Re: [PR] Implement HiveTBinaryFrontendService#RenewDelegationToken [kyuubi]

Mon, 27 Nov 2023 08:03:04 -0800 


pan3793 commented on code in PR #5784:
URL: https://github.com/apache/kyuubi/pull/5784#discussion_r1406391972


##########
externals/kyuubi-hive-sql-engine/src/main/scala/org/apache/kyuubi/engine/hive/HiveTBinaryFrontendService.scala:
##########
@@ -30,4 +38,39 @@ class HiveTBinaryFrontendService(override val serverable: 
Serverable)
       None
     }
   }
+
+  override def RenewDelegationToken(req: TRenewDelegationTokenReq): 
TRenewDelegationTokenResp = {
+    debug(req.toString)
+
+    // We hacked `TCLIService.Iface.RenewDelegationToken` to transfer 
Credentials from Kyuubi
+    // Server to Hive SQL engine
+    val resp = new TRenewDelegationTokenResp()
+    try {
+      renewDelegationToken(req.getDelegationToken)
+      resp.setStatus(OK_STATUS)
+    } catch {
+      case e: Exception =>
+        warn("Error renew delegation tokens: ", e)
+        resp.setStatus(KyuubiSQLException.toTStatus(e))
+    }
+    resp
+  }
+}
+
+object HiveTBinaryFrontendService {
+
+  def renewDelegationToken(tokenStr: String): Unit = {
+    val currentUser = UserGroupInformation.getCurrentUser
+    // `currentUser` is either `UserGroupInformation.getLoginUser` or a proxy 
user.
+    // If `currentUser` is a proxy user, it needs a HIVE_DELEGATION_TOKEN to 
pass
+    // HiveMetastoreClient authentication.
+    if (currentUser.getAuthenticationMethod == 
UserGroupInformation.AuthenticationMethod.PROXY) {
+      val newCreds = KyuubiHadoopUtils.decodeCredentials(tokenStr)
+      KyuubiHadoopUtils.getTokenMap(newCreds).values.find(_.getKind == new 
Text(
+          "HIVE_DELEGATION_TOKEN"))

Review Comment:
   ```suggestion
         KyuubiHadoopUtils.getTokenMap(newCreds).values
           .find(_.getKind == new Text("HIVE_DELEGATION_TOKEN"))
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to