gaborgsomogyi commented on a change in pull request #31622:
URL: https://github.com/apache/spark/pull/31622#discussion_r581907430
##########
File path:
sql/core/src/main/scala/org/apache/spark/sql/execution/datasources/jdbc/connection/DB2ConnectionProvider.scala
##########
@@ -34,15 +35,22 @@ private[sql] class DB2ConnectionProvider extends
SecureConnectionProvider {
override def getConnection(driver: Driver, options: Map[String, String]):
Connection = {
val jdbcOptions = new JDBCOptions(options)
- setAuthenticationConfigIfNeeded(driver, jdbcOptions)
-
UserGroupInformation.loginUserFromKeytabAndReturnUGI(jdbcOptions.principal,
jdbcOptions.keytab)
- .doAs(
- new PrivilegedExceptionAction[Connection]() {
- override def run(): Connection = {
- DB2ConnectionProvider.super.getConnection(driver, options)
+ val parent = Configuration.getConfiguration
+ try {
+ setAuthenticationConfig(parent, driver, jdbcOptions)
+
UserGroupInformation.loginUserFromKeytabAndReturnUGI(jdbcOptions.principal,
+ jdbcOptions.keytab)
+ .doAs(
+ new PrivilegedExceptionAction[Connection]() {
+ override def run(): Connection = {
+ DB2ConnectionProvider.super.getConnection(driver, options)
+ }
}
- }
- )
+ )
+ } finally {
+ logDebug("Restoring original security configuration")
+ Configuration.setConfiguration(parent)
+ }
Review comment:
Valid concern. While I was doing the changes I've tried to move out
getting the parent and restoring the original outside of `getConnection` but
the code was kinda' odd. Let me explain why. I see mainly 2 options to do this:
1.
```
val parent = Configuration.getConfiguration
try {
getConnection(driver, options) // <-- Here another
Configuration.getConfiguration call is a little bit overkill
} finally {
logDebug("Restoring original security configuration")
Configuration.setConfiguration(parent)
}
```
This option is technically correct because `SecurityConfigurationLock` makes
sure obtaining the parent gives back the same result.
2.
```
val parent = Configuration.getConfiguration
try {
getConnection(parent, driver, options) // Creating such API change is
also weird
} finally {
logDebug("Restoring original security configuration")
Configuration.setConfiguration(parent)
}
```
If we would like to eliminate this boilerplate stuff I would bet on the
first option. WDYT?
Or if you have better idea welcome.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
