001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *      http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.oozie.action.hadoop;
019
020import org.apache.hadoop.hive.conf.HiveConf;
021import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
022import org.apache.hadoop.hive.metastore.api.MetaException;
023import org.apache.hadoop.io.Text;
024import org.apache.hadoop.mapred.JobConf;
025import org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier;
026import org.apache.hadoop.security.UserGroupInformation;
027import org.apache.hadoop.security.token.Token;
028import org.apache.oozie.util.XLog;
029
030/**
031 * Helper class to handle the HCat credentials
032 * Performs internally the heavy-lifting of fetching delegation tokens from Hive Metastore, abstracted from the user
033 * Token is added to jobConf
034 */
035public class HCatCredentialHelper {
036
037    private static final String USER_NAME = "user.name";
038    // Some Hive Metastore properties
039    private static final String HIVE_METASTORE_SASL_ENABLED = "hive.metastore.sasl.enabled";
040    private static final String HIVE_METASTORE_KERBEROS_PRINCIPAL = "hive.metastore.kerberos.principal";
041    private static final String HIVE_METASTORE_LOCAL = "hive.metastore.local";
042
043    /**
044     * This Function will set the HCat token to jobconf
045     * @param launcherJobConf - job conf
046     * @param principal - principal for HCat server
047     * @param server - Serevr URI for HCat server
048     * @throws Exception
049     */
050    public void set(JobConf launcherJobConf, String principal, String server) throws Exception {
051        try {
052            HiveMetaStoreClient client = getHCatClient(principal, server);
053            XLog.getLog(getClass()).debug(
054                    "HCatCredentialHelper: set: User name for which token will be asked from HCat: "
055                            + launcherJobConf.get(USER_NAME));
056            String tokenStrForm = client.getDelegationToken(launcherJobConf.get(USER_NAME), UserGroupInformation
057                    .getLoginUser().getShortUserName());
058            Token<DelegationTokenIdentifier> hcatToken = new Token<DelegationTokenIdentifier>();
059            hcatToken.decodeFromUrlString(tokenStrForm);
060            launcherJobConf.getCredentials().addToken(new Text("HCat Token"), hcatToken);
061            XLog.getLog(getClass()).debug("Added the HCat token in job conf");
062        }
063        catch (Exception ex) {
064            XLog.getLog(getClass()).debug("set Exception" + ex.getMessage());
065            throw ex;
066        }
067    }
068
069    /**
070     * Getting the HCat client.
071     * @param principal
072     * @param server
073     * @return HiveMetaStoreClient
074     * @throws MetaException
075     */
076    public HiveMetaStoreClient getHCatClient(String principal, String server) throws MetaException {
077        HiveConf hiveConf = null;
078        HiveMetaStoreClient hiveclient = null;
079        hiveConf = new HiveConf();
080        XLog.getLog(getClass()).debug("getHCatClient: Principal: " + principal + " Server: " + server);
081        // specified a thrift url
082
083        hiveConf.set(HIVE_METASTORE_SASL_ENABLED, "true");
084        hiveConf.set(HIVE_METASTORE_KERBEROS_PRINCIPAL, principal);
085        hiveConf.set(HIVE_METASTORE_LOCAL, "false");
086        hiveConf.set(HiveConf.ConfVars.METASTOREURIS.varname, server);
087        hiveclient = new HiveMetaStoreClient(hiveConf);
088        return hiveclient;
089    }
090}