From 549f4b88ae709182a1f32cd3f64a4e27768a834a Mon Sep 17 00:00:00 2001 From: Wang Tao Date: Tue, 5 Nov 2024 11:15:53 +0800 Subject: [PATCH] [AMORO-3309][Improvement] Support for terminal integration with LDAP authentication in Kyuubi (#3309) * Support for terminal integration with Kyuubi using LDAP authentication * Support for terminal integration with Kyuubi using LDAP authentication * support helm configuration --- .../kyuubi/KyuubiTerminalSessionFactory.java | 11 +++++++++-- charts/amoro/templates/amoro-configmap.yaml | 3 +++ charts/amoro/values.yaml | 6 ++++++ docs/admin-guides/using-kyuubi.md | 12 ++++++++++++ 4 files changed, 30 insertions(+), 2 deletions(-) diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/terminal/kyuubi/KyuubiTerminalSessionFactory.java b/amoro-ams/src/main/java/org/apache/amoro/server/terminal/kyuubi/KyuubiTerminalSessionFactory.java index 965f34982c..260758a850 100644 --- a/amoro-ams/src/main/java/org/apache/amoro/server/terminal/kyuubi/KyuubiTerminalSessionFactory.java +++ b/amoro-ams/src/main/java/org/apache/amoro/server/terminal/kyuubi/KyuubiTerminalSessionFactory.java @@ -48,6 +48,9 @@ public class KyuubiTerminalSessionFactory implements TerminalSessionFactory { public static ConfigOption KERBEROS_ENABLE = ConfigOptions.key("kerberos.enabled").booleanType().defaultValue(false); + public static ConfigOption LDAP_ENABLE = + ConfigOptions.key("ldap.enabled").booleanType().defaultValue(false); + public static ConfigOption KERBEROS_PROXY_ENABLE = ConfigOptions.key("kerberos.proxy.enabled") .booleanType() @@ -79,6 +82,7 @@ public class KyuubiTerminalSessionFactory implements TerminalSessionFactory { private String jdbcUrl; private boolean kyuubiKerberosEnable; private boolean proxyKerberosEnable; + private boolean ldapEnabled; private String username; private String password; @@ -98,6 +102,7 @@ public void initialize(Configurations properties) { this.proxyKerberosEnable = properties.getBoolean(KERBEROS_PROXY_ENABLE); this.username = properties.get(KYUUBI_USERNAME); this.password = properties.get(KYUUBI_PASSWORD); + this.ldapEnabled = properties.get(LDAP_ENABLE); try { this.params = Utils.extractURLComponents(jdbcUrl, new Properties()); } catch (SQLException e) { @@ -109,7 +114,7 @@ public void initialize(Configurations properties) { public TerminalSession create(TableMetaStore metaStore, Configurations configuration) { List logs = Lists.newArrayList(); JdbcConnectionParams connectionParams = new JdbcConnectionParams(this.params); - if (metaStore.isKerberosAuthMethod()) { + if (!this.ldapEnabled && metaStore.isKerberosAuthMethod()) { checkAndFillKerberosInfo(connectionParams, metaStore); } @@ -124,7 +129,9 @@ public TerminalSession create(TableMetaStore metaStore, Configurations configura sessionConf.put("jdbc.url", kyuubiJdbcUrl); Properties properties = new Properties(); - if (!metaStore.isKerberosAuthMethod() && Objects.nonNull(metaStore.getHadoopUsername())) { + if (!this.ldapEnabled + && !metaStore.isKerberosAuthMethod() + && Objects.nonNull(metaStore.getHadoopUsername())) { properties.put(JdbcConnectionParams.AUTH_USER, metaStore.getHadoopUsername()); sessionConf.put(JdbcConnectionParams.AUTH_USER, metaStore.getHadoopUsername()); } diff --git a/charts/amoro/templates/amoro-configmap.yaml b/charts/amoro/templates/amoro-configmap.yaml index 1ffb9710d1..24d3a6744b 100644 --- a/charts/amoro/templates/amoro-configmap.yaml +++ b/charts/amoro/templates/amoro-configmap.yaml @@ -99,6 +99,9 @@ data: {{- if eq .Values.amoroConf.terminal.backend "local" }} local.spark.sql.iceberg.handle-timestamp-without-timezone: {{ .Values.amoroConf.terminal.icebergHandleTimestampWithoutTimezone }} {{- end }} + {{- if hasKey .Values.amoroConf.terminal "kyuubiLdapEnabled" }} + kyuubi.ldap.enabled: {{ .Values.amoroConf.terminal.kyuubiLdapEnabled}} + {{- end }} {{- if eq .Values.amoroConf.terminal.backend "kyuubi" }} kyuubi.jdbc.url: {{ .Values.amoroConf.terminal.kyuubiJdbcUrl | quote }} {{- end }} diff --git a/charts/amoro/values.yaml b/charts/amoro/values.yaml index 9e7681d7f6..a7b937b8f4 100644 --- a/charts/amoro/values.yaml +++ b/charts/amoro/values.yaml @@ -177,6 +177,12 @@ amoroConf: ## backend: kyuubi ## kyuubiJdbcUrl: jdbc:hive2://127.0.0.1:10009/ + ## Kyuubi terminal backend configuration with ldap authentication. + ## terminal: + ## backend: kyuubi + ## kyuubiLdapEnabled: true + ## kyuubiJdbcUrl:jdbc:hive2://127.0.0.1:10009/default?user=test;password=test; + ## @param amoroDefaults The value (templated string) is used for conf.yaml file ## ref: https://github.com/apache/amoro/blob/master/dist/src/main/amoro-bin/conf/config.yaml ## diff --git a/docs/admin-guides/using-kyuubi.md b/docs/admin-guides/using-kyuubi.md index f5768210e0..44ccfde439 100644 --- a/docs/admin-guides/using-kyuubi.md +++ b/docs/admin-guides/using-kyuubi.md @@ -50,3 +50,15 @@ To execute SQL in Terminal, you can refer to the following steps:: - Click the Execute button to run the SQL; ![terminal](../images/admin/terminal_introduce.png) + +## LDAP Authentication +Except for the configuration of Kerberos authentication, everything else is the same. You can integrate with LDAP using the following configuration: +set kyuubi.ldap.enabled to true, and then specify the username and password for LDAP in the URL. +```shell +ams: + terminal: + backend: kyuubi + kyuubi.ldap.enabled: true + kyuubi.jdbc.url: jdbc:hive2://127.0.0.1:10009/default;user=test;password=test # kyuubi Connection Address +``` +