You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2019/02/04 18:17:24 UTC
[GitHub] jtstorck commented on a change in pull request #3279: NIFI-5984: Enabled Kerberos Authentication for PutKudu

jtstorck commented on a change in pull request #3279: NIFI-5984: Enabled Kerberos Authentication for PutKudu
URL: https://github.com/apache/nifi/pull/3279#discussion_r253581708
 
 

 ##########
 File path: nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/PutKudu.java
 ##########
 @@ -181,21 +199,37 @@
 
 
     @OnScheduled
-    public void OnScheduled(final ProcessContext context) throws KuduException {
+    public void OnScheduled(final ProcessContext context) throws IOException {
         final String tableName = context.getProperty(TABLE_NAME).evaluateAttributeExpressions().getValue();
         final String kuduMasters = context.getProperty(KUDU_MASTERS).evaluateAttributeExpressions().getValue();
         operationType = OperationType.valueOf(context.getProperty(INSERT_OPERATION).getValue());
         batchSize = context.getProperty(BATCH_SIZE).evaluateAttributeExpressions().asInteger();
         flushMode = SessionConfiguration.FlushMode.valueOf(context.getProperty(FLUSH_MODE).getValue());
 
         getLogger().debug("Setting up Kudu connection...");
-        kuduClient = createClient(kuduMasters);
+        final KerberosCredentialsService credentialsService = context.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
+        kuduClient = createClient(kuduMasters, credentialsService);
         kuduTable = kuduClient.openTable(tableName);
         getLogger().debug("Kudu connection successfully initialized");
     }
 
-    protected KuduClient createClient(final String masters) {
-        return new KuduClient.KuduClientBuilder(masters).build();
+    protected KuduClient createClient(final String masters, final KerberosCredentialsService credentialsService) throws IOException {
+        if (credentialsService == null) {
+            return new KuduClient.KuduClientBuilder(masters).build();
+        }
+
+        final String keytab = credentialsService.getKeytab();
+        final String principal = credentialsService.getPrincipal();
+
+        // We do not have any Hadoop Configuration to use for this Processor. However, if we call UserGroupInformation.loginUserFromKeytab() it will return
 
 Review comment:
   Based on my previous comment about using KerberosAction in nifi-security-utils package org.apache.nifi.security.krb, along with KerberosUser, you can remove the dependency on hadoop-common.  Please see my Kerberized DBCPConnectionPool branch (https://github.com/jtstorck/nifi/tree/NIFI-5985) for an example.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services