You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@doris.apache.org by GitBox <gi...@apache.org> on 2022/05/12 02:03:11 UTC

[GitHub] [incubator-doris] gtchaos commented on a diff in pull request #9512: [improvement](hive) Support read/write external hive table that authenticated by kerberos use libhdfs3

gtchaos commented on code in PR #9512:
URL: https://github.com/apache/incubator-doris/pull/9512#discussion_r870886474


##########
fe/fe-core/src/main/java/org/apache/doris/catalog/HiveMetaStoreClientHelper.java:
##########
@@ -245,14 +248,24 @@ private static List<RemoteIterator<LocatedFileStatus>> getRemoteIterator(List<Pa
     private static List<RemoteIterator<LocatedFileStatus>> getRemoteIterator(Table table, Map<String, String> properties) throws DdlException {
         List<RemoteIterator<LocatedFileStatus>> iterators = new ArrayList<>();
         Configuration configuration = new Configuration(false);
+        boolean isSecurityEnabled = false;
         for (Map.Entry<String, String> entry : properties.entrySet()) {
             if (!entry.getKey().equals(HiveTable.HIVE_METASTORE_URIS)) {
                 configuration.set(entry.getKey(), entry.getValue());
             }
+            // login user from keytab
+            if (entry.getKey().contains("kerberos")) {
+                isSecurityEnabled = true;
+            }
         }
         String location = table.getSd().getLocation();
         org.apache.hadoop.fs.Path path = new org.apache.hadoop.fs.Path(location);
         try {
+            if (isSecurityEnabled) {
+                UserGroupInformation.setConfiguration(configuration);
+                UserGroupInformation.loginUserFromKeytab(properties.get(BrokerUtil.HDFS_KERBEROS_PRINCIPAL),
+                    properties.get(BrokerUtil.HDFS_KERBEROS_KEYTAB));

Review Comment:
   the keytab content is binary encoded, if it is encoded into a string with base64, the user needs to deal with the string encoding problem separately, which is inconvenient to use. Instead, it is better to specify the keytab file path. I agree with the option to not support base64 encoding and I plan to remove this option (HDFS_KERBEROS_KEYTAB_WITH_BASE64)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org