[2/2] hive git commit: HIVE-14702 : LLAPIF: after a long period of inactivity, signing key may be removed from local store (Sergey Shelukhin, reviewed by Jason Dere)

[se...@apache.org]

HIVE-14702 : LLAPIF: after a long period of inactivity, signing key may be removed from local store (Sergey Shelukhin, reviewed by Jason Dere)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/ee89e32a
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/ee89e32a
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/ee89e32a

Branch: refs/heads/branch-2.1
Commit: ee89e32a1c992fa44ac1cadf1da1ec2447d7dd2a
Parents: 2a8f1ce
Author: Sergey Shelukhin <se...@apache.org>
Authored: Mon Sep 12 12:58:04 2016 -0700
Committer: Sergey Shelukhin <se...@apache.org>
Committed: Mon Sep 12 12:58:56 2016 -0700

----------------------------------------------------------------------
 .../org/apache/hadoop/hive/llap/security/SecretManager.java | 9 +++++++--
 .../hadoop/hive/llap/security/SigningSecretManager.java     | 4 +++-
 2 files changed, 10 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/ee89e32a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
----------------------------------------------------------------------
diff --git a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
index 1464278..fa4ef69 100644
--- a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
+++ b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
@@ -38,6 +38,7 @@ import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.delegation.DelegationKey;
+import org.apache.hadoop.security.token.delegation.HiveDelegationTokenSupport;
 import org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager;
 import org.apache.hadoop.security.token.delegation.web.DelegationTokenManager;
 import org.apache.zookeeper.data.ACL;
@@ -119,8 +120,12 @@ public class SecretManager extends ZKDelegationTokenSecretManager<LlapTokenIdent
   }
 
   @Override
-  public synchronized DelegationKey getCurrentKey() {
-    return allKeys.get(getCurrentKeyId());
+  public synchronized DelegationKey getCurrentKey() throws IOException {
+    DelegationKey currentKey = getDelegationKey(getCurrentKeyId());
+    if (currentKey != null) return currentKey;
+    // Try to roll the key if none is found.
+    HiveDelegationTokenSupport.rollMasterKey(this);
+    return getDelegationKey(getCurrentKeyId());
   }
 
   @Override

http://git-wip-us.apache.org/repos/asf/hive/blob/ee89e32a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SigningSecretManager.java
----------------------------------------------------------------------
diff --git a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SigningSecretManager.java b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SigningSecretManager.java
index 067a98e..233cd97 100644
--- a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SigningSecretManager.java
+++ b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SigningSecretManager.java
@@ -17,10 +17,12 @@
  */
 package org.apache.hadoop.hive.llap.security;
 
+import java.io.IOException;
+
 import org.apache.hadoop.security.token.delegation.DelegationKey;
 
 public interface SigningSecretManager {
-  DelegationKey getCurrentKey();
+  DelegationKey getCurrentKey() throws IOException;
   byte[] signWithKey(byte[] message, DelegationKey key);
   byte[] signWithKey(byte[] message, int keyId) throws SecurityException;
 }
\ No newline at end of file