Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for User Impersonation #309

Merged
merged 1 commit into from
Feb 26, 2020
+19 −2
Merged

Add support for User Impersonation #309

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 19 additions & 2 deletions pyhive/presto.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ class Cursor(common.DBAPICursor):
visible by other cursors or connections.
"""

def __init__(self, host, port='8080', username=None, catalog='hive',
def __init__(self, host, port='8080', username=None, principle_username=None, catalog='hive',
Ralnoc marked this conversation as resolved.
Show resolved Hide resolved
schema='default', poll_interval=1, source='pyhive', session_props=None,
protocol='http', password=None, requests_session=None, requests_kwargs=None,
KerberosRemoteServiceName=None, KerberosPrincipal=None,
Expand All @@ -89,6 +89,8 @@ def __init__(self, host, port='8080', username=None, catalog='hive',
:param host: hostname to connect to, e.g. ``presto.example.com``
:param port: int -- port, defaults to 8080
:param username: string -- defaults to system user name
:param principle_username: string -- defaults to ``username`` argument if it exists,
else defaults to system user name
:param catalog: string -- defaults to ``hive``
:param schema: string -- defaults to ``default``
:param poll_interval: int -- how often to ask the Presto REST interface for a progress
Expand Down Expand Up @@ -121,7 +123,22 @@ class will use the default requests behavior of making a new session per HTTP re
# Config
self._host = host
self._port = port
self._username = username or getpass.getuser()
"""
Presto User Impersonation: https://docs.starburstdata.com/latest/security/impersonation.html

User impersonation allows the execution of queries in Presto based on principle_username
argument, instead of executing the query as the account which authenticated against Presto.
(Usually a service account)

Allows for a service account to authenticate with Presto, and then leverage the
principle_username as the user Presto will execute the query as. This is required by
applications that leverage authentication methods like SAML, where the application has a
username, but not a password to still leverage user specific Presto Resource Groups and
Authorization rules that would not be applied when only using a shared service account.
This also allows auditing of who is executing a query in these environments, instead of
having all queryes run by the shared service account.
"""
self._username = principle_username or username or getpass.getuser()
self._catalog = catalog
self._schema = schema
self._arraysize = 1
Expand Down