address review comments

Signed-off-by: Tsvetomir Palashki <[email protected]>

projects/vdk-plugins/vdk-kerberos-auth/README.md

@@ -6,3 +6,13 @@ Run
 ```bash
 pip install vdk-kerberos-auth
 ```
+
+The following environment variables can be used to configure this plugin:
+
+| name                    | description                                                                                                                                                    |
+|-------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `VDK_KRB_AUTH`          | Specifies the Kerberos authentication type to use. Possible values are 'minikerberos' and 'kinit'. If left empty, the authentication is disabled.              |
+| `VDK_KEYTAB_FILENAME`   | Specifies the name of the keytab file. If left empty, the name of the keytab file is assumed to be the same as the name of the data job with '.keytab' suffix. |
+| `VDK_KEYTAB_PRINCIPAL`  | Specifies the Kerberos principal. If left empty, the principal will be the job name prepended with 'pa__view_'.                                                |
+| `VDK_KEYTAB_REALM`      | Specifies the Kerberos realm. This value is used only with the 'minikerberos' authentication type. The default value is 'default_realm'.                       |
+| `VDK_KERBEROS_KDC_HOST` | Specifies the name of the Kerberos KDC (Key Distribution Center) host. This value is used only with the 'minikerberos' authentication type.                    |

projects/vdk-plugins/vdk-kerberos-auth/src/vdk/plugin/kerberos/authenticator_factory.py

@@ -36,13 +36,13 @@ def create_authenticator(
         elif authentication_type is None:
             log.debug("No Kerberos authentication specified")
             return None
-        else:
-            errors.log_and_throw(
-                to_be_fixed_by=errors.ResolvableBy.CONFIG_ERROR,
-                log=log,
-                what_happened=f"Provided environment variable {'VDK_KRB_AUTH'} has invalid value.",
-                why_it_happened=f"VDK was run with environment variable {'VDK_KRB_AUTH'}={authentication_type}, "
-                f"however '{authentication_type}' is invalid value for this variable.",
-                consequences=errors.MSG_CONSEQUENCE_DELEGATING_TO_CALLER__LIKELY_EXECUTION_FAILURE,
-                countermeasures=f"Provide either 'minikerberos' or 'kinit' for environment variable {'VDK_KRB_AUTH'}.",
-            )
+
+        errors.log_and_throw(
+            to_be_fixed_by=errors.ResolvableBy.CONFIG_ERROR,
+            log=log,
+            what_happened="Provided environment variable VDK_KRB_AUTH has invalid value.",
+            why_it_happened=f"VDK was run with environment variable VDK_KRB_AUTH={authentication_type}, "
+            f"however '{authentication_type}' is invalid value for this variable.",
+            consequences=errors.MSG_CONSEQUENCE_DELEGATING_TO_CALLER__LIKELY_EXECUTION_FAILURE,
+            countermeasures="Provide either 'minikerberos' or 'kinit' for environment variable VDK_KRB_AUTH.",
+        )

projects/vdk-plugins/vdk-kerberos-auth/src/vdk/plugin/kerberos/kinit_authenticator.py

@@ -14,6 +14,8 @@
 class KinitGSSAPIAuthenticator(BaseAuthenticator):
     """
     A Kerberos authenticator that uses a 'kinit' call to obtain its ticket-granting ticket (TGT).
+    As this class operates by invoking 'kinit' directly, the Kerberos should be already installed
+    on the machine and the 'kinit' command should be working correctly.
     """
 
     def __init__(self, keytab_pathname: str, kerberos_principal: str):