[ZEPPELIN-1149] %sh interpreter kerberos support

2026-05-24 09:38:26 +00:00 · 2016-07-11 20:05:40 +05:30 · 2016-07-11 20:05:40 +05:30 · 5190791c8f
commit 5190791c8f
parent d87f2e5dfb
4 changed files with 99 additions and 1 deletions
--- a/shell/pom.xml
+++ b/shell/pom.xml
@ -62,6 +62,12 @@
      <artifactId>junit</artifactId>
      <scope>test</scope>
    </dependency>
+
+    <dependency>
+      <groupId>org.apache.hadoop</groupId>
+      <artifactId>hadoop-common</artifactId>
+      <version>2.7.0</version>
+    </dependency>
  </dependencies>

  <build>
--- a/shell/src/main/java/org/apache/zeppelin/shell/ShellInterpreter.java
+++ b/shell/src/main/java/org/apache/zeppelin/shell/ShellInterpreter.java
@ -38,6 +38,7 @@ import org.apache.zeppelin.interpreter.InterpreterResult.Code;
 import org.apache.zeppelin.interpreter.thrift.InterpreterCompletion;
 import org.apache.zeppelin.scheduler.Scheduler;
 import org.apache.zeppelin.scheduler.SchedulerFactory;
+import org.apache.zeppelin.shell.security.ShellSecurityImpl;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

@ -57,8 +58,11 @@ public class ShellInterpreter extends Interpreter {

  @Override
  public void open() {
-    LOGGER.info("Command timeout property: {}", TIMEOUT_PROPERTY);
+    LOGGER.info("Command timeout property: {}", getProperty(TIMEOUT_PROPERTY));
    executors = new HashMap<String, DefaultExecutor>();
+    if (!StringUtils.isAnyEmpty(getProperty("shell.auth.type"))) {
+      ShellSecurityImpl.createSecureCinfiguration(getProperty(), shell);
+    }
  }

  @Override
--- a/shell/src/main/java/org/apache/zeppelin/shell/security/ShellSecurityImpl.java
+++ b/shell/src/main/java/org/apache/zeppelin/shell/security/ShellSecurityImpl.java
@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.zeppelin.shell.security;
+
+import org.apache.commons.exec.CommandLine;
+import org.apache.commons.exec.DefaultExecutor;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.zeppelin.interpreter.InterpreterException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Properties;
+
+import static org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod.KERBEROS;
+import static org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod.SIMPLE;
+
+
+/***
+ * Shell security helper
+ */
+public class ShellSecurityImpl {
+
+  private static Logger LOGGER = LoggerFactory.getLogger(ShellSecurityImpl.class);
+
+  public static void createSecureCinfiguration(Properties properties, String shell) {
+    UserGroupInformation.AuthenticationMethod authType;
+    try {
+      authType = UserGroupInformation
+        .AuthenticationMethod.valueOf(properties.getProperty("shell.auth.type")
+          .trim().toUpperCase());
+    } catch (Exception e) {
+      LOGGER.error(String.format("Invalid auth.type detected with value %s, defaulting " +
+        "auth.type to SIMPLE", properties.getProperty("shell.auth.type").trim()));
+      authType = SIMPLE;
+    }
+
+
+    switch (authType) {
+        case KERBEROS:
+          CommandLine cmdLine = CommandLine.parse(shell);
+          cmdLine.addArgument("-c", false);
+          String kinitCommand = String.format("kinit -k -t %s %s",
+            properties.getProperty("shell.keytab.location"),
+            properties.getProperty("shell.principal"));
+          cmdLine.addArgument(kinitCommand, false);
+          DefaultExecutor executor = new DefaultExecutor();
+
+          try {
+            int exitVal = executor.execute(cmdLine);
+          } catch (Exception e) {
+            throw new InterpreterException(e);
+          }
+    }
+  }
+}
--- a/shell/src/main/resources/interpreter-setting.json
+++ b/shell/src/main/resources/interpreter-setting.json
@ -9,6 +9,24 @@
        "propertyName": "shell.command.timeout.millisecs",
        "defaultValue": "60000",
        "description": "Shell command time out in millisecs. Default = 60000"
+      },
+      "shell.auth.type": {
+        "envName": null,
+        "propertyName": "shell.auth.type",
+        "defaultValue": "",
+        "description": "If auth type is needed, Example: KERBEROS"
+      },
+      "shell.keytab.location": {
+        "envName": null,
+        "propertyName": "shell.keytab.location",
+        "defaultValue": "",
+        "description": "Kerberos keytab location"
+      },
+      "shell.principal": {
+        "envName": null,
+        "propertyName": "shell.principal",
+        "defaultValue": "",
+        "description": "Kerberos principal"
      }
    }
  }