Re: [PR] Add kerberos related connection fields(principal, keytab) on SparkSubmitHook [airflow]

Sun, 14 Jul 2024 11:32:31 -0700 


nevcohen commented on code in PR #40757:
URL: https://github.com/apache/airflow/pull/40757#discussion_r1677180609


##########
airflow/providers/apache/spark/hooks/spark_submit.py:
##########
@@ -281,10 +310,57 @@ def _resolve_connection(self) -> dict[str, Any]:
     def get_conn(self) -> Any:
         pass
 
+    def _get_keytab_from_base64(self, base64_keytab: str, principal: str | 
None) -> str:
+        _uuid = uuid.uuid4()
+        temp_dir_path = Path(tempfile.gettempdir()).resolve()
+        temp_file_name = f"airflow_keytab-{principal or _uuid}"
+
+        keytab_path = temp_dir_path / temp_file_name
+        staging_path = temp_dir_path / f".{temp_file_name}.{_uuid}"
+
+        try:
+            keytab = base64.b64decode(base64_keytab)
+        except Exception as err:
+            self.log.error("Failed to decode base64 keytab: %s", err)
+            raise AirflowException("Failed to decode base64 keytab") from err
+
+        # validate exists keytab file
+        if keytab_path.exists():

Review Comment:
   Why would it exist if only a few lines ago you created this path?



##########
airflow/providers/apache/spark/hooks/spark_submit.py:
##########
@@ -236,6 +257,8 @@ def _resolve_connection(self) -> dict[str, Any]:
             "deploy_mode": None,
             "spark_binary": self.spark_binary or DEFAULT_SPARK_BINARY,
             "namespace": None,
+            "principal": None,
+            "keytab": None,

Review Comment:
   Why not separate them into two different connections? There can be many more 
than just one keytab and principal in each master



##########
airflow/providers/apache/spark/hooks/spark_submit.py:
##########
@@ -281,10 +310,57 @@ def _resolve_connection(self) -> dict[str, Any]:
     def get_conn(self) -> Any:
         pass
 
+    def _get_keytab_from_base64(self, base64_keytab: str, principal: str | 
None) -> str:

Review Comment:
   What does this func actually do? From what I understand the func creates a 
path and file for the base64 keytab and put it there? So u mean 
`_create_and_get_keytab_path_from_base64_keytab`?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to