[GitHub] [spark] gaborgsomogyi commented on a change in pull request #24305: [SPARK-27294][SS] Add multi-cluster Kafka delegation token

Mon, 06 May 2019 07:54:32 -0700 

gaborgsomogyi commented on a change in pull request #24305: [SPARK-27294][SS] 
Add multi-cluster Kafka delegation token
URL: https://github.com/apache/spark/pull/24305#discussion_r281220966
 
 

 ##########
 File path: 
external/kafka-0-10-token-provider/src/main/scala/org/apache/spark/kafka010/KafkaTokenUtil.scala
 ##########
 @@ -223,14 +236,27 @@ private[spark] object KafkaTokenUtil extends Logging {
     }
   }
 
-  def isTokenAvailable(): Boolean = {
-    UserGroupInformation.getCurrentUser().getCredentials.getToken(
-      KafkaTokenUtil.TOKEN_SERVICE) != null
+  def findMatchingToken(
+      sparkConf: SparkConf,
+      bootStrapServers: String): Option[KafkaTokenClusterConf] = {
+    val tokens = 
UserGroupInformation.getCurrentUser().getCredentials.getAllTokens.asScala
+    val clusterConfigs = tokens
+      .filter(_.getService().toString().startsWith(TOKEN_SERVICE_PREFIX))
+      .map { token =>
+        KafkaTokenSparkConf.getClusterConfig(sparkConf, 
getClusterIdentifier(token.getService()))
+      }
+      .filter { clusterConfig =>
+        val pattern = Pattern.compile(clusterConfig.targetServersRegex)
+        
Utils.stringToSeq(bootStrapServers).exists(pattern.matcher(_).matches())
 
 Review comment:
   > That way the regex doesn't need to match the servers listed in the "auth" 
config
   
   Not sure if I understand what you mean. `findMatchingToken` does the 
following:
   * Get all available tokens
   * Drops all non-Kafka tokens
   * Gets a valid Kafka cluster config for each token (tokens are obtained 
based on this config)
   * Does pattern matching agains the source/sink `bootstrap.servers`
   
   This code part is independent from "auth" list.
   
   You mean 2 step matching? Like first try to match against "auth" list and if 
not found try to match with regex?
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to