Repository: hive Updated Branches: refs/heads/master a65387194 -> 4451151dd
HIVE-14219: LLAP external client on secure cluster: Protocol interface org.apache.hadoop.hive.llap.protocol.LlapTaskUmbilicalProtocol is not known (Jason Dere, reviewed by Sergey Shelukhin) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/4451151d Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/4451151d Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/4451151d Branch: refs/heads/master Commit: 4451151ddf75fc1febea738c3ab6c29650523822 Parents: a653871 Author: Jason Dere <jd...@hortonworks.com> Authored: Wed Jul 13 11:08:02 2016 -0700 Committer: Jason Dere <jd...@hortonworks.com> Committed: Wed Jul 13 11:08:02 2016 -0700 ---------------------------------------------------------------------- .../helpers/LlapTaskUmbilicalServer.java | 22 ++++++++++++++++++++ 1 file changed, 22 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/4451151d/llap-client/src/java/org/apache/hadoop/hive/llap/tezplugins/helpers/LlapTaskUmbilicalServer.java ---------------------------------------------------------------------- diff --git a/llap-client/src/java/org/apache/hadoop/hive/llap/tezplugins/helpers/LlapTaskUmbilicalServer.java b/llap-client/src/java/org/apache/hadoop/hive/llap/tezplugins/helpers/LlapTaskUmbilicalServer.java index 79800da..470ee6d 100644 --- a/llap-client/src/java/org/apache/hadoop/hive/llap/tezplugins/helpers/LlapTaskUmbilicalServer.java +++ b/llap-client/src/java/org/apache/hadoop/hive/llap/tezplugins/helpers/LlapTaskUmbilicalServer.java @@ -21,10 +21,14 @@ import java.net.InetSocketAddress; import java.util.concurrent.atomic.AtomicBoolean; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; import org.apache.hadoop.hive.llap.protocol.LlapTaskUmbilicalProtocol; import org.apache.hadoop.ipc.RPC; import org.apache.hadoop.ipc.Server; +import org.apache.hadoop.mapreduce.MRJobConfig; import org.apache.hadoop.net.NetUtils; +import org.apache.hadoop.security.authorize.PolicyProvider; +import org.apache.hadoop.security.authorize.Service; import org.apache.hadoop.security.token.Token; import org.apache.tez.common.security.JobTokenIdentifier; import org.apache.tez.common.security.JobTokenSecretManager; @@ -53,6 +57,10 @@ public class LlapTaskUmbilicalServer { .setNumHandlers(numHandlers) .setSecretManager(jobTokenSecretManager).build(); + if (conf.getBoolean(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, false)) { + server.refreshServiceAcl(conf, new LlapUmbilicalExternalPolicyProvider()); + } + server.start(); this.address = NetUtils.getConnectAddress(server); LOG.info( @@ -70,4 +78,18 @@ public class LlapTaskUmbilicalServer { server.stop(); } } + + public static class LlapUmbilicalExternalPolicyProvider extends PolicyProvider { + + private static final Service[] services = { + new Service( + MRJobConfig.MR_AM_SECURITY_SERVICE_AUTHORIZATION_TASK_UMBILICAL, + LlapTaskUmbilicalProtocol.class) + }; + + @Override + public Service[] getServices() { + return services.clone(); + } + } }