zeroflag commented on PR #817:
URL: https://github.com/apache/knox/pull/817#issuecomment-1814635567
@lmccay
1. Thanks, I renamed it to `expression.principal.mapping`.
2. The `HadoopGroupProvider` extends from CommonIdentityProvider, so it
inherits all this functionality. I verified it with this config:
```xml
<provider>
<role>identity-assertion</role>
<name>HadoopGroupProvider</name>
<enabled>true</enabled>
<param>
<name>expression.principal.mapping</name>
<value>(concat username '_SUFFIX')</value>
</param>
<param>
<name>group.mapping.vgrp1</name>
<value>(starts-with username 'sam')</value>
</param>
<param>
<name>hadoop.security.group.mapping</name>
<value>org.apache.hadoop.security.LdapGroupsMapping</value>
</param>
<param>
<name>hadoop.security.group.mapping.ldap.url</name>
<value>ldap://localhost:33389</value>
</param>
[....]
</provider>
```
```bash
$ curl -v -k -u sam:sam-password https://localhost:8443/gateway/sandbox/hive
```
```
23/11/16 16:02:14
||4887dab7-ffa5-4d94-9343-9eedc140fd73|audit|[0:0:0:0:0:0:0:1]|HIVE|sam|sam_SUFFIX||identity-mapping|principal|sam_SUFFIX|success|Groups:
[vgrp1]
```
3. The parentheses won't cause any encoding problem. The only thing I can
think of as a problem is the greater than / less than signs. But those are
rarely used and they can be encoded.
For example:
```lisp
(> (strlen username) 10)
```
Should be encoded as:
```
(> (strlen username) 10)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
