ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Re: Review Request 41739: Hive views does not honour auth_to_local rules when running queries
Date Mon, 11 Jan 2016 19:19:27 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41739/#review113819
-----------------------------------------------------------



ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java (line 233)
<https://reviews.apache.org/r/41739/#comment174616>

    This seems to be problematic.  I think in the simple case, the default realm will work...
since there will only be a single realm involved.  However in more complex cases, there may
be multiple realms involved... say where Ambari uses an MIT KDC for managed (service) identities
and an Active Directory for unmanaged (user) identities.  In this case, I suspect that the
default realm will be the realm managed by the MIT KDC.  
    
    Given the use-case that generated the issue that lead to this patch, I assume that the
relevant realm would be the realm managed by the Active Directory, not the MIT KDC. 
    
    Maybe you need more details on the logged in user to make the determination of what their
realm is.  Else, maybe you need to get the list of relevant realms and try each - hoping there
isn't a collision.


- Robert Levas


On Dec. 29, 2015, 4:28 a.m., Gaurav Nagar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/41739/
> -----------------------------------------------------------
> 
> (Updated Dec. 29, 2015, 4:28 a.m.)
> 
> 
> Review request for Ambari, DIPAYAN BHOWMICK, Srimanth Gunturi, Sid Wagle, and Yusaku
Sako.
> 
> 
> Bugs: AMBARI-14503
>     https://issues.apache.org/jira/browse/AMBARI-14503
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Changed getUsername call to return name with auth_to_local conversion in ViewContextImpl.
> Added getLoggedinUser to return loggedin ambari user.
> 
> 
> Diffs
> -----
> 
>   ambari-server/pom.xml b5a9d49 
>   ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java a22c514

>   ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java c0cae80 
>   contrib/views/files/src/main/resources/view.xml 58a7682 
>   contrib/views/hive/src/main/resources/view.xml e04ed4b 
>   contrib/views/pig/src/main/resources/view.xml 30efae8 
>   contrib/views/tez/src/main/resources/view.xml d1ad5ad 
> 
> Diff: https://reviews.apache.org/r/41739/diff/
> 
> 
> Testing
> -------
> 
> Manual Testing.
> 
> 
> Thanks,
> 
> Gaurav Nagar
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message