abstractdog commented on code in PR #4882: URL: https://github.com/apache/hive/pull/4882#discussion_r1760045461
########## llap-server/src/java/org/apache/hadoop/hive/llap/LlapUgiManager.java: ########## @@ -0,0 +1,85 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hive.llap; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.FileSystem; +import org.apache.hadoop.hive.llap.daemon.impl.QueryIdentifier; +import org.apache.hadoop.hive.llap.security.LlapUgiHelper; +import org.apache.hadoop.security.Credentials; +import org.apache.hadoop.security.UserGroupInformation; + +import java.io.IOException; +import java.util.concurrent.ConcurrentHashMap; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class LlapUgiManager { + private static final Logger LOG = LoggerFactory.getLogger(LlapUgiManager.class); + private final ConcurrentHashMap<QueryIdentifier, UserGroupInformation> ugis = new ConcurrentHashMap<>(); + private final LlapUgiFactory ugiFactory; + + private LlapUgiManager(Configuration conf) { + try { + ugiFactory = LlapUgiHelper.createLlapUgiFactory(conf); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + + public static LlapUgiManager getInstance(Configuration daemonConf) { + return new LlapUgiManager(daemonConf); + } + + /** + * Creates (or returns) an ugi for tasks in the same query and merges the credentials. + * This is valid to be done once per query: no vertex-level ugi and credentials are needed, both of them + * are the same within the same query. + * Regarding vertex user: LlapTaskCommunicator has a single "user" field, + * which is passed into the SignableVertexSpec. + * Regarding credentials: LlapTaskCommunicator creates SubmitWorkRequestProto instances, + * into which dag-level credentials are passed. + * The most performant way would be to use a single UGI for the same user in the daemon, but that's not possible, + * because the credentials can theoretically change across queries. + */ + public UserGroupInformation getUgi(QueryIdentifier queryIdentifier, String user, Credentials credentials) { Review Comment: ack -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
