[
https://issues.apache.org/jira/browse/KNOX-1098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16687568#comment-16687568
]
Jesus Alvarez commented on KNOX-1098:
-------------------------------------
Looks like that did the trick!
Correct user is returned on session create, from YARN, and from a few tests on
the Spark Driver created.
*Test 1 - user1 does NOT send "proxyUser"*
{code}
## Start a session
curl -k -v -X POST \
-H "Authorization: Bearer $DSX_TOKEN" \
-H 'Content-Type: application/json' \
-H 'X-Requested-By: user1' ${GATEWAY}'livy/v1/sessions' -d '{"kind":"spark"}'
#### Response to POST - Correct proxyUser
{"id":83,"appId":null,"owner":"dsxhi","proxyUser":"user1","state":"starting","kind":"spark","appInfo":\{"driverLogUrl":null,"sparkUiUrl":null},"log":["stdout:
","\nstderr: ","\nYARN Diagnostics: "]}
## Run a shell "whoami" on the driver
curl -k -v -X POST \
-H "Authorization: Bearer $DSX_TOKEN" \
-H 'Content-Type: application/json' \
-H 'X-Requested-By: user1' ${GATEWAY}'livy/v1/sessions/83/statements' -d
'{"code": "import sys.process._\nval result = \"whoami\" !!\nprintln(result)" }'
## Get response for statement
curl -i -k \
-H "Authorization: Bearer $DSX_TOKEN" \
-H "X-Requested-By: user1" \
-H "Content-Type: application/json" \
-X GET ${GATEWAY}'livy/v1/sessions/83/statements/0'
#### Response: Correct user1 access from the Driver/Yarn
{"id":0,... result: String =\n\"user1\n\"\nuser1\n\n"}},"progress":1.0}
{code}
*Test 2 - user1 does sends proxyUser=alice*
{code}
## Start a session
curl -k -v -X POST -H "Authorization: Bearer $DSX_TOKEN" -H 'Content-Type:
application/json' -H 'X-Requested-By: user1' ${GATEWAY}'livy/v1/sessions' -d
'\{"kind":"spark","proxyUser":"alice", "driverMemory":"2G"}'
#### Response: Correct proxyuser
{"id":84,"appId":null,"owner":"dsxhi","proxyUser":"user1","state":"starting","kind":"spark","appInfo":\{"driverLogUrl":null,"sparkUiUrl":null},"log":["stdout:
","\nstderr: ","\nYARN Diagnostics: "]}
## Run a shell "whoami" on the driver created by livy
curl -k -v -X POST \
-H "Authorization: Bearer $DSX_TOKEN" \
-H 'Content-Type: application/json' \
-H 'X-Requested-By: user1' ${GATEWAY}'livy/v1/sessions/84/statements' -d
'\{"code": "import sys.process._\nval result = \"whoami\" !!\nprintln(result)"
}'
## Get response for statement for session 84
curl -i -k \
-H "Authorization: Bearer $DSX_TOKEN" \
-H "X-Requested-By: user1" \
-H "Content-Type: application/json" \
-X GET ${GATEWAY}'livy/v1/sessions/84/statements/0'
#### Response: Correct user1 access from the Driver/Yarn
{"id":0,"code":"import sys.process._\nval result = \"whoami\"
!!\nprintln(result)","state":"available","output":\{"status":"ok","execution_count":0,"data":{"text/plain":"import
sys.process._\nwarning: there was one feature warning; re-run with -feature
for details\nresult: String =\n\"user1\n\"\nuser1\n\n"}},"progress":1.0}
{code}
> Livy proxyUser should be added when not present
> -----------------------------------------------
>
> Key: KNOX-1098
> URL: https://issues.apache.org/jira/browse/KNOX-1098
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.14.0, 1.0.0, 1.1.0
> Reporter: Jeffrey Rodriguez
> Assignee: Kevin Risden
> Priority: Major
> Labels: livy
> Fix For: 1.2.0
>
> Attachments: KNOX-1098.patch, KNOX-1098.patch, KNOX-1098.patch
>
>
> Current Knox Livy service will replace the value pair proxyUser, user to
> impersonate when running the job , with the value of the user that Knox has
> authenticated. If the proxyUser value pair doesn't exist the rewrite rule
> will not add the proxyUser value pair.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
