.security.auth_to_local</cluster-config>
+    </parameter>
+
     <!-- WebHCat Configs -->
     <parameter>
         <name>webhcat.hostname</name>
@@ -133,6 +141,7 @@
         <required>false</required>
     </parameter>
 
+
     <!-- General Configs -->
     <parameter>
         <name>scripts.dir</name>

http://git-wip-us.apache.org/repos/asf/ambari/blob/f5dd6631/contrib/views/tez/src/main/resources/view.xml
----------------------------------------------------------------------
diff --git a/contrib/views/tez/src/main/resources/view.xml b/contrib/views/tez/src/main/resources/view.xml
index d1ad5ad..d8105f1 100644
--- a/contrib/views/tez/src/main/resources/view.xml
+++ b/contrib/views/tez/src/main/resources/view.xml
@@ -35,6 +35,13 @@ limitations under the License. Kerberos, LDAP, Custom. Binary/Htt
     <placeholder>yarn.resourcemanager.hostname:8088</placeholder>
     <cluster-config>yarn-site/yarn.resourcemanager.webapp.address</cluster-config>
   </parameter>
+  <parameter>
+    <name>hdfs.auth_to_local</name>
+    <description>Auth to Local Configuration</description>
+    <label>Auth To Local</label>
+    <required>false</required>
+    <cluster-config>core-site/hadoop.security.auth_to_local</cluster-config>
+  </parameter>
 
   <!-- The status resource exists to show the subset of properties that any user is allowed
to see, not just an admin user. -->
   <resource>


Mime
View raw message