| commit | 8fea75cb5ce206ad071859bb331fa4811573cf4b | [log] [tgz] |
|---|---|---|
| author | Abhishek Rawat <arawat@cloudera.com> | Tue Sep 10 15:50:06 2024 -0700 |
| committer | Impala Public Jenkins <impala-public-jenkins@cloudera.com> | Fri Sep 27 08:27:11 2024 +0000 |
| tree | 63ab09335b5db90c6c2eef166ce71812cba3f51c | |
| parent | 11396d3146dfa2193420f79ec284f5212f058982 [diff] |
IMPALA-13312: Use client address from X-Forwarded-For Header in Ranger Audit Logs Added backend flag 'use_xff_address_as_origin' for using the client IP address from 'X-Forwarded-For' HTTP header as the origin of HTTP connection. The origin IP address in the SessionState is used by the ranger client for both authorization (RangerAccessRequestImpl) and auditing (RangerBufferAuditHandler). Impala does not do any verification or sanitization of this IP address, so its value should only be trusted if the deployment environment protects against spoofing. Also, added a new function 'GetXFFOriginClientAddress' for parsing XFF header with comma separated IP addresses, which is the most common form of XFF header representing client and intermediate proxies: X-Forwarded-For: <client>, <proxy1>, <proxy2> 'GetXFFOriginClientAddress' is now also used for getting the client IP from XFF header in existing use cases such as trusted domain based authentication for both HS2 HTTP server and web server. Testing: - Added unit tests for the new GetXFFOriginClientAddress function for parsing comma separated IP addresses in XFF header - Updated existing tests for trusted domain authentication to use XFF with comma separated IP addresses - Added custom cluster test which ensures that client IP address from XFF header is included in the ranger audit logs. Change-Id: Ib784ad805c649e9576ef34f125509c904b7773ab Reviewed-on: http://gerrit.cloudera.org:8080/21780 Reviewed-by: Abhishek Rawat <arawat@cloudera.com> Tested-by: Impala Public Jenkins <impala-public-jenkins@cloudera.com>
Lightning-fast, distributed SQL queries for petabytes of data stored in open data and table formats.
Impala is a modern, massively-distributed, massively-parallel, C++ query engine that lets you analyze, transform and combine data from a variety of data sources:
The fastest way to try out Impala is a quickstart Docker container. You can try out running queries and processing data sets in Impala on a single machine without installing dependencies. It can automatically load test data sets into Apache Kudu and Apache Parquet formats and you can start playing around with Apache Impala SQL within minutes.
To learn more about Impala as a user or administrator, or to try Impala, please visit the Impala homepage. Detailed documentation for administrators and users is available at Apache Impala documentation.
If you are interested in contributing to Impala as a developer, or learning more about Impala's internals and architecture, visit the Impala wiki.
Impala only supports Linux at the moment. Impala supports x86_64 and has experimental support for arm64 (as of Impala 4.0). Impala Requirements contains more detailed information on the minimum CPU requirements.
Impala runs on Linux systems only. The supported distros are
Other systems, e.g. SLES12, may also be supported but are not tested by the community.
This distribution uses cryptographic software and may be subject to export controls. Please refer to EXPORT_CONTROL.md for more information.
See Impala's developer documentation to get started.
Detailed build notes has some detailed information on the project layout and build.