Github user mridulm commented on a diff in the pull request:
https://github.com/apache/spark/pull/21178#discussion_r185423983
--- Diff:
sql/hive-thriftserver/src/main/scala/org/apache/spark/sql/hive/thriftserver/SparkSQLCLIService.scala
---
@@ -52,8 +52,22 @@ private[hive] class SparkSQLCLIService(hiveServer:
HiveServer2, sqlContext: SQLC
if (UserGroupInformation.isSecurityEnabled) {
try {
- HiveAuthFactory.loginFromKeytab(hiveConf)
- sparkServiceUGI = Utils.getUGI()
+ val principal =
hiveConf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL)
+ val keyTabFile =
hiveConf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB)
+ if (principal.isEmpty || keyTabFile.isEmpty) {
+ throw new IOException(
+ "HiveServer2 Kerberos principal or keytab is not correctly
configured")
+ }
+
+ val originalUgi = UserGroupInformation.getCurrentUser
--- End diff --
Ah ok, Utils.getUGI handles proxying in HS2 iirc - this is, currently, not
relevant in our case imo.
You are right, we could have simply used `Utils.getUGI` instead of
`UserGroupInformation.getCurrentUser` (it would have been more appropriate as
well).
Something to keep in mind in case users are relying on HADOOP_USER_NAME for
STS (highly doubt it, but you never know !)
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
