You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@spark.apache.org by mridulm <gi...@git.apache.org> on 2018/05/02 06:56:49 UTC

[GitHub] spark pull request #21178: [SPARK-24110][Thrift-Server] Avoid UGI.loginUserF...

Github user mridulm commented on a diff in the pull request:

    https://github.com/apache/spark/pull/21178#discussion_r185406504
  
    --- Diff: sql/hive-thriftserver/src/main/scala/org/apache/spark/sql/hive/thriftserver/SparkSQLCLIService.scala ---
    @@ -52,8 +52,22 @@ private[hive] class SparkSQLCLIService(hiveServer: HiveServer2, sqlContext: SQLC
     
         if (UserGroupInformation.isSecurityEnabled) {
           try {
    -        HiveAuthFactory.loginFromKeytab(hiveConf)
    -        sparkServiceUGI = Utils.getUGI()
    +        val principal = hiveConf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL)
    +        val keyTabFile = hiveConf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB)
    +        if (principal.isEmpty || keyTabFile.isEmpty) {
    +          throw new IOException(
    +            "HiveServer2 Kerberos principal or keytab is not correctly configured")
    +        }
    +
    +        val originalUgi = UserGroupInformation.getCurrentUser
    --- End diff --
    
    Assuming I understood your question @mgaido91, we use Utils.getUGI only when we do an explicit login; else fallback on originalUgi (the current user).
    
    This is because after a login, the instance of ugi changes from underneath us in UserGroupInformation class.


---

---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org