You can force Thrift to use the HTTP transport method. Therefore, it will understand the SPNEGO mechanism. You just need to add the SPNEGO token to the Authorization HTTP header.
Here is a full example using the Node.js krb5 module. We are requesting tables of a Kerberized HBase Thrift API.
var thrift = require("thrift");
var htypes = require("./gen-nodejs/hbase1_types");
var hbase = require("./gen-nodejs/Hbase");
var krb5 = require("krb5");
console.log("HBase Thrift client");
var HOST = 'm01.krb.local';
var PORT = 9090;
krb5.kinit({
principal: 'hbase/m01.krb.local',
realm: 'KRB.LOCAL',
keytab: '/tmp/hbase.service.keytab'
}, function(err, ccname) {
if (err) {
return console.log('Error:', err);
}
krb5.spnego({
hostbased_service: 'HTTP@m01.krb.local'
}, function(err, token) {
if (err) {
return console.log('Error:', err);
}
var client, conn, options_conn;
options_conn = {
transport: thrift.TBufferedTransport,
protocol: thrift.TBinaryProtocol,
headers: {
Authorization: 'Negotiate ' + token
}
};
conn = thrift.createHttpConnection(HOST, PORT, options_conn);
client = thrift.createHttpClient(hbase, conn);
conn.on('error', function(err) {
return console.log('Error', err);
});
client.getTableNames(function(err, data) {
if (err) {
console.log('gettablenames error:', err);
} else {
console.log('hbase tables:', data.toString());
}
});
});
});The files in the gen-nodejs have been generated from the hbase1.thrift file (on an Hortonworks Data Platform distribution version 2.6.5, it is located at /usr/hdp/2.6.5.0-292/hbase/include/thrift/hbase1.thrift).
thrift -r --gen js:node hbase1.thrift