Create GenericHiveRecordCursor within doAs block to pass the correct credentials to storage

[chliang71]

Add authentication when creating Hive page source, this is needed when:

1. table schema is stored as an Avro file schema on some remote path, e.g. avro.schema.url = hdfs://...
2. the remote HDFS path requires authentication

Currently this code path in Presto does not include authentication, so this fetching remote Avro schema would fail. Causing exception something like below:

java.lang.RuntimeException: error initializing deserializer: com.facebook.presto.hive.avro.PrestoAvroSerDe
	at com.facebook.presto.hive.HiveUtil.initializeDeserializer(HiveUtil.java:443)
	at com.facebook.presto.hive.HiveUtil.getDeserializer(HiveUtil.java:396)
	at com.facebook.presto.hive.GenericHiveRecordCursor.<init>(GenericHiveRecordCursor.java:141)
	at com.facebook.presto.hive.GenericHiveRecordCursorProvider.createRecordCursor(GenericHiveRecordCursorProvider.java:79)
	at com.facebook.presto.hive.HivePageSourceProvider.createHivePageSource(HivePageSourceProvider.java:357)
	at com.facebook.presto.hive.HivePageSourceProvider.createPageSource(HivePageSourceProvider.java:125)
	at com.facebook.presto.spi.connector.classloader.ClassLoaderSafeConnectorPageSourceProvider.createPageSource(ClassLoaderSafeConnectorPageSourceProvider.java:51)
	at com.facebook.presto.split.PageSourceManager.createPageSource(PageSourceManager.java:58)
....
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
	at java.security.jgss/sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
	at java.security.jgss/sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:126)
	at java.security.jgss/sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:191)
	at java.security.jgss/sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:218)
	at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230)
	at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:196)
	at jdk.security.jgss/com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
	... 68 more

Test plan - (Please fill in how you tested your changes)

Tested in our internal testing cluster, with this change, the exception no longer shows up.

== RELEASE NOTES ==
Hive Changes
* Fix a bug in reading Avro format table with schema located in a Kerberos enabled HDFS compliant filesystem.

[chliang71]

@vkorukanti do you mind taking a look on this change? Thanks in advance!

[vkorukanti]

This seems like generic code applicable to all page soures. Can you move the deserializer creation to within doAs block in GenericHiveRecordCursorProvider here and pass it as an argument to GenericHiveRecordCursor?

cc. @zhenxiao

[vkorukanti]

Or just put the below block within a doAs block. It avoids passing a new param.

    return Optional.of(new GenericHiveRecordCursor<>(
                configuration,
                path,
                genericRecordReader(recordReader),
                length,
                schema,
                columns,
                hiveStorageTimeZone,
                typeManager));

[vkorukanti]

nit: you can return the value returned by call hdfsEnvironment.doAs(...) like return hdfsEnvironment.doAs

[chliang71]

thanks! updated

[ajaygeorge]

Hi @chliang71 / @vkorukanti
Release notes are missing for this PR.
Please add them according to the guidelines mentioned here