[
https://issues.apache.org/jira/browse/PHOENIX-5938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17128951#comment-17128951
]
Istvan Toth edited comment on PHOENIX-5938 at 6/9/20, 7:24 AM:
---------------------------------------------------------------
thanks for the input [~romainr]
{quote}#No auth, no impersonation
engine = create_engine('phoenix://stoty-1.stoty.root.hwx.site:8765')
{quote}
test_sqlalchemy.py covers this case.
{quote}#No auth but use 'admin' as the actual user
engine = create_engine('phoenix://[email protected]:8765')# 3.
#Auth with a Kerb ticket but use 'admin' as the actual user
engine = create_engine('phoenix://[email protected]:8765',
connect_args=\{"authentication": "SPNEGO", "verify": False})
{quote}
It would be really hard to code an Integration Test for these cases, as they
need very specific (and different) PQS configurations.
_test_url_params_() in test_avatica.py covers the DBAPI side of this code path.
I've tested the sqlAlchemy side manually (which is really just
_create_connect_args()_ in sqlalchemy_phoenix.py)
{quote}Clarify if 'tls' param is used?
Could not see it in
[https://docs.sqlalchemy.org/en/13/core/engines.html#sqlalchemy.create_engineengine]
= create_engine('phoenix://[email protected]:8765',
connect_args=\{"authentication": "SPNEGO", "verify": False}, "tls": True) # or
'tls' in connect_args instead?
{quote}
*tls* is a PhoenixDB specific SQLAlchemy parameter.
For the underlying DBAPI driver you specify the complete _scheme://host:port_,
so there is no need for a separate parameter (that would go into connect_args).
However, for SqlAlchemy, the Scheme part of the URL is fixed as *_phoenix_*,
so we need some way to specify the scheme, hence this parameter. (again see
_create_connect_args()_ in sqlalchemy_phoenix.py that processes it)
This is handled better on JDBC side, where the complete HTTP(S) URL is passed
in as a parameter, but since the existing implementation (and all SQLAlchemy
drivers that I checked) used this convention, I decided not to change it.
was (Author: stoty):
thanks for the input [~romainr]
# 1. No auth, no impersonation
engine = create_engine('phoenix://stoty-1.stoty.root.hwx.site:8765')
test_sqlalchemy.py covers this case.
# 2. No auth but use 'admin' as the actual user
engine = create_engine('phoenix://[email protected]:8765')# 3.
Auth with a Kerb ticket but use 'admin' as the actual user
engine = create_engine('phoenix://[email protected]:8765',
connect_args=\{"authentication": "SPNEGO", "verify": False})
It would be really hard to code an Integration Test for these cases, as they
need very specific (and different) PQS configurations.
_test_url_params_() in test_avatica.py covers the DBAPI side of this code path.
I've tested the sqlAlchemy side manually (which is really just
_create_connect_args()_ in sqlalchemy_phoenix.py)
# 4. Clarify if 'tls' param is used?
# Could not see it in
https://docs.sqlalchemy.org/en/13/core/engines.html#sqlalchemy.create_engineengine
= create_engine('phoenix://[email protected]:8765',
connect_args=\{"authentication": "SPNEGO", "verify": False}, "tls": True) # or
'tls' in connect_args instead?
*tls* is a PhoenixDB specific SQLAlchemy parameter.
For the underlying DBAPI driver you specify the complete _scheme://host:port_,
so there is no need for a separate parameter (that would go into connect_args).
However, for SqlAlchemy, the Scheme part of the URL is fixed as *_phoenix_*,
so we need some way to specify the scheme, hence this parameter. (again see
_create_connect_args()_ in sqlalchemy_phoenix.py)
This is handled better on JDBC side, where the complete HTTP(S) URL is passed
in as a parameter, but since the existing implementation (and all SQLAlchemy
drivers that I checked) used this convention, I decided not to change it.
> Support impersonation in the python driver
> ------------------------------------------
>
> Key: PHOENIX-5938
> URL: https://issues.apache.org/jira/browse/PHOENIX-5938
> Project: Phoenix
> Issue Type: New Feature
> Components: queryserver
> Affects Versions: queryserver-1.0.0
> Reporter: Romain Rigaux
> Assignee: Istvan Toth
> Priority: Major
>
> Support impersonation via the doAs parameter in the python driver, and the
> SqlAlchemy driver.
> For the SqlAlchemy driver, strive to make it compatible with the Hue
> _has_impersonation_ option.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
