[AMORO-3309][Improvement] Support for terminal integration with LDAP …

…authentication in Kyuubi (#3309) * Support for terminal integration with Kyuubi using LDAP authentication * Support for terminal integration with Kyuubi using LDAP authentication * support helm configuration
apache · Nov 5, 2024 · 549f4b8 · 549f4b8
1 parent db33a52
commit 549f4b8
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 2 deletions.
diff --git a/...s/src/main/java/org/apache/amoro/server/terminal/kyuubi/KyuubiTerminalSessionFactory.java b/...s/src/main/java/org/apache/amoro/server/terminal/kyuubi/KyuubiTerminalSessionFactory.java
@@ -48,6 +48,9 @@ public class KyuubiTerminalSessionFactory implements TerminalSessionFactory {
   public static ConfigOption<Boolean> KERBEROS_ENABLE =
       ConfigOptions.key("kerberos.enabled").booleanType().defaultValue(false);
 
+  public static ConfigOption<Boolean> LDAP_ENABLE =
+      ConfigOptions.key("ldap.enabled").booleanType().defaultValue(false);
+
   public static ConfigOption<Boolean> KERBEROS_PROXY_ENABLE =
       ConfigOptions.key("kerberos.proxy.enabled")
           .booleanType()
@@ -79,6 +82,7 @@ public class KyuubiTerminalSessionFactory implements TerminalSessionFactory {
   private String jdbcUrl;
   private boolean kyuubiKerberosEnable;
   private boolean proxyKerberosEnable;
+  private boolean ldapEnabled;
   private String username;
   private String password;
 
@@ -98,6 +102,7 @@ public void initialize(Configurations properties) {
     this.proxyKerberosEnable = properties.getBoolean(KERBEROS_PROXY_ENABLE);
     this.username = properties.get(KYUUBI_USERNAME);
     this.password = properties.get(KYUUBI_PASSWORD);
+    this.ldapEnabled = properties.get(LDAP_ENABLE);
     try {
       this.params = Utils.extractURLComponents(jdbcUrl, new Properties());
     } catch (SQLException e) {
@@ -109,7 +114,7 @@ public void initialize(Configurations properties) {
   public TerminalSession create(TableMetaStore metaStore, Configurations configuration) {
     List<String> logs = Lists.newArrayList();
     JdbcConnectionParams connectionParams = new JdbcConnectionParams(this.params);
-    if (metaStore.isKerberosAuthMethod()) {
+    if (!this.ldapEnabled && metaStore.isKerberosAuthMethod()) {
       checkAndFillKerberosInfo(connectionParams, metaStore);
     }
 
@@ -124,7 +129,9 @@ public TerminalSession create(TableMetaStore metaStore, Configurations configura
     sessionConf.put("jdbc.url", kyuubiJdbcUrl);
     Properties properties = new Properties();
 
-    if (!metaStore.isKerberosAuthMethod() && Objects.nonNull(metaStore.getHadoopUsername())) {
+    if (!this.ldapEnabled
+        && !metaStore.isKerberosAuthMethod()
+        && Objects.nonNull(metaStore.getHadoopUsername())) {
       properties.put(JdbcConnectionParams.AUTH_USER, metaStore.getHadoopUsername());
       sessionConf.put(JdbcConnectionParams.AUTH_USER, metaStore.getHadoopUsername());
     }

diff --git a/charts/amoro/templates/amoro-configmap.yaml b/charts/amoro/templates/amoro-configmap.yaml
@@ -99,6 +99,9 @@ data:
         {{- if eq .Values.amoroConf.terminal.backend "local" }}
         local.spark.sql.iceberg.handle-timestamp-without-timezone: {{ .Values.amoroConf.terminal.icebergHandleTimestampWithoutTimezone }}
         {{- end }}
+        {{- if hasKey .Values.amoroConf.terminal "kyuubiLdapEnabled" }}
+        kyuubi.ldap.enabled: {{ .Values.amoroConf.terminal.kyuubiLdapEnabled}}
+        {{- end }}
         {{- if eq .Values.amoroConf.terminal.backend "kyuubi" }}
         kyuubi.jdbc.url: {{ .Values.amoroConf.terminal.kyuubiJdbcUrl | quote  }}
         {{- end }}

diff --git a/charts/amoro/values.yaml b/charts/amoro/values.yaml
@@ -177,6 +177,12 @@ amoroConf:
   ##    backend: kyuubi
   ##    kyuubiJdbcUrl: jdbc:hive2://127.0.0.1:10009/
 
+  ## Kyuubi terminal backend configuration with ldap authentication.
+  ##  terminal:
+  ##    backend: kyuubi
+  ##    kyuubiLdapEnabled: true
+  ##    kyuubiJdbcUrl:jdbc:hive2://127.0.0.1:10009/default?user=test;password=test;
+
   ## @param amoroDefaults The value (templated string) is used for conf.yaml file
   ## ref: https://github.com/apache/amoro/blob/master/dist/src/main/amoro-bin/conf/config.yaml
   ##

diff --git a/docs/admin-guides/using-kyuubi.md b/docs/admin-guides/using-kyuubi.md
@@ -50,3 +50,15 @@ To execute SQL in Terminal, you can refer to the following steps:：
 - Click the Execute button to run the SQL;
 
 ![terminal](../images/admin/terminal_introduce.png)
+
+## LDAP Authentication
+Except for the configuration of Kerberos authentication, everything else is the same. You can integrate with LDAP using the following configuration: 
+set kyuubi.ldap.enabled to true, and then specify the username and password for LDAP in the URL.
+```shell
+ams:
+    terminal:
+      backend: kyuubi
+      kyuubi.ldap.enabled: true
+      kyuubi.jdbc.url: jdbc:hive2://127.0.0.1:10009/default;user=test;password=test # kyuubi Connection Address
+```
+