ShubhamChaurasia commented on a change in pull request #1418:
URL: https://github.com/apache/hive/pull/1418#discussion_r479982693
##########
File path:
ql/src/java/org/apache/hadoop/hive/ql/udf/generic/GenericUDTFGetSplits.java
##########
@@ -559,12 +566,22 @@ private SplitResult getSplits(JobConf job, TezWork work,
Schema schema, Applicat
// 4. Make location hints.
SplitLocationInfo[] locations = makeLocationHints(hints.get(i));
+ // 5. populate info about llap daemons(to help client submit request
and read data)
+ LlapDaemonInfo[] llapDaemonInfos = populateLlapDaemonInfos(job,
locations);
+
+ // 6. Generate JWT for external clients if it's a cloud deployment
+ String jwt = "";
+ if (LlapUtil.isCloudDeployment()) {
+ JwtHelper jwtHelper = new JwtHelper(SessionState.getSessionConf());
+ jwt = jwtHelper.buildJwtForLlap(applicationId);
Review comment:
done
##########
File path:
llap-server/src/java/org/apache/hadoop/hive/llap/daemon/impl/ContainerRunnerImpl.java
##########
@@ -342,6 +352,33 @@ public SubmitWorkResponseProto
submitWork(SubmitWorkRequestProto request) throws
.build();
}
+ // if request is coming from llap external client, verify the JWT
+ // as of now, JWT contains applicationId
+ private void verifyJwtForExternalClient(SubmitWorkRequestProto request,
String applicationIdString,
+ String fragmentIdString) {
+ LOG.info("Checking if request[{}] is from llap external client in a cloud
based deployment", applicationIdString);
+ if (request.getIsExternalClientRequest() && LlapUtil.isCloudDeployment()) {
+ LOG.info("Llap external client request - {}, verifying JWT",
applicationIdString);
+ Preconditions.checkState(request.hasJwt(), "JWT not found in request,
fragmentId: " + fragmentIdString);
+
+ JwtHelper jwtHelper = new JwtHelper(getConfig());
+ Jws<Claims> claimsJws;
+ try {
+ claimsJws = jwtHelper.parseClaims(request.getJwt());
+ } catch (JwtException e) {
+ LOG.error("Cannot verify JWT provided with the request, fragmentId:
{}, {}", fragmentIdString, e);
+ throw e;
+ }
+
+ String appIdInJwt = (String)
claimsJws.getBody().get(JwtHelper.LLAP_EXT_CLIENT_APP_ID);
+ // this should never happen ideally.
+ Preconditions.checkState(appIdInJwt.equals(applicationIdString),
Review comment:
done
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
