diff --git a/waggle-dance-core/src/main/java/com/hotels/bdp/waggledance/client/ThriftMetastoreClientManager.java b/waggle-dance-core/src/main/java/com/hotels/bdp/waggledance/client/ThriftMetastoreClientManager.java index 171484832..3ab9e2447 100644 --- a/waggle-dance-core/src/main/java/com/hotels/bdp/waggledance/client/ThriftMetastoreClientManager.java +++ b/waggle-dance-core/src/main/java/com/hotels/bdp/waggledance/client/ThriftMetastoreClientManager.java @@ -20,6 +20,7 @@ import java.io.Closeable; import java.io.IOException; import java.net.URI; +import java.security.PrivilegedExceptionAction; import java.time.Duration; import java.util.Objects; import java.util.Random; @@ -27,6 +28,8 @@ import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicInteger; +import javax.security.sasl.SaslException; + import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.conf.HiveConf.ConfVars; import org.apache.hadoop.hive.conf.HiveConfUtil; @@ -216,13 +219,22 @@ void createMetastoreClientAndOpen(String delegationToken, HiveUgiArgs ugiArgs) { MetaStoreUtils.getMetaStoreSaslProperties(conf, useSsl)); } else { String principalConfig = conf.getVar(ConfVars.METASTORE_KERBEROS_PRINCIPAL); - transport = KerberosSaslHelper - .getKerberosTransport(principalConfig, store.getHost(), transport, + transport = UserGroupInformation.getLoginUser().doAs( + (PrivilegedExceptionAction) () -> { + try { + return KerberosSaslHelper + .getKerberosTransport(principalConfig, store.getHost(), transport, MetaStoreUtils.getMetaStoreSaslProperties(conf, useSsl), false); + } catch (SaslException e) { + throw new RuntimeException(e); + } + }); } } catch (IOException ioe) { log.error("Couldn't create client transport, URI " + store, ioe); throw new MetaException(ioe.toString()); + } catch (InterruptedException e) { + throw new RuntimeException(e); } } else if (useFramedTransport) { transport = new TFramedTransport(transport);