[kudu-CR] [java-client]: support for Kerberized RPC

Dan Burkert (Code Review) Fri, 18 Nov 2016 18:56:18 -0800

Hello Jean-Daniel Cryans, Todd Lipcon,

I'd like you to do a code review.  Please visit


    http://gerrit.cloudera.org:8080/5150

to review the following change.

Change subject: [java-client]: support for Kerberized RPC
......................................................................

[java-client]: support for Kerberized RPC

This commit adds initial support for connecting to a Kerberized cluster
with the Java client. The application is required to be have an active
login context which contains a subject with Kerberos credentials when
creating the KuduClient to connect to a secured cluster. For example:

```java
// Create a login context ensuring that Kerberos credentials are set, and login.
LoginContext context = new LoginContext(...);
context.login();

// Create a new Kudu client in the privileged context.
KuduClient client = Subject.doAs(context.getSubject(), new 
PrivilegedAction<KuduClient>() {
    @Override
    public KuduClient run() {
        new KuduClient.KuduClientBuilder(...).build();
    }
});
```

Once the KuduClient is created, the login context is no longer
necessary. This commit does not add a configuration option to ensure the
client rejects connecting to an insecure cluster, that may come in a
follow-up commit.

Testing:

One test is included in TestMiniKuduCluster which explicitly enables
Kerberos authentication and tests that the client can connect. I also
manually switched BaseKuduTest to use a Kerberized cluster, and verified
that tests in TestKuduClient and TestKuduTable which didn't create their
own (uncredentialed) clients passed. I'll leave it to a follow up commit
to figure out how to automate running the full test suite against a
secure cluster.

Change-Id: I5131edb1f2bda443f7980a4aad86362666b3b6f5
---
M java/kudu-client/src/main/java/org/apache/kudu/client/AsyncKuduClient.java
M java/kudu-client/src/main/java/org/apache/kudu/client/SecureRpcHelper.java
M java/kudu-client/src/main/java/org/apache/kudu/client/TabletClient.java
M java/kudu-client/src/test/java/org/apache/kudu/client/MiniKdc.java
M java/kudu-client/src/test/java/org/apache/kudu/client/MiniKuduCluster.java
M java/kudu-client/src/test/java/org/apache/kudu/client/TestMiniKdc.java
M java/kudu-client/src/test/java/org/apache/kudu/client/TestMiniKuduCluster.java
M java/kudu-client/src/test/java/org/apache/kudu/client/TestUtils.java
M java/kudu-client/src/test/resources/flags
M src/kudu/integration-tests/external_mini_cluster.h
M src/kudu/rpc/sasl_server.cc
11 files changed, 340 insertions(+), 187 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/50/5150/1
-- 
To view, visit http://gerrit.cloudera.org:8080/5150
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5131edb1f2bda443f7980a4aad86362666b3b6f5
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <[email protected]>
Gerrit-Reviewer: Jean-Daniel Cryans <[email protected]>
Gerrit-Reviewer: Todd Lipcon <[email protected]>

[kudu-CR] [java-client]: support for Kerberized RPC

Reply via email to