Chenyu Zheng created SPARK-46566:
------------------------------------
Summary: Session levle config was not loaded when isolation is
enable.
Key: SPARK-46566
URL: https://issues.apache.org/jira/browse/SPARK-46566
Project: Spark
Issue Type: Improvement
Components: SQL
Affects Versions: 3.5.0
Reporter: Chenyu Zheng
I setup thriftserver based on v3.5.0, when I execute command, will throw this
error:
{code:java}
15:10:53.400 [HiveServer2-Handler-Pool: Thread-293] ERROR
org.apache.thrift.transport.TSaslTransport - SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed
## ignore very long stack trace ## {code}
With some debugging and analysis, I found that proxyuser should use token to
access metastore, but actually uses kerberos. The direct reason is that
"hive.metastore.token.signature" is lost.
In fact, we have set "hive.metastore.token.signature" to
"HiveServer2ImpersonationToken" for config when construct
HiveSessionImplwithUGI, and store the configuration in
HiveSessionImplwithUGI::sessionHive and HiveSessionImplwithUGI::sessionState
When session is acquire, we should set sessionState and sessionHive to
thread-level variables. Then the execution statements will use their own
sessionHive and sessionState, so use the right config.
But if isolation is enable, a new SessionState will be constructed using the
specified hive version. Config is not passed from
HiveSessionImplwithUGI::sessionState to this SessionState, so
hive.metastore.token.signature is missing.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
