From 8fcf6374f4f5923b8a5304428c121d45e3af0133 Mon Sep 17 00:00:00 2001 From: Nishant Bangarwa Date: Wed, 26 Feb 2020 21:58:39 +0530 Subject: [PATCH] [HIVE-22933] Add option to disable kerberos for druid --- common/src/java/org/apache/hadoop/hive/conf/HiveConf.java | 2 ++ .../org/apache/hadoop/hive/druid/DruidStorageHandler.java | 8 ++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index cfc90919c8..33de6518d6 100644 --- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -2915,6 +2915,8 @@ private static void populateLlapDaemonVarsSet(Set llapDaemonVarsSetLocal "Wait time in ms default to 30 seconds." ), HIVE_DRUID_BITMAP_FACTORY_TYPE("hive.druid.bitmap.type", "roaring", new PatternSet("roaring", "concise"), "Coding algorithm use to encode the bitmaps"), + HIVE_DRUID_KERBEROS_ENABLE("hive.druid.kerberos.enable", true, + "Enable/Disable Kerberos authentication explicitly while connecting to a druid cluster."), // For HBase storage handler HIVE_HBASE_WAL_ENABLED("hive.hbase.wal.enabled", true, "Whether writes to HBase should be forced to the write-ahead log. \n" + diff --git a/druid-handler/src/java/org/apache/hadoop/hive/druid/DruidStorageHandler.java b/druid-handler/src/java/org/apache/hadoop/hive/druid/DruidStorageHandler.java index fe55eff222..a09516fd30 100644 --- a/druid-handler/src/java/org/apache/hadoop/hive/druid/DruidStorageHandler.java +++ b/druid-handler/src/java/org/apache/hadoop/hive/druid/DruidStorageHandler.java @@ -85,6 +85,7 @@ import org.apache.hadoop.hive.metastore.api.Table; import org.apache.hadoop.hive.metastore.utils.MetaStoreUtils; import org.apache.hadoop.hive.ql.hooks.WriteEntity; +import org.apache.hadoop.hive.ql.metadata.Hive; import org.apache.hadoop.hive.ql.metadata.HiveStorageHandler; import org.apache.hadoop.hive.ql.metadata.StorageHandlerInfo; import org.apache.hadoop.hive.ql.plan.ExprNodeGenericFuncDesc; @@ -772,7 +773,8 @@ private static boolean safeNonRecursiveDelete(FileSystem fs, Path path) { } @Override public void configureJobConf(TableDesc tableDesc, JobConf jobConf) { - if (UserGroupInformation.isSecurityEnabled()) { + final boolean kerberosEnabled = HiveConf.getBoolVar(getConf(), HiveConf.ConfVars.HIVE_DRUID_KERBEROS_ENABLE); + if (kerberosEnabled && UserGroupInformation.isSecurityEnabled()) { // AM can not do Kerberos Auth so will do the input split generation in the HS2 LOG.debug("Setting {} to {} to enable split generation on HS2", HiveConf.ConfVars.HIVE_AM_SPLIT_GENERATION.toString(), @@ -941,7 +943,9 @@ private static HttpClient makeHttpClient(Lifecycle lifecycle) { .withNumConnections(numConnection) .withReadTimeout(new Period(readTimeout).toStandardDuration()) .build(), lifecycle); - if (UserGroupInformation.isSecurityEnabled()) { + final boolean kerberosEnabled = + HiveConf.getBoolVar(SessionState.getSessionConf(), HiveConf.ConfVars.HIVE_DRUID_KERBEROS_ENABLE); + if (kerberosEnabled && UserGroupInformation.isSecurityEnabled()) { LOG.info("building Kerberos Http Client"); return new KerberosHttpClient(httpClient); } -- 2.20.1 (Apple Git-117)