diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index 60ae06a49a..4f2ea9aa7a 100644 --- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -3033,6 +3033,8 @@ private static void populateLlapDaemonVarsSet(Set llapDaemonVarsSetLocal "Wait time in ms default to 30 seconds." ), HIVE_DRUID_BITMAP_FACTORY_TYPE("hive.druid.bitmap.type", "roaring", new PatternSet("roaring", "concise"), "Coding algorithm use to encode the bitmaps"), + HIVE_DRUID_KERBEROS_ENABLE("hive.druid.kerberos.enable", true, + "Enable/Disable Kerberos authentication explicitly while connecting to a druid cluster."), // For HBase storage handler HIVE_HBASE_WAL_ENABLED("hive.hbase.wal.enabled", true, "Whether writes to HBase should be forced to the write-ahead log. \n" + diff --git a/druid-handler/src/java/org/apache/hadoop/hive/druid/DruidStorageHandler.java b/druid-handler/src/java/org/apache/hadoop/hive/druid/DruidStorageHandler.java index beaf249d34..36b2cdf5ec 100644 --- a/druid-handler/src/java/org/apache/hadoop/hive/druid/DruidStorageHandler.java +++ b/druid-handler/src/java/org/apache/hadoop/hive/druid/DruidStorageHandler.java @@ -86,6 +86,7 @@ import org.apache.hadoop.hive.metastore.api.Table; import org.apache.hadoop.hive.metastore.utils.MetaStoreUtils; import org.apache.hadoop.hive.ql.hooks.WriteEntity; +import org.apache.hadoop.hive.ql.metadata.Hive; import org.apache.hadoop.hive.ql.metadata.HiveStorageHandler; import org.apache.hadoop.hive.ql.metadata.StorageHandlerInfo; import org.apache.hadoop.hive.ql.plan.ExprNodeGenericFuncDesc; @@ -760,7 +761,8 @@ private static boolean safeNonRecursiveDelete(FileSystem fs, Path path) { } @Override public void configureJobConf(TableDesc tableDesc, JobConf jobConf) { - if (UserGroupInformation.isSecurityEnabled()) { + final boolean kerberosEnabled = HiveConf.getBoolVar(getConf(), HiveConf.ConfVars.HIVE_DRUID_KERBEROS_ENABLE); + if (kerberosEnabled && UserGroupInformation.isSecurityEnabled()) { // AM can not do Kerberos Auth so will do the input split generation in the HS2 LOG.debug("Setting {} to {} to enable split generation on HS2", HiveConf.ConfVars.HIVE_AM_SPLIT_GENERATION.toString(), @@ -928,7 +930,9 @@ private static HttpClient makeHttpClient(Lifecycle lifecycle) { .withNumConnections(numConnection) .withReadTimeout(new Period(readTimeout).toStandardDuration()) .build(), lifecycle); - if (UserGroupInformation.isSecurityEnabled()) { + final boolean kerberosEnabled = + HiveConf.getBoolVar(SessionState.getSessionConf(), HiveConf.ConfVars.HIVE_DRUID_KERBEROS_ENABLE); + if (kerberosEnabled && UserGroupInformation.isSecurityEnabled()) { LOG.info("building Kerberos Http Client"); return new KerberosHttpClient(httpClient); }