New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[AMORO-2692] Support proxy user in terminal #2693
base: master
Are you sure you want to change the base?
Conversation
3e2cb05
to
bc7fb08
Compare
I‘m looking forwared to this PR! But I have some questions |
@xieyi888 Thanks for your input!
Do you mean the kerberos authentication? Ideally, the terminal would use the UGI in TableMetaStore.RuntimeContext, but in fact the UGI cannot cover the usages like Iceberg async tasks. This PR mainly makes the spark user right. For example, the table created would have the proxy user as its owner. WRT authorization, I think that's the catalog's job and not relevant to the amoro terminal.
I think it's doable via Kyuubi. But I haven't got the chance to verify it yet. |
@link3280 From your PR, it seems that you are calling terminal by REST API? so that you can pass the proxyUser from http parameters. But this is not working for user executing SQL via WebBrowser. |
That's right. This PR doesn't involve web UI changes. |
rs = | ||
tableMetaStore.doAsImpersonating( | ||
proxyUser, () -> session.executeStatement(catalog, statement)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tend to check whether to call doAs
or doAsImpersonating
here, and try not to modify the code of the TableMetastore
.
Hi @link3280, Can you explain more details how to execute SQL statements with configured user? |
Why are the changes needed?
Close #2692.
Brief change log
How was this patch tested?
Add some test cases that check the changes thoroughly including negative and positive cases if possible
Add screenshots for manual tests if appropriate
Run test locally before making a pull request
Documentation