Package org.apache.drill.exec.util

Class ImpersonationUtil

java.lang.Object
org.apache.drill.exec.util.ImpersonationUtil
public class ImpersonationUtil extends Object
Utilities for impersonation purpose.

  • Method Details

    • createProxyUgi

      public static org.apache.hadoop.security.UserGroupInformation createProxyUgi(String opUserName, String queryUserName)
      Create and return proxy user UserGroupInformation of operator owner if operator owner is valid. Otherwise create and return proxy user UserGroupInformation for query user.
      Parameters:
      opUserName - Name of the user whom to impersonate while setting up the operator.
      queryUserName - Name of the user who issues the query. If opUserName is invalid, then this parameter must be valid user name.

    • createProxyUgi

      public static org.apache.hadoop.security.UserGroupInformation createProxyUgi(String proxyUserName)
      Create and return proxy user UserGroupInformation for given user name.
      Parameters:
      proxyUserName - Proxy user name (must be valid)

    • resolveUserName

      public static String resolveUserName(String userName)
      If the given user name is empty, return the current process user name. This is a temporary change to avoid modifying long list of tests files which have GroupScan operator with no user name property.
      Parameters:
      userName - User name found in GroupScan POP definition.

    • getProcessUserName

      public static String getProcessUserName()
      Return the name of the user who is running the Drillbit.
      Returns:
      Drillbit process user.

    • getProcessUserGroupNames

      public static String[] getProcessUserGroupNames()
      Return the list of groups to which the process user belongs.
      Returns:
      Drillbit process user group names

    • getProcessUserUGI

      public static org.apache.hadoop.security.UserGroupInformation getProcessUserUGI()
      Return the UserGroupInformation of user who is running the Drillbit.
      Returns:
      Drillbit process user UserGroupInformation.

    • createFileSystem

      public static DrillFileSystem createFileSystem(String proxyUserName, org.apache.hadoop.conf.Configuration fsConf)
      Create DrillFileSystem for given proxyUserName and configuration.
      Parameters:
      proxyUserName - Name of the user whom to impersonate while accessing the FileSystem contents.
      fsConf - FileSystem configuration.

    • hasAdminPrivileges

      public static boolean hasAdminPrivileges(String userName, String adminUsers, String adminGroups)
      Given admin user/group list, finds whether the given username has admin privileges.
      Parameters:
      userName - User who is checked for administrative privileges.
      adminUsers - Comma separated list of admin usernames,
      adminGroups - Comma separated list of admin usergroups
      Returns:
      True if the user has admin priveleges. False otherwise.