diff --git common/src/java/org/apache/hadoop/hive/conf/HiveConf.java common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index 829791e0a9..079d22935b 100644 --- common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -3483,6 +3483,11 @@ private static void populateLlapDaemonVarsSet(Set llapDaemonVarsSetLocal HIVE_SERVER2_TEZ_QUEUE_ACCESS_CHECK("hive.server2.tez.queue.access.check", false, "Whether to check user access to explicitly specified YARN queues. " + "yarn.resourcemanager.webapp.address must be configured to use this."), + HIVE_SERVER2_TEZ_QUEUE_ACCESS_CHECK_METHOD("hive.server2.tez.queue.access.check.method", + "default", new StringSet(true, "default", "loggedin"), + "Determines which method to use to decide the YARN queue user.\n" + + " default - username is based on doAs setting.\n" + + " loggedin - username is always the logged in user.\n"), HIVE_SERVER2_TEZ_SESSION_LIFETIME("hive.server2.tez.session.lifetime", "162h", new TimeValidator(TimeUnit.HOURS), "The lifetime of the Tez sessions launched by HS2 when default sessions are enabled.\n" + diff --git ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionPoolManager.java ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionPoolManager.java index 83daf9df3a..50a143216c 100644 --- ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionPoolManager.java +++ ql/src/java/org/apache/hadoop/hive/ql/exec/tez/TezSessionPoolManager.java @@ -228,6 +228,22 @@ private TezSessionPoolSession createAndInitSession( return sessionState; } + private String defaultUsernameMethod(SessionState ss) { + // First try to get from the authenticator and fallback to the session state + if (ss == null) { + return null; + } + return ss.getAuthenticator() != null ? ss.getAuthenticator().getUserName() : ss.getUserName(); + } + + private String loggedInUsernameMethod(SessionState ss) { + if (ss == null) { + return null; + } + // User logged in user from session state + return ss.getUserName(); + } + private TezSessionState getSession(HiveConf conf, boolean doOpen) throws Exception { // NOTE: this can be called outside of HS2, without calling setupPool. Basically it should be // able to handle not being initialized. Perhaps we should get rid of the instance and @@ -249,11 +265,15 @@ private TezSessionState getSession(HiveConf conf, boolean doOpen) throws Excepti if (yarnQueueChecker != null) { SessionState ss = SessionState.get(); + String userMethod = conf.getVar(ConfVars.HIVE_SERVER2_TEZ_QUEUE_ACCESS_CHECK_METHOD); String userName = null; - if (ss != null) { - userName = ss.getAuthenticator() != null - ? ss.getAuthenticator().getUserName() : ss.getUserName(); + + if ("default".equals(userMethod)) { + userName = defaultUsernameMethod(ss); + } else if ("loggedin".equals(userMethod)) { + userName = loggedInUsernameMethod(ss); } + if (userName == null) { userName = Utils.getUGI().getShortUserName(); LOG.info("No session user set; using the UGI user " + userName);