Return-Path: <commits-return-28143-archive-asf-public=cust-asf.ponee.io@hive.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id E71A0200CAF
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 22 Jun 2017 23:00:51 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id E5F6C160BE7; Thu, 22 Jun 2017 21:00:51 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 34058160BD3
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 22 Jun 2017 23:00:51 +0200 (CEST)
Received: (qmail 24214 invoked by uid 500); 22 Jun 2017 21:00:50 -0000
Mailing-List: contact commits-help@hive.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@hive.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@hive.apache.org>
List-Post: <mailto:commits@hive.apache.org>
List-Id: <commits.hive.apache.org>
Reply-To: hive-dev@hive.apache.org
Delivered-To: mailing list commits@hive.apache.org
Received: (qmail 24203 invoked by uid 99); 22 Jun 2017 21:00:50 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Jun 2017 21:00:50 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id CA4DFDFE15; Thu, 22 Jun 2017 21:00:49 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: ctang@apache.org
To: commits@hive.apache.org
Message-Id: <fe9a496f51b745c18a95d540f0e8636a@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: hive git commit: HIVE-16930: HoS should verify the value of Kerberos
 principal and keytab file before adding them to spark-submit command
 parameters (Yibing Shi via Chaoyu Tang)
Date: Thu, 22 Jun 2017 21:00:49 +0000 (UTC)
archived-at: Thu, 22 Jun 2017 21:00:52 -0000

Repository: hive
Updated Branches:
  refs/heads/branch-2 3298e7f4d -> f4a8fef63


HIVE-16930: HoS should verify the value of Kerberos principal and keytab file before adding them to spark-submit command parameters (Yibing Shi via Chaoyu Tang)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/f4a8fef6
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/f4a8fef6
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/f4a8fef6

Branch: refs/heads/branch-2
Commit: f4a8fef6385c45550507331946e3b216f6ce7e81
Parents: 3298e7f
Author: Chaoyu Tang <ctang@cloudera.com>
Authored: Thu Jun 22 16:53:55 2017 -0400
Committer: Chaoyu Tang <ctang@cloudera.com>
Committed: Thu Jun 22 16:55:24 2017 -0400

----------------------------------------------------------------------
 .../hive/spark/client/SparkClientImpl.java      | 35 +++++++++++---------
 1 file changed, 19 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/f4a8fef6/spark-client/src/main/java/org/apache/hive/spark/client/SparkClientImpl.java
----------------------------------------------------------------------
diff --git a/spark-client/src/main/java/org/apache/hive/spark/client/SparkClientImpl.java b/spark-client/src/main/java/org/apache/hive/spark/client/SparkClientImpl.java
index d4b63f0..5c42bcc 100644
--- a/spark-client/src/main/java/org/apache/hive/spark/client/SparkClientImpl.java
+++ b/spark-client/src/main/java/org/apache/hive/spark/client/SparkClientImpl.java
@@ -54,6 +54,7 @@ import java.util.concurrent.Future;
 import java.util.concurrent.TimeoutException;
 import java.util.concurrent.atomic.AtomicInteger;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.hadoop.hive.conf.Constants;
 import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
@@ -405,22 +406,24 @@ class SparkClientImpl implements SparkClient {
         String principal = SecurityUtil.getServerPrincipal(hiveConf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL),
             "0.0.0.0");
         String keyTabFile = hiveConf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB);
-        if (hiveConf.getBoolVar(HiveConf.ConfVars.HIVE_SERVER2_ENABLE_DOAS)) {
-          List<String> kinitArgv = Lists.newLinkedList();
-          kinitArgv.add("kinit");
-          kinitArgv.add(principal);
-          kinitArgv.add("-k");
-          kinitArgv.add("-t");
-          kinitArgv.add(keyTabFile + ";");
-          kinitArgv.addAll(argv);
-          argv = kinitArgv;
-        } else {
-          // if doAs is not enabled, we pass the principal/keypad to spark-submit in order to
-          // support the possible delegation token renewal in Spark
-          argv.add("--principal");
-          argv.add(principal);
-          argv.add("--keytab");
-          argv.add(keyTabFile);
+        if (StringUtils.isNotBlank(principal) && StringUtils.isNotBlank(keyTabFile)) {
+          if (hiveConf.getBoolVar(HiveConf.ConfVars.HIVE_SERVER2_ENABLE_DOAS)) {
+            List<String> kinitArgv = Lists.newLinkedList();
+            kinitArgv.add("kinit");
+            kinitArgv.add(principal);
+            kinitArgv.add("-k");
+            kinitArgv.add("-t");
+            kinitArgv.add(keyTabFile + ";");
+            kinitArgv.addAll(argv);
+            argv = kinitArgv;
+          } else {
+            // if doAs is not enabled, we pass the principal/keypad to spark-submit in order to
+            // support the possible delegation token renewal in Spark
+            argv.add("--principal");
+            argv.add(principal);
+            argv.add("--keytab");
+            argv.add(keyTabFile);
+          }
         }
       }
       if (hiveConf.getBoolVar(HiveConf.ConfVars.HIVE_SERVER2_ENABLE_DOAS)) {