You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by jd...@apache.org on 2015/08/11 01:16:46 UTC
hive git commit: HIVE-8874 - Error Accessing HBase from Hive via Oozie on Kerberos 5.0.1 cluster (Yongzhi Chen via Brock)

Repository: hive
Updated Branches:
  refs/heads/branch-1.0 9dc01d4ba -> 8df94b51b


HIVE-8874 - Error Accessing HBase from Hive via Oozie on Kerberos 5.0.1 cluster (Yongzhi Chen via Brock)

git-svn-id: https://svn.apache.org/repos/asf/hive/trunk@1640459 13f79535-47bb-0310-9956-ffa450edef68


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/8df94b51
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/8df94b51
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/8df94b51

Branch: refs/heads/branch-1.0
Commit: 8df94b51bda57f7ad17f0cf85839a4cbc17dcb33
Parents: 9dc01d4
Author: Brock Noland <br...@apache.org>
Authored: Wed Nov 19 00:38:32 2014 +0000
Committer: Jason Dere <jd...@hortonworks.com>
Committed: Mon Aug 10 16:13:29 2015 -0700

----------------------------------------------------------------------
 .../hadoop/hive/hbase/HBaseStorageHandler.java  | 33 +++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/8df94b51/hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseStorageHandler.java
----------------------------------------------------------------------
diff --git a/hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseStorageHandler.java b/hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseStorageHandler.java
index 6a9bd0e..7f064ba 100644
--- a/hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseStorageHandler.java
+++ b/hbase-handler/src/java/org/apache/hadoop/hive/hbase/HBaseStorageHandler.java
@@ -42,9 +42,13 @@ import org.apache.hadoop.hbase.mapred.TableOutputFormat;
 import org.apache.hadoop.hbase.mapreduce.TableInputFormatBase;
 import org.apache.hadoop.hbase.mapreduce.TableMapReduceUtil;
 import org.apache.hadoop.hbase.security.User;
+import org.apache.hadoop.hbase.security.token.AuthenticationTokenIdentifier;
+import org.apache.hadoop.hbase.security.token.AuthenticationTokenSelector;
 import org.apache.hadoop.hbase.util.Bytes;
 import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.hbase.ColumnMappings.ColumnMapping;
+import org.apache.hadoop.hbase.zookeeper.ZKClusterId;
+import org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher;
 import org.apache.hadoop.hive.metastore.HiveMetaHook;
 import org.apache.hadoop.hive.metastore.MetaStoreUtils;
 import org.apache.hadoop.hive.metastore.api.MetaException;
@@ -60,11 +64,14 @@ import org.apache.hadoop.hive.ql.plan.TableDesc;
 import org.apache.hadoop.hive.serde2.Deserializer;
 import org.apache.hadoop.hive.serde2.SerDe;
 import org.apache.hadoop.hive.shims.ShimLoader;
+import org.apache.hadoop.io.Text;
 import org.apache.hadoop.mapred.InputFormat;
 import org.apache.hadoop.mapred.JobConf;
 import org.apache.hadoop.mapred.OutputFormat;
 import org.apache.hadoop.mapreduce.Job;
+import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.util.StringUtils;
+import org.apache.zookeeper.KeeperException;
 
 /**
  * HBaseStorageHandler provides a HiveStorageHandler implementation for
@@ -450,13 +457,37 @@ public class HBaseStorageHandler extends DefaultStorageHandler
   private void addHBaseDelegationToken(Configuration conf) throws IOException {
     if (User.isHBaseSecurityEnabled(conf)) {
       try {
-        User.getCurrent().obtainAuthTokenForJob(conf,new Job(conf));
+        User curUser = User.getCurrent();
+        Token<AuthenticationTokenIdentifier> authToken = getAuthToken(conf, curUser);
+        Job job = new Job(conf);
+        if (authToken == null) {
+          curUser.obtainAuthTokenForJob(conf,job);
+        } else {
+          job.getCredentials().addToken(authToken.getService(), authToken);
+        }
       } catch (InterruptedException e) {
         throw new IOException("Error while obtaining hbase delegation token", e);
       }
     }
   }
 
+  /**
+   * Get the authentication token of the user for the cluster specified in the configuration
+   * @return null if the user does not have the token, otherwise the auth token for the cluster.
+   */
+  private static Token<AuthenticationTokenIdentifier> getAuthToken(Configuration conf, User user)
+      throws IOException, InterruptedException {
+    ZooKeeperWatcher zkw = new ZooKeeperWatcher(conf, "mr-init-credentials", null);
+    try {
+      String clusterId = ZKClusterId.readClusterIdZNode(zkw);
+      return new AuthenticationTokenSelector().selectToken(new Text(clusterId), user.getUGI().getTokens());
+    } catch (KeeperException e) {
+      throw new IOException(e);
+    } finally {
+      zkw.close();
+    }
+  }
+
   @Override
   public void configureJobConf(TableDesc tableDesc, JobConf jobConf) {
     try {