XiaoJiang521 commented on code in PR #5424:
URL: https://github.com/apache/seatunnel/pull/5424#discussion_r1354388071
##########
seatunnel-connectors-v2/connector-jdbc/src/main/java/org/apache/seatunnel/connectors/seatunnel/jdbc/config/JdbcOptions.java:
##########
@@ -161,4 +161,31 @@ public interface JdbcOptions {
.enumType(FieldIdeEnum.class)
.noDefaultValue()
.withDescription("Whether case conversion is required");
+
+ Option<Boolean> USE_KERBEROS =
+ Options.key("use_kerberos")
+ .booleanType()
+ .defaultValue(false)
+ .withDescription("Whether to enable Kerberos, default is
false.");
+
+ Option<String> KERBEROS_PRINCIPAL =
+ Options.key("kerberos_principal")
+ .stringType()
+ .noDefaultValue()
+ .withDescription(
+ "When use kerberos, we should set kerberos
principal such as 'test_user@xxx'. ");
+
+ Option<String> KERBEROS_KEYTAB_PATH =
+ Options.key("kerberos_keytab_path")
+ .stringType()
+ .noDefaultValue()
+ .withDescription(
+ "When use kerberos, we should set kerberos
principal file path such as '/home/test/test_user.keytab'. ");
+
+ Option<String> KRB5_PATH =
+ Options.key("krb5_path")
Review Comment:
How about using the name kerberos_krb5_conf_path so that the
kerberos_keytab_path can be equivalent and also be more universal
##########
seatunnel-connectors-v2/connector-jdbc/src/main/java/org/apache/seatunnel/connectors/seatunnel/jdbc/internal/dialect/hive/HiveJdbcConnectionProvider.java:
##########
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.seatunnel.connectors.seatunnel.jdbc.internal.dialect.hive;
+
+import
org.apache.seatunnel.connectors.seatunnel.jdbc.config.JdbcConnectionConfig;
+import
org.apache.seatunnel.connectors.seatunnel.jdbc.exception.JdbcConnectorErrorCode;
+import
org.apache.seatunnel.connectors.seatunnel.jdbc.exception.JdbcConnectorException;
+import
org.apache.seatunnel.connectors.seatunnel.jdbc.internal.connection.SimpleJdbcConnectionProvider;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.UserGroupInformation;
+
+import lombok.NonNull;
+
+import java.io.IOException;
+import java.sql.Connection;
+import java.sql.Driver;
+import java.sql.SQLException;
+import java.util.Properties;
+
+import static
org.apache.seatunnel.connectors.seatunnel.jdbc.exception.JdbcConnectorErrorCode.KERBEROS_AUTHENTICATION_FAILED;
+
+public class HiveJdbcConnectionProvider extends SimpleJdbcConnectionProvider {
+
+ public HiveJdbcConnectionProvider(@NonNull JdbcConnectionConfig
jdbcConfig) {
+ super(jdbcConfig);
+ }
+
+ @Override
+ public Connection getOrEstablishConnection() throws SQLException,
ClassNotFoundException {
+ if (isConnectionValid()) {
+ return super.getConnection();
+ }
+ JdbcConnectionConfig jdbcConfig = super.jdbcConfig;
+ if (jdbcConfig.useKerberos) {
+ System.setProperty("java.security.krb5.conf", jdbcConfig.krb5Path);
+ Configuration configuration = new Configuration();
+ configuration.set("hadoop.security.authentication", "kerberos");
+ UserGroupInformation.setConfiguration(configuration);
+ try {
+ UserGroupInformation.loginUserFromKeytab(
+ jdbcConfig.kerberosPrincipal,
jdbcConfig.kerberosKeytabPath);
+ } catch (IOException e) {
+ throw new
JdbcConnectorException(KERBEROS_AUTHENTICATION_FAILED, e);
+ }
Review Comment:
And Later sink supports writing and can also reuse this kb util
##########
seatunnel-connectors-v2/connector-jdbc/src/main/java/org/apache/seatunnel/connectors/seatunnel/jdbc/internal/dialect/hive/HiveJdbcConnectionProvider.java:
##########
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.seatunnel.connectors.seatunnel.jdbc.internal.dialect.hive;
+
+import
org.apache.seatunnel.connectors.seatunnel.jdbc.config.JdbcConnectionConfig;
+import
org.apache.seatunnel.connectors.seatunnel.jdbc.exception.JdbcConnectorErrorCode;
+import
org.apache.seatunnel.connectors.seatunnel.jdbc.exception.JdbcConnectorException;
+import
org.apache.seatunnel.connectors.seatunnel.jdbc.internal.connection.SimpleJdbcConnectionProvider;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.UserGroupInformation;
+
+import lombok.NonNull;
+
+import java.io.IOException;
+import java.sql.Connection;
+import java.sql.Driver;
+import java.sql.SQLException;
+import java.util.Properties;
+
+import static
org.apache.seatunnel.connectors.seatunnel.jdbc.exception.JdbcConnectorErrorCode.KERBEROS_AUTHENTICATION_FAILED;
+
+public class HiveJdbcConnectionProvider extends SimpleJdbcConnectionProvider {
+
+ public HiveJdbcConnectionProvider(@NonNull JdbcConnectionConfig
jdbcConfig) {
+ super(jdbcConfig);
+ }
+
+ @Override
+ public Connection getOrEstablishConnection() throws SQLException,
ClassNotFoundException {
+ if (isConnectionValid()) {
+ return super.getConnection();
+ }
+ JdbcConnectionConfig jdbcConfig = super.jdbcConfig;
+ if (jdbcConfig.useKerberos) {
+ System.setProperty("java.security.krb5.conf", jdbcConfig.krb5Path);
+ Configuration configuration = new Configuration();
+ configuration.set("hadoop.security.authentication", "kerberos");
+ UserGroupInformation.setConfiguration(configuration);
+ try {
+ UserGroupInformation.loginUserFromKeytab(
+ jdbcConfig.kerberosPrincipal,
jdbcConfig.kerberosKeytabPath);
+ } catch (IOException e) {
+ throw new
JdbcConnectorException(KERBEROS_AUTHENTICATION_FAILED, e);
+ }
Review Comment:
public class HiveJdbcUtils {
public static synchronized void
doKerberosAuthentication(JdbcConnectionConfig jdbcConfig) {
String principal = jdbcConfig.kerberosPrincipal;
String keytabPath = jdbcConfig.kerberosKeytabPath;
String krb5Path = jdbcConfig.krb5Path;
System.setProperty("java.security.krb5.conf", krb5Path);
Configuration configuration = new Configuration();
if (StringUtils.isBlank(principal) ||
StringUtils.isBlank(keytabPath)) {
log.warn(
"Principal [{}] or keytabPath [{}] is empty, it will
skip kerberos authentication",
principal,
keytabPath);
} else {
configuration.set("hadoop.security.authentication", "kerberos");
UserGroupInformation.setConfiguration(configuration);
try {
log.info(
"Start Kerberos authentication using principal {}
and keytab {}",
principal,
keytabPath);
UserGroupInformation.loginUserFromKeytab(principal,
keytabPath);
log.info("Kerberos authentication successful");
} catch (IOException e) {
String errorMsg =
String.format(
"Kerberos authentication failed using this "
+ "principal [%s] and keytab path
[%s]",
principal, keytabPath);
throw new
JdbcConnectorException(KERBEROS_AUTHENTICATION_FAILED, errorMsg, e);
}
}
}
}
How about pulling out kb authentication this way, so that some logs are
added to ensure that multiple sets of kb authentication are used at the same
time
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
