vikramahuja1001 opened a new pull request, #5303: URL: https://github.com/apache/hive/pull/5303
<!-- Thanks for sending a pull request! Here are some tips for you: 1. If this is your first time, please read our contributor guidelines: https://cwiki.apache.org/confluence/display/Hive/HowToContribute 2. Ensure that you have created an issue on the Hive project JIRA: https://issues.apache.org/jira/projects/HIVE/summary 3. Ensure you have added or run the appropriate tests for your PR: 4. If the PR is unfinished, add '[WIP]' in your PR title, e.g., '[WIP]HIVE-XXXXX: Your PR title ...'. 5. Be sure to keep the PR description updated to reflect all changes. 6. Please write your PR title to summarize what this PR proposes. 7. If possible, provide a concise example to reproduce the issue for a faster review. --> ### What changes were proposed in this pull request? Adding three changes to fix this issue: 1. Rework expiry thread to not remove token after renewal time has passed for that particular token. It will actually try to renew the token in this case. 2. Individual calls to retrievePassword during the TSaslClientTransport auth will also try to renew the token if required before retrieving the password. 3. Added a fallback mechanism to retry opening HMS connection using TSaslClientTransport with Kerberos auth in case the previous call fails with DigestMD5 auth. <!-- Please clarify what changes you are proposing. The purpose of this section is to outline the changes and how this PR fixes the issue. If possible, please consider writing useful notes for better and faster reviews in your PR. See the examples below. 1. If you refactor some codes with changing classes, showing the class hierarchy will help reviewers. 4. If you fix some SQL features, you can provide some references of other DBMSes. 5. If there is design documentation, please add the link. 6. If there is a discussion in the mailing list, please add the link. --> ### Why are the changes needed? Facing DigestMD5 token expiry issue in a session which has been open since a long time when a new new connection is opened to HMS using TSaslClientTransport with DigestMD5 based auth. This issue is happening due to the fact that the new connection is trying to authenticate using the token identifier which is removed by the expiry thread in the background. <!-- Please clarify why the changes are needed. For instance, 1. If you propose a new API, clarify the use case for a new API. 2. If you fix a bug, you can clarify why it is a bug. --> ### Does this PR introduce _any_ user-facing change? No <!-- Note that it means *any* user-facing change including all aspects such as the documentation fix. If yes, please clarify the previous behavior and the change this PR proposes - provide the console output, description, screenshot and/or a reproducable example to show the behavior difference if possible. If possible, please also clarify if this is a user-facing change compared to the released Hive versions or within the unreleased branches such as master. If no, write 'No'. --> ### Is the change a dependency upgrade? No <!-- If yes, please attach a file with output from mvn dependency:tree to validate a complete upgrade of dependency. If no, write 'No'. --> ### How was this patch tested? Added a test case to check the expiry thread renewing the token automatically after some time and removing a token automatically after the token has expired. Tested the scenario on a machine with dedicated HMS, HS2 with Sasl enabled. Added a test case to test the complete scenario of creating a new HMSClient after another. <!-- If tests were added, say they were added here. Please make sure to add some test cases that check the changes thoroughly including negative and positive cases if possible. If it was tested in a way different from regular unit tests, please clarify how you tested step by step, ideally copy and paste-able, so that other reviewers can test and check, and descendants can verify in the future. If tests were not added, please describe why they were not added and/or why it was difficult to add. --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org