You can force Thrift to use the HTTP transport method. Therefore, it will understand the SPNEGO mechanism. You just need to add the SPNEGO token to the Authorization
HTTP header.
Here is a full example using the Node.js krb5
module. We are requesting tables of a Kerberized HBase Thrift API.
var thrift = require("thrift");
var htypes = require("./gen-nodejs/hbase1_types");
var hbase = require("./gen-nodejs/Hbase");
var krb5 = require("krb5");
console.log("HBase Thrift client");
var HOST = 'm01.krb.local';
var PORT = 9090;
krb5.kinit({
principal: 'hbase/m01.krb.local',
realm: 'KRB.LOCAL',
keytab: '/tmp/hbase.service.keytab'
}, function(err, ccname) {
if (err) {
return console.log('Error:', err);
}
krb5.spnego({
hostbased_service: 'HTTP@m01.krb.local'
}, function(err, token) {
if (err) {
return console.log('Error:', err);
}
var client, conn, options_conn;
options_conn = {
transport: thrift.TBufferedTransport,
protocol: thrift.TBinaryProtocol,
headers: {
Authorization: 'Negotiate ' + token
}
};
conn = thrift.createHttpConnection(HOST, PORT, options_conn);
client = thrift.createHttpClient(hbase, conn);
conn.on('error', function(err) {
return console.log('Error', err);
});
client.getTableNames(function(err, data) {
if (err) {
console.log('gettablenames error:', err);
} else {
console.log('hbase tables:', data.toString());
}
});
});
});
The files in the gen-nodejs
have been generated from the hbase1.thrift
file (on an Hortonworks Data Platform distribution version 2.6.5, it is located at /usr/hdp/2.6.5.0-292/hbase/include/thrift/hbase1.thrift
).
thrift -r --gen js:node hbase1.thrift