vanzin commented on a change in pull request #23338: [SPARK-25689][yarn] Make
driver, not AM, manage delegation tokens.
URL: https://github.com/apache/spark/pull/23338#discussion_r245087488
##########
File path:
core/src/main/scala/org/apache/spark/deploy/security/HiveDelegationTokenProvider.scala
##########
@@ -67,11 +67,11 @@ private[spark] class HiveDelegationTokenProvider
// Other modes (such as client with or without keytab, or cluster mode
with keytab) do not need
// a delegation token, since there's a valid kerberos TGT for the right
user available to the
// driver, which is the only process that connects to the HMS.
- val deployMode = sparkConf.get("spark.submit.deployMode", "client")
- UserGroupInformation.isSecurityEnabled &&
+ val currentToken =
UserGroupInformation.getCurrentUser().getCredentials().getToken(tokenAlias)
+ currentToken == null && UserGroupInformation.isSecurityEnabled &&
Review comment:
No, new DTs are create with empty UGI/Credentials instances, where no
previous tokens exist, and then new tokens overwrite the "current user"
credentials.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
