[GitHub] [spark] HeartSaVioR commented on a change in pull request #25760: [SPARK-29054][SS] Invalidate Kafka consumer when new delegation token available

Wed, 25 Sep 2019 23:17:00 -0700 

HeartSaVioR commented on a change in pull request #25760: [SPARK-29054][SS] 
Invalidate Kafka consumer when new delegation token available
URL: https://github.com/apache/spark/pull/25760#discussion_r328448641
 
 

 ##########
 File path: 
external/kafka-0-10-token-provider/src/main/scala/org/apache/spark/kafka010/KafkaTokenUtil.scala
 ##########
 @@ -288,4 +288,18 @@ private[spark] object KafkaTokenUtil extends Logging {
 
     params
   }
+
+  def isConnectorUsingCurrentToken(params: ju.Map[String, Object]): Boolean = {
+    if (params.containsKey(SaslConfigs.SASL_JAAS_CONFIG)) {
+      logDebug("Delegation token used by cached connector, checking if uses 
the latest token.")
+      val consumerJaasParams = 
params.get(SaslConfigs.SASL_JAAS_CONFIG).asInstanceOf[String]
+      val clusterConfig = 
KafkaTokenUtil.findMatchingTokenClusterConfig(SparkEnv.get.conf,
 
 Review comment:
   If my understanding is correct, given Spark doesn't allow a set of bootstrap 
server be matched against multiple cluster identifiers, "cluster identifier" 
could be used as a key to match a set of bootstrap server and vice versa. This 
seems to open a chance to reduce bunch of redundant calculations, as 
`findMatchingTokenClusterConfig` and `getClusterConfig` seems to do pretty much 
work and they seem to be called frequently.
   
   For example, we can find matching token from all tokens directly without 
comparing with heavy regex calculation with bootstrap server once we have 
cluster identifier. We can even cache latest updated JAAS config per cluster 
identifier (only if it doesn't make security issue at all) and then we can 
compare consumer's JAAS and latest JAAS directly.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to