jedcunningham commented on code in PR #35146:
URL: https://github.com/apache/airflow/pull/35146#discussion_r1370605608
##########
airflow/security/kerberos.py:
##########
@@ -176,18 +189,25 @@ def detect_conf_var() -> bool:
return b"X-CACHECONF:" in file.read()
-def run(principal: str | None, keytab: str):
+def run(principal: str | None, keytab: str, mode: KerberosMode =
KerberosMode.DAEMON):
"""
Run the kerberos renewer.
:param principal: principal name
:param keytab: keytab file
+ :param mode: mode to run the airflow kerberos in
:return: None
"""
if not keytab:
log.warning("Keytab renewer not starting, no keytab configured")
sys.exit(0)
- while True:
+ log.info("Using airflow kerberos with mode: %s", mode.value)
+
+ if mode == KerberosMode.DAEMON:
+ while True:
+ renew_from_kt(principal, keytab)
+ time.sleep(conf.getint("kerberos", "reinit_frequency"))
+ elif mode == KerberosMode.ONE_TIME:
renew_from_kt(principal, keytab)
time.sleep(conf.getint("kerberos", "reinit_frequency"))
Review Comment:
```suggestion
```
##########
airflow/cli/cli_config.py:
##########
@@ -561,6 +561,7 @@ def string_lower_type(val):
# kerberos
ARG_PRINCIPAL = Arg(("principal",), help="kerberos principal", nargs="?")
ARG_KEYTAB = Arg(("-k", "--keytab"), help="keytab", nargs="?",
default=conf.get("kerberos", "keytab"))
+ARG_KERBEROS_MODE = Arg(("-m", "--mode"), help="mode to run airflow kerberos",
nargs="?", default="daemon")
Review Comment:
What if we didn't have "mode", but a "one-time" flag instead. I doubt we
will have another mode down the road and sidesteps the "normal/daemon/standard"
naming problem.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
