Summary
The Kerberos principal realm is hardcoded to @KAKAO.HADOOP in HBaseStorageBackend.kt, which couples the code to a specific organization's Kerberos realm and may cause authentication failures in other environments.
Current Behavior
// HBaseStorageBackend.kt:117-118
config["hbase.master.kerberos.principal"] = "hbase/_HOST@KAKAO.HADOOP"
config["hbase.regionserver.kerberos.principal"] = "hbase/_HOST@KAKAO.HADOOP"
Expected Behavior
The Kerberos realm should be configurable via properties:
val kerberosRealm = properties["kerberos.realm"]
?: throw IllegalStateException("Kerberos realm is not set for secure cluster")
config["hbase.master.kerberos.principal"] = "hbase/_HOST@$kerberosRealm"
config["hbase.regionserver.kerberos.principal"] = "hbase/_HOST@$kerberosRealm"Impact
- Users outside of Kakao cannot use secure HBase clusters without modifying source code
- Makes the project less portable for open source adoption
Suggested Implementation
- Add
kerberos.realm property to the configuration
- Update documentation to include the new property
- Consider providing a sensible default or requiring explicit configuration for secure clusters
Related
Found during code review of PR #175 (StorageBackend abstraction layer)
Summary
The Kerberos principal realm is hardcoded to
@KAKAO.HADOOPinHBaseStorageBackend.kt, which couples the code to a specific organization's Kerberos realm and may cause authentication failures in other environments.Current Behavior
Expected Behavior
The Kerberos realm should be configurable via properties:
Impact
Suggested Implementation
kerberos.realmproperty to the configurationRelated
Found during code review of PR #175 (StorageBackend abstraction layer)