This project has retired. For details please refer to its
Attic page.
001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018 package org.apache.oozie.action.hadoop;
019
020 import org.apache.hadoop.hive.conf.HiveConf;
021 import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
022 import org.apache.hadoop.hive.metastore.api.MetaException;
023 import org.apache.hadoop.io.Text;
024 import org.apache.hadoop.mapred.JobConf;
025 import org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier;
026 import org.apache.hadoop.security.UserGroupInformation;
027 import org.apache.hadoop.security.token.Token;
028 import org.apache.oozie.util.XLog;
029
030 /**
031 * Helper class to handle the HCat credentials
032 * Performs internally the heavy-lifting of fetching delegation tokens from Hive Metastore, abstracted from the user
033 * Token is added to jobConf
034 */
035 public class HCatCredentialHelper {
036
037 private static final String USER_NAME = "user.name";
038 // Some Hive Metastore properties
039 private static final String HIVE_METASTORE_SASL_ENABLED = "hive.metastore.sasl.enabled";
040 private static final String HIVE_METASTORE_KERBEROS_PRINCIPAL = "hive.metastore.kerberos.principal";
041 private static final String HIVE_METASTORE_LOCAL = "hive.metastore.local";
042
043 /**
044 * This Function will set the HCat token to jobconf
045 * @param launcherJobConf - job conf
046 * @param principal - principal for HCat server
047 * @param server - Serevr URI for HCat server
048 * @throws Exception
049 */
050 public void set(JobConf launcherJobConf, String principal, String server) throws Exception {
051 try {
052 HiveMetaStoreClient client = getHCatClient(principal, server);
053 XLog.getLog(getClass()).debug(
054 "HCatCredentialHelper: set: User name for which token will be asked from HCat: "
055 + launcherJobConf.get(USER_NAME));
056 String tokenStrForm = client.getDelegationToken(launcherJobConf.get(USER_NAME), UserGroupInformation
057 .getLoginUser().getShortUserName());
058 Token<DelegationTokenIdentifier> hcatToken = new Token<DelegationTokenIdentifier>();
059 hcatToken.decodeFromUrlString(tokenStrForm);
060 launcherJobConf.getCredentials().addToken(new Text("HCat Token"), hcatToken);
061 XLog.getLog(getClass()).debug("Added the HCat token in job conf");
062 }
063 catch (Exception ex) {
064 XLog.getLog(getClass()).debug("set Exception" + ex.getMessage());
065 throw ex;
066 }
067 }
068
069 /**
070 * Getting the HCat client.
071 * @param principal
072 * @param server
073 * @return HiveMetaStoreClient
074 * @throws MetaException
075 */
076 public HiveMetaStoreClient getHCatClient(String principal, String server) throws MetaException {
077 HiveConf hiveConf = null;
078 HiveMetaStoreClient hiveclient = null;
079 hiveConf = new HiveConf();
080 XLog.getLog(getClass()).debug("getHCatClient: Principal: " + principal + " Server: " + server);
081 // specified a thrift url
082
083 hiveConf.set(HIVE_METASTORE_SASL_ENABLED, "true");
084 hiveConf.set(HIVE_METASTORE_KERBEROS_PRINCIPAL, principal);
085 hiveConf.set(HIVE_METASTORE_LOCAL, "false");
086 hiveConf.set(HiveConf.ConfVars.METASTOREURIS.varname, server);
087 hiveclient = new HiveMetaStoreClient(hiveConf);
088 return hiveclient;
089 }
090 }