[GitHub] jtstorck commented on a change in pull request #3279: NIFI-5984: Enabled Kerberos Authentication for PutKudu

Mon, 04 Feb 2019 10:17:55 -0800 

jtstorck commented on a change in pull request #3279: NIFI-5984: Enabled 
Kerberos Authentication for PutKudu
URL: https://github.com/apache/nifi/pull/3279#discussion_r253582322
 
 

 ##########
 File path: 
nifi-nar-bundles/nifi-kudu-bundle/nifi-kudu-processors/src/main/java/org/apache/nifi/processors/kudu/PutKudu.java
 ##########
 @@ -181,21 +199,37 @@
 
 
     @OnScheduled
-    public void OnScheduled(final ProcessContext context) throws KuduException 
{
+    public void OnScheduled(final ProcessContext context) throws IOException {
         final String tableName = 
context.getProperty(TABLE_NAME).evaluateAttributeExpressions().getValue();
         final String kuduMasters = 
context.getProperty(KUDU_MASTERS).evaluateAttributeExpressions().getValue();
         operationType = 
OperationType.valueOf(context.getProperty(INSERT_OPERATION).getValue());
         batchSize = 
context.getProperty(BATCH_SIZE).evaluateAttributeExpressions().asInteger();
         flushMode = 
SessionConfiguration.FlushMode.valueOf(context.getProperty(FLUSH_MODE).getValue());
 
         getLogger().debug("Setting up Kudu connection...");
-        kuduClient = createClient(kuduMasters);
+        final KerberosCredentialsService credentialsService = 
context.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
+        kuduClient = createClient(kuduMasters, credentialsService);
         kuduTable = kuduClient.openTable(tableName);
         getLogger().debug("Kudu connection successfully initialized");
     }
 
-    protected KuduClient createClient(final String masters) {
-        return new KuduClient.KuduClientBuilder(masters).build();
+    protected KuduClient createClient(final String masters, final 
KerberosCredentialsService credentialsService) throws IOException {
+        if (credentialsService == null) {
+            return new KuduClient.KuduClientBuilder(masters).build();
+        }
+
+        final String keytab = credentialsService.getKeytab();
+        final String principal = credentialsService.getPrincipal();
+
+        // We do not have any Hadoop Configuration to use for this Processor. 
However, if we call UserGroupInformation.loginUserFromKeytab() it will return
 
 Review comment:
   Since I can't leave a comment on a line that was not modified in the PR, 
I'll add it here.  I think it's also important when the processor is stopped to 
log the principal out of the KDC, in the closeClient method.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to