Skip to content

Enable Impala impersonation by passing cursor configuration.#4699

Closed
tothandor wants to merge 1 commit into
apache:masterfrom
tothandor:master
Closed

Enable Impala impersonation by passing cursor configuration.#4699
tothandor wants to merge 1 commit into
apache:masterfrom
tothandor:master

Conversation

@tothandor
Copy link
Copy Markdown

@tothandor tothandor commented Mar 27, 2018

This commit will only work if pull request #298 at cloudera/impyla is accepted,
but it may not do no harm if not. ImpalaEngineSpec.get_schema_names() had to be moved to cloudera/impyla-s SQLAlchemy API, in order to be able to get an impersonated cursor for the inspector.

It has also touched Hive impersonation, though it should not affect it.
It works for me, but feel free to completly rewrite it, to make it fit better in the overall picture.

@andortoth-central
Enable Impala impersonation by passing cursor configuration.
f3fb502 
This commit will only work if pull request apache#298 at cloudera/impyla is accepted,
but it may not do no harm if not.
It has also touched Hive impersonation, though it should not affect it.
mistercrunch
mistercrunch requested changes Mar 27, 2018
View reviewed changes
Copy link
Copy Markdown
Member

@mistercrunch mistercrunch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks sound except for a minor comment. Please add a unit test as this part of the codebase is pretty scattered and engine-specific. I could see how adding impersonation for other engines could create regressions if this is not protected by tests.

Also the build is failing because of minor linting issues, check out the travis logs for details.

Comment thread superset/models/core.py
logging.info('Database.get_sqla_engine(). Masked URL: {0}'.format(masked_url))

params = extra.get('engine_params', {})
self.cursor_kwargs = self.db_engine_spec.get_cursor_configuration_for_impersonation(str(url), self.impersonate_user, effective_username)
Copy link
Copy Markdown
Member

@mistercrunch mistercrunch Mar 27, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stamping into self.cursor_kwargs here is brittle as it assumes method call ordering which isn't an explicit assumption. Either make this happen on the __init__ method if the context is available at that point, or use a @property.

@gbrian
Copy link
Copy Markdown
Contributor

gbrian commented Jan 18, 2019

Hi,
I'm facinfg same issue but when defining the connection. In my case the user connecting to Imapala cluster has no permisions at all just to connect through kerberos. In this case when testing the connection SQLAlchemy tries to run SHOW TABLES over the database. Can not see any way for Superset to pass impersonation information in this point.

Did you have this issue as well @tothandor ?
Thanks in advance. btw can I help with this PR?

@stale
Copy link
Copy Markdown

stale Bot commented Apr 10, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale Bot added the inactive Inactive for >= 30 days label Apr 10, 2019
@stale stale Bot closed this Apr 17, 2019
@huw0 huw0 mentioned this pull request May 22, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mistercrunch mistercrunch mistercrunch requested changes

Assignees

No one assigned

Labels

inactive Inactive for >= 30 days

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tothandor @gbrian @mistercrunch @andortoth-central