[FEATURE] Support impersonation mode for flink sql engine

[wForget]

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

Search before asking

• [X] I have searched in the issues and found no similar issues.

Describe the feature

Support impersonation mode for flink sql engine

Motivation

No response

Describe the solution

Add the following options to FlinkProcessBuilder:

HADOOP_PROXY_USER=proxyUser
security.delegation.tokens.enabled=false

Additional context

No response

Are you willing to submit PR?

• [X] Yes. I would be willing to submit a PR with guidance from the Kyuubi community to improve.
• [ ] No. I cannot submit a PR at this time.

[wForget]

HADOOP_PROXY_USER=proxyUser
security.delegation.tokens.enabled=false

After turning off security.delegation.tokens.enabled, it is difficult for us to pass delegation token updates of jobmanager to taskmanager.

Based on the solution in https://github.com/apache/flink/pull/22009#issuecomment-2122226755, I will follow the steps:

• Implement custom KyuubiDelegationTokenProvider and KyuubiDelegationTokenReceiver
• Add the following options

HADOOP_PROXY_USER=proxyUser
security.module.factory.classes=org.apache.flink.runtime.security.modules.JaasModuleFactory,org.apache.flink.runtime.security.modules.ZookeeperModuleFactory
security.delegation.token.provider.hadoopfs.enabled=false
security.delegation.token.provider.s3-hadoop.enabled=false
security.delegation.token.provider.s3-presto.enabled=false
security.delegation.token.provider.HiveServer2.enabled=false
security.delegation.token.provider.hbase.enabled=false