Details
Blocker Description
KUDU-2259 introduced a regression which causes Spark to not work properly on secure clusters. The issue is the following:
- the driver calls exportAuthenticationCredentials()
- the client hasn't yet talked to the master, so it doesn't have any credentials yet, despite having a keytab available
- the code is as follows:
byte[] authnData = securityContext.exportAuthenticationCredentials(); if (authnData != null) { return Deferred.fromResult(authnData); } - previously, authnData would be null in this case, and it would fall through to connect to the cluster and then export a proper token.
- with the new implementation, an authnData is returned which is devoid of real credentials but contains a realUser. So, it's non-null, and it gets returned immediately
- the tasks then get credentials with no tokens and can't connect