You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@spark.apache.org by GitBox <gi...@apache.org> on 2021/02/24 12:11:46 UTC

[GitHub] [spark] gaborgsomogyi commented on a change in pull request #31622: [SPARK-34497][SQL] Fix built-in JDBC connection providers to restore JVM security context changes

gaborgsomogyi commented on a change in pull request #31622:
URL: https://github.com/apache/spark/pull/31622#discussion_r581907430



##########
File path: sql/core/src/main/scala/org/apache/spark/sql/execution/datasources/jdbc/connection/DB2ConnectionProvider.scala
##########
@@ -34,15 +35,22 @@ private[sql] class DB2ConnectionProvider extends SecureConnectionProvider {
 
   override def getConnection(driver: Driver, options: Map[String, String]): Connection = {
     val jdbcOptions = new JDBCOptions(options)
-    setAuthenticationConfigIfNeeded(driver, jdbcOptions)
-    UserGroupInformation.loginUserFromKeytabAndReturnUGI(jdbcOptions.principal, jdbcOptions.keytab)
-      .doAs(
-        new PrivilegedExceptionAction[Connection]() {
-          override def run(): Connection = {
-            DB2ConnectionProvider.super.getConnection(driver, options)
+    val parent = Configuration.getConfiguration
+    try {
+      setAuthenticationConfig(parent, driver, jdbcOptions)
+      UserGroupInformation.loginUserFromKeytabAndReturnUGI(jdbcOptions.principal,
+        jdbcOptions.keytab)
+        .doAs(
+          new PrivilegedExceptionAction[Connection]() {
+            override def run(): Connection = {
+              DB2ConnectionProvider.super.getConnection(driver, options)
+            }
           }
-        }
-      )
+        )
+    } finally {
+      logDebug("Restoring original security configuration")
+      Configuration.setConfiguration(parent)
+    }

Review comment:
       Valid concern. While I was doing the changes I've tried to move out getting the parent and restoring the original outside of `getConnection` but the code was kinda' odd. Let me explain why. I see mainly 2 options to do this:
   1.
   ```
       val parent = Configuration.getConfiguration
       try {
         getConnection(driver, options) // <-- Here another Configuration.getConfiguration call is a little bit overkill
       } finally {
         logDebug("Restoring original security configuration")
         Configuration.setConfiguration(parent)
       }
   ```
   This option is technically correct because `SecurityConfigurationLock` makes sure obtaining the parent gives back the same result.
   
   2.
   ```
       val parent = Configuration.getConfiguration
       try {
         getConnection(parent, driver, options) // Creating such API change is also weird
       } finally {
         logDebug("Restoring original security configuration")
         Configuration.setConfiguration(parent)
       }
   ```
   If we would like to eliminate this boilerplate stuff I would bet on the first option. WDYT?
   Or if you have better idea welcome.
   




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org