gaborgsomogyi commented on code in PR #19825:
URL: https://github.com/apache/flink/pull/19825#discussion_r893378721
##########
flink-runtime/src/main/java/org/apache/flink/runtime/security/token/KerberosDelegationTokenManager.java:
##########
@@ -127,8 +170,62 @@ boolean isProviderLoaded(String serviceName) {
* Obtains new tokens in a one-time fashion and leaves it up to the caller
to distribute them.
*/
@Override
- public void obtainDelegationTokens(Credentials credentials) {
+ public void obtainDelegationTokens(Credentials credentials) throws
Exception {
LOG.info("Obtaining delegation tokens");
+
+ // Delegation tokens can only be obtained if the real user has
Kerberos credentials, so
+ // skip creation when those are not available.
+ if (kerberosLoginProvider.isLoginPossible()) {
+ UserGroupInformation freshUGI = kerberosLoginProvider.doLogin();
+ freshUGI.doAs(
+ (PrivilegedExceptionAction<Void>)
+ () -> {
+
obtainDelegationTokensAndGetNextRenewal(credentials);
+ return null;
+ });
+ LOG.info("Delegation tokens obtained successfully");
+ } else {
+ LOG.info("Real user has no kerberos credentials so no tokens
obtained");
+ }
+ }
+
+ protected long obtainDelegationTokensAndGetNextRenewal(Credentials
credentials) {
+ AtomicLong nextRenewal = new AtomicLong(Long.MAX_VALUE);
+
+ delegationTokenProviders
+ .values()
+ .forEach(
Review Comment:
Fixed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
