Skip to content

Passing username for impersonation#334

Open
gbrian wants to merge 1 commit intocloudera:masterfrom
acloudfrontier:superset-impersonation
Open

Passing username for impersonation#334
gbrian wants to merge 1 commit intocloudera:masterfrom
acloudfrontier:superset-impersonation

Conversation

@gbrian
Copy link

@gbrian gbrian commented Feb 4, 2019

No description provided.

@timarmstrong
Copy link
Contributor

timarmstrong commented Feb 27, 2019

Can you add a test for this feature? Maybe you can use the effective_user() builtin function to make sure that it had the intended effect.

@gbrian
Copy link
Author

gbrian commented Feb 27, 2019

Do you mean kind of:

def test_sqlalchemy_impersonation():
    engine = create_engine('impala://localhost')
    result = connection.execute("select effective_user() as effective_user")
    observed = result[0]['effective_user']
    expected = '?????'
    assert expected == observed

    impersonate = 'user1'
    engine = create_engine('impala://%s@localhost' % impersonate)
    result = connection.execute("select effective_user() as effective_user")
    observed = result[0]['effective_user']
    expected = impersonate
    assert expected == observed

@timarmstrong
Copy link
Contributor

timarmstrong commented Feb 27, 2019

Something along those lines, yeah. I think the second part of that test is the most important. Mainly to prove that the 'effective_user' value gets plumbed all the way through to Impala correctly.

timarmstrong
timarmstrong reviewed May 16, 2019
View reviewed changes
Copy link
Contributor

@timarmstrong timarmstrong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a test for this potentially?

impala/dbapi.py
password=None, kerberos_service_name='impala', use_ldap=None,
ldap_user=None, ldap_password=None, use_kerberos=None,
protocol=None):
protocol=None,username=None):
Copy link
Contributor

@timarmstrong timarmstrong Feb 27, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: space after comma to be consistent with surrounding code and PEP8

impala/hiveserver2.py
default_db)
self.service = service
self.default_db = default_db
self.impersonate=impersonate
Copy link
Contributor

@timarmstrong timarmstrong Feb 27, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: spaces around = to be consistent with surrounding code and PEP8

impala/hiveserver2.py

log.debug('.cursor(): getting new session_handle')

if self.impersonate != None:
Copy link
Contributor

@timarmstrong timarmstrong Feb 27, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be "is not None" - see https://docs.quantifiedcode.com/python-anti-patterns/readability/comparison_to_none.html

@huw0
Copy link
Contributor

huw0 commented May 22, 2023
edited
Loading

#281 indicates that impersonation works on a per-cursor basis.

Therefore can this PR be closed? I think it will be confusing to support impersonation in multiple places and this could lead to unintentional security issues where connections are re-used.

@gbrian gbrian closed this May 23, 2023
@gbrian
Copy link
Author

gbrian commented May 23, 2023

Not needed

@gbrian gbrian reopened this May 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@timarmstrong timarmstrong timarmstrong left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gbrian @timarmstrong @huw0