Z0ltrix commented on pull request #2332: URL: https://github.com/apache/drill/pull/2332#issuecomment-960959540
> > > > Hi @dzamo , phoenix uses keytab and other stuff within the connection string: https://phoenix.apache.org/#connStr isnt this what we need? > > Or, the other aspect... use code from PQS for the connection to phoenix... they use some sort of proxyUser from org.apache.hadoop.security.UserGroupInformation as well: https://github.com/apache/phoenix-queryserver/blob/master/phoenix-queryserver/src/main/java/org/apache/phoenix/queryserver/server/QueryServer.java#L553 > > Regards, Christian > > @Z0ltrix Okaaay. I'd forgotten that Phoenix lives on top of Hadoop anyway. So if you've already enabled Hadoop's impersonation using the needed `proxyuser` settings then maybe all that we need here is to tack a `doAs` onto the JDBC URL you already have working (which might already include some Kerberos bits). > > ``` > jdbc:phoenix:thin:url=http://localhost:8765?doAs=alice > ``` > > See https://phoenix.apache.org/server.html#Impersonation. @luocooong this should be reasonably easy, let me know if I can help with anything. We should imitate the behaviour of storage-hive which also contains "doAs". In my head it's something like this farcically simplified pseudocode: > > ``` > if (config.getOption('drill.exec.impersonation.enabled') == true) { > phoenixJdbcUrl = phoenixJdbcUrl + "?doAs=" + activeDrillUser; > } > ``` Hi @dzamo, exaclty... as described in the original Issue #2296 we have the following connection String for PQS `jdbc:phoenix:thin:url=http://localhost:8765;serialization=PROTOBUF;authentication=SPNEGO;principal=drill/bit@MYCLUSTER;keytab=/etc/hadoop/conf/drill.keytab` But this will not work with native phoenix connection, because there is no doAs parameter. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
