mirror of
https://github.com/apache/impala.git
synced 2026-01-02 21:00:35 -05:00
3092c96619
This patch implements a new feature to read the auth_to_local configs from hdfs configuration files, using the parameter hadoop.security.auth_to_local. This is done by modifying the User#getShortName() method to use its hdfs equivalent. This patch includes an end to end authorization test using sentry where we add specific auth_to_local setting for a certain user and test if the sentry authorization passes for this user after applying these rules. Given we don't have tests that run on a kerberized min-cluster, this patch adds a hack to load this configuration during even on non-kerberized 'test runs'. However this feature is disabled by default to preserve the existing behavior. To enable it, 1. Use kerberos as authentication mechanism (by setting --principal) and 2. Add "--load_auth_to_local_rules=true" to the cluster startup args Change-Id: I76485b83c14ba26f6fce66e5f83e8014667829e0 Reviewed-on: http://gerrit.cloudera.org:8080/2800 Reviewed-by: Bharath Vissapragada <bharathv@cloudera.com> Tested-by: Internal Jenkins