falcon-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sowmya...@apache.org
Subject [2/3] falcon git commit: FALCON-1027 Falcon proxy user support. Contributed by Sowmya Ramesh.
Date Tue, 15 Sep 2015 01:46:39 GMT
http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/common/src/test/java/org/apache/falcon/security/CurrentUserTest.java
----------------------------------------------------------------------
diff --git a/common/src/test/java/org/apache/falcon/security/CurrentUserTest.java b/common/src/test/java/org/apache/falcon/security/CurrentUserTest.java
index 5780c94..5cc6c70 100644
--- a/common/src/test/java/org/apache/falcon/security/CurrentUserTest.java
+++ b/common/src/test/java/org/apache/falcon/security/CurrentUserTest.java
@@ -19,16 +19,44 @@
 package org.apache.falcon.security;
 
 import org.apache.falcon.cluster.util.EntityBuilderTestUtil;
+import org.apache.falcon.service.GroupsService;
+import org.apache.falcon.service.ProxyUserService;
+import org.apache.falcon.service.Services;
+import org.apache.falcon.util.RuntimeProperties;
 import org.apache.falcon.util.FalconTestUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.testng.Assert;
+import org.testng.annotations.AfterClass;
 import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeClass;
 import org.testng.annotations.Test;
 
 /**
  * Test for current user's thread safety.
  */
 public class CurrentUserTest {
+    private ProxyUserService proxyUserService;
+    private GroupsService groupsService;
+
+    @BeforeClass
+    public void setUp() throws Exception {
+        Services.get().register(new ProxyUserService());
+        Services.get().register(new GroupsService());
+        groupsService = Services.get().getService(GroupsService.SERVICE_NAME);
+        proxyUserService = Services.get().getService(ProxyUserService.SERVICE_NAME);
+        groupsService.init();
+
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "*");
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
+        proxyUserService.init();
+    }
+
+    @AfterClass
+    public void tearDown() throws Exception {
+        proxyUserService.destroy();
+        groupsService.destroy();
+        Services.get().reset();
+    }
 
     @AfterMethod
     public void cleanUp() {
@@ -115,4 +143,35 @@ public class CurrentUserTest {
         Assert.assertEquals(CurrentUser.getAuthenticatedUser(), EntityBuilderTestUtil.USER);
         Assert.assertEquals(CurrentUser.getUser(), "proxy");
     }
+
+    @Test(expectedExceptions = IllegalStateException.class)
+    public void testProxyDoAsUserWithNoAuth() throws Exception {
+        CurrentUser.proxyDoAsUser("falcon", "localhost");
+    }
+
+    @Test
+    public void testProxyDoAsUser() throws Exception {
+        CurrentUser.authenticate("foo");
+
+        CurrentUser.proxyDoAsUser(EntityBuilderTestUtil.USER, "localhost");
+        UserGroupInformation proxyUgi = CurrentUser.getProxyUGI();
+        Assert.assertNotNull(proxyUgi);
+        Assert.assertEquals(proxyUgi.getUserName(), EntityBuilderTestUtil.USER);
+
+        Assert.assertEquals(CurrentUser.getAuthenticatedUser(), "foo");
+        Assert.assertEquals(CurrentUser.getUser(), EntityBuilderTestUtil.USER);
+    }
+
+    @Test
+    public void testProxyDoAsSameUser() throws Exception {
+        CurrentUser.authenticate("foo");
+
+        CurrentUser.proxyDoAsUser("foo", "localhost");
+        UserGroupInformation proxyUgi = CurrentUser.getProxyUGI();
+        Assert.assertNotNull(proxyUgi);
+        Assert.assertEquals(proxyUgi.getUserName(), "foo");
+
+        Assert.assertEquals(CurrentUser.getAuthenticatedUser(), "foo");
+        Assert.assertEquals(CurrentUser.getUser(), "foo");
+    }
 }

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/common/src/test/java/org/apache/falcon/security/SecurityUtilTest.java
----------------------------------------------------------------------
diff --git a/common/src/test/java/org/apache/falcon/security/SecurityUtilTest.java b/common/src/test/java/org/apache/falcon/security/SecurityUtilTest.java
index e40308e..76d9f45 100644
--- a/common/src/test/java/org/apache/falcon/security/SecurityUtilTest.java
+++ b/common/src/test/java/org/apache/falcon/security/SecurityUtilTest.java
@@ -22,10 +22,16 @@ package org.apache.falcon.security;
 import org.apache.falcon.FalconException;
 import org.apache.falcon.entity.v0.process.ACL;
 import org.apache.falcon.entity.v0.process.Process;
+import org.apache.falcon.service.GroupsService;
+import org.apache.falcon.service.ProxyUserService;
+import org.apache.falcon.service.Services;
 import org.apache.falcon.util.FalconTestUtil;
 import org.apache.falcon.util.StartupProperties;
+import org.apache.falcon.util.RuntimeProperties;
 import org.mockito.Mockito;
 import org.testng.Assert;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
 import org.testng.annotations.Test;
 
 import java.io.IOException;
@@ -35,6 +41,29 @@ import java.io.IOException;
  */
 public class SecurityUtilTest {
 
+    private ProxyUserService proxyUserService;
+    private GroupsService groupsService;
+
+    @BeforeClass
+    public void setUp() throws Exception {
+        Services.get().register(new ProxyUserService());
+        Services.get().register(new GroupsService());
+        groupsService = Services.get().getService(GroupsService.SERVICE_NAME);
+        proxyUserService = Services.get().getService(ProxyUserService.SERVICE_NAME);
+        groupsService.init();
+
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "*");
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
+        proxyUserService.init();
+    }
+
+    @AfterClass
+    public void tearDown() throws Exception {
+        proxyUserService.destroy();
+        groupsService.destroy();
+        Services.get().reset();
+    }
+
     @Test
     public void testDefaultGetAuthenticationType() throws Exception {
         Assert.assertEquals(SecurityUtil.getAuthenticationType(), "simple");
@@ -98,7 +127,7 @@ public class SecurityUtilTest {
 
         // When ACL not specified
         CurrentUser.authenticate(currentUser);
-        SecurityUtil.tryProxy(process);
+        SecurityUtil.tryProxy(process, "");
         Assert.assertEquals(CurrentUser.getUser(), currentUser);
 
         ACL acl = new ACL();
@@ -107,7 +136,27 @@ public class SecurityUtilTest {
         Mockito.when(process.getACL()).thenReturn(acl);
 
         // When ACL is specified
-        SecurityUtil.tryProxy(process);
+        SecurityUtil.tryProxy(process, "");
         Assert.assertEquals(CurrentUser.getUser(), FalconTestUtil.TEST_USER_2);
     }
+
+    @Test (expectedExceptions = FalconException.class,
+           expectedExceptionsMessageRegExp = "doAs user and ACL owner mismatch.*")
+    public void testTryProxyWithDoAsUser() throws IOException, FalconException {
+        Process process = Mockito.mock(Process.class);
+        StartupProperties.get().setProperty("falcon.security.authorization.enabled", "true");
+        final String currentUser = "foo";
+
+        ACL acl = new ACL();
+        acl.setOwner("testuser");
+        acl.setGroup("users");
+        Mockito.when(process.getACL()).thenReturn(acl);
+
+        CurrentUser.authenticate(currentUser);
+        CurrentUser.proxyDoAsUser("doAsUser", "localhost");
+
+        Assert.assertEquals(CurrentUser.getUser(), "doAsUser");
+        SecurityUtil.tryProxy(process, "doAsUser");
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/common/src/test/java/org/apache/falcon/service/GroupsServiceTest.java
----------------------------------------------------------------------
diff --git a/common/src/test/java/org/apache/falcon/service/GroupsServiceTest.java b/common/src/test/java/org/apache/falcon/service/GroupsServiceTest.java
new file mode 100644
index 0000000..be5cbe7
--- /dev/null
+++ b/common/src/test/java/org/apache/falcon/service/GroupsServiceTest.java
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.falcon.service;
+
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+import org.testng.Assert;
+
+import java.util.List;
+
+/**
+ * Unit tests for GroupsService.
+ */
+public class GroupsServiceTest {
+
+    private GroupsService service;
+
+    @BeforeClass
+    public void setUp() throws Exception {
+        service = new GroupsService();
+        service.init();
+    }
+
+    @AfterClass
+    public void tearDown() throws Exception {
+        service.destroy();
+    }
+
+    @Test
+    public void testGetName() throws Exception {
+        Assert.assertEquals(service.getName(), GroupsService.SERVICE_NAME);
+    }
+
+    @Test
+    public void testGroupsService() throws Exception {
+        List<String> g = service.getGroups(System.getProperty("user.name"));
+        Assert.assertNotSame(g.size(), 0);
+    }
+}

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/common/src/test/java/org/apache/falcon/service/ProxyUserServiceTest.java
----------------------------------------------------------------------
diff --git a/common/src/test/java/org/apache/falcon/service/ProxyUserServiceTest.java b/common/src/test/java/org/apache/falcon/service/ProxyUserServiceTest.java
new file mode 100644
index 0000000..83ec6c2
--- /dev/null
+++ b/common/src/test/java/org/apache/falcon/service/ProxyUserServiceTest.java
@@ -0,0 +1,167 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.falcon.service;
+
+import org.apache.falcon.FalconException;
+import org.apache.falcon.util.RuntimeProperties;
+import org.testng.Assert;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+
+import java.security.AccessControlException;
+import java.util.List;
+
+/**
+ * Unit tests for ProxyUserService.
+ */
+public class ProxyUserServiceTest {
+
+    private ProxyUserService proxyUserService;
+    private GroupsService groupsService;
+
+    @BeforeClass
+    public void setUp() throws Exception {
+        Services.get().register(new ProxyUserService());
+        Services.get().register(new GroupsService());
+
+        groupsService = Services.get().getService(GroupsService.SERVICE_NAME);
+        proxyUserService = Services.get().getService(ProxyUserService.SERVICE_NAME);
+        groupsService.init();
+    }
+
+    @AfterClass
+    public void tearDown() throws Exception {
+        proxyUserService.destroy();
+        groupsService.destroy();
+        Services.get().reset();
+    }
+
+    @Test
+    public void testGetName() throws Exception {
+        proxyUserService.init();
+        Assert.assertEquals(proxyUserService.getName(), ProxyUserService.SERVICE_NAME);
+    }
+
+    @Test (expectedExceptions = FalconException.class, expectedExceptionsMessageRegExp = ".*falcon.service"
+            + ".ProxyUserService.proxyuser.foo.groups property not set in runtime properties.*")
+    public void testWrongConfigGroups() throws Exception {
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "*");
+        RuntimeProperties.get().remove("falcon.service.ProxyUserService.proxyuser.foo.groups");
+        proxyUserService.init();
+    }
+
+    @Test (expectedExceptions = FalconException.class, expectedExceptionsMessageRegExp = ".*falcon.service"
+            + ".ProxyUserService.proxyuser.foo.hosts property not set in runtime properties.*")
+    public void testWrongConfigHosts() throws Exception {
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
+        RuntimeProperties.get().remove("falcon.service.ProxyUserService.proxyuser.foo.hosts");
+        proxyUserService.init();
+    }
+
+    @Test (expectedExceptions = FalconException.class,
+           expectedExceptionsMessageRegExp = "Exception normalizing host name.*")
+    public void testWrongHost() throws Exception {
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "otherhost");
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
+        proxyUserService.init();
+    }
+
+    @Test
+    public void testValidateAnyHostAnyUser() throws Exception {
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "*");
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
+        proxyUserService.init();
+        proxyUserService.validate("foo", "localhost", "bar");
+    }
+
+    @Test (expectedExceptions = AccessControlException.class,
+           expectedExceptionsMessageRegExp = "User .* not defined as proxyuser.*")
+    public void testInvalidProxyUser() throws Exception {
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "*");
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
+        proxyUserService.init();
+        proxyUserService.validate("bar", "localhost", "foo");
+    }
+
+    @Test
+    public void testValidateHost() throws Exception {
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "*");
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
+        proxyUserService.init();
+        proxyUserService.validate("foo", "localhost", "bar");
+    }
+
+    private String getGroup() throws Exception {
+        List<String> g = groupsService.getGroups(System.getProperty("user.name"));
+        return g.get(0);
+    }
+
+    @Test
+    public void testValidateGroup() throws Exception {
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "*");
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups",
+                    getGroup());
+
+        proxyUserService.init();
+        proxyUserService.validate("foo", "localhost", System.getProperty("user.name"));
+    }
+
+    @Test (expectedExceptions = AccessControlException.class,
+        expectedExceptionsMessageRegExp = "Could not resolve host .*")
+    public void testUnknownHost() throws Exception {
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "localhost");
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
+        proxyUserService.init();
+        proxyUserService.validate("foo", "unknownhost.bar.foo", "bar");
+    }
+
+    @Test (expectedExceptions = AccessControlException.class,
+            expectedExceptionsMessageRegExp = "Unauthorized host .*")
+    public void testInvalidHost() throws Exception {
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "localhost");
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "*");
+        proxyUserService.init();
+        proxyUserService.validate("foo", "www.example.com", "bar");
+    }
+
+    @Test (expectedExceptions = AccessControlException.class,
+           expectedExceptionsMessageRegExp = "Unauthorized proxyuser .*, not in proxyuser groups")
+    public void testInvalidGroup() throws Exception {
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.hosts", "localhost");
+        RuntimeProperties.get().setProperty("falcon.service.ProxyUserService.proxyuser.foo.groups", "nobody");
+        proxyUserService.init();
+        proxyUserService.validate("foo", "localhost", System.getProperty("user.name"));
+    }
+
+    @Test (expectedExceptions = IllegalArgumentException.class,
+           expectedExceptionsMessageRegExp = "proxyUser cannot be null or empty, .*")
+    public void testNullProxyUser() throws Exception {
+        proxyUserService.init();
+        proxyUserService.validate(null, "localhost", "bar");
+    }
+
+    @Test (expectedExceptions = IllegalArgumentException.class,
+           expectedExceptionsMessageRegExp = "proxyHost cannot be null or empty, .*")
+    public void testNullHost() throws Exception {
+        proxyUserService.init();
+        proxyUserService.validate("foo", null, "bar");
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/FalconCLI.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/FalconCLI.twiki b/docs/src/site/twiki/FalconCLI.twiki
index 8bf3155..4f72bf8 100644
--- a/docs/src/site/twiki/FalconCLI.twiki
+++ b/docs/src/site/twiki/FalconCLI.twiki
@@ -2,6 +2,20 @@
 
 FalconCLI is a interface between user and Falcon. It is a command line utility provided by Falcon. FalconCLI supports Entity Management, Instance Management and Admin operations.There is a set of web services that are used by FalconCLI to interact with Falcon.
 
+---++Common CLI Options
+
+---+++Falcon URL
+
+Optional -url option indicating the URL of the Falcon system to run the command against can be provided.  If not mentioned it will be picked from the system environment variable FALCON_URL. If FALCON_URL is not set then it will be picked from client.properties file. If the option is not
+provided and also not set in client.properties, Falcon CLI will fail.
+
+---+++Proxy user support
+
+The -doAs option allows the current user to impersonate other users when interacting with the Falcon system. The current user must be configured as a proxyuser in the Falcon system. The proxyuser configuration may restrict from
+which hosts a user may impersonate users, as well as users of which groups can be impersonated.
+
+<a href="./FalconDocumentation.html#Proxyuser_support">Proxyuser support described here.</a>
+
 ---++Entity Management Operations
 
 ---+++Submit

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/FalconDocumentation.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/FalconDocumentation.twiki b/docs/src/site/twiki/FalconDocumentation.twiki
index 29d93f7..68ed2e2 100644
--- a/docs/src/site/twiki/FalconDocumentation.twiki
+++ b/docs/src/site/twiki/FalconDocumentation.twiki
@@ -16,6 +16,7 @@
    * <a href="#Recipes">Recipes</a>
    * <a href="#Monitoring">Monitoring</a>
    * <a href="#Backwards_Compatibility">Backwards Compatibility Instructions</a>
+   * <a href="#Proxyuser_support">Proxyuser support</a>
 
 ---++ Architecture
 
@@ -724,3 +725,28 @@ Monitoring and Operationalizing Falcon is detailed in [[Operability][Operability
 ---++ Backwards Compatibility
 
 Backwards compatibility instructions are [[Compatibility][detailed here.]]
+
+---++ Proxyuser support
+Falcon supports impersonation or proxyuser functionality (identical to Hadoop proxyuser capabilities and conceptually
+similar to Unix 'sudo').
+
+Proxyuser enables Falcon clients to submit entities on behalf of other users. Falcon will utilize Hadoop core's hadoop-auth
+module to implement this functionality.
+
+Because proxyuser is a powerful capability, Falcon provides the following restriction capabilities (similar to Hadoop):
+
+   * Proxyuser is an explicit configuration on per proxyuser user basis.
+   * A proxyuser user can be restricted to impersonate other users from a set of hosts.
+   * A proxyuser user can be restricted to impersonate users belonging to a set of groups.
+
+There are 2 configuration properties needed in runtime properties to set up a proxyuser:
+   * falcon.service.ProxyUserService.proxyuser.#USER#.hosts: hosts from where the user #USER# can impersonate other users.
+   * falcon.service.ProxyUserService.proxyuser.#USER#.groups: groups the users being impersonated by user #USER# must belong to.
+
+If these configurations are not present, impersonation will not be allowed and connection will fail. If more lax security is preferred,
+the wildcard value * may be used to allow impersonation from any host or of any user, although this is recommended only for testing/development.
+
+-doAs option via  CLI or doAs query parameter can be appended if using API to enable impersonation.
+
+
+

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/AdjacentVertices.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/AdjacentVertices.twiki b/docs/src/site/twiki/restapi/AdjacentVertices.twiki
index 44b4d70..1e60866 100644
--- a/docs/src/site/twiki/restapi/AdjacentVertices.twiki
+++ b/docs/src/site/twiki/restapi/AdjacentVertices.twiki
@@ -9,6 +9,7 @@ Get a list of adjacent vertices or edges with a direction.
 
 ---++ Parameters
    * :id is the id of the vertex.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
    * :direction is the direction associated with the edges.
 
    To get the adjacent out vertices of vertex pass direction as out, in to get adjacent in vertices
@@ -68,3 +69,23 @@ GET http://localhost:15000/api/metadata/lineage/vertices/4/bothE
     "totalSize":1
 }
 </verbatim>
+
+---+++ Rest Call
+<verbatim>
+GET http://localhost:15000/api/metadata/lineage/vertices/4/bothE?doAs=joe
+</verbatim>
+---+++ Result
+<verbatim>
+{
+    "results":[
+        {
+            "_id":"Q5V-4-5g",
+            "_type":"edge",
+            "_outV":4,
+            "_inV":8,
+            "_label":"output"
+        }
+    ],
+    "totalSize":1
+}
+</verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/AdminStack.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/AdminStack.twiki b/docs/src/site/twiki/restapi/AdminStack.twiki
index 79dbd9b..08903a2 100644
--- a/docs/src/site/twiki/restapi/AdminStack.twiki
+++ b/docs/src/site/twiki/restapi/AdminStack.twiki
@@ -8,14 +8,15 @@
 Get stack trace of the falcon server.
 
 ---++ Parameters
-None.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
+
 ---++ Results
 Stack trace of the server.
 
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/admin/stack
+GET http://localhost:15000/api/admin/stack?doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/AdminVersion.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/AdminVersion.twiki b/docs/src/site/twiki/restapi/AdminVersion.twiki
index 00b0283..7db2d8f 100644
--- a/docs/src/site/twiki/restapi/AdminVersion.twiki
+++ b/docs/src/site/twiki/restapi/AdminVersion.twiki
@@ -8,14 +8,15 @@
 Get version of the falcon server.
 
 ---++ Parameters
-None.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
+
 ---++ Results
 Version of the server.
 
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/admin/version
+GET http://localhost:15000/api/admin/version?doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/AllEdges.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/AllEdges.twiki b/docs/src/site/twiki/restapi/AllEdges.twiki
index 2fb662e..303ac50 100644
--- a/docs/src/site/twiki/restapi/AllEdges.twiki
+++ b/docs/src/site/twiki/restapi/AllEdges.twiki
@@ -8,7 +8,7 @@
 Get all edges.
 
 ---++ Parameters
-None.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 All edges in lineage graph.
@@ -16,7 +16,7 @@ All edges in lineage graph.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/metadata/lineage/edges/all
+GET http://localhost:15000/api/metadata/lineage/edges/all?doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/AllVertices.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/AllVertices.twiki b/docs/src/site/twiki/restapi/AllVertices.twiki
index 4b29afe..d2beb48 100644
--- a/docs/src/site/twiki/restapi/AllVertices.twiki
+++ b/docs/src/site/twiki/restapi/AllVertices.twiki
@@ -8,7 +8,7 @@
 Get all vertices.
 
 ---++ Parameters
-None.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 All vertices in lineage graph.
@@ -16,7 +16,7 @@ All vertices in lineage graph.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/metadata/lineage/vertices/all
+GET http://localhost:15000/api/metadata/lineage/vertices/all?doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/Edge.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/Edge.twiki b/docs/src/site/twiki/restapi/Edge.twiki
index be4f20e..7c4dbe5 100644
--- a/docs/src/site/twiki/restapi/Edge.twiki
+++ b/docs/src/site/twiki/restapi/Edge.twiki
@@ -9,6 +9,7 @@ Gets the edge with specified id.
 
 ---++ Parameters
    * :id is the unique id of the edge.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Edge with the specified id.
@@ -16,7 +17,7 @@ Edge with the specified id.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/metadata/lineage/edges/Q6t-c-5g
+GET http://localhost:15000/api/metadata/lineage/edges/Q6t-c-5g?doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/EntityDefinition.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/EntityDefinition.twiki b/docs/src/site/twiki/restapi/EntityDefinition.twiki
index 1f76a4f..5e1165b 100644
--- a/docs/src/site/twiki/restapi/EntityDefinition.twiki
+++ b/docs/src/site/twiki/restapi/EntityDefinition.twiki
@@ -10,6 +10,7 @@ Get definition of the entity.
 ---++ Parameters
    * :entity-type can be cluster, feed or process.
    * :entity-name is name of the entity.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Definition of the entity.
@@ -17,7 +18,7 @@ Definition of the entity.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/entities/definition/process/SampleProcess
+GET http://localhost:15000/api/entities/definition/process/SampleProcess?doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/EntityDelete.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/EntityDelete.twiki b/docs/src/site/twiki/restapi/EntityDelete.twiki
index 850b451..a488943 100644
--- a/docs/src/site/twiki/restapi/EntityDelete.twiki
+++ b/docs/src/site/twiki/restapi/EntityDelete.twiki
@@ -10,6 +10,7 @@ Delete the specified entity.
 ---++ Parameters
    * :entity-type can be feed or process.
    * :entity-name is name of the feed or process.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Results of the delete operation.
@@ -17,7 +18,7 @@ Results of the delete operation.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-DELETE http://localhost:15000/api/entities/delete/cluster/SampleProcess
+DELETE http://localhost:15000/api/entities/delete/cluster/SampleProcess?doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/EntityDependencies.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/EntityDependencies.twiki b/docs/src/site/twiki/restapi/EntityDependencies.twiki
index 57fc256..864b084 100644
--- a/docs/src/site/twiki/restapi/EntityDependencies.twiki
+++ b/docs/src/site/twiki/restapi/EntityDependencies.twiki
@@ -10,6 +10,7 @@ Get dependencies of the entity.
 ---++ Parameters
    * :entity-type can be cluster, feed or process.
    * :entity-name is name of the entity.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Dependenciess of the entity.
@@ -17,7 +18,7 @@ Dependenciess of the entity.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/entities/dependencies/process/SampleProcess
+GET http://localhost:15000/api/entities/dependencies/process/SampleProcess?doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/EntityLineage.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/EntityLineage.twiki b/docs/src/site/twiki/restapi/EntityLineage.twiki
index ea747b1..f2258f2 100644
--- a/docs/src/site/twiki/restapi/EntityLineage.twiki
+++ b/docs/src/site/twiki/restapi/EntityLineage.twiki
@@ -9,6 +9,7 @@ It returns the graph depicting the relationship between the various processes an
 
 ---++ Parameters
    * :pipeline is the name of the pipeline
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 It returns a json graph
@@ -16,7 +17,7 @@ It returns a json graph
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/metadata/lineage/entities?pipeline=my-pipeline
+GET http://localhost:15000/api/metadata/lineage/entities?pipeline=my-pipeline&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/EntityList.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/EntityList.twiki b/docs/src/site/twiki/restapi/EntityList.twiki
index 00046e2..2c2a734 100644
--- a/docs/src/site/twiki/restapi/EntityList.twiki
+++ b/docs/src/site/twiki/restapi/EntityList.twiki
@@ -27,6 +27,7 @@ Get list of the entities.
    * sortOrder <optional param> Valid options are "asc" and "desc"
    * offset <optional param> Show results from the offset, used for pagination. Defaults to 0.
    * numResults <optional param> Number of results to show per request, used for pagination. Only integers > 0 are valid, Default is 10.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
    * Note:
       * We have two filtering parameters for entity tags: "tags" and "tagkeys". "tags" does the exact match in key=value fashion, while "tagkeys" finds all the entities with the given key as a substring in the tags. This "tagkeys" filter is introduced for the user who doesn't remember the exact tag but some keywords in the tag. It also helps users to save the time of typing long tags.
       * The returned entities will match all the filtering criteria.
@@ -137,7 +138,7 @@ GET http://localhost:15000/api/entities/list/process?filterBy=STATUS:RUNNING,PIP
 
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/entities/list/feed,process?nameseq=samplebill&tagkeys=billing,healthcare&numResults=2&offset=1&fields=status,clusters,tags
+GET http://localhost:15000/api/entities/list/feed,process?nameseq=samplebill&tagkeys=billing,healthcare&numResults=2&offset=1&fields=status,clusters,tags&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/EntityResume.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/EntityResume.twiki b/docs/src/site/twiki/restapi/EntityResume.twiki
index a2d5184..d0bbe41 100644
--- a/docs/src/site/twiki/restapi/EntityResume.twiki
+++ b/docs/src/site/twiki/restapi/EntityResume.twiki
@@ -10,6 +10,7 @@ Resume a supended entity.
 ---++ Parameters
    * :entity-type can either be a feed or a process.
    * :entity-name is name of the entity.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Result of the resume command.
@@ -17,7 +18,7 @@ Result of the resume command.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-POST http://localhost:15000/api/entities/resume/process/SampleProcess
+POST http://localhost:15000/api/entities/resume/process/SampleProcess?doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/EntitySchedule.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/EntitySchedule.twiki b/docs/src/site/twiki/restapi/EntitySchedule.twiki
index 1ebdf30..263d152 100644
--- a/docs/src/site/twiki/restapi/EntitySchedule.twiki
+++ b/docs/src/site/twiki/restapi/EntitySchedule.twiki
@@ -1,4 +1,4 @@
----++  POST /api/entities/schedule/:entity-type/:entity-name?skipDryRun=false
+---++  POST /api/entities/schedule/:entity-type/:entity-name
    * <a href="#Description">Description</a>
    * <a href="#Parameters">Parameters</a>
    * <a href="#Results">Results</a>
@@ -11,6 +11,7 @@ Schedule an entity.
    * :entity-type can either be a feed or a process.
    * :entity-name is name of the entity.
    * skipDryRun : Optional query param, Falcon skips oozie dryrun when value is set to true.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 
 ---++ Results
@@ -19,7 +20,7 @@ Result of the schedule command.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-POST http://localhost:15000/api/entities/schedule/process/SampleProcess
+POST http://localhost:15000/api/entities/schedule/process/SampleProcess?skipDryRun=false&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/EntityStatus.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/EntityStatus.twiki b/docs/src/site/twiki/restapi/EntityStatus.twiki
index 34d166d..188019d 100644
--- a/docs/src/site/twiki/restapi/EntityStatus.twiki
+++ b/docs/src/site/twiki/restapi/EntityStatus.twiki
@@ -10,6 +10,7 @@ Get status of the entity.
 ---++ Parameters
    * :entity-type can be cluster, feed or process.
    * :entity-name is name of the entity.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Status of the entity.
@@ -17,7 +18,7 @@ Status of the entity.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/entities/status/process/SampleProcess
+GET http://localhost:15000/api/entities/status/process/SampleProcess?doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/EntitySubmit.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/EntitySubmit.twiki b/docs/src/site/twiki/restapi/EntitySubmit.twiki
index 925381c..a8dc9d7 100644
--- a/docs/src/site/twiki/restapi/EntitySubmit.twiki
+++ b/docs/src/site/twiki/restapi/EntitySubmit.twiki
@@ -8,7 +8,8 @@
 Submit the given entity.
 
 ---++ Parameters
-:entity-type can be cluster, feed or process.
+   * :entity-type can be cluster, feed or process.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Result of the submission.
@@ -57,7 +58,7 @@ POST http://localhost:15000/api/entities/submit/feed
 
 ---+++ Rest Call
 <verbatim>
-POST http://localhost:15000/api/entities/submit/process
+POST http://localhost:15000/api/entities/submit/process?doAs=joe
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Daily sample process. Runs at 6th hour every day. Input - last day's hourly data. Generates output for yesterday -->
 <process xmlns="uri:falcon:process:0.1" name="SampleProcess" >

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/EntitySubmitAndSchedule.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/EntitySubmitAndSchedule.twiki b/docs/src/site/twiki/restapi/EntitySubmitAndSchedule.twiki
index a6516bb..3cc23e9 100644
--- a/docs/src/site/twiki/restapi/EntitySubmitAndSchedule.twiki
+++ b/docs/src/site/twiki/restapi/EntitySubmitAndSchedule.twiki
@@ -1,4 +1,4 @@
----++  POST /api/entities/submitAndSchedule/:entity-type?skipDryRun=false
+---++  POST /api/entities/submitAndSchedule/:entity-type
    * <a href="#Description">Description</a>
    * <a href="#Parameters">Parameters</a>
    * <a href="#Results">Results</a>
@@ -10,6 +10,7 @@ Submits and schedules an entity.
 ---++ Parameters
    * :entity-type can either be a feed or a process.
    * skipDryRun : Optional query param, Falcon skips oozie dryrun when value is set to true.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Result of the submit and schedule command.
@@ -17,7 +18,7 @@ Result of the submit and schedule command.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-POST http://localhost:15000/api/entities/submitAndSchedule/process
+POST http://localhost:15000/api/entities/submitAndSchedule/process?skipDryRun=false&doAs=joe
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Daily sample process. Runs at 6th hour every day. Input - last day's hourly data. Generates output for yesterday -->
 <process xmlns="uri:falcon:process:0.1" name="SampleProcess" >

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/EntitySummary.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/EntitySummary.twiki b/docs/src/site/twiki/restapi/EntitySummary.twiki
index 8e05a12..763c2a7 100644
--- a/docs/src/site/twiki/restapi/EntitySummary.twiki
+++ b/docs/src/site/twiki/restapi/EntitySummary.twiki
@@ -27,6 +27,7 @@ Given an EntityType and cluster, get list of entities along with summary of N re
    * offset <optional param> Show results from the offset, used for pagination. Defaults to 0.
    * numResults <optional param> Number of results to show per request, used for pagination. Only integers > 0 are valid, Default is 10.
    * numInstances <optional param> Number of recent instances to show per entity. Only integers > 0 are valid, Default is 7.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Show entities along with summary of N instances for each entity.
@@ -34,7 +35,7 @@ Show entities along with summary of N instances for each entity.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/entities/summary/feed?cluster=primary-cluster&filterBy=STATUS:RUNNING&fields=status&tags=consumer=consumer@xyz.com&orderBy=name&offset=0&numResults=1&numInstances=2
+GET http://localhost:15000/api/entities/summary/feed?cluster=primary-cluster&filterBy=STATUS:RUNNING&fields=status&tags=consumer=consumer@xyz.com&orderBy=name&offset=0&numResults=1&numInstances=2&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/EntitySuspend.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/EntitySuspend.twiki b/docs/src/site/twiki/restapi/EntitySuspend.twiki
index 9e5efca..b322b27 100644
--- a/docs/src/site/twiki/restapi/EntitySuspend.twiki
+++ b/docs/src/site/twiki/restapi/EntitySuspend.twiki
@@ -10,6 +10,7 @@ Suspend an entity.
 ---++ Parameters
    * :entity-type can either be a feed or a process.
    * :entity-name is name of the entity.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Status of the entity.
@@ -17,7 +18,7 @@ Status of the entity.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-POST http://localhost:15000/api/entities/suspend/process/SampleProcess
+POST http://localhost:15000/api/entities/suspend/process/SampleProcess?doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/EntityTouch.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/EntityTouch.twiki b/docs/src/site/twiki/restapi/EntityTouch.twiki
index 69e6d1b..5b58ce2 100644
--- a/docs/src/site/twiki/restapi/EntityTouch.twiki
+++ b/docs/src/site/twiki/restapi/EntityTouch.twiki
@@ -1,4 +1,4 @@
----++ POST  api/entities/touch/:entity-type/:entity-name?skipDryRun=true
+---++ POST  api/entities/touch/:entity-type/:entity-name
    * <a href="#Description">Description</a>
    * <a href="#Parameters">Parameters</a>
    * <a href="#Results">Results</a>
@@ -11,6 +11,7 @@ Force updates the entity.
    * :entity-type can be feed or process.
    * :entity-name is name of the feed or process.
    * skipDryRun : Optional query param, Falcon skips oozie dryrun when value is set to true.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Result of the validation.
@@ -18,7 +19,7 @@ Result of the validation.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-POST http://localhost:15000/api/entities/touch/process/SampleProcess
+POST http://localhost:15000/api/entities/touch/process/SampleProcess?skipDryRun=true&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>
@@ -27,4 +28,4 @@ POST http://localhost:15000/api/entities/touch/process/SampleProcess
     "message": "touch\/default\/SampleProcess updated successfully\n\n",
     "status": "SUCCEEDED"
 }
-</verbatim>
\ No newline at end of file
+</verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/EntityUpdate.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/EntityUpdate.twiki b/docs/src/site/twiki/restapi/EntityUpdate.twiki
index ba618df..46b01fc 100644
--- a/docs/src/site/twiki/restapi/EntityUpdate.twiki
+++ b/docs/src/site/twiki/restapi/EntityUpdate.twiki
@@ -1,4 +1,4 @@
----++ POST  api/entities/update/:entity-type/:entity-name?skipDryRun=false
+---++ POST  api/entities/update/:entity-type/:entity-name
    * <a href="#Description">Description</a>
    * <a href="#Parameters">Parameters</a>
    * <a href="#Results">Results</a>
@@ -11,6 +11,7 @@ Updates the submitted entity.
    * :entity-type can be feed or process.
    * :entity-name is name of the feed or process.
    * skipDryRun : Optional query param, Falcon skips oozie dryrun when value is set to true.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Result of the validation.
@@ -18,7 +19,7 @@ Result of the validation.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-POST http://localhost:15000/api/entities/update/process/SampleProcess
+POST http://localhost:15000/api/entities/update/process/SampleProcess?skipDryRun=false&doAs=joe
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Daily sample process. Runs at 6th hour every day. Input - last day's hourly data. Generates output for yesterday -->
 <process xmlns="uri:falcon:process:0.1" name="SampleProcess" >

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/EntityValidate.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/EntityValidate.twiki b/docs/src/site/twiki/restapi/EntityValidate.twiki
index 86de630..054b083 100644
--- a/docs/src/site/twiki/restapi/EntityValidate.twiki
+++ b/docs/src/site/twiki/restapi/EntityValidate.twiki
@@ -1,4 +1,4 @@
----++ POST  api/entities/validate/entity-type?skipDryRun=false
+---++ POST  api/entities/validate/entity-type
    * <a href="#Description">Description</a>
    * <a href="#Parameters">Parameters</a>
    * <a href="#Results">Results</a>
@@ -10,6 +10,7 @@ Validates the submitted entity.
 ---++ Parameters
    * :entity-type can be cluster, feed or process.
    * skipDryRun : Optional query param, Falcon skips oozie dryrun when value is set to true.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Result of the validation.
@@ -122,7 +123,7 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 
 ---+++ Rest Call
 <verbatim>
-POST http://localhost:15000/api/entities/validate/process
+POST http://localhost:15000/api/entities/validate/process?skipDryRun=false&doAs=joe
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Daily sample process. Runs at 6th hour every day. Input - last day's hourly data. Generates output for yesterday -->
 <process xmlns="uri:falcon:process:0.1" name="SampleProcess" >

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/FeedInstanceListing.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/FeedInstanceListing.twiki b/docs/src/site/twiki/restapi/FeedInstanceListing.twiki
index a3e306d..03f3c57 100644
--- a/docs/src/site/twiki/restapi/FeedInstanceListing.twiki
+++ b/docs/src/site/twiki/restapi/FeedInstanceListing.twiki
@@ -14,6 +14,7 @@ Get falcon feed instance availability.
    * end <optional param> Show instances up to this date. Date format is yyyy-MM-dd'T'HH:mm'Z'.
       * Default is set to now.
    * colo <optional param> Colo on which the query should be run.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Feed instance availability status
@@ -21,7 +22,7 @@ Feed instance availability status
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/instance/listing/feed/SampleFeed?colo=*&start=2012-04-03T07:00Z
+GET http://localhost:15000/api/instance/listing/feed/SampleFeed?colo=*&start=2012-04-03T07:00Z&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/FeedLookup.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/FeedLookup.twiki b/docs/src/site/twiki/restapi/FeedLookup.twiki
index 1ad91d8..053182b 100644
--- a/docs/src/site/twiki/restapi/FeedLookup.twiki
+++ b/docs/src/site/twiki/restapi/FeedLookup.twiki
@@ -9,6 +9,7 @@
 ---++ Parameters
     * path path of the instance for which you want to determine the feed. e.g. /data/project1/2014/10/10/23/
     Path has to be the complete path and can't be a part of it.
+    * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Returns the name of the feed along with the location type(meta/data/stats) and cluster on which the given path belongs to this feed.
@@ -16,7 +17,7 @@ Returns the name of the feed along with the location type(meta/data/stats) and c
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/entities/lookup/feed?path=/data/project1/2014/10/10/23
+GET http://localhost:15000/api/entities/lookup/feed?path=/data/project1/2014/10/10/23&doAs=joe
 </verbatim>
 ---+++ Result
 {
@@ -33,4 +34,4 @@ GET http://localhost:15000/api/entities/lookup/feed?path=/data/project1/2014/10/
            "clusterName": "My-cluster2"
         }
     ]
-}
\ No newline at end of file
+}

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/Graph.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/Graph.twiki b/docs/src/site/twiki/restapi/Graph.twiki
index 6cf6faa..db58d2e 100644
--- a/docs/src/site/twiki/restapi/Graph.twiki
+++ b/docs/src/site/twiki/restapi/Graph.twiki
@@ -8,7 +8,7 @@
 Dump the graph.
 
 ---++ Parameters
-None.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Serialize graph to a file configured using *.falcon.graph.serialize.path in Custom startup.properties.
@@ -16,7 +16,7 @@ Serialize graph to a file configured using *.falcon.graph.serialize.path in Cust
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/metadata/lineage/serialize
+GET http://localhost:15000/api/metadata/lineage/serialize?doAs=joe
 </verbatim>
 ---+++ Result
 None.

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/InstanceKill.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/InstanceKill.twiki b/docs/src/site/twiki/restapi/InstanceKill.twiki
index 4cdd4ac..eb22945 100644
--- a/docs/src/site/twiki/restapi/InstanceKill.twiki
+++ b/docs/src/site/twiki/restapi/InstanceKill.twiki
@@ -13,6 +13,7 @@ Kill currently running instance(s) of an entity.
    * start is the start time of the instance(s) that you want to refer to
    * end is the end time of the instance(s) that you want to refer to
    * lifecycle <optional param> can be Eviction/Replication(default) for feed and Execution(default) for process.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Result of the kill operation.
@@ -20,7 +21,7 @@ Result of the kill operation.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-POST http://localhost:15000/api/instance/kill/process/SampleProcess?colo=*&start=2012-04-03T07:00Z&end=2014-04-03T07:00Z
+POST http://localhost:15000/api/instance/kill/process/SampleProcess?colo=*&start=2012-04-03T07:00Z&end=2014-04-03T07:00Z&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/InstanceList.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/InstanceList.twiki b/docs/src/site/twiki/restapi/InstanceList.twiki
index 2cd9b1c..229d6f9 100644
--- a/docs/src/site/twiki/restapi/InstanceList.twiki
+++ b/docs/src/site/twiki/restapi/InstanceList.twiki
@@ -24,6 +24,7 @@ Get list of all instances of a given entity.
    * sortOrder <optional param> Valid options are "asc" and "desc"
    * offset <optional param> Show results from the offset, used for pagination. Defaults to 0.
    * numResults <optional param> Number of results to show per request, used for pagination. Only integers > 0 are valid, Default is 10.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
    
 ---++ Results
 List of instances of given entity.
@@ -56,7 +57,7 @@ GET http://localhost:15000/api/instance/list/process/SampleProcess?colo=*&start=
 
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/instance/list/process/SampleProcess?colo=*&start=2012-04-03T07:00Z&filterBy=STATUS:SUCCEEDED,CLUSTER:primary-cluster&orderBy=startTime&offset=2&numResults=2
+GET http://localhost:15000/api/instance/list/process/SampleProcess?colo=*&start=2012-04-03T07:00Z&filterBy=STATUS:SUCCEEDED,CLUSTER:primary-cluster&orderBy=startTime&offset=2&numResults=2&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/InstanceLogs.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/InstanceLogs.twiki b/docs/src/site/twiki/restapi/InstanceLogs.twiki
index c1103b7..1e1c98d 100644
--- a/docs/src/site/twiki/restapi/InstanceLogs.twiki
+++ b/docs/src/site/twiki/restapi/InstanceLogs.twiki
@@ -25,6 +25,7 @@ Get log of a specific instance of an entity.
    * sortOrder <optional param> Valid options are "asc" and "desc"
    * offset <optional param> Show results from the offset, used for pagination. Defaults to 0.
    * numResults <optional param> Number of results to show per request, used for pagination. Only integers > 0 are valid, Default is 10.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Log of specified instance.
@@ -63,7 +64,7 @@ GET http://localhost:15000/api/instance/logs/process/SampleProcess?colo=*&start=
 
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/instance/logs/process/SampleProcess?colo=*&start=2012-04-03T07:00Z&filterBy=STATUS:SUCCEEDED,CLUSTER:primary-cluster&orderBy=startTime&offset=2&numResults=2
+GET http://localhost:15000/api/instance/logs/process/SampleProcess?colo=*&start=2012-04-03T07:00Z&filterBy=STATUS:SUCCEEDED,CLUSTER:primary-cluster&orderBy=startTime&offset=2&numResults=2&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/InstanceParams.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/InstanceParams.twiki b/docs/src/site/twiki/restapi/InstanceParams.twiki
index 2c69152..7a340a5 100644
--- a/docs/src/site/twiki/restapi/InstanceParams.twiki
+++ b/docs/src/site/twiki/restapi/InstanceParams.twiki
@@ -13,6 +13,7 @@ Get the params passed to the workflow for an instance of feed/process.
    * start should be the nominal time of the instance for which you want the params to be returned
    * colo <optional param> Colo on which the query should be run.
    * lifecycle <optional param> Valid lifecycles for feed are Eviction/Replication(default) and for process is Execution(default).
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 
 ---++ Results
@@ -21,7 +22,7 @@ List of instances currently running.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-http://userqa.user.com:16000/api/instance/params/process/Sample-Process?start=2014-10-01T11:00Z&colo=*
+http://userqa.user.com:16000/api/instance/params/process/Sample-Process?start=2014-10-01T11:00Z&colo=*&doAs=joe
 </verbatim>
 ---+++ Result
 {
@@ -79,4 +80,4 @@ http://userqa.user.com:16000/api/instance/params/process/Sample-Process?start=20
             }
         }
     ]
-}
\ No newline at end of file
+}

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/InstanceRerun.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/InstanceRerun.twiki b/docs/src/site/twiki/restapi/InstanceRerun.twiki
index ec30a1e..eef0e1a 100644
--- a/docs/src/site/twiki/restapi/InstanceRerun.twiki
+++ b/docs/src/site/twiki/restapi/InstanceRerun.twiki
@@ -14,6 +14,7 @@ Rerun instances of an entity. On issuing a rerun, by default the execution resum
    * end is the end time of the instance that you want to refer to
    * lifecycle <optional param> can be Eviction/Replication(default) for feed and Execution(default) for process.
    * force <optional param> can be used to forcefully rerun the entire instance.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Results of the rerun command.
@@ -43,7 +44,7 @@ POST http://localhost:15000/api/instance/rerun/process/SampleProcess?colo=*&star
 </verbatim>
 
 <verbatim>
-POST http://localhost:15000/api/instance/rerun/process/SampleProcess?colo=*&start=2013-04-03T07:00Z&end=2014-04-03T07:00Z&force=true
+POST http://localhost:15000/api/instance/rerun/process/SampleProcess?colo=*&start=2013-04-03T07:00Z&end=2014-04-03T07:00Z&force=true&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/InstanceResume.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/InstanceResume.twiki b/docs/src/site/twiki/restapi/InstanceResume.twiki
index ab1d06b..1254785 100644
--- a/docs/src/site/twiki/restapi/InstanceResume.twiki
+++ b/docs/src/site/twiki/restapi/InstanceResume.twiki
@@ -13,29 +13,31 @@ Resume suspended instances of an entity.
    * start is the start time of the instance(s) that you want to refer to
    * end is the end time of the instance(s) that you want to refer to
    * lifecycle <optional param> can be Eviction/Replication(default) for feed and Execution(default) for process.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
+
 ---++ Results
 Results of the resume command.
 
 ---++ Examples
 ---+++ Rest Call
-<verbatim>
-POST http://localhost:15000/api/instance/resume/process/SampleProcess?colo=*&start=2012-04-03T07:00Z&end=2014-04-03T07:00Z
-</verbatim>
----+++ Result
-<verbatim>
-{
-    "instances": [
-        {
-            "details": "",
-            "startTime": "2013-10-21T15:19:57-07:00",
-            "cluster": "primary-cluster",
-            "logFile": "http:\/\/localhost:11000\/oozie?job=0000070-131021115933395-oozie-rgau-W",
-            "status": "RUNNING",
-            "instance": "2012-04-03T07:00Z"
-        }
-    ],
-    "requestId": "default\/e88ff2e0-2af7-4829-a360-f92e95be2981\n",
-    "message": "default\/RESUME\n",
-    "status": "SUCCEEDED"
-}
-</verbatim>
+           <verbatim>
+           POST http://localhost:15000/api/instance/resume/process/SampleProcess?colo=*&start=2012-04-03T07:00Z&end=2014-04-03T07:00Z&doAs=joe
+           </verbatim>
+           ---+++ Result
+           <verbatim>
+           {
+               "instances": [
+                   {
+                       "details": "",
+                       "startTime": "2013-10-21T15:19:57-07:00",
+                       "cluster": "primary-cluster",
+                       "logFile": "http:\/\/localhost:11000\/oozie?job=0000070-131021115933395-oozie-rgau-W",
+                       "status": "RUNNING",
+                       "instance": "2012-04-03T07:00Z"
+                   }
+               ],
+               "requestId": "default\/e88ff2e0-2af7-4829-a360-f92e95be2981\n",
+               "message": "default\/RESUME\n",
+               "status": "SUCCEEDED"
+           }
+           </verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/InstanceRunning.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/InstanceRunning.twiki b/docs/src/site/twiki/restapi/InstanceRunning.twiki
index dcd2230..3d1cabc 100644
--- a/docs/src/site/twiki/restapi/InstanceRunning.twiki
+++ b/docs/src/site/twiki/restapi/InstanceRunning.twiki
@@ -20,7 +20,7 @@ Get a list of instances currently running for a given entity.
    * sortOrder <optional param> Valid options are "asc" and "desc"
    * offset <optional param> Show results from the offset, used for pagination. Defaults to 0.
    * numResults <optional param> Number of results to show per request, used for pagination. Only integers > 0 are valid, Default is 10.
-
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 List of instances currently running.
@@ -50,7 +50,7 @@ GET http://localhost:15000/api/instance/running/process/SampleProcess?colo=*
 
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/instance/running/process/SampleProcess?colo=*&start=2012-04-03T07:00Z&filterBy=CLUSTER:primary-cluster&orderBy=startTime&offset=2&numResults=2
+GET http://localhost:15000/api/instance/running/process/SampleProcess?colo=*&start=2012-04-03T07:00Z&filterBy=CLUSTER:primary-cluster&orderBy=startTime&offset=2&numResults=2&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>
@@ -82,4 +82,3 @@ GET http://localhost:15000/api/instance/running/process/SampleProcess?colo=*&sta
 }
 </verbatim>
 
-

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/InstanceStatus.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/InstanceStatus.twiki b/docs/src/site/twiki/restapi/InstanceStatus.twiki
index cebc9c8..53f512f 100644
--- a/docs/src/site/twiki/restapi/InstanceStatus.twiki
+++ b/docs/src/site/twiki/restapi/InstanceStatus.twiki
@@ -24,7 +24,7 @@ Get status of a specific instance of an entity.
    * sortOrder <optional param> Valid options are "asc" and "desc"
    * offset <optional param> Show results from the offset, used for pagination. Defaults to 0.
    * numResults <optional param> Number of results to show per request, used for pagination. Only integers > 0 are valid, Default is 10.
-
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
    
 ---++ Results
 Status of the specified instance along with job urls for all actions of user workflow and non-succeeded actions of the main-workflow.
@@ -64,7 +64,7 @@ GET https://localhost:15443/api/instance/status/process/WordCount?start=2014-11-
 
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/instance/status/process/SampleProcess?colo=*&start=2012-04-03T07:00Z&filterBy=STATUS:SUCCEEDED,CLUSTER:primary-cluster&orderBy=startTime&offset=2&numResults=2
+GET http://localhost:15000/api/instance/status/process/SampleProcess?colo=*&start=2012-04-03T07:00Z&filterBy=STATUS:SUCCEEDED,CLUSTER:primary-cluster&orderBy=startTime&offset=2&numResults=2&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/InstanceSummary.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/InstanceSummary.twiki b/docs/src/site/twiki/restapi/InstanceSummary.twiki
index 2e44598..0e1ffee 100644
--- a/docs/src/site/twiki/restapi/InstanceSummary.twiki
+++ b/docs/src/site/twiki/restapi/InstanceSummary.twiki
@@ -25,6 +25,7 @@ Get summary of instance/instances of an entity.
        * Supports ordering by "cluster".
    * sortOrder <optional param> Valid options are "asc" and "desc"
    Example: orderBy=cluster sortOrder=asc
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Summary of the instances over the specified time range
@@ -86,7 +87,7 @@ GET https://localhost:16443/api/instance/summary/process/WordCount?filterBy=Stat
 
 ---+++ Rest Call
 <verbatim>
-GET https://localhost:16443/api/instance/summary/process/WordCount?orderBy=cluster&sortOrder=asc&start=2015-06-24T16:00Z&end=2015-06-24T23:00Z&colo=*
+GET https://localhost:16443/api/instance/summary/process/WordCount?orderBy=cluster&sortOrder=asc&start=2015-06-24T16:00Z&end=2015-06-24T23:00Z&colo=*&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/InstanceSuspend.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/InstanceSuspend.twiki b/docs/src/site/twiki/restapi/InstanceSuspend.twiki
index c4404b5..2ba8663 100644
--- a/docs/src/site/twiki/restapi/InstanceSuspend.twiki
+++ b/docs/src/site/twiki/restapi/InstanceSuspend.twiki
@@ -13,6 +13,7 @@ Suspend instances of an entity.
    * start is the start time of the instance(s) that you want to refer to
    * end is the end time of the instance(s) that you want to refer to
    * lifecycle <optional param> can be Eviction/Replication(default) for feed and Execution(default) for process.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Results of the suspend command.
@@ -20,7 +21,7 @@ Results of the suspend command.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-POST http://localhost:15000/api/instance/suspend/process/SampleProcess?colo=*&start=2012-04-03T07:00Z&end=2014-04-03T07:00Z
+POST http://localhost:15000/api/instance/suspend/process/SampleProcess?colo=*&start=2012-04-03T07:00Z&end=2014-04-03T07:00Z&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>
@@ -40,4 +41,4 @@ POST http://localhost:15000/api/instance/suspend/process/SampleProcess?colo=*&st
     "message": "default\/SUSPEND\n",
     "status": "SUCCEEDED"
 }
-</verbatim>
+</verbatim>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/MetadataList.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/MetadataList.twiki b/docs/src/site/twiki/restapi/MetadataList.twiki
index baf7d45..98abf46 100644
--- a/docs/src/site/twiki/restapi/MetadataList.twiki
+++ b/docs/src/site/twiki/restapi/MetadataList.twiki
@@ -10,6 +10,7 @@ Get all dimensions of specified type.
 ---++ Parameters
    * :type Valid dimension types are cluster_entity,feed_entity, process_entity, user, colo, tags, groups, pipelines
    * cluster <optional query param> Show dimensions related to this cluster.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 
 ---++ Results
@@ -18,7 +19,7 @@ List of dimensions that match requested type [and cluster].
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/metadata/discovery/process_entity/list?cluster=primary-cluster
+GET http://localhost:15000/api/metadata/discovery/process_entity/list?cluster=primary-cluster&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/MetadataRelations.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/MetadataRelations.twiki b/docs/src/site/twiki/restapi/MetadataRelations.twiki
index 11eb4e0..b29fd2a 100644
--- a/docs/src/site/twiki/restapi/MetadataRelations.twiki
+++ b/docs/src/site/twiki/restapi/MetadataRelations.twiki
@@ -10,6 +10,7 @@ Get all relations of a specific dimension.
 ---++ Parameters
    * :type Valid dimension types are cluster_entity,feed_entity, process_entity, user, colo, tags, groups, pipelines
    * :name Name of the dimension.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Get all relations of a specific dimension.
@@ -17,7 +18,7 @@ Get all relations of a specific dimension.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/metadata/discovery/process_entity/sample-process/relations
+GET http://localhost:15000/api/metadata/discovery/process_entity/sample-process/relations?doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/Triage.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/Triage.twiki b/docs/src/site/twiki/restapi/Triage.twiki
index 30a04b4..9ff95c8 100644
--- a/docs/src/site/twiki/restapi/Triage.twiki
+++ b/docs/src/site/twiki/restapi/Triage.twiki
@@ -14,6 +14,7 @@ lot of instances are failing in a pipeline as it then finds out the root cause o
    * :entity-name name of the feed/process.
    * :start instance time of the entity instance.
    * :colo <optional param> name of the colo on which you want to triage
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 It returns a json graph
@@ -21,7 +22,7 @@ It returns a json graph
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/instance/triage/feed/my-feed?start=2015-03-02T00:00Z&colo=local
+GET http://localhost:15000/api/instance/triage/feed/my-feed?start=2015-03-02T00:00Z&colo=local&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/Vertex.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/Vertex.twiki b/docs/src/site/twiki/restapi/Vertex.twiki
index ac2cebf..82f5bfb 100644
--- a/docs/src/site/twiki/restapi/Vertex.twiki
+++ b/docs/src/site/twiki/restapi/Vertex.twiki
@@ -9,6 +9,7 @@ Gets the vertex with specified id.
 
 ---++ Parameters
    * :id is the unique id of the vertex.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 Vertex with the specified id.
@@ -16,7 +17,7 @@ Vertex with the specified id.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/metadata/lineage/vertices/4
+GET http://localhost:15000/api/metadata/lineage/vertices/4?doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/VertexProperties.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/VertexProperties.twiki b/docs/src/site/twiki/restapi/VertexProperties.twiki
index 1d146cc..11c64b5 100644
--- a/docs/src/site/twiki/restapi/VertexProperties.twiki
+++ b/docs/src/site/twiki/restapi/VertexProperties.twiki
@@ -10,6 +10,7 @@ Gets the properties of the vertex with specified id.
 ---++ Parameters
    * :id is the unique id of the vertex.
    * :relationships has default value of false. Pass true if relationships should be fetched.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
  Properties associated with the specified vertex.
@@ -17,7 +18,7 @@ Gets the properties of the vertex with specified id.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/metadata/lineage/vertices/properties/40004?relationships=true
+GET http://localhost:15000/api/metadata/lineage/vertices/properties/40004?relationships=true&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/docs/src/site/twiki/restapi/Vertices.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/restapi/Vertices.twiki b/docs/src/site/twiki/restapi/Vertices.twiki
index 3ece037..643e6e9 100644
--- a/docs/src/site/twiki/restapi/Vertices.twiki
+++ b/docs/src/site/twiki/restapi/Vertices.twiki
@@ -10,6 +10,7 @@ Get all vertices for a key index given the specified value.
 ---++ Parameters
    * :key is the key to be matched.
    * :value is the associated value of the key.
+   * doAs <optional query param> allows the current user to impersonate the user passed in doAs when interacting with the Falcon system.
 
 ---++ Results
 All vertices matching given property key and a value.
@@ -17,7 +18,7 @@ All vertices matching given property key and a value.
 ---++ Examples
 ---+++ Rest Call
 <verbatim>
-GET http://localhost:15000/api/metadata/lineage/vertices?key=name&value=sampleIngestProcess
+GET http://localhost:15000/api/metadata/lineage/vertices?key=name&value=sampleIngestProcess&doAs=joe
 </verbatim>
 ---+++ Result
 <verbatim>
@@ -34,4 +35,4 @@ GET http://localhost:15000/api/metadata/lineage/vertices?key=name&value=sampleIn
     ],
     "totalSize": 1
 }
-</verbatim>
+</verbatim>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/prism/src/main/java/org/apache/falcon/resource/AbstractEntityManager.java
----------------------------------------------------------------------
diff --git a/prism/src/main/java/org/apache/falcon/resource/AbstractEntityManager.java b/prism/src/main/java/org/apache/falcon/resource/AbstractEntityManager.java
index 63c5d39..b867055 100644
--- a/prism/src/main/java/org/apache/falcon/resource/AbstractEntityManager.java
+++ b/prism/src/main/java/org/apache/falcon/resource/AbstractEntityManager.java
@@ -76,6 +76,7 @@ import java.util.Set;
 public abstract class AbstractEntityManager {
     private static final Logger LOG = LoggerFactory.getLogger(AbstractEntityManager.class);
     private static MemoryLocks memoryLocks = MemoryLocks.getInstance();
+    private static final String DO_AS_PARAM = "doAs";
 
     protected static final int XML_DEBUG_LEN = 10 * 1024;
     private AbstractWorkflowEngine workflowEngine;
@@ -425,7 +426,8 @@ public abstract class AbstractEntityManager {
                             + "Can't be submitted again. Try removing before submitting.");
         }
 
-        SecurityUtil.tryProxy(entity); // proxy before validating since FS/Oozie needs to be proxied
+        String doAsUser = request.getParameter(DO_AS_PARAM);
+        SecurityUtil.tryProxy(entity, doAsUser); // proxy before validating since FS/Oozie needs to be proxied
         validate(entity);
         configStore.publish(entityType, entity);
         LOG.info("Submit successful: ({}): {}", type, entity.getName());
@@ -599,7 +601,8 @@ public abstract class AbstractEntityManager {
      */
     public EntityList getEntityList(String fieldStr, String nameSubsequence, String tagKeywords,
                                     String filterType, String filterTags, String filterBy,
-                                    String orderBy, String sortOrder, Integer offset, Integer resultsPerPage) {
+                                    String orderBy, String sortOrder, Integer offset,
+                                    Integer resultsPerPage, final String doAsUser) {
 
         HashSet<String> fields = new HashSet<String>(Arrays.asList(fieldStr.toUpperCase().split(",")));
         Map<String, List<String>> filterByFieldsValues = getFilterByFieldsValues(filterBy);
@@ -620,14 +623,14 @@ public abstract class AbstractEntityManager {
                 // return entities of all types if no entity type specified
                 for (EntityType entityType : EntityType.values()) {
                     entities.addAll(getFilteredEntities(
-                            entityType, nameSubsequence, tagKeywords, filterByFieldsValues, "", "", ""));
+                            entityType, nameSubsequence, tagKeywords, filterByFieldsValues, "", "", "", doAsUser));
                 }
             } else {
                 String[] types = filterType.split(",");
                 for (String type : types) {
                     EntityType entityType = EntityType.getEnum(type);
                     entities.addAll(getFilteredEntities(
-                            entityType, nameSubsequence, tagKeywords, filterByFieldsValues, "", "", ""));
+                            entityType, nameSubsequence, tagKeywords, filterByFieldsValues, "", "", "", doAsUser));
                 }
             }
         } catch (Exception e) {
@@ -679,7 +682,8 @@ public abstract class AbstractEntityManager {
 
     protected List<Entity> getFilteredEntities(
             EntityType entityType, String nameSubsequence, String tagKeywords,
-            Map<String, List<String>> filterByFieldsValues, String startDate, String endDate, String cluster)
+            Map<String, List<String>> filterByFieldsValues,
+            String startDate, String endDate, String cluster, final String doAsUser)
         throws FalconException, IOException {
         Collection<String> entityNames = configStore.getEntities(entityType);
         if (entityNames.isEmpty()) {
@@ -714,7 +718,7 @@ public abstract class AbstractEntityManager {
                 // this is for entity summary
                 continue;
             }
-            SecurityUtil.tryProxy(entity);
+            SecurityUtil.tryProxy(entity, doAsUser);
 
             // filter by fields
             if (isFilteredByFields(entity, filterByFieldsValues)) {

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/prism/src/main/java/org/apache/falcon/resource/AbstractSchedulableEntityManager.java
----------------------------------------------------------------------
diff --git a/prism/src/main/java/org/apache/falcon/resource/AbstractSchedulableEntityManager.java b/prism/src/main/java/org/apache/falcon/resource/AbstractSchedulableEntityManager.java
index f9405dc..61638f3 100644
--- a/prism/src/main/java/org/apache/falcon/resource/AbstractSchedulableEntityManager.java
+++ b/prism/src/main/java/org/apache/falcon/resource/AbstractSchedulableEntityManager.java
@@ -201,7 +201,7 @@ public abstract class AbstractSchedulableEntityManager extends AbstractInstanceM
     public EntitySummaryResult getEntitySummary(String type, String cluster, String startDate, String endDate,
                                                 String fields, String filterBy, String filterTags,
                                                 String orderBy, String sortOrder, Integer offset,
-                                                Integer resultsPerPage, Integer numInstances) {
+                                                Integer resultsPerPage, Integer numInstances, final String doAsUser) {
         HashSet<String> fieldSet = new HashSet<String>(Arrays.asList(fields.toLowerCase().split(",")));
         Pair<Date, Date> startAndEndDates = getStartEndDatesForSummary(startDate, endDate);
         validateTypeForEntitySummary(type);
@@ -218,7 +218,7 @@ public abstract class AbstractSchedulableEntityManager extends AbstractInstanceM
                     getFilteredEntities(EntityType.valueOf(type.toUpperCase()), "", "", filterByFieldsValues,
                             SchemaHelper.getDateFormat().format(startAndEndDates.first),
                             SchemaHelper.getDateFormat().format(startAndEndDates.second),
-                            cluster),
+                            cluster, doAsUser),
                     orderBy, sortOrder, offset, resultsPerPage);
             colo = ((Cluster) configStore.get(EntityType.CLUSTER, cluster)).getColo();
         } catch (Exception e) {

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/prism/src/main/java/org/apache/falcon/resource/channel/HTTPChannel.java
----------------------------------------------------------------------
diff --git a/prism/src/main/java/org/apache/falcon/resource/channel/HTTPChannel.java b/prism/src/main/java/org/apache/falcon/resource/channel/HTTPChannel.java
index 78f68ba..5bf084b 100644
--- a/prism/src/main/java/org/apache/falcon/resource/channel/HTTPChannel.java
+++ b/prism/src/main/java/org/apache/falcon/resource/channel/HTTPChannel.java
@@ -56,6 +56,8 @@ public class HTTPChannel extends AbstractChannel {
 
     private static final Properties DEPLOYMENT_PROPERTIES = DeploymentProperties.get();
 
+    private static final String DO_AS_PARAM = "doAs";
+
     private String colo;
     private String serviceName;
     private Class service;
@@ -95,9 +97,12 @@ public class HTTPChannel extends AbstractChannel {
             String accept = MediaType.WILDCARD;
             String user = CurrentUser.getUser();
 
+            String doAsUser = incomingRequest.getParameter(DO_AS_PARAM);
+
             ClientResponse response = getClient()
                     .resource(UriBuilder.fromUri(url).build().normalize())
                     .queryParam("user.name", user)
+                    .queryParam("doAs", doAsUser)
                     .accept(accept).type(mimeType)
                     .method(httpMethod, ClientResponse.class,
                             (isPost(httpMethod) ? incomingRequest.getInputStream() : null));

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/prism/src/main/java/org/apache/falcon/resource/proxy/SchedulableEntityManagerProxy.java
----------------------------------------------------------------------
diff --git a/prism/src/main/java/org/apache/falcon/resource/proxy/SchedulableEntityManagerProxy.java b/prism/src/main/java/org/apache/falcon/resource/proxy/SchedulableEntityManagerProxy.java
index ceabb06..23f1605 100644
--- a/prism/src/main/java/org/apache/falcon/resource/proxy/SchedulableEntityManagerProxy.java
+++ b/prism/src/main/java/org/apache/falcon/resource/proxy/SchedulableEntityManagerProxy.java
@@ -486,13 +486,14 @@ public class SchedulableEntityManagerProxy extends AbstractSchedulableEntityMana
                                     @DefaultValue("") @QueryParam("orderBy") String orderBy,
                                     @DefaultValue("asc") @QueryParam("sortOrder") String sortOrder,
                                     @DefaultValue("0") @QueryParam("offset") Integer offset,
-                                    @QueryParam("numResults") Integer resultsPerPage) {
+                                    @QueryParam("numResults") Integer resultsPerPage,
+                                    @QueryParam("doAs") String doAsUser) {
         if (StringUtils.isNotEmpty(type)) {
             type = type.substring(1);
         }
         resultsPerPage = resultsPerPage == null ? getDefaultResultsPerPage() : resultsPerPage;
         return super.getEntityList(fields, nameSubsequence, tagKeywords, type, tags, filterBy,
-                orderBy, sortOrder, offset, resultsPerPage);
+                orderBy, sortOrder, offset, resultsPerPage, doAsUser);
     }
 
     @GET
@@ -512,9 +513,10 @@ public class SchedulableEntityManagerProxy extends AbstractSchedulableEntityMana
             @DefaultValue("asc") @QueryParam("sortOrder") String entitySortOrder,
             @DefaultValue("0") @QueryParam("offset") final Integer entityOffset,
             @DefaultValue("10") @QueryParam("numResults") final Integer numEntities,
-            @DefaultValue("7") @QueryParam("numInstances") final Integer numInstanceResults) {
+            @DefaultValue("7") @QueryParam("numInstances") final Integer numInstanceResults,
+            @DefaultValue("") @QueryParam("doAs") final String doAsUser) {
         return super.getEntitySummary(type, cluster, startStr, endStr, entityFields, entityFilter,
-                entityTags, entityOrderBy, entitySortOrder, entityOffset, numEntities, numInstanceResults);
+                entityTags, entityOrderBy, entitySortOrder, entityOffset, numEntities, numInstanceResults, doAsUser);
     }
 
     @GET

http://git-wip-us.apache.org/repos/asf/falcon/blob/d8fbec9f/prism/src/main/java/org/apache/falcon/security/FalconAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/prism/src/main/java/org/apache/falcon/security/FalconAuthenticationFilter.java b/prism/src/main/java/org/apache/falcon/security/FalconAuthenticationFilter.java
index df64b44..1cb5205 100644
--- a/prism/src/main/java/org/apache/falcon/security/FalconAuthenticationFilter.java
+++ b/prism/src/main/java/org/apache/falcon/security/FalconAuthenticationFilter.java
@@ -52,6 +52,8 @@ public class FalconAuthenticationFilter
 
     private static final Logger LOG = LoggerFactory.getLogger(FalconAuthenticationFilter.class);
 
+    protected static final String DO_AS_PARAM = "doAs";
+
     /**
      * Constant for the configuration property that indicates the prefix.
      */
@@ -177,9 +179,11 @@ public class FalconAuthenticationFilter
                     } else {
                         try {
                             NDC.push(user + ":" + httpRequest.getMethod() + "/" + httpRequest.getPathInfo());
+                            String doAsUser = httpRequest.getParameter(DO_AS_PARAM);
                             CurrentUser.authenticate(user);
-                            LOG.info("Request from authenticated user: {}, URL={}", user,
-                                    Servlets.getRequestURI(httpRequest));
+                            CurrentUser.proxyDoAsUser(doAsUser, HostnameFilter.get());
+                            LOG.info("Request from authenticated user: {}, URL={}, doAs user: {}", user,
+                                    Servlets.getRequestURI(httpRequest), doAsUser);
 
                             filterChain.doFilter(servletRequest, servletResponse);
                         } finally {


Mime
View raw message