001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 package org.apache.oozie.action.hadoop; 019 020 import org.apache.hadoop.hive.conf.HiveConf; 021 import org.apache.hadoop.hive.metastore.HiveMetaStoreClient; 022 import org.apache.hadoop.hive.metastore.api.MetaException; 023 import org.apache.hadoop.io.Text; 024 import org.apache.hadoop.mapred.JobConf; 025 import org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier; 026 import org.apache.hadoop.security.token.Token; 027 import org.apache.oozie.util.XLog; 028 029 /** 030 * Helper class to handle the HCat credentials 031 * Performs internally the heavy-lifting of fetching delegation tokens from Hive Metastore, abstracted from the user 032 * Token is added to jobConf 033 */ 034 public class HCatCredentialHelper { 035 036 private static final String USER_NAME = "user.name"; 037 // Some Hive Metastore properties 038 private static final String HIVE_METASTORE_SASL_ENABLED = "hive.metastore.sasl.enabled"; 039 private static final String HIVE_METASTORE_KERBEROS_PRINCIPAL = "hive.metastore.kerberos.principal"; 040 private static final String HIVE_METASTORE_LOCAL = "hive.metastore.local"; 041 042 /** 043 * This Function will set the HCat token to jobconf 044 * @param launcherJobConf - job conf 045 * @param principal - principal for HCat server 046 * @param server - Serevr URI for HCat server 047 * @throws Exception 048 */ 049 public void set(JobConf launcherJobConf, String principal, String server) throws Exception { 050 try { 051 HiveMetaStoreClient client = getHCatClient(principal, server); 052 XLog.getLog(getClass()).debug( 053 "HCatCredentialHelper: set: User name for which token will be asked from HCat: " 054 + launcherJobConf.get(USER_NAME)); 055 String tokenStrForm = client.getDelegationToken(launcherJobConf.get(USER_NAME)); 056 Token<DelegationTokenIdentifier> hcatToken = new Token<DelegationTokenIdentifier>(); 057 hcatToken.decodeFromUrlString(tokenStrForm); 058 launcherJobConf.getCredentials().addToken(new Text("HCat Token"), hcatToken); 059 XLog.getLog(getClass()).debug("Added the HCat token in job conf"); 060 } 061 catch (Exception ex) { 062 XLog.getLog(getClass()).debug("set Exception" + ex.getMessage()); 063 throw ex; 064 } 065 } 066 067 /** 068 * Getting the HCat client. 069 * @param principal 070 * @param server 071 * @return HiveMetaStoreClient 072 * @throws MetaException 073 */ 074 public HiveMetaStoreClient getHCatClient(String principal, String server) throws MetaException { 075 HiveConf hiveConf = null; 076 HiveMetaStoreClient hiveclient = null; 077 hiveConf = new HiveConf(); 078 XLog.getLog(getClass()).debug("getHCatClient: Principal: " + principal + " Server: " + server); 079 // specified a thrift url 080 081 hiveConf.set(HIVE_METASTORE_SASL_ENABLED, "true"); 082 hiveConf.set(HIVE_METASTORE_KERBEROS_PRINCIPAL, principal); 083 hiveConf.set(HIVE_METASTORE_LOCAL, "false"); 084 hiveConf.set(HiveConf.ConfVars.METASTOREURIS.varname, server); 085 hiveclient = new HiveMetaStoreClient(hiveConf); 086 return hiveclient; 087 } 088 }