[SPARK-23209][core] Allow credential manager to work when Hive not available.

[vanzin]

The JVM seems to be doing early binding of classes that the Hive provider
depends on, causing an error to be thrown before it was caught by the code
in the class.

The fix wraps the creation of the provider in a try..catch so that
the provider can be ignored when dependencies are missing.

Added a unit test (which fails without the fix), and also tested
that getting tokens still works in a real cluster.

[vanzin]

@jerryshao

[squito]

minor comments, otherwise lgtm

[squito]

just for my understandning, is there any reason the manager should load the code directly, rather than using reflection to guard against this? I guess either way is fine, I just had seen us use reflection more to guard against this.

[vanzin]

Non-reflection code is easier to follow and change if needed. It makes error handling a little more complicated when classes are missing (this PR being that example), but overall I prefer that to reflection.

[squito]

super minor: can you name this something other than "main"? it makes it seem like you're launching it as seperate process (maybe leftover from earlier attempt?)

[jerryshao]

So seems try-catch mechanism in HiveDelegationTokenProvider is not useful.

[vanzin]

Some of that could be cleaned up, but more exceptions are being caught there in different method calls, so it still can help.

[jerryshao]

Originally we were using reflection for this HiveDelegationTokenProvider. But in that PR we changed to directly use Hive classes, is there any particular reason?

[vanzin]

Because the code is cleaner that way.

[SparkQA]

Test build #86661 has finished for PR 20399 at commit 63da171.

• This patch fails from timeout after a configured wait of `300m`.
• This patch merges cleanly.
• This patch adds no public classes.

[SparkQA]

Test build #86666 has finished for PR 20399 at commit 0a0912c.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.

[jerryshao]

LGTM.

[felixcheung]

perhaps this should be a warn?

[mridulm]

info probable - it is actually ok for this to fail if provider is not relevant (and in classpath).

[squito]

I think debug is right, actually -- we have no idea at this point if the user wants these credential providers, and it could be totally fine if they're missing eg. if they never want to talk to hive.

(also don't really care that much and don't want to bike-shed on this ...)

[vanzin]

I actually think this really should be debug. This only covers exceptions thrown by the constructor, which really shouldn't be doing anything (and this code is just needed because of the class linkage issue).

Individual methods like obtainDelegationTokens should be the ones reporting user-actionable issues, and even them today kinda log most things at debug level...

[sameeragarwal]

@vanzin and reviewers -- is this ready to go? We're waiting on RC3 for this. Thanks!

[sameeragarwal]

test this please

[vanzin]

I was hoping that one of the other committers who +1'ed the patch would push it instead of me. (Ignoring the info vs. debug discussion.)

[squito]

I am merging this now to master & 2.3

[SparkQA]

Test build #86780 has finished for PR 20399 at commit 0a0912c.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.