Github user mridulm commented on a diff in the pull request:
https://github.com/apache/spark/pull/21178#discussion_r185406504
--- Diff:
sql/hive-thriftserver/src/main/scala/org/apache/spark/sql/hive/thriftserver/SparkSQLCLIService.scala
---
@@ -52,8 +52,22 @@ private[hive] class SparkSQLCLIService(hiveServer:
HiveServer2, sqlContext: SQLC
if (UserGroupInformation.isSecurityEnabled) {
try {
- HiveAuthFactory.loginFromKeytab(hiveConf)
- sparkServiceUGI = Utils.getUGI()
+ val principal =
hiveConf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL)
+ val keyTabFile =
hiveConf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB)
+ if (principal.isEmpty || keyTabFile.isEmpty) {
+ throw new IOException(
+ "HiveServer2 Kerberos principal or keytab is not correctly
configured")
+ }
+
+ val originalUgi = UserGroupInformation.getCurrentUser
--- End diff --
Assuming I understood your question @mgaido91, we use Utils.getUGI only
when we do an explicit login; else fallback on originalUgi (the current user).
This is because after a login, the instance of ugi changes from underneath
us in UserGroupInformation class.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
