seyoon-lim commented on code in PR #40757:
URL: https://github.com/apache/airflow/pull/40757#discussion_r1678489823
##########
airflow/providers/apache/spark/hooks/spark_submit.py:
##########
@@ -281,10 +310,57 @@ def _resolve_connection(self) -> dict[str, Any]:
def get_conn(self) -> Any:
pass
+ def _get_keytab_from_base64(self, base64_keytab: str, principal: str |
None) -> str:
+ _uuid = uuid.uuid4()
+ temp_dir_path = Path(tempfile.gettempdir()).resolve()
+ temp_file_name = f"airflow_keytab-{principal or _uuid}"
+
+ keytab_path = temp_dir_path / temp_file_name
+ staging_path = temp_dir_path / f".{temp_file_name}.{_uuid}"
+
+ try:
+ keytab = base64.b64decode(base64_keytab)
+ except Exception as err:
+ self.log.error("Failed to decode base64 keytab: %s", err)
+ raise AirflowException("Failed to decode base64 keytab") from err
+
+ # validate exists keytab file
+ if keytab_path.exists():
Review Comment:
After considering the scenarios where a read might occur during a write
operation or a write might fail or some concurrency cases, I thought that it
would be safest to write to a staging file successfully first and then move it.
Additionally, the cases where writing occurs are when the keytab is not
present at the path or when the contents of the keytab at the path have changed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
