MCPcopy
hub / github.com/apache/airflow / renew_from_kt

Function renew_from_kt

airflow/security/kerberos.py:49–109  ·  view source on GitHub ↗

Renew kerberos token from keytab :param principal: principal :param keytab: keytab file :return: None

(principal: str, keytab: str, exit_on_fail: bool = True)

Source from the content-addressed store, hash-verified

47
48
49def renew_from_kt(principal: str, keytab: str, exit_on_fail: bool = True):
50 """
51 Renew kerberos token from keytab
52
53 :param principal: principal
54 :param keytab: keytab file
55 :return: None
56 """
57 # The config is specified in seconds. But we ask for that same amount in
58 # minutes to give ourselves a large renewal buffer.
59 renewal_lifetime = f"{conf.getint('kerberos', 'reinit_frequency')}m"
60
61 cmd_principal = principal or conf.get('kerberos', 'principal').replace("_HOST", socket.getfqdn())
62
63 cmdv = [
64 conf.get('kerberos', 'kinit_path'),
65 "-r",
66 renewal_lifetime,
67 "-k", # host ticket
68 "-t",
69 keytab, # specify keytab
70 "-c",
71 conf.get('kerberos', 'ccache'), # specify credentials cache
72 cmd_principal,
73 ]
74 log.info("Re-initialising kerberos from keytab: %s", " ".join(cmdv))
75
76 subp = subprocess.Popen(
77 cmdv,
78 stdout=subprocess.PIPE,
79 stderr=subprocess.PIPE,
80 close_fds=True,
81 bufsize=-1,
82 universal_newlines=True,
83 )
84 subp.wait()
85 if subp.returncode != 0:
86 log.error(
87 "Couldn't reinit from keytab! `kinit' exited with %s.\n%s\n%s",
88 subp.returncode,
89 "\n".join(subp.stdout.readlines() if subp.stdout else []),
90 "\n".join(subp.stderr.readlines() if subp.stderr else []),
91 )
92 if exit_on_fail:
93 sys.exit(subp.returncode)
94 else:
95 return subp.returncode
96
97 global NEED_KRB181_WORKAROUND # pylint: disable=global-statement
98 if NEED_KRB181_WORKAROUND is None:
99 NEED_KRB181_WORKAROUND = detect_conf_var()
100 if NEED_KRB181_WORKAROUND:
101 # (From: HUE-640). Kerberos clock have seconds level granularity. Make sure we
102 # renew the ticket after the initial valid time.
103 time.sleep(1.5)
104 ret = perform_krb181_workaround(principal)
105 if exit_on_fail and ret != 0:
106 sys.exit(ret)

Callers 4

on_killMethod · 0.90
test_renew_from_ktMethod · 0.90
test_args_from_cliMethod · 0.90
runFunction · 0.85

Calls 7

detect_conf_varFunction · 0.85
getintMethod · 0.80
waitMethod · 0.80
getMethod · 0.45
infoMethod · 0.45
errorMethod · 0.45

Tested by 2

test_renew_from_ktMethod · 0.72
test_args_from_cliMethod · 0.72