This is an automated email from the ASF dual-hosted git repository.
jinsongzhou pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/amoro.git
The following commit(s) were added to refs/heads/master by this push:
new 549f4b88a [AMORO-3309][Improvement] Support for terminal integration
with LDAP authentication in Kyuubi (#3309)
549f4b88a is described below
commit 549f4b88ae709182a1f32cd3f64a4e27768a834a
Author: Wang Tao <[email protected]>
AuthorDate: Tue Nov 5 11:15:53 2024 +0800
[AMORO-3309][Improvement] Support for terminal integration with LDAP
authentication in Kyuubi (#3309)
* Support for terminal integration with Kyuubi using LDAP authentication
* Support for terminal integration with Kyuubi using LDAP authentication
* support helm configuration
---
.../server/terminal/kyuubi/KyuubiTerminalSessionFactory.java | 11 +++++++++--
charts/amoro/templates/amoro-configmap.yaml | 3 +++
charts/amoro/values.yaml | 6 ++++++
docs/admin-guides/using-kyuubi.md | 12 ++++++++++++
4 files changed, 30 insertions(+), 2 deletions(-)
diff --git
a/amoro-ams/src/main/java/org/apache/amoro/server/terminal/kyuubi/KyuubiTerminalSessionFactory.java
b/amoro-ams/src/main/java/org/apache/amoro/server/terminal/kyuubi/KyuubiTerminalSessionFactory.java
index 965f34982..260758a85 100644
---
a/amoro-ams/src/main/java/org/apache/amoro/server/terminal/kyuubi/KyuubiTerminalSessionFactory.java
+++
b/amoro-ams/src/main/java/org/apache/amoro/server/terminal/kyuubi/KyuubiTerminalSessionFactory.java
@@ -48,6 +48,9 @@ public class KyuubiTerminalSessionFactory implements
TerminalSessionFactory {
public static ConfigOption<Boolean> KERBEROS_ENABLE =
ConfigOptions.key("kerberos.enabled").booleanType().defaultValue(false);
+ public static ConfigOption<Boolean> LDAP_ENABLE =
+ ConfigOptions.key("ldap.enabled").booleanType().defaultValue(false);
+
public static ConfigOption<Boolean> KERBEROS_PROXY_ENABLE =
ConfigOptions.key("kerberos.proxy.enabled")
.booleanType()
@@ -79,6 +82,7 @@ public class KyuubiTerminalSessionFactory implements
TerminalSessionFactory {
private String jdbcUrl;
private boolean kyuubiKerberosEnable;
private boolean proxyKerberosEnable;
+ private boolean ldapEnabled;
private String username;
private String password;
@@ -98,6 +102,7 @@ public class KyuubiTerminalSessionFactory implements
TerminalSessionFactory {
this.proxyKerberosEnable = properties.getBoolean(KERBEROS_PROXY_ENABLE);
this.username = properties.get(KYUUBI_USERNAME);
this.password = properties.get(KYUUBI_PASSWORD);
+ this.ldapEnabled = properties.get(LDAP_ENABLE);
try {
this.params = Utils.extractURLComponents(jdbcUrl, new Properties());
} catch (SQLException e) {
@@ -109,7 +114,7 @@ public class KyuubiTerminalSessionFactory implements
TerminalSessionFactory {
public TerminalSession create(TableMetaStore metaStore, Configurations
configuration) {
List<String> logs = Lists.newArrayList();
JdbcConnectionParams connectionParams = new
JdbcConnectionParams(this.params);
- if (metaStore.isKerberosAuthMethod()) {
+ if (!this.ldapEnabled && metaStore.isKerberosAuthMethod()) {
checkAndFillKerberosInfo(connectionParams, metaStore);
}
@@ -124,7 +129,9 @@ public class KyuubiTerminalSessionFactory implements
TerminalSessionFactory {
sessionConf.put("jdbc.url", kyuubiJdbcUrl);
Properties properties = new Properties();
- if (!metaStore.isKerberosAuthMethod() &&
Objects.nonNull(metaStore.getHadoopUsername())) {
+ if (!this.ldapEnabled
+ && !metaStore.isKerberosAuthMethod()
+ && Objects.nonNull(metaStore.getHadoopUsername())) {
properties.put(JdbcConnectionParams.AUTH_USER,
metaStore.getHadoopUsername());
sessionConf.put(JdbcConnectionParams.AUTH_USER,
metaStore.getHadoopUsername());
}
diff --git a/charts/amoro/templates/amoro-configmap.yaml
b/charts/amoro/templates/amoro-configmap.yaml
index 1ffb9710d..24d3a6744 100644
--- a/charts/amoro/templates/amoro-configmap.yaml
+++ b/charts/amoro/templates/amoro-configmap.yaml
@@ -99,6 +99,9 @@ data:
{{- if eq .Values.amoroConf.terminal.backend "local" }}
local.spark.sql.iceberg.handle-timestamp-without-timezone: {{
.Values.amoroConf.terminal.icebergHandleTimestampWithoutTimezone }}
{{- end }}
+ {{- if hasKey .Values.amoroConf.terminal "kyuubiLdapEnabled" }}
+ kyuubi.ldap.enabled: {{ .Values.amoroConf.terminal.kyuubiLdapEnabled}}
+ {{- end }}
{{- if eq .Values.amoroConf.terminal.backend "kyuubi" }}
kyuubi.jdbc.url: {{ .Values.amoroConf.terminal.kyuubiJdbcUrl | quote
}}
{{- end }}
diff --git a/charts/amoro/values.yaml b/charts/amoro/values.yaml
index 9e7681d7f..a7b937b8f 100644
--- a/charts/amoro/values.yaml
+++ b/charts/amoro/values.yaml
@@ -177,6 +177,12 @@ amoroConf:
## backend: kyuubi
## kyuubiJdbcUrl: jdbc:hive2://127.0.0.1:10009/
+ ## Kyuubi terminal backend configuration with ldap authentication.
+ ## terminal:
+ ## backend: kyuubi
+ ## kyuubiLdapEnabled: true
+ ##
kyuubiJdbcUrl:jdbc:hive2://127.0.0.1:10009/default?user=test;password=test;
+
## @param amoroDefaults The value (templated string) is used for conf.yaml
file
## ref:
https://github.com/apache/amoro/blob/master/dist/src/main/amoro-bin/conf/config.yaml
##
diff --git a/docs/admin-guides/using-kyuubi.md
b/docs/admin-guides/using-kyuubi.md
index f5768210e..44ccfde43 100644
--- a/docs/admin-guides/using-kyuubi.md
+++ b/docs/admin-guides/using-kyuubi.md
@@ -50,3 +50,15 @@ To execute SQL in Terminal, you can refer to the following
steps::
- Click the Execute button to run the SQL;
+
+## LDAP Authentication
+Except for the configuration of Kerberos authentication, everything else is
the same. You can integrate with LDAP using the following configuration:
+set kyuubi.ldap.enabled to true, and then specify the username and password
for LDAP in the URL.
+```shell
+ams:
+ terminal:
+ backend: kyuubi
+ kyuubi.ldap.enabled: true
+ kyuubi.jdbc.url:
jdbc:hive2://127.0.0.1:10009/default;user=test;password=test # kyuubi
Connection Address
+```
+
