apache
HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS
What changes were proposed in this pull request?
Adding two changes to fix this issue:
- Rework expiry thread to not remove token after renewal time has passed for that particular token. It will actually try to renew the token in this case.
- Individual calls to retrievePassword during the TSaslClientTransport auth will also try to renew the token if required before retrieving the password.
Why are the changes needed?
Facing DigestMD5 token expiry issue in a session which has been open since a long time when a new new connection is opened to HMS using TSaslClientTransport with DigestMD5 based auth. This issue is happening due to the fact that the new connection is trying to authenticate using the token identifier which is removed by the expiry thread in the background.
Does this PR introduce any user-facing change?
No
Is the change a dependency upgrade?
No
How was this patch tested?
Added a test case to check the expiry thread renewing the token automatically after some time and removing a token automatically after the token has expired. Tested the scenario on a machine with dedicated HMS, HS2 with Sasl enabled. Added a test case to test the complete scenario of creating a new HMSClient after another.
@chinnaraolalam @zhangbutao @alanfgates, could you guys please review this PR?
Quality Gate passed
Issues
12 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarCloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}