From 58a69e884b872cf13ff65d9c2f5392d2736049f2 Mon Sep 17 00:00:00 2001 From: yuqi Date: Thu, 31 Oct 2024 14:37:37 +0800 Subject: [PATCH] set configuration `hive.metastore.sasl.enabled` automatically when kerberos is enabled. --- .../iceberg/integration/test/CatalogIcebergKerberosHiveIT.java | 2 -- .../gravitino/iceberg/common/utils/IcebergCatalogUtil.java | 2 ++ .../integration/test/IcebergRestKerberosHiveCatalogIT.java | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/catalogs/catalog-lakehouse-iceberg/src/test/java/org/apache/gravitino/catalog/lakehouse/iceberg/integration/test/CatalogIcebergKerberosHiveIT.java b/catalogs/catalog-lakehouse-iceberg/src/test/java/org/apache/gravitino/catalog/lakehouse/iceberg/integration/test/CatalogIcebergKerberosHiveIT.java index 1017ccb4e10..50db4f7513d 100644 --- a/catalogs/catalog-lakehouse-iceberg/src/test/java/org/apache/gravitino/catalog/lakehouse/iceberg/integration/test/CatalogIcebergKerberosHiveIT.java +++ b/catalogs/catalog-lakehouse-iceberg/src/test/java/org/apache/gravitino/catalog/lakehouse/iceberg/integration/test/CatalogIcebergKerberosHiveIT.java @@ -232,8 +232,6 @@ void testIcebergWithKerberosAndUserImpersonation() throws IOException { CATALOG_BYPASS_PREFIX + "hive.metastore.kerberos.principal", "hive/_HOST@HADOOPKRB" .replace("_HOST", containerSuite.getKerberosHiveContainer().getHostName())); - properties.put(CATALOG_BYPASS_PREFIX + "hive.metastore.sasl.enabled", "true"); - properties.put(IcebergConfig.CATALOG_BACKEND.getKey(), TYPE); properties.put(IcebergConfig.CATALOG_URI.getKey(), URIS); properties.put(IcebergConfig.CATALOG_WAREHOUSE.getKey(), WAREHOUSE); diff --git a/iceberg/iceberg-common/src/main/java/org/apache/gravitino/iceberg/common/utils/IcebergCatalogUtil.java b/iceberg/iceberg-common/src/main/java/org/apache/gravitino/iceberg/common/utils/IcebergCatalogUtil.java index 4e28eb7c830..bdd25e11819 100644 --- a/iceberg/iceberg-common/src/main/java/org/apache/gravitino/iceberg/common/utils/IcebergCatalogUtil.java +++ b/iceberg/iceberg-common/src/main/java/org/apache/gravitino/iceberg/common/utils/IcebergCatalogUtil.java @@ -20,6 +20,7 @@ import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION; import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION; +import static org.apache.hadoop.hive.conf.HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Preconditions; @@ -78,6 +79,7 @@ private static HiveCatalog loadHiveCatalog(IcebergConfig icebergConfig) { resultProperties.put(CatalogProperties.CLIENT_POOL_CACHE_KEYS, "USER_NAME"); hdfsConfiguration.set(HADOOP_SECURITY_AUTHORIZATION, "true"); hdfsConfiguration.set(HADOOP_SECURITY_AUTHENTICATION, "kerberos"); + hdfsConfiguration.set(METASTORE_USE_THRIFT_SASL.varname, "true"); hiveCatalog.setConf(hdfsConfiguration); hiveCatalog.initialize(icebergCatalogName, properties); diff --git a/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/integration/test/IcebergRestKerberosHiveCatalogIT.java b/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/integration/test/IcebergRestKerberosHiveCatalogIT.java index e647c59597b..e602700b267 100644 --- a/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/integration/test/IcebergRestKerberosHiveCatalogIT.java +++ b/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/integration/test/IcebergRestKerberosHiveCatalogIT.java @@ -115,7 +115,6 @@ Map getCatalogConfig() { configMap.put( "gravitino.iceberg-rest.authentication.kerberos.keytab-uri", tempDir + HIVE_METASTORE_CLIENT_KEYTAB); - configMap.put("gravitino.iceberg-rest.hive.metastore.sasl.enabled", "true"); configMap.put( "gravitino.iceberg-rest.hive.metastore.kerberos.principal", "hive/_HOST@HADOOPKRB"