Return-Path: X-Original-To: apmail-ambari-commits-archive@www.apache.org Delivered-To: apmail-ambari-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 709531870F for ; Fri, 15 Jan 2016 18:51:57 +0000 (UTC) Received: (qmail 99795 invoked by uid 500); 15 Jan 2016 18:51:56 -0000 Delivered-To: apmail-ambari-commits-archive@ambari.apache.org Received: (qmail 99671 invoked by uid 500); 15 Jan 2016 18:51:56 -0000 Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-dev@ambari.apache.org Delivered-To: mailing list commits@ambari.apache.org Received: (qmail 99406 invoked by uid 99); 15 Jan 2016 18:51:56 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Jan 2016 18:51:56 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 81661E0A1B; Fri, 15 Jan 2016 18:51:56 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: ncole@apache.org To: commits@ambari.apache.org Date: Fri, 15 Jan 2016 18:52:03 -0000 Message-Id: In-Reply-To: <5bb0219cfe3e494d94265529769b9014@git.apache.org> References: <5bb0219cfe3e494d94265529769b9014@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [08/50] ambari git commit: AMBARI-14503. Hive views does not honour auth_to_local rules when running queries . (Gaurav Nagar via yusaku) AMBARI-14503. Hive views does not honour auth_to_local rules when running queries . (Gaurav Nagar via yusaku) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a6885597 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a6885597 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a6885597 Branch: refs/heads/branch-dev-patch-upgrade Commit: a688559755fee0af62b00dd1508dd987358dd9ff Parents: 8896d89 Author: Yusaku Sako Authored: Wed Jan 13 03:30:05 2016 -0800 Committer: Yusaku Sako Committed: Wed Jan 13 03:30:05 2016 -0800 ---------------------------------------------------------------------- ambari-server/pom.xml | 6 +++ .../ambari/server/view/ViewContextImpl.java | 45 ++++++++++++++++++++ .../org/apache/ambari/view/ViewContext.java | 9 +++- contrib/views/files/src/main/resources/view.xml | 7 +++ contrib/views/hive/src/main/resources/view.xml | 8 ++++ contrib/views/pig/src/main/resources/view.xml | 9 ++++ contrib/views/tez/src/main/resources/view.xml | 7 +++ 7 files changed, 90 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/a6885597/ambari-server/pom.xml ---------------------------------------------------------------------- diff --git a/ambari-server/pom.xml b/ambari-server/pom.xml index 9c0ba26..c0010fb 100644 --- a/ambari-server/pom.xml +++ b/ambari-server/pom.xml @@ -47,6 +47,7 @@ target/classes/stacks/${stack.distribution} src/main/resources false + 2.7.1 @@ -2021,6 +2022,11 @@ + + org.apache.hadoop + hadoop-auth + ${hadoop.version} + http://git-wip-us.apache.org/repos/asf/ambari/blob/a6885597/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java index a22c514..72da333 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java @@ -48,9 +48,13 @@ import org.apache.ambari.view.events.Event; import org.apache.ambari.view.events.Listener; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.directory.api.util.Strings; +import org.apache.hadoop.security.authentication.util.KerberosName; +import org.apache.hadoop.security.authentication.util.KerberosUtil; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.Velocity; import org.apache.velocity.exception.ParseErrorException; +import sun.security.krb5.KrbException; import java.io.StringWriter; import java.io.Writer; @@ -71,6 +75,10 @@ public class ViewContextImpl implements ViewContext, ViewController { */ private static final Log LOG = LogFactory.getLog(ViewContextImpl.class); + public static final String HADOOP_SECURITY_AUTH_TO_LOCAL = "hadoop.security.auth_to_local"; + public static final String CORE_SITE = "core-site"; + public static final String HDFS_AUTH_TO_LOCAL = "hdfs.auth_to_local"; + /** * The associated view definition. */ @@ -218,6 +226,36 @@ public class ViewContextImpl implements ViewContext, ViewController { @Override public String getUsername() { + String shortName = getLoggedinUser(); + try { + String authToLocalRules = getAuthToLocalRules(); + //Getting ambari server realm. Ideally this should come from user + String defaultRealm = KerberosUtil.getDefaultRealm(); + if(Strings.isNotEmpty(authToLocalRules) && Strings.isNotEmpty(defaultRealm)){ + synchronized (KerberosName.class){ + KerberosName.setRules(authToLocalRules); + shortName = new KerberosName(shortName+"@"+defaultRealm).getShortName(); + } + } + } catch (Exception e) { + LOG.error("Failed to get username",e); + } + return shortName; + } + + private String getAuthToLocalRules(){ + Cluster cluster = getCluster(); + String authToLocalRules = null; + if (cluster != null) { + authToLocalRules = cluster.getConfigurationValue(CORE_SITE, HADOOP_SECURITY_AUTH_TO_LOCAL); + }else if(viewInstanceEntity != null) { + authToLocalRules = viewInstanceEntity.getPropertyMap().get(HDFS_AUTH_TO_LOCAL); + } + return authToLocalRules; + } + + @Override + public String getLoggedinUser(){ return viewInstanceEntity != null ? viewInstanceEntity.getUsername() : null; } @@ -465,6 +503,13 @@ public class ViewContextImpl implements ViewContext, ViewController { return viewContext.getInstanceName(); } }); + context.put("loggedinUser", + new ParameterResolver() { + @Override + protected String getValue() { + return viewContext.getLoggedinUser(); + } + }); return context; } http://git-wip-us.apache.org/repos/asf/ambari/blob/a6885597/ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java ---------------------------------------------------------------------- diff --git a/ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java b/ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java index c0cae80..7b7b025 100644 --- a/ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java +++ b/ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java @@ -36,13 +36,20 @@ public interface ViewContext { public static final String CONTEXT_ATTRIBUTE = "ambari-view-context"; /** - * Get the current user name. + * Get the current user name after auth_to_local conversion * * @return the current user name */ public String getUsername(); /** + * Get the current ambari user. + * + * @return the current user name + */ + public String getLoggedinUser(); + + /** * Determine whether or not the access specified by the given permission name * is permitted for the given user. * http://git-wip-us.apache.org/repos/asf/ambari/blob/a6885597/contrib/views/files/src/main/resources/view.xml ---------------------------------------------------------------------- diff --git a/contrib/views/files/src/main/resources/view.xml b/contrib/views/files/src/main/resources/view.xml index 58a7682..f594fbe 100644 --- a/contrib/views/files/src/main/resources/view.xml +++ b/contrib/views/files/src/main/resources/view.xml @@ -87,6 +87,13 @@ false fake + + hdfs.auth_to_local + Auth to Local Configuration + Auth To Local + false + core-site/hadoop.security.auth_to_local + webhdfs.username http://git-wip-us.apache.org/repos/asf/ambari/blob/a6885597/contrib/views/hive/src/main/resources/view.xml ---------------------------------------------------------------------- diff --git a/contrib/views/hive/src/main/resources/view.xml b/contrib/views/hive/src/main/resources/view.xml index b6f03ad..e3aea70 100644 --- a/contrib/views/hive/src/main/resources/view.xml +++ b/contrib/views/hive/src/main/resources/view.xml @@ -166,6 +166,14 @@ false + + hdfs.auth_to_local + Auth to Local Configuration + Auth To Local + false + core-site/hadoop.security.auth_to_local + + http://git-wip-us.apache.org/repos/asf/ambari/blob/a6885597/contrib/views/pig/src/main/resources/view.xml ---------------------------------------------------------------------- diff --git a/contrib/views/pig/src/main/resources/view.xml b/contrib/views/pig/src/main/resources/view.xml index 30efae8..8dd4a4f 100644 --- a/contrib/views/pig/src/main/resources/view.xml +++ b/contrib/views/pig/src/main/resources/view.xml @@ -107,6 +107,14 @@ false + + hdfs.auth_to_local + Auth to Local Configuration + Auth To Local + false + core-site/hadoop.security.auth_to_local + + webhcat.hostname @@ -133,6 +141,7 @@ false + scripts.dir http://git-wip-us.apache.org/repos/asf/ambari/blob/a6885597/contrib/views/tez/src/main/resources/view.xml ---------------------------------------------------------------------- diff --git a/contrib/views/tez/src/main/resources/view.xml b/contrib/views/tez/src/main/resources/view.xml index d1ad5ad..d8105f1 100644 --- a/contrib/views/tez/src/main/resources/view.xml +++ b/contrib/views/tez/src/main/resources/view.xml @@ -35,6 +35,13 @@ limitations under the License. Kerberos, LDAP, Custom. Binary/Htt yarn.resourcemanager.hostname:8088

yarn-site/yarn.resourcemanager.webapp.address

+ + hdfs.auth_to_local + Auth to Local Configuration + Auth To Local + false + core-site/hadoop.security.auth_to_local +