Repository: hive Updated Branches: refs/heads/hive-14535 3e481b471 -> 70299dc48
HIVE-14702 : LLAPIF: after a long period of inactivity, signing key may be removed from local store (Sergey Shelukhin, reviewed by Jason Dere) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/805367b0 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/805367b0 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/805367b0 Branch: refs/heads/hive-14535 Commit: 805367b0e2d1a024e6699e0125e7c68fb3fc1f26 Parents: 49f103c Author: Sergey Shelukhin <[email protected]> Authored: Mon Sep 12 12:58:04 2016 -0700 Committer: Sergey Shelukhin <[email protected]> Committed: Mon Sep 12 12:58:04 2016 -0700 ---------------------------------------------------------------------- .../org/apache/hadoop/hive/llap/security/SecretManager.java | 9 +++++++-- .../hadoop/hive/llap/security/SigningSecretManager.java | 4 +++- 2 files changed, 10 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/805367b0/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java ---------------------------------------------------------------------- diff --git a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java index 8d0fa2e..345156f 100644 --- a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java +++ b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java @@ -38,6 +38,7 @@ import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.delegation.DelegationKey; +import org.apache.hadoop.security.token.delegation.HiveDelegationTokenSupport; import org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager; import org.apache.hadoop.security.token.delegation.web.DelegationTokenManager; import org.apache.zookeeper.data.ACL; @@ -119,8 +120,12 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent } @Override - public synchronized DelegationKey getCurrentKey() { - return allKeys.get(getCurrentKeyId()); + public synchronized DelegationKey getCurrentKey() throws IOException { + DelegationKey currentKey = getDelegationKey(getCurrentKeyId()); + if (currentKey != null) return currentKey; + // Try to roll the key if none is found. + HiveDelegationTokenSupport.rollMasterKey(this); + return getDelegationKey(getCurrentKeyId()); } @Override http://git-wip-us.apache.org/repos/asf/hive/blob/805367b0/llap-common/src/java/org/apache/hadoop/hive/llap/security/SigningSecretManager.java ---------------------------------------------------------------------- diff --git a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SigningSecretManager.java b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SigningSecretManager.java index 82b1992..acae57b 100644 --- a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SigningSecretManager.java +++ b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SigningSecretManager.java @@ -17,10 +17,12 @@ */ package org.apache.hadoop.hive.llap.security; +import java.io.IOException; + import org.apache.hadoop.security.token.delegation.DelegationKey; public interface SigningSecretManager { - DelegationKey getCurrentKey(); + DelegationKey getCurrentKey() throws IOException; byte[] signWithKey(byte[] message, DelegationKey key); byte[] signWithKey(byte[] message, int keyId) throws SecurityException; void close();
