Code of Conduct

• I agree to follow this project's Code of Conduct

Search before asking

• I have searched in the issues and found no similar issues.

Describe the bug

1. If the user is part of multiple AD Groups and when engine.share.level is set to group, hadoop returns all groups that the user is part of but kyuubi takes the first group from that list.

2. Then it expects that particular AD Group to be a valid YARN user and submits job as that user.

In the below error logs, out of all the AD Group the user is part of, it pick the first one i.e Internet_User and checks if that is a valid YARN user. If it is not, it throws the error

Expected Behaviour

We should be able to provide the list of AD Group kyuubi has to check if the user is part of. If found a match, then job should be launched as the user and not as that AD Group. Multiple users part of the same AD Group will have the same session, resources, etc but the job will be submitted by those users only

Affects Version(s)

1.8.2

Kyuubi Server Log Output

Failing this attempt.Diagnostics: [2024-05-06 09:14:47.685]Application application_1714974956360_0003 initialization failed (exitCode=255) with output: main : command provided 0
main : run as user is Internet_User
main : requested yarn user is Internet_User
User Internet_User not found

Kyuubi Engine Log Output

No response

Kyuubi Server Configurations

No response

Kyuubi Engine Configurations

No response

Additional context

No response

Are you willing to submit PR?

• Yes. I would be willing to submit a PR with guidance from the Kyuubi community to fix.
• No. I cannot submit a PR at this time.