Github user jerryshao commented on a diff in the pull request:
https://github.com/apache/spark/pull/21396#discussion_r190109928
--- Diff:
core/src/main/scala/org/apache/spark/deploy/security/HiveDelegationTokenProvider.scala
---
@@ -85,7 +85,10 @@ private[spark] class HiveDelegationTokenProvider
val principal = conf.getTrimmed(principalKey, "")
require(principal.nonEmpty, s"Hive principal $principalKey
undefined")
val metastoreUri = conf.getTrimmed("hive.metastore.uris", "")
- require(metastoreUri.nonEmpty, "Hive metastore uri undefined")
+ if (metastoreUri.isEmpty) {
--- End diff --
Same question as @vanzin , `delegationTokensRequired` should already check
whether `hive.metastore.uris` is empty or not, so it will not obtain the DT if
this `hive.metastore.uris` is not configured.
```scala
override def delegationTokensRequired(
sparkConf: SparkConf,
hadoopConf: Configuration): Boolean = {
// Delegation tokens are needed only when:
// - trying to connect to a secure metastore
// - either deploying in cluster mode without a keytab, or
impersonating another user
//
// Other modes (such as client with or without keytab, or cluster mode
with keytab) do not need
// a delegation token, since there's a valid kerberos TGT for the right
user available to the
// driver, which is the only process that connects to the HMS.
val deployMode = sparkConf.get("spark.submit.deployMode", "client")
UserGroupInformation.isSecurityEnabled &&
hiveConf(hadoopConf).getTrimmed("hive.metastore.uris", "").nonEmpty &&
(SparkHadoopUtil.get.isProxyUser(UserGroupInformation.getCurrentUser()) ||
(deployMode == "cluster" && !sparkConf.contains(KEYTAB)))
}
```
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
