001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018 package org.apache.oozie.action.hadoop;
019
020 import org.apache.hadoop.hive.conf.HiveConf;
021 import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
022 import org.apache.hadoop.hive.metastore.api.MetaException;
023 import org.apache.hadoop.io.Text;
024 import org.apache.hadoop.mapred.JobConf;
025 import org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier;
026 import org.apache.hadoop.security.token.Token;
027 import org.apache.oozie.util.XLog;
028
029 /**
030 * Helper class to handle the HCat credentials
031 * Performs internally the heavy-lifting of fetching delegation tokens from Hive Metastore, abstracted from the user
032 * Token is added to jobConf
033 */
034 public class HCatCredentialHelper {
035
036 private static final String USER_NAME = "user.name";
037 // Some Hive Metastore properties
038 private static final String HIVE_METASTORE_SASL_ENABLED = "hive.metastore.sasl.enabled";
039 private static final String HIVE_METASTORE_KERBEROS_PRINCIPAL = "hive.metastore.kerberos.principal";
040 private static final String HIVE_METASTORE_LOCAL = "hive.metastore.local";
041
042 /**
043 * This Function will set the HCat token to jobconf
044 * @param launcherJobConf - job conf
045 * @param principal - principal for HCat server
046 * @param server - Serevr URI for HCat server
047 * @throws Exception
048 */
049 public void set(JobConf launcherJobConf, String principal, String server) throws Exception {
050 try {
051 HiveMetaStoreClient client = getHCatClient(principal, server);
052 XLog.getLog(getClass()).debug(
053 "HCatCredentialHelper: set: User name for which token will be asked from HCat: "
054 + launcherJobConf.get(USER_NAME));
055 String tokenStrForm = client.getDelegationToken(launcherJobConf.get(USER_NAME));
056 Token<DelegationTokenIdentifier> hcatToken = new Token<DelegationTokenIdentifier>();
057 hcatToken.decodeFromUrlString(tokenStrForm);
058 launcherJobConf.getCredentials().addToken(new Text("HCat Token"), hcatToken);
059 XLog.getLog(getClass()).debug("Added the HCat token in job conf");
060 }
061 catch (Exception ex) {
062 XLog.getLog(getClass()).debug("set Exception" + ex.getMessage());
063 throw ex;
064 }
065 }
066
067 /**
068 * Getting the HCat client.
069 * @param principal
070 * @param server
071 * @return HiveMetaStoreClient
072 * @throws MetaException
073 */
074 public HiveMetaStoreClient getHCatClient(String principal, String server) throws MetaException {
075 HiveConf hiveConf = null;
076 HiveMetaStoreClient hiveclient = null;
077 hiveConf = new HiveConf();
078 XLog.getLog(getClass()).debug("getHCatClient: Principal: " + principal + " Server: " + server);
079 // specified a thrift url
080
081 hiveConf.set(HIVE_METASTORE_SASL_ENABLED, "true");
082 hiveConf.set(HIVE_METASTORE_KERBEROS_PRINCIPAL, principal);
083 hiveConf.set(HIVE_METASTORE_LOCAL, "false");
084 hiveConf.set(HiveConf.ConfVars.METASTOREURIS.varname, server);
085 hiveclient = new HiveMetaStoreClient(hiveConf);
086 return hiveclient;
087 }
088 }