(kyuubi) branch master updated: [KYUUBI #5566][FOLLOWUP] Check InternalSecurityAccessor is initialized only when `kyuubi.engine.security.enabled` is true

Wed, 01 Nov 2023 06:51:45 -0700 

This is an automated email from the ASF dual-hosted git repository.

chengpan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kyuubi.git


The following commit(s) were added to refs/heads/master by this push:
     new 28fb0a779 [KYUUBI #5566][FOLLOWUP] Check InternalSecurityAccessor is 
initialized only when `kyuubi.engine.security.enabled` is true
28fb0a779 is described below

commit 28fb0a779d48366a20432fc4623166a5b525caae
Author: Cheng Pan <[email protected]>
AuthorDate: Wed Nov 1 21:51:32 2023 +0800

    [KYUUBI #5566][FOLLOWUP] Check InternalSecurityAccessor is initialized only 
when `kyuubi.engine.security.enabled` is true
    
    ### _Why are the changes needed?_
    
    Internal REST client should work when `kyuubi.engine.security.enabled` is 
`true`/`false`.
    
    The changes in https://github.com/apache/kyuubi/pull/5566 is not sufficient.
    
    `KyuubiRestAuthenticationSuite` covers the `true` case
    
    `BatchesV1ResourceSuite` and `BatchesV2ResourceSuite` cover the `false` case
    
    ### _How was this patch tested?_
    - [ ] Add some test cases that check the changes thoroughly including 
negative and positive cases if possible
    
    - [ ] Add screenshots for manual tests if appropriate
    
    - [x] [Run 
test](https://kyuubi.readthedocs.io/en/master/contributing/code/testing.html#running-tests)
 locally before make a pull request
    
    ### _Was this patch authored or co-authored using generative AI tooling?_
    
    No.
    
    Closes #5601 from pan3793/5566-followup.
    
    Closes #5566
    
    abb710609 [Cheng Pan] test
    3f9e735cc [Cheng Pan] [KYUUBI #5566][FOLLOWUP] Check 
InternalSecurityAccessor is initialized only when 
`kyuubi.engine.security.enabled` is true
    
    Authored-by: Cheng Pan <[email protected]>
    Signed-off-by: Cheng Pan <[email protected]>
---
 .../org/apache/kyuubi/server/api/v1/InternalRestClient.scala   |  8 +++++---
 .../org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala | 10 +---------
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git 
a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/InternalRestClient.scala
 
b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/InternalRestClient.scala
index a0a4bb21e..dbabc5882 100644
--- 
a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/InternalRestClient.scala
+++ 
b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/api/v1/InternalRestClient.scala
@@ -38,9 +38,11 @@ class InternalRestClient(
     socketTimeout: Int,
     connectTimeout: Int,
     securityEnabled: Boolean) {
-  require(
-    InternalSecurityAccessor.get() != null,
-    "Internal secure access across Kyuubi instances is not enabled")
+  if (securityEnabled) {
+    require(
+      InternalSecurityAccessor.get() != null,
+      "Internal secure access across Kyuubi instances is not enabled")
+  }
 
   private val internalBatchRestApi = new BatchRestApi(initKyuubiRestClient())
 
diff --git 
a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
 
b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
index 7270f68d6..9ad51cfda 100644
--- 
a/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
+++ 
b/kyuubi-server/src/test/scala/org/apache/kyuubi/server/api/v1/BatchesResourceSuite.scala
@@ -45,7 +45,7 @@ import 
org.apache.kyuubi.operation.OperationState.OperationState
 import org.apache.kyuubi.server.{KyuubiBatchService, KyuubiRestFrontendService}
 import 
org.apache.kyuubi.server.http.authentication.AuthenticationHandler.AUTHORIZATION_HEADER
 import org.apache.kyuubi.server.metadata.api.{Metadata, MetadataFilter}
-import org.apache.kyuubi.service.authentication.{InternalSecurityAccessor, 
KyuubiAuthenticationFactory}
+import org.apache.kyuubi.service.authentication.KyuubiAuthenticationFactory
 import org.apache.kyuubi.session.{KyuubiBatchSession, KyuubiSessionManager, 
SessionHandle, SessionType}
 
 class BatchesV1ResourceSuite extends BatchesResourceSuiteBase {
@@ -83,9 +83,6 @@ abstract class BatchesResourceSuiteBase extends KyuubiFunSuite
 
   override protected lazy val conf: KyuubiConf = {
     val kyuubiConf = KyuubiConf()
-      .set(KyuubiConf.ENGINE_SECURITY_ENABLED, true)
-      .set(KyuubiConf.ENGINE_SECURITY_SECRET_PROVIDER, "simple")
-      .set(KyuubiConf.SIMPLE_SECURITY_SECRET_PROVIDER_PROVIDER_SECRET, 
"ENGINE____SECRET")
       .set(KyuubiConf.BATCH_IMPL_VERSION, batchVersion)
       .set(
         KyuubiConf.SESSION_LOCAL_DIR_ALLOW_LIST,
@@ -94,11 +91,6 @@ abstract class BatchesResourceSuiteBase extends 
KyuubiFunSuite
     kyuubiConf
   }
 
-  override def beforeAll(): Unit = {
-    super.beforeAll()
-    InternalSecurityAccessor.initialize(conf, true)
-  }
-
   override def afterEach(): Unit = {
     val sessionManager = 
fe.be.sessionManager.asInstanceOf[KyuubiSessionManager]
     sessionManager.allSessions().foreach { session =>

Reply via email to