Merge branch 'feat_1.10_impalaSinkKerberos_mergedDev' into 'v1.10.0_dev'

Feat 1.10 impala sink kerberos merged dev

See merge request dt-insight-engine/flinkStreamSQL!97

Author: zoudaokoulife

core/src/test/java/com/dtstack/flink/sql/util/KrbUtilsTest.java

@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.dtstack.flink.sql.util;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+/**
+ * @program: flinkStreamSQL
+ * @author: wuren
+ * @create: 2020/09/14
+ **/
+public class KrbUtilsTest {
+    @Test
+    public void testGetUgi() throws IOException {
+        String principal = "";
+        String keytabPath = "";
+        String krb5confPath = "";
+        try {
+            KrbUtils.getUgi(principal, keytabPath, krb5confPath);
+        } catch (IllegalArgumentException e) {
+            Assert.assertEquals(e.getMessage(), "Can't get Kerberos realm");
+        }
+    }
+}

impala/impala-side/impala-all-side/src/main/java/com/dtstack/flink/sql/side/impala/ImpalaAllReqRow.java

@@ -24,15 +24,19 @@
 import com.dtstack.flink.sql.side.impala.table.ImpalaSideTableInfo;
 import com.dtstack.flink.sql.side.rdb.all.AbstractRdbAllReqRow;
 import com.dtstack.flink.sql.util.JDBCUtils;
+import com.dtstack.flink.sql.util.KrbUtils;
 import org.apache.flink.api.java.typeutils.RowTypeInfo;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.io.IOException;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
 import java.sql.Connection;
 import java.sql.DriverManager;
+import java.sql.SQLException;
 import java.util.List;
 
 /**
@@ -61,10 +65,24 @@ public ImpalaAllReqRow(RowTypeInfo rowTypeInfo, JoinInfo joinInfo, List<FieldInf
     @Override
     public Connection getConn(String dbUrl, String userName, String password) {
         try {
-            Connection connection ;
+            Connection connection;
             String url = getUrl();
             JDBCUtils.forName(IMPALA_DRIVER, getClass().getClassLoader());
-            connection = DriverManager.getConnection(url);
+            // Kerberos
+            if (impalaSideTableInfo.getAuthMech() == 1) {
+                String keyTabFilePath = impalaSideTableInfo.getKeyTabFilePath();
+                String krb5FilePath = impalaSideTableInfo.getKrb5FilePath();
+                String principal = impalaSideTableInfo.getPrincipal();
+                UserGroupInformation ugi = KrbUtils.getUgi(principal, keyTabFilePath, krb5FilePath);
+                connection = ugi.doAs(new PrivilegedExceptionAction<Connection>() {
+                    @Override
+                    public Connection run() throws SQLException {
+                        return DriverManager.getConnection(url);
+                    }
+                });
+            } else {
+                connection = DriverManager.getConnection(url);
+            }
             connection.setAutoCommit(false);
             return connection;
         } catch (Exception e) {
@@ -83,9 +101,6 @@ public String getUrl() throws IOException {
             newUrl = urlBuffer.toString();
 
         } else if (authMech == 1) {
-            String keyTabFilePath = impalaSideTableInfo.getKeyTabFilePath();
-            String krb5FilePath = impalaSideTableInfo.getKrb5FilePath();
-            String principal = impalaSideTableInfo.getPrincipal();
             String krbRealm = impalaSideTableInfo.getKrbRealm();
             String krbHostFQDN = impalaSideTableInfo.getKrbHostFQDN();
             String krbServiceName = impalaSideTableInfo.getKrbServiceName();
@@ -96,11 +111,7 @@ public String getUrl() throws IOException {
                     .concat("KrbServiceName=").concat(krbServiceName).concat(";")
             );
             newUrl = urlBuffer.toString();
-            System.setProperty("java.security.krb5.conf", krb5FilePath);
-            Configuration configuration = new Configuration();
-            configuration.set("hadoop.security.authentication" , "Kerberos");
-            UserGroupInformation.setConfiguration(configuration);
-            UserGroupInformation.loginUserFromKeytab(principal, keyTabFilePath);
+
 
         } else if (authMech == 2) {
             String uName = impalaSideTableInfo.getUserName();

impala/impala-side/impala-async-side/src/main/java/com/dtstack/flink/sql/side/impala/ImpalaAsyncReqRow.java

@@ -18,27 +18,33 @@
 
 package com.dtstack.flink.sql.side.impala;
 
-import com.dtstack.flink.sql.factory.DTThreadFactory;
 import com.dtstack.flink.sql.side.FieldInfo;
 import com.dtstack.flink.sql.side.JoinInfo;
 import com.dtstack.flink.sql.side.AbstractSideTableInfo;
 import com.dtstack.flink.sql.side.impala.table.ImpalaSideTableInfo;
 import com.dtstack.flink.sql.side.rdb.async.RdbAsyncReqRow;
+import com.dtstack.flink.sql.util.KrbUtils;
 import io.vertx.core.Vertx;
 import io.vertx.core.VertxOptions;
 import io.vertx.core.json.JsonObject;
 import io.vertx.ext.jdbc.JDBCClient;
+import io.vertx.ext.sql.SQLClient;
 import org.apache.flink.api.java.typeutils.RowTypeInfo;
 import org.apache.flink.configuration.Configuration;
+import org.apache.flink.streaming.api.functions.async.ResultFuture;
+import org.apache.flink.table.dataformat.BaseRow;
+import org.apache.flink.types.Row;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.io.IOException;
+import java.security.PrivilegedAction;
 import java.util.List;
-import java.util.concurrent.LinkedBlockingQueue;
-import java.util.concurrent.ThreadPoolExecutor;
-import java.util.concurrent.TimeUnit;
+import java.util.Map;
+import java.util.concurrent.CountDownLatch;
+
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicLong;
 
 /**
  * Date: 2019/11/12
@@ -53,27 +59,40 @@ public class ImpalaAsyncReqRow extends RdbAsyncReqRow {
 
     private final static String IMPALA_DRIVER = "com.cloudera.impala.jdbc41.Driver";
 
+    protected UserGroupInformation ugi = null;
 
     public ImpalaAsyncReqRow(RowTypeInfo rowTypeInfo, JoinInfo joinInfo, List<FieldInfo> outFieldInfoList, AbstractSideTableInfo sideTableInfo) {
         super(new ImpalaAsyncSideInfo(rowTypeInfo, joinInfo, outFieldInfoList, sideTableInfo));
     }
 
     @Override
     public void open(Configuration parameters) throws Exception {
-        super.open(parameters);
         ImpalaSideTableInfo impalaSideTableInfo = (ImpalaSideTableInfo) sideInfo.getSideTableInfo();
+        if (impalaSideTableInfo.getAuthMech() == 1) {
+            String keyTabFilePath = impalaSideTableInfo.getKeyTabFilePath();
+            String krb5FilePath = impalaSideTableInfo.getKrb5FilePath();
+            String principal = impalaSideTableInfo.getPrincipal();
+            ugi = KrbUtils.getUgi(principal, keyTabFilePath, krb5FilePath);
+            openJdbc(parameters);
+        } else {
+            openJdbc(parameters);
+        }
+    }
 
+    public void openJdbc(Configuration parameters) throws Exception {
+        super.open(parameters);
+        ImpalaSideTableInfo impalaSideTableInfo = (ImpalaSideTableInfo) sideInfo.getSideTableInfo();
         JsonObject impalaClientConfig = new JsonObject();
         impalaClientConfig.put("url", getUrl())
-                .put("driver_class", IMPALA_DRIVER)
-                .put("max_pool_size", impalaSideTableInfo.getAsyncPoolSize())
-                .put("provider_class", DT_PROVIDER_CLASS)
-                .put("idle_connection_test_period", 300)
-                .put("test_connection_on_checkin", DEFAULT_TEST_CONNECTION_ON_CHECKIN)
-                .put("max_idle_time", 600)
-                .put("preferred_test_query", PREFERRED_TEST_QUERY_SQL)
-                .put("idle_connection_test_period", DEFAULT_IDLE_CONNECTION_TEST_PEROID)
-                .put("test_connection_on_checkin", DEFAULT_TEST_CONNECTION_ON_CHECKIN);
+            .put("driver_class", IMPALA_DRIVER)
+            .put("max_pool_size", impalaSideTableInfo.getAsyncPoolSize())
+            .put("provider_class", DT_PROVIDER_CLASS)
+            .put("idle_connection_test_period", 300)
+            .put("test_connection_on_checkin", DEFAULT_TEST_CONNECTION_ON_CHECKIN)
+            .put("max_idle_time", 600)
+            .put("preferred_test_query", PREFERRED_TEST_QUERY_SQL)
+            .put("idle_connection_test_period", DEFAULT_IDLE_CONNECTION_TEST_PEROID)
+            .put("test_connection_on_checkin", DEFAULT_TEST_CONNECTION_ON_CHECKIN);
 
         System.setProperty("vertx.disableFileCPResolving", "true");
 
@@ -85,7 +104,6 @@ public void open(Configuration parameters) throws Exception {
         setRdbSqlClient(JDBCClient.createNonShared(vertx, impalaClientConfig));
     }
 
-
     public String getUrl() {
         ImpalaSideTableInfo impalaSideTableInfo = (ImpalaSideTableInfo) sideInfo.getSideTableInfo();
 
@@ -95,11 +113,7 @@ public String getUrl() {
         StringBuffer urlBuffer = new StringBuffer(impalaSideTableInfo.getUrl());
         if (authMech == 0) {
             newUrl = urlBuffer.toString();
-
         } else if (authMech == 1) {
-            String keyTabFilePath = impalaSideTableInfo.getKeyTabFilePath();
-            String krb5FilePath = impalaSideTableInfo.getKrb5FilePath();
-            String principal = impalaSideTableInfo.getPrincipal();
             String krbRealm = impalaSideTableInfo.getKrbRealm();
             String krbHostFQDN = impalaSideTableInfo.getKrbHostFQDN();
             String krbServiceName = impalaSideTableInfo.getKrbServiceName();
@@ -110,16 +124,6 @@ public String getUrl() {
                     .concat("KrbServiceName=").concat(krbServiceName).concat(";")
             );
             newUrl = urlBuffer.toString();
-            System.setProperty("java.security.krb5.conf", krb5FilePath);
-            org.apache.hadoop.conf.Configuration configuration = new org.apache.hadoop.conf.Configuration();
-            configuration.set("hadoop.security.authentication" , "Kerberos");
-            UserGroupInformation.setConfiguration(configuration);
-            try {
-                UserGroupInformation.loginUserFromKeytab(principal, keyTabFilePath);
-            } catch (IOException e) {
-                throw new RuntimeException("kerberos login fail! e: " + e);
-            }
-
         } else if (authMech == 2) {
             String uName = impalaSideTableInfo.getUserName();
             urlBuffer.append(";"
@@ -129,7 +133,6 @@ public String getUrl() {
                     .concat("UseSasl=0")
             );
             newUrl = urlBuffer.toString();
-
         } else if (authMech == 3) {
             String uName = impalaSideTableInfo.getUserName();
             String pwd = impalaSideTableInfo.getPassword();
@@ -139,11 +142,41 @@ public String getUrl() {
                     .concat("PWD=").concat(pwd)
             );
             newUrl = urlBuffer.toString();
-
         } else {
             throw new IllegalArgumentException("The value of authMech is illegal, Please select 0, 1, 2, 3");
         }
-
         return newUrl;
     }
+
+    @Override
+    protected void asyncQueryData(Map<String, Object> inputParams,
+                          Row input,
+                          ResultFuture<BaseRow> resultFuture,
+                          SQLClient rdbSqlClient,
+                          AtomicLong failCounter,
+                          AtomicBoolean finishFlag,
+                          CountDownLatch latch) {
+        if (ugi == null) {
+            doAsyncQueryData(inputParams,
+                input, resultFuture,
+                rdbSqlClient,
+                failCounter,
+                finishFlag,
+                latch);
+        } else {
+            // Kerberos
+            ugi.doAs(new PrivilegedAction<Object>() {
+                @Override
+                public Object run() {
+                    doAsyncQueryData(inputParams,
+                        input, resultFuture,
+                        rdbSqlClient,
+                        failCounter,
+                        finishFlag,
+                        latch);
+                    return null;
+                }
+            });
+        }
+    }
 }