[GitHub] nifi issue #2630: NIFI-5041 Adds SPNEGO authentication to LivySessionControl...

[mattyb149 <gi...@git.apache.org>]

Github user mattyb149 commented on the issue:

    https://github.com/apache/nifi/pull/2630
  
    The changes LGTM, and I tested on a secure cluster, verifying that I could connect, get a session, and execute some simple Scala/Spark code. However, when I tested with various unhappy paths including no Kerberos Credentials Service and a bad keytab, it seems we could be handling these situations better. 
    
    In the first case (no credentials), the /sessions endpoint will return HTML not JSON. This causes a bulletin to be issued, but the flow file is not penalized and/or the processor is not yielded, and the LivyControllerService thread to manage the sessions exits, meaning the flow will never proceed until the CS is restarted with the correct credentials. This could be considered a Livy bug (I didn't see an existing Jira), but we need to handle it for now.
    
    I believe something similar happens for a bad keytab, but I didn't trace it back to the manageSessions thread or anything. I think we need to ensure that the manageSessions() thread is always running while the CS is enabled, we can pass any exceptions back to the CS so when the processor makes a call to the CS, we can throw the appropriate exception, etc.


---