Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
Impala 3.2.0, Impala 3.3.0
-
None
-
ghx-label-6
Description
For certain grant/revoke requests, we are using the full name, which is a fully qualified user principal.
@Override
public void grantPrivilegeToUser(TCatalogServiceRequestHeader header,
TGrantRevokePrivParams params, TDdlExecResponse response) throws ImpalaException {
List<GrantRevokeRequest> requests = createGrantRevokeRequests(
====> header.getRequesting_user(), true, params.getPrincipal_name(),
Collections.emptyList(), plugin_.get().getClusterName(),
header.getClient_ip(), params.getPrivileges());
@Override
public void revokePrivilegeFromUser(TCatalogServiceRequestHeader header,
TGrantRevokePrivParams params, TDdlExecResponse response) throws ImpalaException {
List<GrantRevokeRequest> requests = createGrantRevokeRequests(
====> header.getRequesting_user(), false, params.getPrincipal_name(),
Collections.emptyList(), plugin_.get().getClusterName(),
header.getClient_ip(), params.getPrivileges());
@Override
public void grantPrivilegeToGroup(TCatalogServiceRequestHeader header,
TGrantRevokePrivParams params, TDdlExecResponse response) throws ImpalaException {
List<GrantRevokeRequest> requests = createGrantRevokeRequests(
=>>> header.getRequesting_user(), true, null,
Collections.singletonList(params.getPrincipal_name()),
plugin_.get().getClusterName(), header.getClient_ip(), params.getPrivileges());
@Override
public void revokePrivilegeFromGroup(TCatalogServiceRequestHeader header,
TGrantRevokePrivParams params, TDdlExecResponse response) throws ImpalaException {
List<GrantRevokeRequest> requests = createGrantRevokeRequests(
===> header.getRequesting_user(), false, null,
Collections.singletonList(params.getPrincipal_name()),
plugin_.get().getClusterName(), header.getClient_ip(), params.getPrivileges());
Ranger expects a short name instead. The bug existed since the original implementation [1], but the code has been later refactored.