This is an automated email from the ASF dual-hosted git repository. elserj pushed a commit to branch branch-2 in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2 by this push: new 2728821 HBASE-26212 Expose configuration to enable/disable AuthUtil (#3619) 2728821 is described below commit 2728821e62ec882619642b9ea0fa5913c3167ec9 Author: Josh Elser <els...@apache.org> AuthorDate: Mon Aug 23 20:23:52 2021 -0400 HBASE-26212 Expose configuration to enable/disable AuthUtil (#3619) In some situations, a caller may know that it is properly managing the Kerberos ticket to talk to HBase. In these situations, it's possible that AuthUtil still tries to do renewals, but just fails repeatedly to do so. Give a configuration flag for such clients to be able to tell AuthUtil to simply stop trying. Signed-off-by: Duo Zhang <zhang...@apache.org> --- .../hadoop/hbase/client/AsyncConnectionImpl.java | 2 +- .../hbase/client/ConnectionImplementation.java | 2 +- .../java/org/apache/hadoop/hbase/AuthUtil.java | 22 +++++++++++++++++++--- 3 files changed, 21 insertions(+), 5 deletions(-) diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/AsyncConnectionImpl.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/AsyncConnectionImpl.java index 2653361..2ed7399 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/AsyncConnectionImpl.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/AsyncConnectionImpl.java @@ -171,7 +171,7 @@ class AsyncConnectionImpl implements AsyncConnection { private void spawnRenewalChore(final UserGroupInformation user) { ChoreService service = getChoreService(); - service.scheduleChore(AuthUtil.getAuthRenewalChore(user)); + service.scheduleChore(AuthUtil.getAuthRenewalChore(user, conf)); } /** diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/ConnectionImplementation.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/ConnectionImplementation.java index 936f7f5..33f92ed 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/client/ConnectionImplementation.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/client/ConnectionImplementation.java @@ -374,7 +374,7 @@ class ConnectionImplementation implements ClusterConnection, Closeable { private void spawnRenewalChore(final UserGroupInformation user) { ChoreService service = getChoreService(); - service.scheduleChore(AuthUtil.getAuthRenewalChore(user)); + service.scheduleChore(AuthUtil.getAuthRenewalChore(user, conf)); } /** diff --git a/hbase-common/src/main/java/org/apache/hadoop/hbase/AuthUtil.java b/hbase-common/src/main/java/org/apache/hadoop/hbase/AuthUtil.java index d8d4f78..95dfdd2 100644 --- a/hbase-common/src/main/java/org/apache/hadoop/hbase/AuthUtil.java +++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/AuthUtil.java @@ -90,6 +90,10 @@ public final class AuthUtil { /** Client principal */ public static final String HBASE_CLIENT_KERBEROS_PRINCIPAL = "hbase.client.keytab.principal"; + /** Configuration to automatically try to renew keytab-based logins */ + public static final String HBASE_CLIENT_AUTOMATIC_KEYTAB_RENEWAL_KEY = "hbase.client.keytab.automatic.renewal"; + public static final boolean HBASE_CLIENT_AUTOMATIC_KEYTAB_RENEWAL_DEFAULT = true; + private AuthUtil() { super(); } @@ -189,8 +193,8 @@ public final class AuthUtil { * @return a ScheduledChore for renewals. */ @InterfaceAudience.Private - public static ScheduledChore getAuthRenewalChore(final UserGroupInformation user) { - if (!user.hasKerberosCredentials()) { + public static ScheduledChore getAuthRenewalChore(final UserGroupInformation user, Configuration conf) { + if (!user.hasKerberosCredentials() || !isAuthRenewalChoreEnabled(conf)) { return null; } @@ -221,8 +225,11 @@ public final class AuthUtil { */ @Deprecated public static ScheduledChore getAuthChore(Configuration conf) throws IOException { + if (!isAuthRenewalChoreEnabled(conf)) { + return null; + } User user = loginClientAsService(conf); - return getAuthRenewalChore(user.getUGI()); + return getAuthRenewalChore(user.getUGI(), conf); } private static Stoppable createDummyStoppable() { @@ -271,4 +278,13 @@ public final class AuthUtil { public static String toGroupEntry(String name) { return GROUP_PREFIX + name; } + + /** + * Returns true if the chore to automatically renew Kerberos tickets (from + * keytabs) should be started. The default is true. + */ + static boolean isAuthRenewalChoreEnabled(Configuration conf) { + return conf.getBoolean(HBASE_CLIENT_AUTOMATIC_KEYTAB_RENEWAL_KEY, + HBASE_CLIENT_AUTOMATIC_KEYTAB_RENEWAL_DEFAULT); + } }