org.apache.drill.exec.util

Class ImpersonationUtil

java.lang.Object

org.apache.drill.exec.util.ImpersonationUtil

public class ImpersonationUtil
extends Object

Utilities for impersonation purpose.

Method Summary

Modifier and Type	Method and Description
static DrillFileSystem	createFileSystem(String proxyUserName, org.apache.hadoop.conf.Configuration fsConf) Create DrillFileSystem for given proxyUserName and configuration.
static org.apache.hadoop.security.UserGroupInformation	createProxyUgi(String proxyUserName) Create and return proxy user UserGroupInformation for given user name.
static org.apache.hadoop.security.UserGroupInformation	createProxyUgi(String opUserName, String queryUserName) Create and return proxy user UserGroupInformation of operator owner if operator owner is valid.
static String[]	getProcessUserGroupNames() Return the list of groups to which the process user belongs.
static String	getProcessUserName() Return the name of the user who is running the Drillbit.
static org.apache.hadoop.security.UserGroupInformation	getProcessUserUGI() Return the UserGroupInformation of user who is running the Drillbit.
static boolean	hasAdminPrivileges(String userName, String adminUsers, String adminGroups) Given admin user/group list, finds whether the given username has admin privileges.
static String	resolveUserName(String userName) If the given user name is empty, return the current process user name.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

createProxyUgi

public static org.apache.hadoop.security.UserGroupInformation createProxyUgi(String opUserName,
                                                                             String queryUserName)

Create and return proxy user UserGroupInformation of operator owner if operator owner is valid. Otherwise create and return proxy user UserGroupInformation for query user.

Parameters:

opUserName - Name of the user whom to impersonate while setting up the operator.

queryUserName - Name of the user who issues the query. If opUserName is invalid, then this parameter must be valid user name.

createProxyUgi

public static org.apache.hadoop.security.UserGroupInformation createProxyUgi(String proxyUserName)

Create and return proxy user UserGroupInformation for given user name.

Parameters:

proxyUserName - Proxy user name (must be valid)

resolveUserName

public static String resolveUserName(String userName)

If the given user name is empty, return the current process user name. This is a temporary change to avoid modifying long list of tests files which have GroupScan operator with no user name property.

Parameters:

userName - User name found in GroupScan POP definition.

getProcessUserName

public static String getProcessUserName()

Return the name of the user who is running the Drillbit.

Returns:

Drillbit process user.

getProcessUserGroupNames

public static String[] getProcessUserGroupNames()

Return the list of groups to which the process user belongs.

Returns:

Drillbit process user group names

getProcessUserUGI

public static org.apache.hadoop.security.UserGroupInformation getProcessUserUGI()

Return the UserGroupInformation of user who is running the Drillbit.

Returns:

Drillbit process user UserGroupInformation.

createFileSystem

public static DrillFileSystem createFileSystem(String proxyUserName,
                                               org.apache.hadoop.conf.Configuration fsConf)

Create DrillFileSystem for given proxyUserName and configuration.

Parameters:

proxyUserName - Name of the user whom to impersonate while accessing the FileSystem contents.

fsConf - FileSystem configuration.

hasAdminPrivileges

public static boolean hasAdminPrivileges(String userName,
                                         String adminUsers,
                                         String adminGroups)

Given admin user/group list, finds whether the given username has admin privileges.

Parameters:

userName - User who is checked for administrative privileges.

adminUsers - Comma separated list of admin usernames,

adminGroups - Comma separated list of admin usergroups

Returns:

True if the user has admin priveleges. False otherwise.