(hive) branch master updated: HIVE-28913: A delegation token must be issued for the proxy user while reconnecting to Metastore. (#5775)

Sun, 27 Apr 2025 19:54:10 -0700 

This is an automated email from the ASF dual-hosted git repository.

dengzh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git


The following commit(s) were added to refs/heads/master by this push:
     new 063cfa3c6b8 HIVE-28913: A delegation token must be issued for the 
proxy user while reconnecting to Metastore. (#5775)
063cfa3c6b8 is described below

commit 063cfa3c6b8fcb0e130adb1a7c7b4f0931d82430
Author: koodin9 <[email protected]>
AuthorDate: Mon Apr 28 11:53:43 2025 +0900

    HIVE-28913: A delegation token must be issued for the proxy user while 
reconnecting to Metastore. (#5775)
---
 .../hadoop/hive/metastore/HiveMetaStoreClient.java | 78 ++++++++++++----------
 1 file changed, 43 insertions(+), 35 deletions(-)

diff --git 
a/standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
 
b/standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
index 4c2faf18987..cc9243bc876 100644
--- 
a/standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
+++ 
b/standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
@@ -243,41 +243,8 @@ public HiveMetaStoreClient(Configuration conf, 
HiveMetaHookLoader hookLoader, Bo
       throw new MetaException("MetaStoreURIs not found in conf file");
     }
 
-    //If HADOOP_PROXY_USER is set in env or property,
-    //then need to create metastore client that proxies as that user.
-    String HADOOP_PROXY_USER = "HADOOP_PROXY_USER";
-    String proxyUser = System.getenv(HADOOP_PROXY_USER);
-    if (proxyUser == null) {
-      proxyUser = System.getProperty(HADOOP_PROXY_USER);
-    }
-    //if HADOOP_PROXY_USER is set, create DelegationToken using real user
-    if (proxyUser != null) {
-      LOG.info(HADOOP_PROXY_USER + " is set. Using delegation "
-          + "token for HiveMetaStore connection.");
-      try {
-        
UserGroupInformation.getRealUserOrSelf(UserGroupInformation.getLoginUser()).doAs(
-            new PrivilegedExceptionAction<Void>() {
-              @Override
-              public Void run() throws Exception {
-                open();
-                return null;
-              }
-            });
-        String delegationTokenPropString = 
"DelegationTokenForHiveMetaStoreServer";
-        String delegationTokenStr = getDelegationToken(proxyUser, proxyUser);
-        SecurityUtils.setTokenStr(UserGroupInformation.getCurrentUser(), 
delegationTokenStr,
-            delegationTokenPropString);
-        MetastoreConf.setVar(this.conf, ConfVars.TOKEN_SIGNATURE, 
delegationTokenPropString);
-        close();
-      } catch (Exception e) {
-        LOG.error("Error while setting delegation token for " + proxyUser, e);
-        if (e instanceof MetaException) {
-          throw (MetaException) e;
-        } else {
-          throw new MetaException(e.getMessage());
-        }
-      }
-    }
+    generateProxyUserDelegationToken();
+
     // finally open the store
     open();
   }
@@ -389,6 +356,44 @@ private void resolveUris() throws MetaException {
     }
   }
 
+  private void generateProxyUserDelegationToken() throws MetaException {
+    //If HADOOP_PROXY_USER is set in env or property,
+    //then need to create metastore client that proxies as that user.
+    String HADOOP_PROXY_USER = "HADOOP_PROXY_USER";
+    String proxyUser = System.getenv(HADOOP_PROXY_USER);
+    if (proxyUser == null) {
+      proxyUser = System.getProperty(HADOOP_PROXY_USER);
+    }
+    //if HADOOP_PROXY_USER is set, create DelegationToken using real user
+    if (proxyUser != null) {
+      LOG.info(HADOOP_PROXY_USER + " is set. Using delegation "
+          + "token for HiveMetaStore connection.");
+      try {
+        
UserGroupInformation.getRealUserOrSelf(UserGroupInformation.getLoginUser()).doAs(
+            new PrivilegedExceptionAction<Void>() {
+              @Override
+              public Void run() throws Exception {
+                open();
+                return null;
+              }
+            });
+        String delegationTokenPropString = 
"DelegationTokenForHiveMetaStoreServer";
+        String delegationTokenStr = getDelegationToken(proxyUser, proxyUser);
+        SecurityUtils.setTokenStr(UserGroupInformation.getCurrentUser(), 
delegationTokenStr,
+            delegationTokenPropString);
+        MetastoreConf.setVar(this.conf, ConfVars.TOKEN_SIGNATURE, 
delegationTokenPropString);
+      } catch (Exception e) {
+        LOG.error("Error while setting delegation token for " + proxyUser, e);
+        if (e instanceof MetaException) {
+          throw (MetaException) e;
+        } else {
+          throw new MetaException(e.getMessage());
+        }
+      } finally {
+        close();
+      }
+    }
+  }
 
   private MetaStoreFilterHook loadFilterHooks() throws IllegalStateException {
     Class<? extends MetaStoreFilterHook> authProviderClass = MetastoreConf.
@@ -502,6 +507,9 @@ public void reconnect() throws MetaException {
         // connection has died and the default connection is likely to be the 
first array element.
         promoteRandomMetaStoreURI();
       }
+
+      generateProxyUserDelegationToken();
+
       open();
     }
   }

Reply via email to