You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kyuubi.apache.org by ch...@apache.org on 2021/10/25 17:53:37 UTC
[incubator-kyuubi] branch master updated: [KYUUBI #1291] [TEST]
Transfer KRB5_CONF to kinit and fix kerberos UT on macOS
This is an automated email from the ASF dual-hosted git repository.
chengpan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-kyuubi.git
The following commit(s) were added to refs/heads/master by this push:
new 99934e8 [KYUUBI #1291] [TEST] Transfer KRB5_CONF to kinit and fix kerberos UT on macOS
99934e8 is described below
commit 99934e8cfa1219a0dbd47c095d228156d07352e8
Author: fwang12 <fw...@ebay.com>
AuthorDate: Tue Oct 26 01:52:55 2021 +0800
[KYUUBI #1291] [TEST] Transfer KRB5_CONF to kinit and fix kerberos UT on macOS
### _Why are the changes needed?_
1. transfer KRB5_CONF of KyuubiServer to kinit process in case the system KRB5_CONF is not same with `java.security.krb5.conf` of KyuubiServer JVM.
2. The UT with kerberos enabled KyuubiServer can not pass on osx environment, such as `KyuubiOperationKerberosAndPlainAuthSuite` (#1266). For the root cause, see details in https://stackoverflow.com/questions/27053539/openldap-kerberos-unable-to-reach-any-kdc-in-realm
### _How was this patch tested?_
`KyuubiOperationKerberosAndPlainAuthSuite` can pass on my MacBook, without this PR, it will fail on MacBook.
Closes #1291 from turboFei/kinit_ut.
Closes #1291
f0060545 [fwang12] complete KRB5_CONFIG
859538cb [fwang12] Make kerberos enabled kyuubi server unit test runnable for osx environment
Authored-by: fwang12 <fw...@ebay.com>
Signed-off-by: Cheng Pan <ch...@apache.org>
---
.../src/test/scala/org/apache/kyuubi/KerberizedTestHelper.scala | 2 ++
.../main/scala/org/apache/kyuubi/server/KinitAuxiliaryService.scala | 4 ++++
2 files changed, 6 insertions(+)
diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/KerberizedTestHelper.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/KerberizedTestHelper.scala
index ea032fd..87a9f68 100644
--- a/kyuubi-common/src/test/scala/org/apache/kyuubi/KerberizedTestHelper.scala
+++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/KerberizedTestHelper.scala
@@ -95,6 +95,8 @@ trait KerberizedTestHelper extends KyuubiFunSuite {
if (s.contains("libdefaults")) {
rewritten = true
s + addedConfig
+ } else if (s.contains(hostName)) {
+ s + "\n" + s.replace(hostName, s"tcp/$hostName")
} else {
s
}).filter(!_.trim.startsWith("#")).mkString(System.lineSeparator())
diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KinitAuxiliaryService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KinitAuxiliaryService.scala
index e8d149b..133007e 100644
--- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KinitAuxiliaryService.scala
+++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KinitAuxiliaryService.scala
@@ -45,8 +45,12 @@ class KinitAuxiliaryService() extends AbstractService("KinitAuxiliaryService") {
require(keytab.nonEmpty && principal.nonEmpty, "principal or keytab is missing")
UserGroupInformation.loginUserFromKeytab(principal.get, keytab.get)
+ val krb5Conf = Option(System.getProperty("java.security.krb5.conf"))
+ .orElse(Option(System.getenv("KRB5_CONFIG")))
+ .getOrElse("/etc/krb5.conf")
val commands = Seq("kinit", "-kt", keytab.get, principal.get)
val kinitProc = new ProcessBuilder(commands: _*).inheritIO()
+ kinitProc.environment().put("KRB5_CONFIG", krb5Conf)
kinitTask = new Runnable {
override def run(): Unit = {
val process = kinitProc.start()