[ https://issues.apache.org/jira/browse/NIFI-3534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15907536#comment-15907536 ]
ASF GitHub Bot commented on NIFI-3534: -------------------------------------- Github user bbende commented on a diff in the pull request: https://github.com/apache/nifi/pull/1581#discussion_r105669563 --- Diff: nifi-nar-bundles/nifi-hadoop-bundle/nifi-hdfs-processors/src/main/java/org/apache/nifi/processors/hadoop/AbstractHadoopProcessor.java --- @@ -292,7 +304,11 @@ HdfsResources resetHDFSResources(String configResources, ProcessContext context) ugi = SecurityUtil.loginKerberos(config, principal, keyTab); fs = getFileSystemAsUser(config, ugi); lastKerberosReloginTime = System.currentTimeMillis() / 1000; - } else { + } else if (context.getProperty(REMOTE_USER).isSet()){ --- End diff -- This might be more of a stylistic thing, but we could probably fold these together.... ``` else { config.set("ipc.client.fallback-to-simple-auth-allowed", "true"); config.set("hadoop.security.authentication", "simple"); if (context.getProperty(REMOTE_USER).isSet()) { ugi = UserGroupInformation.createRemoteUser(context.getProperty(REMOTE_USER).evaluateAttributeExpressions().getValue()); } else { ugi = SecurityUtil.loginSimple(config); } fs = getFileSystemAsUser(config, ugi); } ``` > Add support for impersonating a user with HDFS processors > ---------------------------------------------------------- > > Key: NIFI-3534 > URL: https://issues.apache.org/jira/browse/NIFI-3534 > Project: Apache NiFi > Issue Type: Bug > Reporter: Andrew Psaltis > Assignee: Andrew Psaltis > > When using the HDFS processors, specifically PutHDFS there are times when a > user wants to impersonate a user so that the files written to HDFS are done > as the remote user. In cases where Kerberos is not used, this is not > possible. Currently there is the ability for NiFi to change the permissions > using the Remote Owner and Remote Group, however, this only works if NiFi is > running as a user that has HDFS super user privilege. By providing the > ability to set a Remote User, NiFi can then impersonate the user and the > permission checks will be done in Hadoop land. -- This message was sent by Atlassian JIRA (v6.3.15#6346)