[GitHub] [incubator-kyuubi] bowenliang123 commented on a diff in pull request #3838: [KYUUBI #3839] [Feature] [Authz] Support session signing keypair and verifying session user on engine side

[GitBox <gi...@apache.org>]

bowenliang123 commented on code in PR #3838:
URL: https://github.com/apache/incubator-kyuubi/pull/3838#discussion_r1036881380


##########
externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/operation/SparkOperation.scala:
##########
@@ -193,6 +208,25 @@ abstract class SparkOperation(session: Session)
     // TODO: (fchen) make all operation support arrow
     getClass.getCanonicalName == classOf[ExecuteStatement].getCanonicalName
   }
+
+  protected def setSessionUserSign(): Unit = {
+    (
+      session.conf.get(KYUUBI_SESSION_SIGN_PUBLICKEY),
+      session.conf.get(KYUUBI_SESSION_USER_SIGN)) match {
+      case (Some(pubKey), Some(userSign)) =>
+        setSparkLocalProperty(KYUUBI_SESSION_SIGN_PUBLICKEY, pubKey)

Review Comment:
   It should work for SERVER share level as well.
   1. setting properties to SparkContext is to put value in a ThreadLocal prop holders, not sharing with other threads.
   2. `runInternal` is running  the code in synchronized, which means  `setSessionUserSign` and `claeaSessionUserSign` properly set/clear the properties in the same thread  right before/after the code excuted



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@kyuubi.apache.org
For additional commands, e-mail: notifications-help@kyuubi.apache.org