Repository: hive Updated Branches: refs/heads/master 4a42bec6b -> 3f90794d8
Support HADOOP_PROXY_USER for secure impersonation in hive metastore client (Nanda kumar via Thejas Nair) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/3f90794d Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/3f90794d Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/3f90794d Branch: refs/heads/master Commit: 3f90794d872e90c29a068f16cdf3f45b1cf52c74 Parents: 4a42bec Author: Nanda kumar <nandakumar...@gmail.com> Authored: Mon Jan 23 16:58:28 2017 -0800 Committer: Thejas M Nair <the...@hortonworks.com> Committed: Mon Jan 23 16:58:28 2017 -0800 ---------------------------------------------------------------------- .../hive/metastore/HiveMetaStoreClient.java | 37 ++++++++++++++++++++ 1 file changed, 37 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/3f90794d/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java ---------------------------------------------------------------------- diff --git a/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java b/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java index 83b481c..b5d007d 100644 --- a/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java +++ b/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java @@ -45,6 +45,7 @@ import java.util.NoSuchElementException; import java.util.Random; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicInteger; +import java.security.PrivilegedExceptionAction; import javax.security.auth.login.LoginException; @@ -201,6 +202,42 @@ public class HiveMetaStoreClient implements IMetaStoreClient { LOG.error("NOT getting uris from conf"); throw new MetaException("MetaStoreURIs not found in conf file"); } + + //If HADOOP_PROXY_USER is set in env or property, + //then need to create metastore client that proxies as that user. + String HADOOP_PROXY_USER = "HADOOP_PROXY_USER"; + String proxyUser = System.getenv(HADOOP_PROXY_USER); + if (proxyUser == null) { + proxyUser = System.getProperty(HADOOP_PROXY_USER); + } + //if HADOOP_PROXY_USER is set, create DelegationToken using real user + if(proxyUser != null) { + LOG.info(HADOOP_PROXY_USER + " is set. Using delegation " + + "token for HiveMetaStore connection."); + try { + UserGroupInformation.getLoginUser().getRealUser().doAs( + new PrivilegedExceptionAction<Void>() { + @Override + public Void run() throws Exception { + open(); + return null; + } + }); + String delegationTokenPropString = "DelegationTokenForHiveMetaStoreServer"; + String delegationTokenStr = getDelegationToken(proxyUser, proxyUser); + Utils.setTokenStr(UserGroupInformation.getCurrentUser(), delegationTokenStr, + delegationTokenPropString); + this.conf.setVar(ConfVars.METASTORE_TOKEN_SIGNATURE, delegationTokenPropString); + close(); + } catch (Exception e) { + LOG.error("Error while setting delegation token for " + proxyUser, e); + if(e instanceof MetaException) { + throw (MetaException)e; + } else { + throw new MetaException(e.getMessage()); + } + } + } // finally open the store open(); }