Github user squito commented on a diff in the pull request:
https://github.com/apache/spark/pull/20657#discussion_r172954706
--- Diff:
resource-managers/yarn/src/main/scala/org/apache/spark/deploy/yarn/Client.scala
---
@@ -93,11 +93,24 @@ private[spark] class Client(
private val distCacheMgr = new ClientDistributedCacheManager()
- private var loginFromKeytab = false
- private var principal: String = null
- private var keytab: String = null
- private var credentials: Credentials = null
- private var amKeytabFileName: String = null
+ private val principal = sparkConf.get(PRINCIPAL).orNull
+ private val keytab = sparkConf.get(KEYTAB).orNull
+ private val loginFromKeytab = principal != null
+ private val amKeytabFileName: String = {
+ require((principal == null) == (keytab == null),
+ "Both principal and keytab must be defined, or neither.")
+ if (loginFromKeytab) {
+ logInfo(s"Kerberos credentials: principal = $principal, keytab =
$keytab")
+ // Generate a file name that can be used for the keytab file, that
does not conflict
+ // with any user file.
+ new File(keytab).getName() + "-" + UUID.randomUUID().toString
+ } else {
+ null
+ }
+ }
+
+ // Defensive copy of the credentials
+ private val credentials = new
Credentials(UserGroupInformation.getCurrentUser.getCredentials)
--- End diff --
this appears to be unused. did you mean to use this in
`setupSecurityToken()`? not really sure what you're defending against with the
copy, perhaps that should go in the comment as well ... I see it was just in
the old code though.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
