[GitHub] [incubator-doris] gtchaos commented on a diff in pull request #9512: [improvement](hive) Support read/write external hive table that authenticated by kerberos use libhdfs3

Wed, 11 May 2022 19:03:17 -0700 


gtchaos commented on code in PR #9512:
URL: https://github.com/apache/incubator-doris/pull/9512#discussion_r870886474


##########
fe/fe-core/src/main/java/org/apache/doris/catalog/HiveMetaStoreClientHelper.java:
##########
@@ -245,14 +248,24 @@ private static List<RemoteIterator<LocatedFileStatus>> 
getRemoteIterator(List<Pa
     private static List<RemoteIterator<LocatedFileStatus>> 
getRemoteIterator(Table table, Map<String, String> properties) throws 
DdlException {
         List<RemoteIterator<LocatedFileStatus>> iterators = new ArrayList<>();
         Configuration configuration = new Configuration(false);
+        boolean isSecurityEnabled = false;
         for (Map.Entry<String, String> entry : properties.entrySet()) {
             if (!entry.getKey().equals(HiveTable.HIVE_METASTORE_URIS)) {
                 configuration.set(entry.getKey(), entry.getValue());
             }
+            // login user from keytab
+            if (entry.getKey().contains("kerberos")) {
+                isSecurityEnabled = true;
+            }
         }
         String location = table.getSd().getLocation();
         org.apache.hadoop.fs.Path path = new 
org.apache.hadoop.fs.Path(location);
         try {
+            if (isSecurityEnabled) {
+                UserGroupInformation.setConfiguration(configuration);
+                
UserGroupInformation.loginUserFromKeytab(properties.get(BrokerUtil.HDFS_KERBEROS_PRINCIPAL),
+                    properties.get(BrokerUtil.HDFS_KERBEROS_KEYTAB));

Review Comment:
   the keytab content is binary encoded, if it is encoded into a string with 
base64, the user needs to deal with the string encoding problem separately, 
which is inconvenient to use. Instead, it is better to specify the keytab file 
path. I agree with the option to not support base64 encoding and I plan to 
remove this option (HDFS_KERBEROS_KEYTAB_WITH_BASE64)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to