jerqi commented on PR #4248:
URL: https://github.com/apache/gravitino/pull/4248#issuecomment-2257736927
> > > > It's the best to have the abstraction like
> > > > ```
> > > > class UserContext {
> > > > UserGroupInformation getUGI();
> > > > doAs();
> > > > }
> > > >
> > > > class SimpleUserContext implement UserContext {
> > > > }
> > > >
> > > > class KerberosUserContext implement UserContext {
> > > > }
> > > > ```
> > >
> > >
> > > I'm okay with it, how to handle `impersonation`? Add a property like
`impersonation` to keep the value?
> > > Another point, by this meaning, is that we still need to use a map to
calculate the real value of `impersonation` for a schema or fileset? The way
you propose is a warpper that warps `UGI` and `doAs` operation.
> >
> >
> > impersonation should be a field of UserContext.
>
> I have reviewed it and am hesitant to make changes based on your comment.
>
> There is no difference between `SimpleUserContext` and
`KerberosUserContext` as they both utilize `UserGroupInforamion#doAs` to
perform actions. To differentiate whether we will use Kerberos authentication
or not for entities, I need to use a map to keep to the relation like
`Map<NameIdentifer, Boolean> identToKerberos` to represent whether the entity
it represents uses Kerberos or not, then I need to calculate the UGI. I don't
think it 's as convenient as the current implementation.
SimpleUserContext doesn't have keytab and realm, only contains user and
kerberos name. KerberosUserContext has keytab and realm.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
