Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TEST] Transfer KRB5_CONF to kinit and fix kerberos UT on macOS #1291

Closed
wants to merge 2 commits into from
Closed

[TEST] Transfer KRB5_CONF to kinit and fix kerberos UT on macOS #1291

wants to merge 2 commits into from

Conversation

turboFei
Copy link
Member

@turboFei turboFei commented Oct 25, 2021
edited
Loading

Why are the changes needed?

  1. transfer KRB5_CONF of KyuubiServer to kinit process in case the system KRB5_CONF is not same with java.security.krb5.conf of KyuubiServer JVM.
  2. The UT with kerberos enabled KyuubiServer can not pass on osx environment, such as KyuubiOperationKerberosAndPlainAuthSuite ([KYUUBI #1262] Support both KERBEROS and PLAIN authentication at the same time #1266). For the root cause, see details in https://stackoverflow.com/questions/27053539/openldap-kerberos-unable-to-reach-any-kdc-in-realm

How was this patch tested?

KyuubiOperationKerberosAndPlainAuthSuite can pass on my MacBook, without this PR, it will fail on MacBook.

@turboFei turboFei changed the title Make kinit command could run for osx environment Make kinit command runnable run for osx environment with KDC testing Oct 25, 2021
@turboFei turboFei changed the title Make kinit command runnable run for osx environment with KDC testing Make kinit command runnable for osx environment with KDC testing Oct 25, 2021
@turboFei turboFei changed the title Make kinit command runnable for osx environment with KDC testing Make kerberos enabled kyuubi server unit test runnable for osx environment Oct 25, 2021
@codecov-commenter
Copy link

codecov-commenter commented Oct 25, 2021
edited
Loading

Codecov Report

Merging #1291 (f006054) into master (ccb8117) will increase coverage by 0.00%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #1291   +/-   ##
=========================================
  Coverage     78.27%   78.27%           
  Complexity      110      110           
=========================================
  Files           177      177           
  Lines          7103     7108    +5     
  Branches        874      874           
=========================================
+ Hits           5560     5564    +4     
- Misses         1063     1064    +1     
  Partials        480      480
Impacted Files Coverage Δ
...g/apache/kyuubi/server/KinitAuxiliaryService.scala 66.66% <100.00%> (+1.96%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ccb8117...f006054. Read the comment docs.

turboFei
turboFei commented Oct 25, 2021
View reviewed changes
kyuubi-server/src/main/scala/org/apache/kyuubi/server/KinitAuxiliaryService.scala Outdated
@@ -45,7 +45,8 @@ class KinitAuxiliaryService() extends AbstractService("KinitAuxiliaryService") {

require(keytab.nonEmpty && principal.nonEmpty, "principal or keytab is missing")
UserGroupInformation.loginUserFromKeytab(principal.get, keytab.get)
val commands = Seq("kinit", "-kt", keytab.get, principal.get)
val krb5Conf = System.getProperty("java.security.krb5.conf")
val commands = Seq(s"env KRB5_CONFIG=$krb5Conf", "kinit", "-kt", keytab.get, principal.get)
Copy link
Member Author

@turboFei turboFei Oct 25, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for the commands executed in processBuilder, its default KRB5_CONFIG is not same with the value of java.security.krb5.conf of KyuubiServer JVM.

@turboFei turboFei self-assigned this Oct 25, 2021
@turboFei turboFei added the bug label Oct 25, 2021
@turboFei turboFei changed the title Make kerberos enabled kyuubi server unit test runnable for osx environment Transfer KRB5_CONF of KyuubiServer to kint process and make kerberos enabled kyuubi server unit test runnable for osx env Oct 25, 2021
@turboFei turboFei added the test label Oct 25, 2021
@turboFei turboFei changed the title Transfer KRB5_CONF of KyuubiServer to kint process and make kerberos enabled kyuubi server unit test runnable for osx env Transfer KRB5_CONF of KyuubiServer to kinit process and make kerberos enabled kyuubi server unit test runnable for osx env Oct 25, 2021
@pan3793 pan3793 changed the title Transfer KRB5_CONF of KyuubiServer to kinit process and make kerberos enabled kyuubi server unit test runnable for osx env [TEST] Transfer KRB5_CONF to kinit and fix kerberos UT on macOS Oct 25, 2021
@pan3793 pan3793 added this to the v1.4.0 milestone Oct 25, 2021
@pan3793
Copy link
Member

pan3793 commented Oct 25, 2021

Thanks, merging to master

@pan3793 pan3793 closed this in 99934e8 Oct 25, 2021
yaooqinn
yaooqinn reviewed Oct 26, 2021
View reviewed changes
kyuubi-server/src/main/scala/org/apache/kyuubi/server/KinitAuxiliaryService.scala
@@ -45,8 +45,12 @@ class KinitAuxiliaryService() extends AbstractService("KinitAuxiliaryService") {

require(keytab.nonEmpty && principal.nonEmpty, "principal or keytab is missing")
UserGroupInformation.loginUserFromKeytab(principal.get, keytab.get)
val krb5Conf = Option(System.getProperty("java.security.krb5.conf"))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shall we get it from KyuubiConf?

yaooqinn
yaooqinn reviewed Oct 26, 2021
View reviewed changes
kyuubi-server/src/main/scala/org/apache/kyuubi/server/KinitAuxiliaryService.scala
@@ -45,8 +45,12 @@ class KinitAuxiliaryService() extends AbstractService("KinitAuxiliaryService") {

require(keytab.nonEmpty && principal.nonEmpty, "principal or keytab is missing")
UserGroupInformation.loginUserFromKeytab(principal.get, keytab.get)
val krb5Conf = Option(System.getProperty("java.security.krb5.conf"))
.orElse(Option(System.getenv("KRB5_CONFIG")))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shall we add KRB5_CONFIG to kyuubi-env.sh.template?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yaooqinn yaooqinn yaooqinn left review comments

@pan3793 pan3793 pan3793 approved these changes

@zjffdu zjffdu Awaiting requested review from zjffdu

Assignees

@turboFei turboFei

Labels
None yet
Projects
None yet
Milestone
v1.4.0
Development

Successfully merging this pull request may close these issues.
5 participants
@turboFei @codecov-commenter @pan3793 @zjffdu @yaooqinn