Chenyu Zheng created SPARK-46566: ------------------------------------ Summary: Session levle config was not loaded when isolation is enable. Key: SPARK-46566 URL: https://issues.apache.org/jira/browse/SPARK-46566 Project: Spark Issue Type: Improvement Components: SQL Affects Versions: 3.5.0 Reporter: Chenyu Zheng
I setup thriftserver based on v3.5.0, when I execute command, will throw this error: {code:java} 15:10:53.400 [HiveServer2-Handler-Pool: Thread-293] ERROR org.apache.thrift.transport.TSaslTransport - SASL negotiation failure javax.security.sasl.SaslException: GSS initiate failed ## ignore very long stack trace ## {code} With some debugging and analysis, I found that proxyuser should use token to access metastore, but actually uses kerberos. The direct reason is that "hive.metastore.token.signature" is lost. In fact, we have set "hive.metastore.token.signature" to "HiveServer2ImpersonationToken" for config when construct HiveSessionImplwithUGI, and store the configuration in HiveSessionImplwithUGI::sessionHive and HiveSessionImplwithUGI::sessionState When session is acquire, we should set sessionState and sessionHive to thread-level variables. Then the execution statements will use their own sessionHive and sessionState, so use the right config. But if isolation is enable, a new SessionState will be constructed using the specified hive version. Config is not passed from HiveSessionImplwithUGI::sessionState to this SessionState, so hive.metastore.token.signature is missing. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org