Support kerberos authentication for Kudu connector

presto-kudu/pom.xml

@@ -23,6 +23,86 @@
             <version>${kudu.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-common</artifactId>
+            <version>2.6.0</version>
+            <exclusions>
+                <exclusion>
+                    <artifactId>jaxb-impl</artifactId>
+                    <groupId>com.sun.xml.bind</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>commons-beanutils-core</artifactId>
+                    <groupId>commons-beanutils</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>commons-codec</artifactId>
+                    <groupId>commons-codec</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>commons-lang</artifactId>
+                    <groupId>commons-lang</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>commons-logging</artifactId>
+                    <groupId>commons-logging</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>netty</artifactId>
+                    <groupId>io.netty</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>servlet-api</artifactId>
+                    <groupId>javax.servlet</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>httpclient</artifactId>
+                    <groupId>org.apache.httpcomponents</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>httpcore</artifactId>
+                    <groupId>org.apache.httpcomponents</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>jackson-core-asl</artifactId>
+                    <groupId>org.codehaus.jackson</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>jackson-mapper-asl</artifactId>
+                    <groupId>org.codehaus.jackson</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>jdk.tools</artifactId>
+                    <groupId>jdk.tools</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>jasper-compiler</artifactId>
+                    <groupId>tomcat</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>slf4j-log4j12</artifactId>
+                    <groupId>org.slf4j</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>log4j</artifactId>
+                    <groupId>log4j</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>jersey-server</artifactId>
+                    <groupId>com.sun.jersey</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>jersey-core</artifactId>
+                    <groupId>com.sun.jersey</groupId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>asm</artifactId>
+                    <groupId>asm</groupId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
         <dependency>
             <groupId>com.facebook.airlift</groupId>
             <artifactId>bootstrap</artifactId>

presto-kudu/src/main/java/com/facebook/presto/kudu/KuduClientConfig.java

@@ -40,6 +40,10 @@ public class KuduClientConfig
     private boolean disableStatistics;
     private boolean schemaEmulationEnabled;
     private String schemaEmulationPrefix = "presto::";
+    private boolean kerberosAuthEnabled;
+    private String kerberosPrincipal;
+    private String kerberosKeytab;
+    private boolean kerberosAuthDebugEnabled;
 
     @NotNull
     @Size(min = 1)
@@ -138,4 +142,52 @@ public KuduClientConfig setSchemaEmulationEnabled(boolean enabled)
         this.schemaEmulationEnabled = enabled;
         return this;
     }
+
+    public boolean isKerberosAuthEnabled()
+    {
+        return kerberosAuthEnabled;
+    }
+
+    @Config("kudu.kerberos-auth.enabled")
+    public KuduClientConfig setKerberosAuthEnabled(boolean enabled)
+    {
+        this.kerberosAuthEnabled = enabled;
+        return this;
+    }
+
+    public String getKerberosPrincipal()
+    {
+        return kerberosPrincipal;
+    }
+
+    @Config("kudu.kerberos-auth.principal")
+    public KuduClientConfig setKerberosPrincipal(String principal)
+    {
+        this.kerberosPrincipal = principal;
+        return this;
+    }
+
+    public String getKerberosKeytab()
+    {
+        return kerberosKeytab;
+    }
+
+    @Config("kudu.kerberos-auth.keytab")
+    public KuduClientConfig setKerberosKeytab(String keytab)
+    {
+        this.kerberosKeytab = keytab;
+        return this;
+    }
+
+    public boolean isKerberosAuthDebugEnabled()
+    {
+        return kerberosAuthDebugEnabled;
+    }
+
+    @Config("kudu.kerberos-auth.debug.enabled")
+    public KuduClientConfig setKerberosAuthDebugEnabled(boolean enabled)
+    {
+        this.kerberosAuthDebugEnabled = enabled;
+        return this;
+    }
 }

presto-kudu/src/main/java/com/facebook/presto/kudu/KuduClientSession.java

@@ -64,6 +64,7 @@
 import java.util.stream.Collectors;
 import java.util.stream.IntStream;
 
+import static com.facebook.presto.kudu.KuduUtil.reTryKerberos;
 import static com.facebook.presto.spi.StandardErrorCode.GENERIC_INTERNAL_ERROR;
 import static com.facebook.presto.spi.StandardErrorCode.QUERY_REJECTED;
 import static com.google.common.collect.ImmutableList.toImmutableList;
@@ -85,6 +86,7 @@ public KuduClientSession(KuduConnectorId connectorId, KuduClient client, SchemaE
 
     public List<String> listSchemaNames()
     {
+        reTryKerberos();
         return schemaEmulation.listSchemaNames(client);
     }
 
@@ -105,6 +107,7 @@ private List<String> internalListTables(String prefix)
 
     public List<SchemaTableName> listTables(Optional<String> optSchemaName)
     {
+        reTryKerberos();
         if (optSchemaName.isPresent()) {
             return listTablesSingleSchema(optSchemaName.get());
         }
@@ -130,18 +133,21 @@ private List<SchemaTableName> listTablesSingleSchema(String schemaName)
 
     public Schema getTableSchema(KuduTableHandle tableHandle)
     {
+        reTryKerberos();
         KuduTable table = tableHandle.getTable(this);
         return table.getSchema();
     }
 
     public Map<String, Object> getTableProperties(KuduTableHandle tableHandle)
     {
+        reTryKerberos();
         KuduTable table = tableHandle.getTable(this);
         return KuduTableProperties.toMap(table);
     }
 
     public List<KuduSplit> buildKuduSplits(KuduTableLayoutHandle layoutHandle)
     {
+        reTryKerberos();
         KuduTableHandle tableHandle = layoutHandle.getTableHandle();
         KuduTable table = tableHandle.getTable(this);
         final int primaryKeyColumnCount = table.getSchema().getPrimaryKeyColumnCount();
@@ -185,6 +191,7 @@ public List<KuduSplit> buildKuduSplits(KuduTableLayoutHandle layoutHandle)
 
     public KuduScanner createScanner(KuduSplit kuduSplit)
     {
+        reTryKerberos();
         try {
             return KuduScanToken.deserializeIntoScanner(kuduSplit.getSerializedScanToken(), client);
         }
@@ -195,6 +202,7 @@ public KuduScanner createScanner(KuduSplit kuduSplit)
 
     public KuduTable openTable(SchemaTableName schemaTableName)
     {
+        reTryKerberos();
         String rawName = schemaEmulation.toRawName(schemaTableName);
         try {
             return client.openTable(rawName);
@@ -210,21 +218,25 @@ public KuduTable openTable(SchemaTableName schemaTableName)
 
     public KuduSession newSession()
     {
+        reTryKerberos();
         return client.newSession();
     }
 
     public void createSchema(String schemaName)
     {
+        reTryKerberos();
         schemaEmulation.createSchema(client, schemaName);
     }
 
     public void dropSchema(String schemaName)
     {
+        reTryKerberos();
         schemaEmulation.dropSchema(client, schemaName);
     }
 
     public void dropTable(SchemaTableName schemaTableName)
     {
+        reTryKerberos();
         try {
             String rawName = schemaEmulation.toRawName(schemaTableName);
             client.deleteTable(rawName);
@@ -236,6 +248,7 @@ public void dropTable(SchemaTableName schemaTableName)
 
     public void renameTable(SchemaTableName schemaTableName, SchemaTableName newSchemaTableName)
     {
+        reTryKerberos();
         try {
             String rawName = schemaEmulation.toRawName(schemaTableName);
             String newRawName = schemaEmulation.toRawName(newSchemaTableName);
@@ -250,6 +263,7 @@ public void renameTable(SchemaTableName schemaTableName, SchemaTableName newSche
 
     public KuduTable createTable(ConnectorTableMetadata tableMetadata, boolean ignoreExisting)
     {
+        reTryKerberos();
         try {
             String rawName = schemaEmulation.toRawName(tableMetadata.getTable());
             if (ignoreExisting) {
@@ -276,6 +290,7 @@ public KuduTable createTable(ConnectorTableMetadata tableMetadata, boolean ignor
 
     public void addColumn(SchemaTableName schemaTableName, ColumnMetadata column)
     {
+        reTryKerberos();
         try {
             String rawName = schemaEmulation.toRawName(schemaTableName);
             AlterTableOptions alterOptions = new AlterTableOptions();
@@ -290,6 +305,7 @@ public void addColumn(SchemaTableName schemaTableName, ColumnMetadata column)
 
     public void dropColumn(SchemaTableName schemaTableName, String name)
     {
+        reTryKerberos();
         try {
             String rawName = schemaEmulation.toRawName(schemaTableName);
             AlterTableOptions alterOptions = new AlterTableOptions();
@@ -303,6 +319,7 @@ public void dropColumn(SchemaTableName schemaTableName, String name)
 
     public void renameColumn(SchemaTableName schemaTableName, String oldName, String newName)
     {
+        reTryKerberos();
         try {
             String rawName = schemaEmulation.toRawName(schemaTableName);
             AlterTableOptions alterOptions = new AlterTableOptions();
@@ -316,11 +333,13 @@ public void renameColumn(SchemaTableName schemaTableName, String oldName, String
 
     public void addRangePartition(SchemaTableName schemaTableName, RangePartition rangePartition)
     {
+        reTryKerberos();
         changeRangePartition(schemaTableName, rangePartition, RangePartitionChange.ADD);
     }
 
     public void dropRangePartition(SchemaTableName schemaTableName, RangePartition rangePartition)
     {
+        reTryKerberos();
         changeRangePartition(schemaTableName, rangePartition, RangePartitionChange.DROP);
     }
 

presto-kudu/src/main/java/com/facebook/presto/kudu/KuduModule.java

@@ -91,14 +91,14 @@ KuduClientSession createKuduClientSession(
     {
         requireNonNull(config, "config is null");
 
-        KuduClient.KuduClientBuilder builder = new KuduClient.KuduClientBuilder(config.getMasterAddresses());
-        builder.defaultAdminOperationTimeoutMs(config.getDefaultAdminOperationTimeout().toMillis());
-        builder.defaultOperationTimeoutMs(config.getDefaultOperationTimeout().toMillis());
-        builder.defaultSocketReadTimeoutMs(config.getDefaultSocketReadTimeout().toMillis());
-        if (config.isDisableStatistics()) {
-            builder.disableStatistics();
+        KuduClient client;
+        if (!config.isKerberosAuthEnabled()) {
+            client = KuduUtil.getKuduClient(config);
+        }
+        else {
+            KuduUtil.initKerberosENV(config.getKerberosPrincipal(), config.getKerberosKeytab(), config.isKerberosAuthDebugEnabled());
+            client = KuduUtil.getKuduKerberosClient(config);
         }
-        KuduClient client = builder.build();
 
         SchemaEmulation strategy;
         if (config.isSchemaEmulationEnabled()) {