This is an automated email from the ASF dual-hosted git repository.
zjffdu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new 0e82d6a [ZEPPELIN-5137]. Non-proxy mode doesn't work in hive kerbose
mode
0e82d6a is described below
commit 0e82d6a8d29d3e7f3ddf0ee825c3290149c39b0e
Author: Jeff Zhang <zjf...@apache.org>
AuthorDate: Thu Nov 19 11:55:06 2020 +0800
[ZEPPELIN-5137]. Non-proxy mode doesn't work in hive kerbose mode
### What is this PR for?
This feature is missing due to ZEPPELIN-5121, this PR is to enable this
feature.
### What type of PR is it?
[Bug Fix ]
### Todos
* [ ] - Task
### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-5137
### How should this be tested?
* CI pass
https://travis-ci.com/github/zjffdu/zeppelin/builds/203409234?utm_medium=notification&utm_source=email
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: Jeff Zhang <zjf...@apache.org>
Closes #3980 from zjffdu/ZEPPELIN-5137 and squashes the following commits:
b86f8f129 [Jeff Zhang] [ZEPPELIN-5137]. Non-proxy mode doesn't work in hive
kerbose mode
---
.../org/apache/zeppelin/jdbc/JDBCInterpreter.java | 61 ++++++++++++----------
jdbc/src/main/resources/interpreter-setting.json | 7 +++
2 files changed, 40 insertions(+), 28 deletions(-)
diff --git a/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java
b/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java
index fb89d5c..282d256 100644
--- a/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java
+++ b/jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java
@@ -495,7 +495,7 @@ public class JDBCInterpreter extends KerberosInterpreter {
public Connection getConnection(String dbPrefix, InterpreterContext context)
throws ClassNotFoundException, SQLException, InterpreterException,
IOException {
final String user = context.getAuthenticationInfo().getUser();
- Connection connection;
+ Connection connection = null;
if (dbPrefix == null || basePropertiesMap.get(dbPrefix) == null) {
return null;
}
@@ -505,37 +505,42 @@ public class JDBCInterpreter extends KerberosInterpreter {
final Properties properties =
jdbcUserConfigurations.getPropertyMap(dbPrefix);
String url = properties.getProperty(URL_KEY);
-
- if (isEmpty(getProperty("zeppelin.jdbc.auth.type"))) {
- connection = getConnectionFromPool(url, user, dbPrefix, properties);
- } else {
- UserGroupInformation.AuthenticationMethod authType =
- JDBCSecurityImpl.getAuthType(getProperties());
+ String connectionUrl = appendProxyUserToURL(url, user, dbPrefix);
- final String connectionUrl = appendProxyUserToURL(url, user, dbPrefix);
- JDBCSecurityImpl.createSecureConfiguration(getProperties(), authType);
-
- if (basePropertiesMap.get(dbPrefix).containsKey("proxy.user.property")) {
+ String authType = properties.getProperty("zeppelin.jdbc.auth.type",
"SIMPLE")
+ .trim().toUpperCase();
+ switch (authType) {
+ case "SIMPLE":
connection = getConnectionFromPool(connectionUrl, user, dbPrefix,
properties);
- } else {
- UserGroupInformation ugi = null;
- try {
- ugi = UserGroupInformation.createProxyUser(
- user, UserGroupInformation.getCurrentUser());
- } catch (Exception e) {
- LOGGER.error("Error in getCurrentUser", e);
- throw new InterpreterException("Error in getCurrentUser", e);
- }
+ break;
+ case "KERBEROS":
+ JDBCSecurityImpl.createSecureConfiguration(getProperties(),
+ UserGroupInformation.AuthenticationMethod.KERBEROS);
+ boolean isProxyEnabled = Boolean.parseBoolean(
+ getProperty("zeppelin.jdbc.auth.kerberos.proxy.enable",
"true"));
+ if (basePropertiesMap.get(dbPrefix).containsKey("proxy.user.property")
+ || !isProxyEnabled) {
+ connection = getConnectionFromPool(connectionUrl, user, dbPrefix,
properties);
+ } else {
+ UserGroupInformation ugi = null;
+ try {
+ ugi = UserGroupInformation.createProxyUser(
+ user, UserGroupInformation.getCurrentUser());
+ } catch (Exception e) {
+ LOGGER.error("Error in getCurrentUser", e);
+ throw new InterpreterException("Error in getCurrentUser", e);
+ }
- final String poolKey = dbPrefix;
- try {
- connection = ugi.doAs((PrivilegedExceptionAction<Connection>) () ->
- getConnectionFromPool(connectionUrl, user, poolKey,
properties));
- } catch (Exception e) {
- LOGGER.error("Error in doAs", e);
- throw new InterpreterException("Error in doAs", e);
+ final String poolKey = dbPrefix;
+ try {
+ connection = ugi.doAs((PrivilegedExceptionAction<Connection>) () ->
+ getConnectionFromPool(connectionUrl, user, poolKey,
properties));
+ } catch (Exception e) {
+ LOGGER.error("Error in doAs", e);
+ throw new InterpreterException("Error in doAs", e);
+ }
}
- }
+ break;
}
return connection;
diff --git a/jdbc/src/main/resources/interpreter-setting.json
b/jdbc/src/main/resources/interpreter-setting.json
index d020782..20c72cf 100644
--- a/jdbc/src/main/resources/interpreter-setting.json
+++ b/jdbc/src/main/resources/interpreter-setting.json
@@ -81,6 +81,13 @@
"description": "If auth type is needed, Example: KERBEROS",
"type": "string"
},
+ "zeppelin.jdbc.auth.kerberos.proxy.enable": {
+ "envName": null,
+ "propertyName": "zeppelin.jdbc.auth.kerberos.proxy.enable",
+ "defaultValue": "true",
+ "description": "When auth type is Kerberos, enable/disable Kerberos
proxy with the login user to get the connection. Default value is true.",
+ "type": "checkbox"
+ },
"zeppelin.jdbc.concurrent.use": {
"envName": null,
"propertyName": "zeppelin.jdbc.concurrent.use",
