I am using spark on Kubernetes with Thrift as a spark submit application. https://spark.apache.org/docs/latest/running-on-kubernetes.html
I am able to enable LDAP authentication which allows the user to connect to thrift using beeline, and AD credentials. but when I try to add custom query, I use a group the user is not member of and users are still able to login. I also tried user/group filtering. See out put below.
user@jumpbox~]$ kubectl exec -it spark-thrift-server-pod sh
sh-5.1$ ../bin/beeline
Beeline version 2.3.9 by Apache Hive
beeline> !connect jdbc:hive2://localhost:10017
Connecting to jdbc:hive2://localhost:10017
Enter username for jdbc:hive2://localhost:10017: user
Enter password for jdbc:hive2://localhost:10017: *********
Connected to: Spark SQL (version 3.4.0)
Driver: Hive JDBC (version 2.3.9)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://localhost:10017>
The contents of hive-site.xml
<configuration>
<property>
<name>hive.server2.authentication</name>
<value>LDAP</value>
</property>
<property>
<name>hive.server2.authentication.ldap.url</name>
<value>ldaps://server.domain.net:636</value>
</property>
<property>
<name>hive.server2.authentication.ldap.Domain</name>
<value>DOMAIN.NET</value>
</property>
<property>
<name>hive.server2.authentication.ldap.customLDAPQuery</name>
<value><![CDATA[(&(objectClass=person)(|(memberOf=SPECIFIC-GROUP-THAT-USER-IS-NOT-MEMBER-OF,OU=Groups,DC=DOMAIN,DC=net)))]]>
</value>
</property>
</configuration>
Does Spark support the full suite of functionality as hive? I have found this https://github.com/apache/spark/blob/master/sql/hive-thriftserver/src/main/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java
reading through it I see no reference for custom query support nor filtering. am I missing something here or is this not even supported?