You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@spark.apache.org by mridulm <gi...@git.apache.org> on 2018/05/02 06:56:49 UTC
[GitHub] spark pull request #21178: [SPARK-24110][Thrift-Server] Avoid UGI.loginUserF...
Github user mridulm commented on a diff in the pull request:
https://github.com/apache/spark/pull/21178#discussion_r185406504
--- Diff: sql/hive-thriftserver/src/main/scala/org/apache/spark/sql/hive/thriftserver/SparkSQLCLIService.scala ---
@@ -52,8 +52,22 @@ private[hive] class SparkSQLCLIService(hiveServer: HiveServer2, sqlContext: SQLC
if (UserGroupInformation.isSecurityEnabled) {
try {
- HiveAuthFactory.loginFromKeytab(hiveConf)
- sparkServiceUGI = Utils.getUGI()
+ val principal = hiveConf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL)
+ val keyTabFile = hiveConf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB)
+ if (principal.isEmpty || keyTabFile.isEmpty) {
+ throw new IOException(
+ "HiveServer2 Kerberos principal or keytab is not correctly configured")
+ }
+
+ val originalUgi = UserGroupInformation.getCurrentUser
--- End diff --
Assuming I understood your question @mgaido91, we use Utils.getUGI only when we do an explicit login; else fallback on originalUgi (the current user).
This is because after a login, the instance of ugi changes from underneath us in UserGroupInformation class.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org