[GitHub] incubator-livy pull request #107: [LIVY-494] Add thriftserver to Livy server
Github user mgaido91 commented on a diff in the pull request:
https://github.com/apache/incubator-livy/pull/107#discussion_r219769059
--- Diff: server/src/main/scala/org/apache/livy/server/LivyServer.scala ---
@@ -115,6 +117,16 @@ class LivyServer extends Logging {
error("Failed to run kinit, stopping the server.")
sys.exit(1)
}
+ // This is and should be the only place where a login() on the UGI
is performed.
--- End diff --
Actually this wouldn't really work as - for instance -
`UserGroupInformation.loginUserFromKeytabAndReturnUGI` is ok to be called, as
it doesn't perform a `UserGroupInformation.login()`. We can list all the APIs
which we should not call, but I am not sure it is worth.
---
[GitHub] incubator-livy pull request #107: [LIVY-494] Add thriftserver to Livy server
Github user asfgit closed the pull request at: https://github.com/apache/incubator-livy/pull/107 ---
[GitHub] incubator-livy pull request #107: [LIVY-494] Add thriftserver to Livy server
Github user vanzin commented on a diff in the pull request:
https://github.com/apache/incubator-livy/pull/107#discussion_r219612825
--- Diff: server/src/main/scala/org/apache/livy/server/LivyServer.scala ---
@@ -115,6 +117,16 @@ class LivyServer extends Logging {
error("Failed to run kinit, stopping the server.")
sys.exit(1)
}
+ // This is and should be the only place where a login() on the UGI
is performed.
--- End diff --
This should be pretty easy to check with a scalastyle rule that disallows
calls to `UserGroupInformation.login*` (and disabling the check around this
call). Not foolproof, but should catch inadvertent use at least.
---
