drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bridget Bevens <bbev...@maprtech.com>
Subject Re: Impersonation with Drill Web Console or REST API
Date Wed, 21 Dec 2016 21:01:53 GMT
Hi,

I created DRILL-5147 to address this.

Thanks,
Bridget

On Wed, Dec 21, 2016 at 10:52 AM, Sudheesh Katkam <skatkam@maprtech.com>
wrote:

> Maybe the doc should say that Drill supports impersonation through web
> console. These clients use Java client library, just like JDBC.
>
> Note that *inbound* impersonation is not supported yet because Drill does
> not expose an “impersonation_target” field through the web login form.
>
> Thank you,
> Sudheesh
>
> > On Dec 21, 2016, at 10:08 AM, Akihiko Kusanagi <akusanagi@maprtech.com>
> wrote:
> >
> > Hi,
> >
> > The 'Impersonation Support' table In the following page says that
> > impersonation
> > is not supported with Drill Web Console or REST API.
> > http://drill.apache.org/docs/configuring-user-impersonation/
> >
> > However, when authentication and impersonation are enabled,
> impersonation is
> > in effect through Web UI.
> >
> > $ cat drill-override.conf
> > ...
> > drill.exec: {
> > ...
> > impersonation: {
> >   enabled: true
> > },
> > ...
> >
> > Only mapr user has read permission for nation.parquet, and Drillbit is
> > running as mapr user.
> >
> > $ hadoop fs -ls /sample-data
> > ...
> > drwx------   - mapr mapr       1210 2016-01-11 19:58 nation.parquet
> > ...
> >
> > Then, login as the other user via Drill Web UI, and run this query:
> >
> > select * from dfs.`/sample-data/nation.parquet`
> >
> > This returns the following error, so it seems that impersonation is in
> > effect.
> >
> > Query Failed: An Error Occurred
> > org.apache.drill.common.exceptions.UserRemoteException: SYSTEM ERROR:
> > IOException: 2049.177.8452826 /sample-data/nation.parquet (Input/output
> > error) Fragment 0:0 [Error Id: 91684467-8a4f-4fb8-8ad7-6ee04b7f8f53 on
> > node3:31010]
> >
> > When drill.exec.impersonation.enabled = false, the query above returns
> > multiple rows.
> >
> > Is this expected behavior? Does the document need to be updated?
> >
> > Thanks,
> > Aki
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message