001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 package org.apache.oozie.action.hadoop; 019 020 import org.apache.hadoop.hive.conf.HiveConf; 021 import org.apache.hadoop.hive.metastore.HiveMetaStoreClient; 022 import org.apache.hadoop.hive.metastore.api.MetaException; 023 import org.apache.hadoop.io.Text; 024 import org.apache.hadoop.mapred.JobConf; 025 import org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier; 026 import org.apache.hadoop.security.UserGroupInformation; 027 import org.apache.hadoop.security.token.Token; 028 import org.apache.oozie.util.XLog; 029 030 /** 031 * Helper class to handle the HCat credentials 032 * Performs internally the heavy-lifting of fetching delegation tokens from Hive Metastore, abstracted from the user 033 * Token is added to jobConf 034 */ 035 public class HCatCredentialHelper { 036 037 private static final String USER_NAME = "user.name"; 038 // Some Hive Metastore properties 039 private static final String HIVE_METASTORE_SASL_ENABLED = "hive.metastore.sasl.enabled"; 040 private static final String HIVE_METASTORE_KERBEROS_PRINCIPAL = "hive.metastore.kerberos.principal"; 041 private static final String HIVE_METASTORE_LOCAL = "hive.metastore.local"; 042 043 /** 044 * This Function will set the HCat token to jobconf 045 * @param launcherJobConf - job conf 046 * @param principal - principal for HCat server 047 * @param server - Serevr URI for HCat server 048 * @throws Exception 049 */ 050 public void set(JobConf launcherJobConf, String principal, String server) throws Exception { 051 try { 052 HiveMetaStoreClient client = getHCatClient(principal, server); 053 XLog.getLog(getClass()).debug( 054 "HCatCredentialHelper: set: User name for which token will be asked from HCat: " 055 + launcherJobConf.get(USER_NAME)); 056 String tokenStrForm = client.getDelegationToken(launcherJobConf.get(USER_NAME), UserGroupInformation 057 .getLoginUser().getShortUserName()); 058 Token<DelegationTokenIdentifier> hcatToken = new Token<DelegationTokenIdentifier>(); 059 hcatToken.decodeFromUrlString(tokenStrForm); 060 launcherJobConf.getCredentials().addToken(new Text("HCat Token"), hcatToken); 061 XLog.getLog(getClass()).debug("Added the HCat token in job conf"); 062 } 063 catch (Exception ex) { 064 XLog.getLog(getClass()).debug("set Exception" + ex.getMessage()); 065 throw ex; 066 } 067 } 068 069 /** 070 * Getting the HCat client. 071 * @param principal 072 * @param server 073 * @return HiveMetaStoreClient 074 * @throws MetaException 075 */ 076 public HiveMetaStoreClient getHCatClient(String principal, String server) throws MetaException { 077 HiveConf hiveConf = null; 078 HiveMetaStoreClient hiveclient = null; 079 hiveConf = new HiveConf(); 080 XLog.getLog(getClass()).debug("getHCatClient: Principal: " + principal + " Server: " + server); 081 // specified a thrift url 082 083 hiveConf.set(HIVE_METASTORE_SASL_ENABLED, "true"); 084 hiveConf.set(HIVE_METASTORE_KERBEROS_PRINCIPAL, principal); 085 hiveConf.set(HIVE_METASTORE_LOCAL, "false"); 086 hiveConf.set(HiveConf.ConfVars.METASTOREURIS.varname, server); 087 hiveclient = new HiveMetaStoreClient(hiveConf); 088 return hiveclient; 089 } 090 }