[SPARK-31336][SQL] Support Oracle Kerberos login in JDBC connector

[gaborgsomogyi]

What changes were proposed in this pull request?

When loading DataFrames from JDBC datasource with Kerberos authentication, remote executors (yarn-client/cluster etc. modes) fail to establish a connection due to lack of Kerberos ticket or ability to generate it.

This is a real issue when trying to ingest data from kerberized data sources (SQL Server, Oracle) in enterprise environment where exposing simple authentication access is not an option due to IT policy issues.

In this PR I've added Oracle support.

What this PR contains:

• Added OracleConnectionProvider
• Added OracleConnectionProviderSuite

Why are the changes needed?

Missing JDBC kerberos support.

Does this PR introduce any user-facing change?

Yes, now user is able to connect to Oracle using kerberos.

How was this patch tested?

• Additional + existing unit tests
• Test on cluster manually. There is no automated integration test, just like MS SQL. The reason is the same. Namely I've tried to make it work with MiniKDC but it was working only with Active Directory (AD is not available in docker, please see Add support for Kerberos/Active Directory/"windows" authentication microsoft/mssql-docker#165).

[SparkQA]

Test build #124222 has finished for PR 28863 at commit 5cc3d0a.

• This patch fails build dependency tests.
• This patch merges cleanly.
• This patch adds no public classes.

[gaborgsomogyi]

Couple of pointers to help reviewers.

The same applies here just like on MS SQL case. Namely I was able to make this work with active directory. Please see further info here.

[gaborgsomogyi]

This is the latest version from the Oracle JDBC driver which supports JDK8, JDK9, and JDK11: https://mvnrepository.com/artifact/com.oracle.database.jdbc/ojdbc8

[gaborgsomogyi]

The implementation is based on this.

[gaborgsomogyi]

Here synchronization is important to avoid race just like in other providers.

[gaborgsomogyi]

retest this please

[gaborgsomogyi]

cc @HeartSaVioR

[SparkQA]

Test build #124231 has finished for PR 28863 at commit 5cc3d0a.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.

[gatorsmile]

cc @maropu @MaxGekk

[maropu]

All the XXXConnectionProviderSuite has the almost same test, so could you move it into ConnectionProviderSuiteBase?

[gaborgsomogyi]

How do you suggest to do that? Driver registration and provider instantiation lines are different in each case.
The only duplicate what I see is the test name + the testSecureConnectionProvider call.

[maropu]

Ah, I see. But, I felt a a bit less testing for creating a separate test file.

[maropu]

Just a question; where does this value come? From the Oracle JDBC impl?

[gaborgsomogyi]

Yeah, I've used JD-GUI to take a look at the details.

[maropu]

Note: I've checked that OracleIntegrationSuite passed in my local Mac env.

[gaborgsomogyi]

I'm intended to merge master into this PR and resolve conflicts when #28893 accepted.

[dongjoon-hyun]

Thank you, @gaborgsomogyi . I reviewed #28893 . We can merge that if the timeout issue is resolved there.

[SparkQA]

Test build #124420 has finished for PR 28863 at commit e16b4a4.

• This patch fails Spark unit tests.
• This patch merges cleanly.
• This patch adds no public classes.

[gaborgsomogyi]

retest this please

[SparkQA]

Test build #124425 has finished for PR 28863 at commit e16b4a4.

• This patch fails build dependency tests.
• This patch merges cleanly.
• This patch adds no public classes.

[SparkQA]

Test build #124418 has finished for PR 28863 at commit d698fea.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds the following public classes (experimental):
• public final class MapOutputCommitMessage
• sealed trait LogisticRegressionSummary extends ClassificationSummary
• class _ClassificationSummary(JavaWrapper):
• class _TrainingSummary(JavaWrapper):
• class _BinaryClassificationSummary(_ClassificationSummary):
• class LogisticRegressionSummary(_ClassificationSummary):
• class LogisticRegressionTrainingSummary(LogisticRegressionSummary, _TrainingSummary):
• class BinaryLogisticRegressionSummary(_BinaryClassificationSummary,
• case class Hour(child: Expression, timeZoneId: Option[String] = None) extends GetTimeField
• case class Minute(child: Expression, timeZoneId: Option[String] = None) extends GetTimeField
• case class Second(child: Expression, timeZoneId: Option[String] = None) extends GetTimeField
• trait GetDateField extends UnaryExpression with ImplicitCastInputTypes with NullIntolerant
• case class DayOfYear(child: Expression) extends GetDateField
• case class Year(child: Expression) extends GetDateField
• case class YearOfWeek(child: Expression) extends GetDateField
• case class Quarter(child: Expression) extends GetDateField
• case class Month(child: Expression) extends GetDateField
• case class DayOfMonth(child: Expression) extends GetDateField
• case class DayOfWeek(child: Expression) extends GetDateField
• case class WeekDay(child: Expression) extends GetDateField
• case class WeekOfYear(child: Expression) extends GetDateField
• case class CoalesceBucketsInSortMergeJoin(conf: SQLConf) extends Rule[SparkPlan]
• class StateStoreConf(

[maropu]

cc: @dongjoon-hyun

[dongjoon-hyun]

Retest this please

[SparkQA]

Test build #124569 has finished for PR 28863 at commit e16b4a4.

• This patch fails build dependency tests.
• This patch merges cleanly.
• This patch adds no public classes.

[dongjoon-hyun]

Retest this please.

[SparkQA]

Test build #124573 has finished for PR 28863 at commit e16b4a4.

• This patch fails build dependency tests.
• This patch merges cleanly.
• This patch adds no public classes.

[dongjoon-hyun]

Retest this please.

[SparkQA]

Test build #124576 has finished for PR 28863 at commit e16b4a4.

• This patch fails build dependency tests.
• This patch merges cleanly.
• This patch adds no public classes.

[SparkQA]

Test build #124640 has finished for PR 28863 at commit 461eed0.

• This patch fails Spark unit tests.
• This patch merges cleanly.
• This patch adds no public classes.

[gaborgsomogyi]

retest this please

[dongjoon-hyun]

Retest this please.

[dongjoon-hyun]

Hi, @gaborgsomogyi . Is OracleKrbIntegrationSuite missing here?

[maropu]

retest this please

[maropu]

(Seems Jenkins sleeping now...)

[gaborgsomogyi]

@dongjoon-hyun Yes, I've spent almost gross 1 month to make it work w/ MiniKDC but no success. Please see my comment up. Not found any clear statement it must work so I gave up. If somebody can make it work or when active directory will be available in docker we can add it.

[dongjoon-hyun]

@gaborgsomogyi .

• +1 for adding those important content on the PR description How was this patch tested? section. Your important Investigation and decision is worth to be a commit log. Mostly, only commit logs prove your achievement and contribution, and make people trust you.
• Existing integration tests (especially OracleIntegrationSuite) sounds like misleading a little. Is that testing this code patch?

[SparkQA]

Test build #124667 has finished for PR 28863 at commit 461eed0.

• This patch fails to generate documentation.
• This patch merges cleanly.
• This patch adds no public classes.

[gaborgsomogyi]

@dongjoon-hyun Oh gosh! OracleIntegrationSuite is a leftover from the original PR where driver upgrade was inside.

[gaborgsomogyi]

retest this please

[SparkQA]

Test build #124681 has finished for PR 28863 at commit 461eed0.

• This patch fails build dependency tests.
• This patch merges cleanly.
• This patch adds no public classes.

[dongjoon-hyun]

+1, LGTM. Thank you, @gaborgsomogyi and @maropu .
I tested locally the dependency and the new test suite.
Merged to master for Apache Spark 3.1.0.

[gaborgsomogyi]

@dongjoon-hyun thank you taking care and giving me suggestions like your last comment. I'm going to consider them in later contributions.

[MaxGekk]

Can this cause the build failure? #28959 (comment)

[dongjoon-hyun]

Thanks, I'm looking at this, @MaxGekk and @jiangxb1987 . It's weird because GitHub action passed.