HiveMetastoreTokenProvider.java

/*******************************************************************************
 * Copyright 2017 Capital One Services, LLC and Bitwise, Inc.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * http://www.apache.org/licenses/LICENSE-2.0
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License
 *******************************************************************************/

package hydrograph.engine.utilities;

import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.hive.thrift.DelegationTokenIdentifier;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.thrift.TException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.io.IOException;

public class HiveMetastoreTokenProvider {

	private static Logger LOG = LoggerFactory.getLogger(HiveMetastoreTokenProvider.class);

	private HiveMetastoreTokenProvider() {

	}

	public static void obtainTokenForHiveMetastore(Configuration conf) throws TException, IOException {
		conf.addResource(new Path(HiveConfigurationMapping.getHiveConf("path_to_hive_site_xml")));
		HiveConf hiveConf = new HiveConf();
		hiveConf.addResource(conf);
		try {
			UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
			HiveMetaStoreClient hiveMetaStoreClient = new HiveMetaStoreClient(hiveConf);

			if (UserGroupInformation.isSecurityEnabled()) {
				String metastore_uri = conf.get("hive.metastore.uris");

				LOG.trace("Metastore URI:" + metastore_uri);

				// Check for local metastore
				if (metastore_uri != null && metastore_uri.length() > 0) {
					String principal = conf.get("hive.metastore.kerberos.principal");
					String username = ugi.getUserName();

					if (principal != null && username != null) {
						LOG.debug("username: " + username);
						LOG.debug("principal: " + principal);

						String tokenStr;
						try {
							// Get a delegation token from the Metastore.
							tokenStr = hiveMetaStoreClient.getDelegationToken(username, principal);
							// LOG.debug("Token String: " + tokenStr);
						} catch (TException e) {
							LOG.error(e.getMessage(), e);
							throw new RuntimeException(e);
						}

						// Create the token from the token string.
						Token<DelegationTokenIdentifier> hmsToken = new Token<DelegationTokenIdentifier>();
						hmsToken.decodeFromUrlString(tokenStr);
						// LOG.debug("Hive Token: " + hmsToken);

						// Add the token to the credentials.
						ugi.addToken(new Text("hive.metastore.delegation.token"), hmsToken);
						LOG.trace("Added hive.metastore.delegation.token to conf.");
					} else {
						LOG.debug("Username or principal == NULL");
						LOG.debug("username= " + username);
						LOG.debug("principal= " + principal);
						throw new IllegalArgumentException("username and/or principal is equal to null!");
					}

				} else {
					LOG.info("HiveMetaStore configured in local mode");
				}
			}
		} catch (IOException e) {
			LOG.error(e.getMessage(), e);
			throw new RuntimeException(e);
		} catch (MetaException e) {
			LOG.error(e.getMessage(), e);
			throw new RuntimeException(e);
		}
	}
}