This is an automated email from the ASF dual-hosted git repository.
morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/master by this push:
new 08dd1f7af83 [Fix](Iceberg-hadoop-catalog)Fix Kerberos-authenticated
HadoopCatalog insert failures due to missing kerberos credentials (#51245)
08dd1f7af83 is described below
commit 08dd1f7af83608466edede9e0b84e4020d670945
Author: Calvin Kirs <guoqi...@selectdb.com>
AuthorDate: Wed May 28 20:52:29 2025 +0800
[Fix](Iceberg-hadoop-catalog)Fix Kerberos-authenticated HadoopCatalog
insert failures due to missing kerberos credentials (#51245)
### What problem does this PR solve?
When using HadoopCatalog with Kerberos authentication, write operations
fail during doCommit because the underlying FileSystem is accessed
without proper credentials.
This patch ensures that the Kerberos credentials are available during
commit-time FS operations, allowing data writes to succeed under
kerberos environments.
```
Caused by: org.apache.iceberg.exceptions.RuntimeIOException: Failed to
refresh the table at
org.apache.iceberg.hadoop.HadoopTableOperations.refresh(HadoopTableOperations.java:128)
~[iceberg-core-1.6.1.jar:?] at
org.apache.iceberg.Transactions.newTransaction(Transactions.java:63)
~[iceberg-core-1.6.1.jar:?] at
org.apache.iceberg.BaseTable.newTransaction(BaseTable.java:240)
~[iceberg-core-1.6.1.jar:?] at
org.apache.doris.datasource.iceberg.IcebergTransaction.beginInsert(Iceb [...]
```
---
.../datasource/iceberg/IcebergTransaction.java | 16 +++-
.../test_iceberg_hadoop_catalog_kerberos.groovy | 98 ++++++++++++++++++++++
2 files changed, 110 insertions(+), 4 deletions(-)
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/datasource/iceberg/IcebergTransaction.java
b/fe/fe-core/src/main/java/org/apache/doris/datasource/iceberg/IcebergTransaction.java
index d0cca11b0af..e36db86022e 100644
---
a/fe/fe-core/src/main/java/org/apache/doris/datasource/iceberg/IcebergTransaction.java
+++
b/fe/fe-core/src/main/java/org/apache/doris/datasource/iceberg/IcebergTransaction.java
@@ -73,10 +73,18 @@ public class IcebergTransaction implements Transaction {
}
}
- public void beginInsert(SimpleTableInfo tableInfo) {
- this.tableInfo = tableInfo;
- this.table = getNativeTable(tableInfo);
- this.transaction = table.newTransaction();
+ public void beginInsert(SimpleTableInfo tableInfo) throws UserException {
+ try {
+ ops.getPreExecutionAuthenticator().execute(() -> {
+ // create and start the iceberg transaction
+ this.tableInfo = tableInfo;
+ this.table = getNativeTable(tableInfo);
+ this.transaction = table.newTransaction();
+ });
+ } catch (Exception e) {
+ throw new UserException("Failed to begin insert for iceberg table
" + tableInfo, e);
+ }
+
}
public void finishInsert(SimpleTableInfo tableInfo,
Optional<InsertCommandContext> insertCtx) {
diff --git
a/regression-test/suites/external_table_p0/kerberos/test_iceberg_hadoop_catalog_kerberos.groovy
b/regression-test/suites/external_table_p0/kerberos/test_iceberg_hadoop_catalog_kerberos.groovy
new file mode 100644
index 00000000000..61b567e1d83
--- /dev/null
+++
b/regression-test/suites/external_table_p0/kerberos/test_iceberg_hadoop_catalog_kerberos.groovy
@@ -0,0 +1,98 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+suite("test_iceberg_hadoop_catalog_kerberos",
"p0,external,kerberos,external_docker,external_docker_kerberos") {
+ String enabled = context.config.otherConfigs.get("enableKerberosTest")
+ if (enabled == null || !enabled.equalsIgnoreCase("true")) {
+ return
+ }
+ def String catalog_name = "iceberg_hadoop_catalog_kerberos_test"
+ def database_name = "test_iceberg_hadoop_db"
+ def String test_tbl_name="iceberg_test_table"
+ def keytab_root_dir = "/keytabs"
+ String externalEnvIp = context.config.otherConfigs.get("externalEnvIp")
+ sql """
+ drop catalog if exists ${catalog_name}
+ """
+ sql """
+ CREATE CATALOG IF NOT EXISTS ${catalog_name}
+ PROPERTIES (
+ 'type'='iceberg',
+ 'iceberg.catalog.type' = 'hadoop',
+ 'warehouse' = 'hdfs://${externalEnvIp}:8520/tmp/iceberg/catalog',
+ "hadoop.security.authentication" = "kerberos",
+ "hadoop.security.auth_to_local" =
"RULE:[2:\$1@\$0](.*@LABS.TERADATA.COM)s/@.*//
+
RULE:[2:\$1@\$0](.*@OTHERLABS.TERADATA.COM)s/@.*//
+
RULE:[2:\$1@\$0](.*@OTHERREALM.COM)s/@.*//
+ DEFAULT",
+ "hadoop.kerberos.principal" =
"hive/presto-master.docker.clus...@labs.teradata.com",
+ "hadoop.kerberos.min.seconds.before.relogin" = "5",
+ "hadoop.kerberos.keytab.login.autorenewal.enabled" = "false",
+ "hadoop.kerberos.keytab" =
"${keytab_root_dir}/hive-presto-master.keytab",
+ "fs.defaultFS" = "hdfs://${externalEnvIp}:8520"
+ );
+ """
+
+ sql """ switch ${catalog_name} """
+ sql """ drop database if exists ${database_name} """
+ sql """ create database if not exists ${database_name} """
+ def database = sql """ show databases like '%${database_name}' """
+ assert database.size() == 1
+ sql """ use ${database_name} """
+ sql """ drop table if exists ${test_tbl_name}"""
+ sql """
+ CREATE TABLE ${test_tbl_name} (
+ `ts` DATETIME COMMENT 'ts',
+ `col1` BOOLEAN COMMENT 'col1',
+ `col2` INT COMMENT 'col2',
+ `col3` BIGINT COMMENT 'col3',
+ `col4` FLOAT COMMENT 'col4',
+ `col5` DOUBLE COMMENT 'col5',
+ `col6` DECIMAL(9,4) COMMENT 'col6',
+ `col7` STRING COMMENT 'col7',
+ `col8` DATE COMMENT 'col8',
+ `col9` DATETIME COMMENT 'col9',
+ `pt1` STRING COMMENT 'pt1',
+ `pt2` STRING COMMENT 'pt2'
+ ) ENGINE=iceberg
+ PARTITION BY LIST (DAY(ts), pt1, pt2) ()
+ PROPERTIES (
+ 'write-format'='orc',
+ 'compression-codec'='zlib'
+ );
+ """
+ def table = sql """ show tables like '%${test_tbl_name}' """
+ assert table.size() == 1
+ sql """
+ insert into ${test_tbl_name} values (
+ '2024-05-26 12:34:56',
+ true,
+ 123,
+ 1234567890123,
+ 12.34,
+ 56.789,
+ 12345.6789,
+ 'example text',
+ '2024-05-26',
+ '2024-05-26 14:00:00',
+ 'partition_val1',
+ 'partition_val2'
+ );
+ """
+ def dataResult = sql """select count(1) from ${test_tbl_name} """
+ assert dataResult.get(0).get(0) == 1
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
