Maybe the doc should say that Drill supports impersonation through web console. These clients
use Java client library, just like JDBC.
Note that *inbound* impersonation is not supported yet because Drill does not expose an “impersonation_target”
field through the web login form.
Thank you,
Sudheesh
> On Dec 21, 2016, at 10:08 AM, Akihiko Kusanagi <akusanagi@maprtech.com> wrote:
>
> Hi,
>
> The 'Impersonation Support' table In the following page says that
> impersonation
> is not supported with Drill Web Console or REST API.
> http://drill.apache.org/docs/configuring-user-impersonation/
>
> However, when authentication and impersonation are enabled, impersonation is
> in effect through Web UI.
>
> $ cat drill-override.conf
> ...
> drill.exec: {
> ...
> impersonation: {
> enabled: true
> },
> ...
>
> Only mapr user has read permission for nation.parquet, and Drillbit is
> running as mapr user.
>
> $ hadoop fs -ls /sample-data
> ...
> drwx------ - mapr mapr 1210 2016-01-11 19:58 nation.parquet
> ...
>
> Then, login as the other user via Drill Web UI, and run this query:
>
> select * from dfs.`/sample-data/nation.parquet`
>
> This returns the following error, so it seems that impersonation is in
> effect.
>
> Query Failed: An Error Occurred
> org.apache.drill.common.exceptions.UserRemoteException: SYSTEM ERROR:
> IOException: 2049.177.8452826 /sample-data/nation.parquet (Input/output
> error) Fragment 0:0 [Error Id: 91684467-8a4f-4fb8-8ad7-6ee04b7f8f53 on
> node3:31010]
>
> When drill.exec.impersonation.enabled = false, the query above returns
> multiple rows.
>
> Is this expected behavior? Does the document need to be updated?
>
> Thanks,
> Aki
|