Concurrent JDBC queries to Kerberos-enabled Kyuubi fail due to forced connection closure; request to optimize Kyuubi connectivity via SQLAlchemy

[dill21yu]

Description

When Hue connects to Apache Kyuubi via the JDBC backend with Kerberos authentication enabled, concurrent SQL queries can fail with SASL-related errors (e.g., TTransportException: SASL authentication failed).

This issue stems from the query_and_fetch(db, statement, n=None) function in librdbms/server/jdbc.py, which unconditionally calls db.close() in its finally block. Under Hue’s default behavior, JDBC connections are cached and shared across requests via API_CACHE . In a concurrent scenario:

Query A starts execution and holds the underlying database connection.
Query B completes and triggers db.close() in its finally block.
This forcibly terminates the Thrift transport and invalidates the Kerberos SASL session.
Query A subsequently fails when attempting further operations due to the lost authentication context.
This design is incompatible with stateful, authenticated sessions required by Kyuubi over HiveServer2 protocol.

Optimization Request:

To improve reliability and concurrency support for Kyuubi, we request that Hue optimize its integration with Kyuubi by adopting the SQLAlchemy interface instead of the current JDBC-based approach. SQLAlchemy provides mature connection management, better support for Kerberos-authenticated Hive/Kyuubi backends (via pyhive), and is well-suited for production-grade, multi-user environments.