apply genric logic to appendProxyUserToURL

This commit is contained in:
Prabhjyot Singh 2017-04-24 17:06:35 +05:30
parent 3fa2b1e980
commit 513987a288
2 changed files with 51 additions and 58 deletions

View file

@ -169,10 +169,6 @@ There are more JDBC interpreter properties you can specify like below.
<td>zeppelin.jdbc.keytab.location</td>
<td>The path to the keytab file</td>
</tr>
<tr>
<td>zeppelin.jdbc.auth.kerberos.proxy.enable</td>
     <td>When auth type is Kerberos, enable/disable Kerberos proxy with the login user to get the connection. Default value is true.</td>
</tr>
<tr>
<td>default.jceks.file</td>
<td>jceks store path (e.g: jceks://file/tmp/zeppelin.jceks)</td>
@ -202,7 +198,7 @@ To bind the interpreters created in the interpreter setting page, click the gear
<img src="../assets/themes/zeppelin/img/docs-img/click_interpreter_binding_button.png" width="600px" />
Select(blue) or deselect(white) the interpreter buttons depending on your use cases.
Select(blue) or deselect(white) the interpreter buttons depending on your use cases.
If you need to use more than one interpreter in the notebook, activate several buttons.
Don't forget to click `Save` button, or you will face `Interpreter *** is not found` error.
@ -285,7 +281,7 @@ An example settings of interpreter for the two data sources, each of which has i
</table>
##### Usage
Test of execution *precode* for each data source.
Test of execution *precode* for each data source.
```sql
%jdbc
@ -480,7 +476,7 @@ Here are some examples you can refer to. Including the below connectors, you can
[Maven Repository: com.amazonaws:aws-java-sdk-redshift](https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-redshift)
### Apache Hive
### Apache Hive
<img src="../assets/themes/zeppelin/img/docs-img/hive_setting.png" width="600px" />
@ -507,8 +503,9 @@ Here are some examples you can refer to. Including the below connectors, you can
<td>hive_password</td>
</tr>
<tr>
<td>hive.proxy.user</td>
<td>true or false</td>
<td>default.proxy.user.property</td>
<td>hive.server2.proxy.user</td>
</tr>
</table>
Connection to Hive JDBC with a proxy user can be disabled with `hive.proxy.user` property (set to true by default)
@ -535,9 +532,11 @@ Connection to Hive JDBC with a proxy user can be disabled with `hive.proxy.user`
[Maven Repository : org.apache.hive:hive-jdbc](https://mvnrepository.com/artifact/org.apache.hive/hive-jdbc)
##### Impersonation
When Zeppelin server is running with authentication enabled, then this interpreter utilizes Hive's user proxy feature i.e. sends extra parameter for creating and running a session ("hive.server2.proxy.user=": "${loggedInUser}"). This is particularly useful when multiple users are sharing a Notebook server.
When Zeppelin server is running with authentication enabled, then the interpreter can utilize Hive's user proxy feature i.e. send extra parameter for creating and running a session ("hive.server2.proxy.user=": "${loggedInUser}"). This is particularly useful when multiple users are sharing a notebooks.
To enable this set `zeppelin.jdbc.auth.type` as `SIMPLE` or `KERBEROS` (if required) in the interpreter setting.
To enable this set following:
- `zeppelin.jdbc.auth.type` as `SIMPLE` or `KERBEROS` (if required) in the interpreter setting.
- `default.proxy.user.property` as `hive.server2.proxy.user`
### Apache Phoenix

View file

@ -353,74 +353,68 @@ public class JDBCInterpreter extends Interpreter {
} else {
UserGroupInformation.AuthenticationMethod authType = JDBCSecurityImpl.getAuthtype(property);
final String connectionUrl = appendProxyUserToURL(url, user, propertyKey);
JDBCSecurityImpl.createSecureConfiguration(property, authType);
switch (authType) {
case KERBEROS:
if (user == null || "false".equalsIgnoreCase(
property.getProperty("zeppelin.jdbc.auth.kerberos.proxy.enable"))) {
connection = getConnectionFromPool(url, user, propertyKey, properties);
if (url.trim().startsWith("jdbc:hive")) {
connection = getConnectionFromPool(connectionUrl, user, propertyKey, properties);
} else {
if (url.trim().startsWith("jdbc:hive")) {
StringBuilder connectionUrl = new StringBuilder(url);
appendProxyUserToURL(connectionUrl, user);
connection = getConnectionFromPool(connectionUrl.toString(),
user, propertyKey, properties);
} else {
UserGroupInformation ugi = null;
try {
ugi = UserGroupInformation.createProxyUser(
user, UserGroupInformation.getCurrentUser());
} catch (Exception e) {
logger.error("Error in getCurrentUser", e);
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.append(e.getMessage()).append("\n");
stringBuilder.append(e.getCause());
throw new InterpreterException(stringBuilder.toString());
}
UserGroupInformation ugi = null;
try {
ugi = UserGroupInformation.createProxyUser(
user, UserGroupInformation.getCurrentUser());
} catch (Exception e) {
logger.error("Error in getCurrentUser", e);
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.append(e.getMessage()).append("\n");
stringBuilder.append(e.getCause());
throw new InterpreterException(stringBuilder.toString());
}
final String poolKey = propertyKey;
try {
connection = ugi.doAs(new PrivilegedExceptionAction<Connection>() {
@Override
public Connection run() throws Exception {
return getConnectionFromPool(url, user, poolKey, properties);
}
});
} catch (Exception e) {
logger.error("Error in doAs", e);
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.append(e.getMessage()).append("\n");
stringBuilder.append(e.getCause());
throw new InterpreterException(stringBuilder.toString());
}
final String poolKey = propertyKey;
try {
connection = ugi.doAs(new PrivilegedExceptionAction<Connection>() {
@Override
public Connection run() throws Exception {
return getConnectionFromPool(connectionUrl, user, poolKey, properties);
}
});
} catch (Exception e) {
logger.error("Error in doAs", e);
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.append(e.getMessage()).append("\n");
stringBuilder.append(e.getCause());
throw new InterpreterException(stringBuilder.toString());
}
}
break;
default:
StringBuilder connectionUrl = new StringBuilder(url);
appendProxyUserToURL(connectionUrl, user);
connection = getConnectionFromPool(connectionUrl.toString(),
user, propertyKey, properties);
connection = getConnectionFromPool(connectionUrl, user, propertyKey, properties);
}
}
return connection;
}
private void appendProxyUserToURL(StringBuilder connectionUrl, String user) {
if (connectionUrl.toString().trim().startsWith("jdbc:hive")) {
private String appendProxyUserToURL(String url, String user, String propertyKey) {
StringBuilder connectionUrl = new StringBuilder(url);
if (user != null && !user.equals("anonymous") &&
basePropretiesMap.get(propertyKey).containsKey("proxy.user.property")) {
Integer lastIndexOfUrl = connectionUrl.indexOf("?");
if (lastIndexOfUrl == -1) {
lastIndexOfUrl = connectionUrl.length();
}
if (user != null && !user.equals("anonymous") &&
!"false".equalsIgnoreCase(property.getProperty("hive.proxy.user"))) {
logger.info("Using hive proxy user as :" + user);
connectionUrl.insert(lastIndexOfUrl, ";hive.server2.proxy.user=" + user + ";");
}
logger.info("Using hive proxy user as :" + user);
connectionUrl.insert(lastIndexOfUrl, ";" +
basePropretiesMap.get(propertyKey).getProperty("proxy.user.property") + "=" + user + ";");
}
return connectionUrl.toString();
}
private String getPassword(Properties properties) throws IOException {