Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-11720

Hive query should fail on an impersonated namespace if exploreAsPrincipal is set to false.

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.2.0
    • Component/s: Explore, Security
    • Labels:
      None
    • Rank:
      1|i002ov:

      Description

      The impersonation integration test fails since the hive query is successful even the exploreAsPrincipal is false in the namespace. Here is the partial log from the test:

      2017-05-31 10:45:33,277 - INFO  [main:c.c.c.t.AudiTestBase$1@112] - Making request: PUT http://cdap-iit3-dstc55-7-23895-1000.dev.continuuity.net:11015/v3/namespaces/imp_ns/properties
      2017-05-31 10:45:33,498 - INFO  [main:c.c.c.t.AudiTestBase$1@121] - Received response: [200] Response Body: Updated properties for namespace 'imp_ns'.
      2017-05-31 10:45:33,498 - INFO  [main:c.c.c.t.AudiTestBase$1@112] - Making request: GET http://cdap-iit3-dstc55-7-23895-1000.dev.continuuity.net:11015/v3/namespaces/imp_ns
      2017-05-31 10:45:33,750 - INFO  [main:c.c.c.t.AudiTestBase$1@121] - Received response: [200] Response Body: {"name":"imp_ns","description":"","config":{"scheduler.queue.name":"","explore.as.principal":false,"principal":"alice","groupName":"deployers","keytabURI":"/etc/security/keytabs/alice.headless.keytab"}}
      

      After we update the property to set exploreAsPrincipal to false, the next hive query still completed successfully.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                yaojie Yaojie Feng
                Reporter:
                yaojie Yaojie Feng
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: