Open meluchoMZ opened 7 months ago
Don't have a Kerberos setup to test it, but shouldn't the Configuration
object used in queryKerberosDeltaTable
set this option ipc.client.fallback-to-simple-auth-allowed=true
? I think what is happening is the second time call to querySimpleAuth
is using the UserGroupInformation
set by the queryKerberosDeltaTable
in thread local which only allows querying a secure cluster.
Let me know if that doesn't work.
Bug
Which Delta project/connector is this regarding?
Describe the problem
Steps to reproduce
Supose two different HDFS. One of them is secured via Kerberos, and the other is not secured. Execute the following class to reproduce the issue:
This is the output obtained from the test:
Observed results
After a call to the Delta API querying the secured HDFS, successive calls to the non secured HDFS fail with the following error:
Exception in thread "main" org.apache.hadoop.security.AccessControlException: Call From <host>/<ip> to <target_hdfs>:<target_port> failed: Server asks us to fall back to SIMPLE auth, but this client is configured to only allow secure connections
This issue is not present on standard Hadoop API calls, such as
FileSystem.listStatus()
. Neither is present when accessing AWS S3 nor Azure Data Lake Gen 2;Expected results
The client should authenticate through SIMPLE authentication (or fallback to simple if configured)
Further details
Environment information
Willingness to contribute
The Delta Lake Community encourages bug fix contributions. Would you or another member of your organization be willing to contribute a fix for this bug to the Delta Lake code base?