Merge branch 'feat_1.10_kuduKerberos' into '1.10_test_4.0.x'

Feat 1.10 kudu kerberos

See merge request dt-insight-engine/flinkStreamSQL!163

Author: a49a

core/src/main/java/com/dtstack/flink/sql/util/KrbUtils.java

@@ -20,8 +20,11 @@
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.authentication.util.KerberosName;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import sun.security.krb5.Config;
+import sun.security.krb5.KrbException;
 
 import java.io.IOException;
 
@@ -40,9 +43,16 @@ public class KrbUtils {
 //    public static final String FALSE_STR = "false";
 //    public static final String SUBJECT_ONLY_KEY = "javax.security.auth.useSubjectCredsOnly";
 
-    public static UserGroupInformation getUgi(String principal, String keytabPath, String krb5confPath) throws IOException {
+    public static UserGroupInformation loginAndReturnUgi(String principal, String keytabPath, String krb5confPath) throws IOException {
         LOG.info("Kerberos login with principal: {} and keytab: {}", principal, keytabPath);
         System.setProperty(KRB5_CONF_KEY, krb5confPath);
+        // 不刷新会读/etc/krb5.conf
+        try {
+            Config.refresh();
+            KerberosName.resetDefaultRealm();
+        } catch (KrbException e) {
+            LOG.warn("resetting default realm failed, current default realm will still be used.", e);
+        }
         // TODO 尚未探索出此选项的意义，以后研究明白方可打开
 //        System.setProperty(SUBJECT_ONLY_KEY, FALSE_STR);
         Configuration configuration = new Configuration();

kudu/kudu-side/kudu-all-side/src/main/java/com/dtstack/flink/sql/side/kudu/KuduAllReqRow.java

@@ -227,7 +227,7 @@ private KuduClient getClient(KuduSideTableInfo tableInfo) throws IOException {
         }
 
         if (tableInfo.isEnableKrb()) {
-            UserGroupInformation ugi = KrbUtils.getUgi(tableInfo.getPrincipal(), tableInfo.getKeytab(), tableInfo.getKrb5conf());
+            UserGroupInformation ugi = KrbUtils.loginAndReturnUgi(tableInfo.getPrincipal(), tableInfo.getKeytab(), tableInfo.getKrb5conf());
             return ugi.doAs(new PrivilegedAction<KuduClient>() {
                 @Override
                 public KuduClient run() {

kudu/kudu-side/kudu-async-side/src/main/java/com/dtstack/flink/sql/side/kudu/KuduAsyncReqRow.java

@@ -132,7 +132,7 @@ private AsyncKuduClient getClient() throws IOException {
         }
 
         if (kuduSideTableInfo.isEnableKrb()) {
-            UserGroupInformation ugi = KrbUtils.getUgi(
+            UserGroupInformation ugi = KrbUtils.loginAndReturnUgi(
                 kuduSideTableInfo.getPrincipal(),
                 kuduSideTableInfo.getKeytab(),
                 kuduSideTableInfo.getKrb5conf()

kudu/kudu-sink/src/main/java/com/dtstack/flink/sql/sink/kudu/KuduOutputFormat.java

@@ -116,7 +116,7 @@ private void establishConnection() throws IOException {
         }
 
         if (enableKrb) {
-            UserGroupInformation ugi = KrbUtils.getUgi(
+            UserGroupInformation ugi = KrbUtils.loginAndReturnUgi(
                 principal,
                 keytab,
                 krb5conf