001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *      http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing, software
013     * distributed under the License is distributed on an "AS IS" BASIS,
014     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015     * See the License for the specific language governing permissions and
016     * limitations under the License.
017     */
018    package org.apache.oozie.action.hadoop;
019    
020    import org.apache.hadoop.hive.conf.HiveConf;
021    import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
022    import org.apache.hadoop.hive.metastore.api.MetaException;
023    import org.apache.hadoop.io.Text;
024    import org.apache.hadoop.mapred.JobConf;
025    import org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier;
026    import org.apache.hadoop.security.UserGroupInformation;
027    import org.apache.hadoop.security.token.Token;
028    import org.apache.oozie.util.XLog;
029    
030    /**
031     * Helper class to handle the HCat credentials
032     * Performs internally the heavy-lifting of fetching delegation tokens from Hive Metastore, abstracted from the user
033     * Token is added to jobConf
034     */
035    public class HCatCredentialHelper {
036    
037        private static final String USER_NAME = "user.name";
038        // Some Hive Metastore properties
039        private static final String HIVE_METASTORE_SASL_ENABLED = "hive.metastore.sasl.enabled";
040        private static final String HIVE_METASTORE_KERBEROS_PRINCIPAL = "hive.metastore.kerberos.principal";
041        private static final String HIVE_METASTORE_LOCAL = "hive.metastore.local";
042    
043        /**
044         * This Function will set the HCat token to jobconf
045         * @param launcherJobConf - job conf
046         * @param principal - principal for HCat server
047         * @param server - Serevr URI for HCat server
048         * @throws Exception
049         */
050        public void set(JobConf launcherJobConf, String principal, String server) throws Exception {
051            try {
052                HiveMetaStoreClient client = getHCatClient(principal, server);
053                XLog.getLog(getClass()).debug(
054                        "HCatCredentialHelper: set: User name for which token will be asked from HCat: "
055                                + launcherJobConf.get(USER_NAME));
056                String tokenStrForm = client.getDelegationToken(launcherJobConf.get(USER_NAME), UserGroupInformation
057                        .getLoginUser().getShortUserName());
058                Token<DelegationTokenIdentifier> hcatToken = new Token<DelegationTokenIdentifier>();
059                hcatToken.decodeFromUrlString(tokenStrForm);
060                launcherJobConf.getCredentials().addToken(new Text("HCat Token"), hcatToken);
061                XLog.getLog(getClass()).debug("Added the HCat token in job conf");
062            }
063            catch (Exception ex) {
064                XLog.getLog(getClass()).debug("set Exception" + ex.getMessage());
065                throw ex;
066            }
067        }
068    
069        /**
070         * Getting the HCat client.
071         * @param principal
072         * @param server
073         * @return HiveMetaStoreClient
074         * @throws MetaException
075         */
076        public HiveMetaStoreClient getHCatClient(String principal, String server) throws MetaException {
077            HiveConf hiveConf = null;
078            HiveMetaStoreClient hiveclient = null;
079            hiveConf = new HiveConf();
080            XLog.getLog(getClass()).debug("getHCatClient: Principal: " + principal + " Server: " + server);
081            // specified a thrift url
082    
083            hiveConf.set(HIVE_METASTORE_SASL_ENABLED, "true");
084            hiveConf.set(HIVE_METASTORE_KERBEROS_PRINCIPAL, principal);
085            hiveConf.set(HIVE_METASTORE_LOCAL, "false");
086            hiveConf.set(HiveConf.ConfVars.METASTOREURIS.varname, server);
087            hiveclient = new HiveMetaStoreClient(hiveConf);
088            return hiveclient;
089        }
090    }