From 99934e8cfa1219a0dbd47c095d228156d07352e8 Mon Sep 17 00:00:00 2001 From: fwang12 Date: Tue, 26 Oct 2021 01:52:55 +0800 Subject: [PATCH] [KYUUBI #1291] [TEST] Transfer KRB5_CONF to kinit and fix kerberos UT on macOS ### _Why are the changes needed?_ 1. transfer KRB5_CONF of KyuubiServer to kinit process in case the system KRB5_CONF is not same with `java.security.krb5.conf` of KyuubiServer JVM. 2. The UT with kerberos enabled KyuubiServer can not pass on osx environment, such as `KyuubiOperationKerberosAndPlainAuthSuite` (#1266). For the root cause, see details in https://stackoverflow.com/questions/27053539/openldap-kerberos-unable-to-reach-any-kdc-in-realm ### _How was this patch tested?_ `KyuubiOperationKerberosAndPlainAuthSuite` can pass on my MacBook, without this PR, it will fail on MacBook. Closes #1291 from turboFei/kinit_ut. Closes #1291 f0060545 [fwang12] complete KRB5_CONFIG 859538cb [fwang12] Make kerberos enabled kyuubi server unit test runnable for osx environment Authored-by: fwang12 Signed-off-by: Cheng Pan --- .../test/scala/org/apache/kyuubi/KerberizedTestHelper.scala | 2 ++ .../org/apache/kyuubi/server/KinitAuxiliaryService.scala | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/kyuubi-common/src/test/scala/org/apache/kyuubi/KerberizedTestHelper.scala b/kyuubi-common/src/test/scala/org/apache/kyuubi/KerberizedTestHelper.scala index ea032fdf820..87a9f68cd49 100644 --- a/kyuubi-common/src/test/scala/org/apache/kyuubi/KerberizedTestHelper.scala +++ b/kyuubi-common/src/test/scala/org/apache/kyuubi/KerberizedTestHelper.scala @@ -95,6 +95,8 @@ trait KerberizedTestHelper extends KyuubiFunSuite { if (s.contains("libdefaults")) { rewritten = true s + addedConfig + } else if (s.contains(hostName)) { + s + "\n" + s.replace(hostName, s"tcp/$hostName") } else { s }).filter(!_.trim.startsWith("#")).mkString(System.lineSeparator()) diff --git a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KinitAuxiliaryService.scala b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KinitAuxiliaryService.scala index e8d149b32cf..133007e2db4 100644 --- a/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KinitAuxiliaryService.scala +++ b/kyuubi-server/src/main/scala/org/apache/kyuubi/server/KinitAuxiliaryService.scala @@ -45,8 +45,12 @@ class KinitAuxiliaryService() extends AbstractService("KinitAuxiliaryService") { require(keytab.nonEmpty && principal.nonEmpty, "principal or keytab is missing") UserGroupInformation.loginUserFromKeytab(principal.get, keytab.get) + val krb5Conf = Option(System.getProperty("java.security.krb5.conf")) + .orElse(Option(System.getenv("KRB5_CONFIG"))) + .getOrElse("/etc/krb5.conf") val commands = Seq("kinit", "-kt", keytab.get, principal.get) val kinitProc = new ProcessBuilder(commands: _*).inheritIO() + kinitProc.environment().put("KRB5_CONFIG", krb5Conf) kinitTask = new Runnable { override def run(): Unit = { val process = kinitProc.start()