drill-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sudhe...@apache.org
Subject [11/14] drill git commit: DRILL-4987: Use ImpersonationUtil to get process user’s groups in RemoteFunctionRegistry
Date Tue, 13 Dec 2016 00:40:08 GMT
DRILL-4987: Use ImpersonationUtil to get process user’s groups in RemoteFunctionRegistry

closes #642


Project: http://git-wip-us.apache.org/repos/asf/drill/repo
Commit: http://git-wip-us.apache.org/repos/asf/drill/commit/a33a1858
Tree: http://git-wip-us.apache.org/repos/asf/drill/tree/a33a1858
Diff: http://git-wip-us.apache.org/repos/asf/drill/diff/a33a1858

Branch: refs/heads/master
Commit: a33a1858949cbac3a9c2f636a02c0b7c5bc25906
Parents: b656128
Author: Sudheesh Katkam <skatkam@maprtech.com>
Authored: Tue Nov 1 13:42:52 2016 -0700
Committer: Sudheesh Katkam <sudheesh@apache.org>
Committed: Mon Dec 12 15:40:04 2016 -0800

----------------------------------------------------------------------
 .../fn/registry/RemoteFunctionRegistry.java     | 21 ++++++++++++--------
 .../drill/exec/util/ImpersonationUtil.java      |  9 +++++++++
 2 files changed, 22 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/drill/blob/a33a1858/exec/java-exec/src/main/java/org/apache/drill/exec/expr/fn/registry/RemoteFunctionRegistry.java
----------------------------------------------------------------------
diff --git a/exec/java-exec/src/main/java/org/apache/drill/exec/expr/fn/registry/RemoteFunctionRegistry.java
b/exec/java-exec/src/main/java/org/apache/drill/exec/expr/fn/registry/RemoteFunctionRegistry.java
index e5e62eb..fe79583 100644
--- a/exec/java-exec/src/main/java/org/apache/drill/exec/expr/fn/registry/RemoteFunctionRegistry.java
+++ b/exec/java-exec/src/main/java/org/apache/drill/exec/expr/fn/registry/RemoteFunctionRegistry.java
@@ -19,7 +19,7 @@ package org.apache.drill.exec.expr.fn.registry;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.base.Preconditions;
-import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
 import org.apache.drill.common.AutoCloseables;
 import org.apache.drill.common.config.DrillConfig;
 import org.apache.drill.common.exceptions.DrillRuntimeException;
@@ -36,13 +36,13 @@ import org.apache.drill.exec.store.sys.PersistentStore;
 import org.apache.drill.exec.store.sys.PersistentStoreConfig;
 import org.apache.drill.exec.store.sys.PersistentStoreProvider;
 import org.apache.drill.exec.store.sys.store.DataChangeVersion;
+import org.apache.drill.exec.util.ImpersonationUtil;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.FileStatus;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.fs.permission.FsAction;
 import org.apache.hadoop.fs.permission.FsPermission;
-import org.apache.hadoop.security.UserGroupInformation;
 
 import java.io.File;
 import java.io.IOException;
@@ -229,20 +229,25 @@ public class RemoteFunctionRegistry implements AutoCloseable {
       Preconditions.checkState(fs.exists(path), "Area [%s] must exist", fullPath);
       FileStatus fileStatus = fs.getFileStatus(path);
       Preconditions.checkState(fileStatus.isDirectory(), "Area [%s] must be a directory",
fullPath);
-      UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
       FsPermission permission = fileStatus.getPermission();
-      // It is considered that current user has write rights on directory if:
-      // 1. current user is owner of the directory and has write rights
-      // 2. current user is in group that has write rights
+      // It is considered that process user has write rights on directory if:
+      // 1. process user is owner of the directory and has write rights
+      // 2. process user is in group that has write rights
       // 3. any user has write rights
       Preconditions.checkState(
-          (currentUser.getUserName().equals(fileStatus.getOwner())
+          (ImpersonationUtil.getProcessUserName()
+              .equals(fileStatus.getOwner())
               && permission.getUserAction().implies(FsAction.WRITE)) ||
-          (Lists.newArrayList(currentUser.getGroupNames()).contains(fileStatus.getGroup())
+          (Sets.newHashSet(ImpersonationUtil.getProcessUserGroupNames())
+              .contains(fileStatus.getGroup())
               && permission.getGroupAction().implies(FsAction.WRITE)) ||
           permission.getOtherAction().implies(FsAction.WRITE),
           "Area [%s] must be writable and executable for application user", fullPath);
     } catch (Exception e) {
+      if (e instanceof DrillRuntimeException) {
+        throw (DrillRuntimeException) e;
+      }
+      // throws
       DrillRuntimeException.format(e, "Error during udf area creation [%s] on file system
[%s]", fullPath, fs.getUri());
     }
     logger.info("Created remote udf area [{}] on file system [{}]", fullPath, fs.getUri());

http://git-wip-us.apache.org/repos/asf/drill/blob/a33a1858/exec/java-exec/src/main/java/org/apache/drill/exec/util/ImpersonationUtil.java
----------------------------------------------------------------------
diff --git a/exec/java-exec/src/main/java/org/apache/drill/exec/util/ImpersonationUtil.java
b/exec/java-exec/src/main/java/org/apache/drill/exec/util/ImpersonationUtil.java
index 7790043..93ee7a0 100644
--- a/exec/java-exec/src/main/java/org/apache/drill/exec/util/ImpersonationUtil.java
+++ b/exec/java-exec/src/main/java/org/apache/drill/exec/util/ImpersonationUtil.java
@@ -174,6 +174,15 @@ public class ImpersonationUtil {
   }
 
   /**
+   * Return the list of groups to which the process user belongs.
+   *
+   * @return Drillbit process user group names
+   */
+  public static String[] getProcessUserGroupNames() {
+    return getProcessUserUGI().getGroupNames();
+  }
+
+  /**
    * Return the {@link org.apache.hadoop.security.UserGroupInformation} of user who is running
the Drillbit.
    *
    * @return Drillbit process user {@link org.apache.hadoop.security.UserGroupInformation}.


Mime
View raw message