diff --git metastore/if/hive_metastore.thrift metastore/if/hive_metastore.thrift index a3b61b4..e2c9c74 100755 --- metastore/if/hive_metastore.thrift +++ metastore/if/hive_metastore.thrift @@ -362,14 +362,8 @@ service ThriftHiveMetastore extends fb303.FacebookService // get metastore server delegation token for use from the map/reduce tasks to authenticate // to metastore server - string get_delegation_token(1:string renewer_kerberos_principal_name) throws (1:MetaException o1) - - // get metastore server delegation token for use from the map/reduce tasks to authenticate - // to metastore server - this method takes an extra token signature string which is just - // an identifier to associate with the token - this will be used by the token selector code - // to pick the right token given the associated identifier. - string get_delegation_token_with_signature(1:string renewer_kerberos_principal_name, - 2:string token_signature) throws (1:MetaException o1) + string get_delegation_token(1:string token_owner, 2:string renewer_kerberos_principal_name) + throws (1:MetaException o1) // method to renew delegation token obtained from metastore server i64 renew_delegation_token(1:string token_str_form) throws (1:MetaException o1) diff --git metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp index 3c692c2..76486cd 100644 --- metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp +++ metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp @@ -12211,6 +12211,14 @@ uint32_t ThriftHiveMetastore_get_delegation_token_args::read(::apache::thrift::p { case 1: if (ftype == ::apache::thrift::protocol::T_STRING) { + xfer += iprot->readString(this->token_owner); + this->__isset.token_owner = true; + } else { + xfer += iprot->skip(ftype); + } + break; + case 2: + if (ftype == ::apache::thrift::protocol::T_STRING) { xfer += iprot->readString(this->renewer_kerberos_principal_name); this->__isset.renewer_kerberos_principal_name = true; } else { @@ -12232,7 +12240,10 @@ uint32_t ThriftHiveMetastore_get_delegation_token_args::read(::apache::thrift::p uint32_t ThriftHiveMetastore_get_delegation_token_args::write(::apache::thrift::protocol::TProtocol* oprot) const { uint32_t xfer = 0; xfer += oprot->writeStructBegin("ThriftHiveMetastore_get_delegation_token_args"); - xfer += oprot->writeFieldBegin("renewer_kerberos_principal_name", ::apache::thrift::protocol::T_STRING, 1); + xfer += oprot->writeFieldBegin("token_owner", ::apache::thrift::protocol::T_STRING, 1); + xfer += oprot->writeString(this->token_owner); + xfer += oprot->writeFieldEnd(); + xfer += oprot->writeFieldBegin("renewer_kerberos_principal_name", ::apache::thrift::protocol::T_STRING, 2); xfer += oprot->writeString(this->renewer_kerberos_principal_name); xfer += oprot->writeFieldEnd(); xfer += oprot->writeFieldStop(); @@ -12243,7 +12254,10 @@ uint32_t ThriftHiveMetastore_get_delegation_token_args::write(::apache::thrift:: uint32_t ThriftHiveMetastore_get_delegation_token_pargs::write(::apache::thrift::protocol::TProtocol* oprot) const { uint32_t xfer = 0; xfer += oprot->writeStructBegin("ThriftHiveMetastore_get_delegation_token_pargs"); - xfer += oprot->writeFieldBegin("renewer_kerberos_principal_name", ::apache::thrift::protocol::T_STRING, 1); + xfer += oprot->writeFieldBegin("token_owner", ::apache::thrift::protocol::T_STRING, 1); + xfer += oprot->writeString((*(this->token_owner))); + xfer += oprot->writeFieldEnd(); + xfer += oprot->writeFieldBegin("renewer_kerberos_principal_name", ::apache::thrift::protocol::T_STRING, 2); xfer += oprot->writeString((*(this->renewer_kerberos_principal_name))); xfer += oprot->writeFieldEnd(); xfer += oprot->writeFieldStop(); @@ -12367,198 +12381,6 @@ uint32_t ThriftHiveMetastore_get_delegation_token_presult::read(::apache::thrift return xfer; } -uint32_t ThriftHiveMetastore_get_delegation_token_with_signature_args::read(::apache::thrift::protocol::TProtocol* iprot) { - - uint32_t xfer = 0; - std::string fname; - ::apache::thrift::protocol::TType ftype; - int16_t fid; - - xfer += iprot->readStructBegin(fname); - - using ::apache::thrift::protocol::TProtocolException; - - - while (true) - { - xfer += iprot->readFieldBegin(fname, ftype, fid); - if (ftype == ::apache::thrift::protocol::T_STOP) { - break; - } - switch (fid) - { - case 1: - if (ftype == ::apache::thrift::protocol::T_STRING) { - xfer += iprot->readString(this->renewer_kerberos_principal_name); - this->__isset.renewer_kerberos_principal_name = true; - } else { - xfer += iprot->skip(ftype); - } - break; - case 2: - if (ftype == ::apache::thrift::protocol::T_STRING) { - xfer += iprot->readString(this->token_signature); - this->__isset.token_signature = true; - } else { - xfer += iprot->skip(ftype); - } - break; - default: - xfer += iprot->skip(ftype); - break; - } - xfer += iprot->readFieldEnd(); - } - - xfer += iprot->readStructEnd(); - - return xfer; -} - -uint32_t ThriftHiveMetastore_get_delegation_token_with_signature_args::write(::apache::thrift::protocol::TProtocol* oprot) const { - uint32_t xfer = 0; - xfer += oprot->writeStructBegin("ThriftHiveMetastore_get_delegation_token_with_signature_args"); - xfer += oprot->writeFieldBegin("renewer_kerberos_principal_name", ::apache::thrift::protocol::T_STRING, 1); - xfer += oprot->writeString(this->renewer_kerberos_principal_name); - xfer += oprot->writeFieldEnd(); - xfer += oprot->writeFieldBegin("token_signature", ::apache::thrift::protocol::T_STRING, 2); - xfer += oprot->writeString(this->token_signature); - xfer += oprot->writeFieldEnd(); - xfer += oprot->writeFieldStop(); - xfer += oprot->writeStructEnd(); - return xfer; -} - -uint32_t ThriftHiveMetastore_get_delegation_token_with_signature_pargs::write(::apache::thrift::protocol::TProtocol* oprot) const { - uint32_t xfer = 0; - xfer += oprot->writeStructBegin("ThriftHiveMetastore_get_delegation_token_with_signature_pargs"); - xfer += oprot->writeFieldBegin("renewer_kerberos_principal_name", ::apache::thrift::protocol::T_STRING, 1); - xfer += oprot->writeString((*(this->renewer_kerberos_principal_name))); - xfer += oprot->writeFieldEnd(); - xfer += oprot->writeFieldBegin("token_signature", ::apache::thrift::protocol::T_STRING, 2); - xfer += oprot->writeString((*(this->token_signature))); - xfer += oprot->writeFieldEnd(); - xfer += oprot->writeFieldStop(); - xfer += oprot->writeStructEnd(); - return xfer; -} - -uint32_t ThriftHiveMetastore_get_delegation_token_with_signature_result::read(::apache::thrift::protocol::TProtocol* iprot) { - - uint32_t xfer = 0; - std::string fname; - ::apache::thrift::protocol::TType ftype; - int16_t fid; - - xfer += iprot->readStructBegin(fname); - - using ::apache::thrift::protocol::TProtocolException; - - - while (true) - { - xfer += iprot->readFieldBegin(fname, ftype, fid); - if (ftype == ::apache::thrift::protocol::T_STOP) { - break; - } - switch (fid) - { - case 0: - if (ftype == ::apache::thrift::protocol::T_STRING) { - xfer += iprot->readString(this->success); - this->__isset.success = true; - } else { - xfer += iprot->skip(ftype); - } - break; - case 1: - if (ftype == ::apache::thrift::protocol::T_STRUCT) { - xfer += this->o1.read(iprot); - this->__isset.o1 = true; - } else { - xfer += iprot->skip(ftype); - } - break; - default: - xfer += iprot->skip(ftype); - break; - } - xfer += iprot->readFieldEnd(); - } - - xfer += iprot->readStructEnd(); - - return xfer; -} - -uint32_t ThriftHiveMetastore_get_delegation_token_with_signature_result::write(::apache::thrift::protocol::TProtocol* oprot) const { - - uint32_t xfer = 0; - - xfer += oprot->writeStructBegin("ThriftHiveMetastore_get_delegation_token_with_signature_result"); - - if (this->__isset.success) { - xfer += oprot->writeFieldBegin("success", ::apache::thrift::protocol::T_STRING, 0); - xfer += oprot->writeString(this->success); - xfer += oprot->writeFieldEnd(); - } else if (this->__isset.o1) { - xfer += oprot->writeFieldBegin("o1", ::apache::thrift::protocol::T_STRUCT, 1); - xfer += this->o1.write(oprot); - xfer += oprot->writeFieldEnd(); - } - xfer += oprot->writeFieldStop(); - xfer += oprot->writeStructEnd(); - return xfer; -} - -uint32_t ThriftHiveMetastore_get_delegation_token_with_signature_presult::read(::apache::thrift::protocol::TProtocol* iprot) { - - uint32_t xfer = 0; - std::string fname; - ::apache::thrift::protocol::TType ftype; - int16_t fid; - - xfer += iprot->readStructBegin(fname); - - using ::apache::thrift::protocol::TProtocolException; - - - while (true) - { - xfer += iprot->readFieldBegin(fname, ftype, fid); - if (ftype == ::apache::thrift::protocol::T_STOP) { - break; - } - switch (fid) - { - case 0: - if (ftype == ::apache::thrift::protocol::T_STRING) { - xfer += iprot->readString((*(this->success))); - this->__isset.success = true; - } else { - xfer += iprot->skip(ftype); - } - break; - case 1: - if (ftype == ::apache::thrift::protocol::T_STRUCT) { - xfer += this->o1.read(iprot); - this->__isset.o1 = true; - } else { - xfer += iprot->skip(ftype); - } - break; - default: - xfer += iprot->skip(ftype); - break; - } - xfer += iprot->readFieldEnd(); - } - - xfer += iprot->readStructEnd(); - - return xfer; -} - uint32_t ThriftHiveMetastore_renew_delegation_token_args::read(::apache::thrift::protocol::TProtocol* iprot) { uint32_t xfer = 0; @@ -16396,18 +16218,19 @@ bool ThriftHiveMetastoreClient::recv_revoke_privileges() throw ::apache::thrift::TApplicationException(::apache::thrift::TApplicationException::MISSING_RESULT, "revoke_privileges failed: unknown result"); } -void ThriftHiveMetastoreClient::get_delegation_token(std::string& _return, const std::string& renewer_kerberos_principal_name) +void ThriftHiveMetastoreClient::get_delegation_token(std::string& _return, const std::string& token_owner, const std::string& renewer_kerberos_principal_name) { - send_get_delegation_token(renewer_kerberos_principal_name); + send_get_delegation_token(token_owner, renewer_kerberos_principal_name); recv_get_delegation_token(_return); } -void ThriftHiveMetastoreClient::send_get_delegation_token(const std::string& renewer_kerberos_principal_name) +void ThriftHiveMetastoreClient::send_get_delegation_token(const std::string& token_owner, const std::string& renewer_kerberos_principal_name) { int32_t cseqid = 0; oprot_->writeMessageBegin("get_delegation_token", ::apache::thrift::protocol::T_CALL, cseqid); ThriftHiveMetastore_get_delegation_token_pargs args; + args.token_owner = &token_owner; args.renewer_kerberos_principal_name = &renewer_kerberos_principal_name; args.write(oprot_); @@ -16459,70 +16282,6 @@ void ThriftHiveMetastoreClient::recv_get_delegation_token(std::string& _return) throw ::apache::thrift::TApplicationException(::apache::thrift::TApplicationException::MISSING_RESULT, "get_delegation_token failed: unknown result"); } -void ThriftHiveMetastoreClient::get_delegation_token_with_signature(std::string& _return, const std::string& renewer_kerberos_principal_name, const std::string& token_signature) -{ - send_get_delegation_token_with_signature(renewer_kerberos_principal_name, token_signature); - recv_get_delegation_token_with_signature(_return); -} - -void ThriftHiveMetastoreClient::send_get_delegation_token_with_signature(const std::string& renewer_kerberos_principal_name, const std::string& token_signature) -{ - int32_t cseqid = 0; - oprot_->writeMessageBegin("get_delegation_token_with_signature", ::apache::thrift::protocol::T_CALL, cseqid); - - ThriftHiveMetastore_get_delegation_token_with_signature_pargs args; - args.renewer_kerberos_principal_name = &renewer_kerberos_principal_name; - args.token_signature = &token_signature; - args.write(oprot_); - - oprot_->writeMessageEnd(); - oprot_->getTransport()->flush(); - oprot_->getTransport()->writeEnd(); -} - -void ThriftHiveMetastoreClient::recv_get_delegation_token_with_signature(std::string& _return) -{ - - int32_t rseqid = 0; - std::string fname; - ::apache::thrift::protocol::TMessageType mtype; - - iprot_->readMessageBegin(fname, mtype, rseqid); - if (mtype == ::apache::thrift::protocol::T_EXCEPTION) { - ::apache::thrift::TApplicationException x; - x.read(iprot_); - iprot_->readMessageEnd(); - iprot_->getTransport()->readEnd(); - throw x; - } - if (mtype != ::apache::thrift::protocol::T_REPLY) { - iprot_->skip(::apache::thrift::protocol::T_STRUCT); - iprot_->readMessageEnd(); - iprot_->getTransport()->readEnd(); - throw ::apache::thrift::TApplicationException(::apache::thrift::TApplicationException::INVALID_MESSAGE_TYPE); - } - if (fname.compare("get_delegation_token_with_signature") != 0) { - iprot_->skip(::apache::thrift::protocol::T_STRUCT); - iprot_->readMessageEnd(); - iprot_->getTransport()->readEnd(); - throw ::apache::thrift::TApplicationException(::apache::thrift::TApplicationException::WRONG_METHOD_NAME); - } - ThriftHiveMetastore_get_delegation_token_with_signature_presult result; - result.success = &_return; - result.read(iprot_); - iprot_->readMessageEnd(); - iprot_->getTransport()->readEnd(); - - if (result.__isset.success) { - // _return pointer has now been filled - return; - } - if (result.__isset.o1) { - throw result.o1; - } - throw ::apache::thrift::TApplicationException(::apache::thrift::TApplicationException::MISSING_RESULT, "get_delegation_token_with_signature failed: unknown result"); -} - int64_t ThriftHiveMetastoreClient::renew_delegation_token(const std::string& token_str_form) { send_renew_delegation_token(token_str_form); @@ -18450,7 +18209,7 @@ void ThriftHiveMetastoreProcessor::process_get_delegation_token(int32_t seqid, : ThriftHiveMetastore_get_delegation_token_result result; try { - iface_->get_delegation_token(result.success, args.renewer_kerberos_principal_name); + iface_->get_delegation_token(result.success, args.token_owner, args.renewer_kerberos_principal_name); result.__isset.success = true; } catch (MetaException &o1) { result.o1 = o1; @@ -18472,37 +18231,6 @@ void ThriftHiveMetastoreProcessor::process_get_delegation_token(int32_t seqid, : oprot->getTransport()->writeEnd(); } -void ThriftHiveMetastoreProcessor::process_get_delegation_token_with_signature(int32_t seqid, ::apache::thrift::protocol::TProtocol* iprot, ::apache::thrift::protocol::TProtocol* oprot) -{ - ThriftHiveMetastore_get_delegation_token_with_signature_args args; - args.read(iprot); - iprot->readMessageEnd(); - iprot->getTransport()->readEnd(); - - ThriftHiveMetastore_get_delegation_token_with_signature_result result; - try { - iface_->get_delegation_token_with_signature(result.success, args.renewer_kerberos_principal_name, args.token_signature); - result.__isset.success = true; - } catch (MetaException &o1) { - result.o1 = o1; - result.__isset.o1 = true; - } catch (const std::exception& e) { - ::apache::thrift::TApplicationException x(e.what()); - oprot->writeMessageBegin("get_delegation_token_with_signature", ::apache::thrift::protocol::T_EXCEPTION, seqid); - x.write(oprot); - oprot->writeMessageEnd(); - oprot->getTransport()->flush(); - oprot->getTransport()->writeEnd(); - return; - } - - oprot->writeMessageBegin("get_delegation_token_with_signature", ::apache::thrift::protocol::T_REPLY, seqid); - result.write(oprot); - oprot->writeMessageEnd(); - oprot->getTransport()->flush(); - oprot->getTransport()->writeEnd(); -} - void ThriftHiveMetastoreProcessor::process_renew_delegation_token(int32_t seqid, ::apache::thrift::protocol::TProtocol* iprot, ::apache::thrift::protocol::TProtocol* oprot) { ThriftHiveMetastore_renew_delegation_token_args args; diff --git metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h index b9d9e78..ec506a1 100644 --- metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h +++ metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h @@ -68,8 +68,7 @@ class ThriftHiveMetastoreIf : virtual public facebook::fb303::FacebookServiceIf virtual void list_privileges(std::vector & _return, const std::string& principal_name, const PrincipalType::type principal_type, const HiveObjectRef& hiveObject) = 0; virtual bool grant_privileges(const PrivilegeBag& privileges) = 0; virtual bool revoke_privileges(const PrivilegeBag& privileges) = 0; - virtual void get_delegation_token(std::string& _return, const std::string& renewer_kerberos_principal_name) = 0; - virtual void get_delegation_token_with_signature(std::string& _return, const std::string& renewer_kerberos_principal_name, const std::string& token_signature) = 0; + virtual void get_delegation_token(std::string& _return, const std::string& token_owner, const std::string& renewer_kerberos_principal_name) = 0; virtual int64_t renew_delegation_token(const std::string& token_str_form) = 0; virtual void cancel_delegation_token(const std::string& token_str_form) = 0; }; @@ -247,10 +246,7 @@ class ThriftHiveMetastoreNull : virtual public ThriftHiveMetastoreIf , virtual p bool _return = false; return _return; } - void get_delegation_token(std::string& /* _return */, const std::string& /* renewer_kerberos_principal_name */) { - return; - } - void get_delegation_token_with_signature(std::string& /* _return */, const std::string& /* renewer_kerberos_principal_name */, const std::string& /* token_signature */) { + void get_delegation_token(std::string& /* _return */, const std::string& /* token_owner */, const std::string& /* renewer_kerberos_principal_name */) { return; } int64_t renew_delegation_token(const std::string& /* token_str_form */) { @@ -6455,24 +6451,28 @@ class ThriftHiveMetastore_revoke_privileges_presult { }; typedef struct _ThriftHiveMetastore_get_delegation_token_args__isset { - _ThriftHiveMetastore_get_delegation_token_args__isset() : renewer_kerberos_principal_name(false) {} + _ThriftHiveMetastore_get_delegation_token_args__isset() : token_owner(false), renewer_kerberos_principal_name(false) {} + bool token_owner; bool renewer_kerberos_principal_name; } _ThriftHiveMetastore_get_delegation_token_args__isset; class ThriftHiveMetastore_get_delegation_token_args { public: - ThriftHiveMetastore_get_delegation_token_args() : renewer_kerberos_principal_name("") { + ThriftHiveMetastore_get_delegation_token_args() : token_owner(""), renewer_kerberos_principal_name("") { } virtual ~ThriftHiveMetastore_get_delegation_token_args() throw() {} + std::string token_owner; std::string renewer_kerberos_principal_name; _ThriftHiveMetastore_get_delegation_token_args__isset __isset; bool operator == (const ThriftHiveMetastore_get_delegation_token_args & rhs) const { + if (!(token_owner == rhs.token_owner)) + return false; if (!(renewer_kerberos_principal_name == rhs.renewer_kerberos_principal_name)) return false; return true; @@ -6495,6 +6495,7 @@ class ThriftHiveMetastore_get_delegation_token_pargs { virtual ~ThriftHiveMetastore_get_delegation_token_pargs() throw() {} + const std::string* token_owner; const std::string* renewer_kerberos_principal_name; uint32_t write(::apache::thrift::protocol::TProtocol* oprot) const; @@ -6560,117 +6561,6 @@ class ThriftHiveMetastore_get_delegation_token_presult { }; -typedef struct _ThriftHiveMetastore_get_delegation_token_with_signature_args__isset { - _ThriftHiveMetastore_get_delegation_token_with_signature_args__isset() : renewer_kerberos_principal_name(false), token_signature(false) {} - bool renewer_kerberos_principal_name; - bool token_signature; -} _ThriftHiveMetastore_get_delegation_token_with_signature_args__isset; - -class ThriftHiveMetastore_get_delegation_token_with_signature_args { - public: - - ThriftHiveMetastore_get_delegation_token_with_signature_args() : renewer_kerberos_principal_name(""), token_signature("") { - } - - virtual ~ThriftHiveMetastore_get_delegation_token_with_signature_args() throw() {} - - std::string renewer_kerberos_principal_name; - std::string token_signature; - - _ThriftHiveMetastore_get_delegation_token_with_signature_args__isset __isset; - - bool operator == (const ThriftHiveMetastore_get_delegation_token_with_signature_args & rhs) const - { - if (!(renewer_kerberos_principal_name == rhs.renewer_kerberos_principal_name)) - return false; - if (!(token_signature == rhs.token_signature)) - return false; - return true; - } - bool operator != (const ThriftHiveMetastore_get_delegation_token_with_signature_args &rhs) const { - return !(*this == rhs); - } - - bool operator < (const ThriftHiveMetastore_get_delegation_token_with_signature_args & ) const; - - uint32_t read(::apache::thrift::protocol::TProtocol* iprot); - uint32_t write(::apache::thrift::protocol::TProtocol* oprot) const; - -}; - - -class ThriftHiveMetastore_get_delegation_token_with_signature_pargs { - public: - - - virtual ~ThriftHiveMetastore_get_delegation_token_with_signature_pargs() throw() {} - - const std::string* renewer_kerberos_principal_name; - const std::string* token_signature; - - uint32_t write(::apache::thrift::protocol::TProtocol* oprot) const; - -}; - -typedef struct _ThriftHiveMetastore_get_delegation_token_with_signature_result__isset { - _ThriftHiveMetastore_get_delegation_token_with_signature_result__isset() : success(false), o1(false) {} - bool success; - bool o1; -} _ThriftHiveMetastore_get_delegation_token_with_signature_result__isset; - -class ThriftHiveMetastore_get_delegation_token_with_signature_result { - public: - - ThriftHiveMetastore_get_delegation_token_with_signature_result() : success("") { - } - - virtual ~ThriftHiveMetastore_get_delegation_token_with_signature_result() throw() {} - - std::string success; - MetaException o1; - - _ThriftHiveMetastore_get_delegation_token_with_signature_result__isset __isset; - - bool operator == (const ThriftHiveMetastore_get_delegation_token_with_signature_result & rhs) const - { - if (!(success == rhs.success)) - return false; - if (!(o1 == rhs.o1)) - return false; - return true; - } - bool operator != (const ThriftHiveMetastore_get_delegation_token_with_signature_result &rhs) const { - return !(*this == rhs); - } - - bool operator < (const ThriftHiveMetastore_get_delegation_token_with_signature_result & ) const; - - uint32_t read(::apache::thrift::protocol::TProtocol* iprot); - uint32_t write(::apache::thrift::protocol::TProtocol* oprot) const; - -}; - -typedef struct _ThriftHiveMetastore_get_delegation_token_with_signature_presult__isset { - _ThriftHiveMetastore_get_delegation_token_with_signature_presult__isset() : success(false), o1(false) {} - bool success; - bool o1; -} _ThriftHiveMetastore_get_delegation_token_with_signature_presult__isset; - -class ThriftHiveMetastore_get_delegation_token_with_signature_presult { - public: - - - virtual ~ThriftHiveMetastore_get_delegation_token_with_signature_presult() throw() {} - - std::string* success; - MetaException o1; - - _ThriftHiveMetastore_get_delegation_token_with_signature_presult__isset __isset; - - uint32_t read(::apache::thrift::protocol::TProtocol* iprot); - -}; - typedef struct _ThriftHiveMetastore_renew_delegation_token_args__isset { _ThriftHiveMetastore_renew_delegation_token_args__isset() : token_str_form(false) {} bool token_str_form; @@ -7048,12 +6938,9 @@ class ThriftHiveMetastoreClient : virtual public ThriftHiveMetastoreIf, public f bool revoke_privileges(const PrivilegeBag& privileges); void send_revoke_privileges(const PrivilegeBag& privileges); bool recv_revoke_privileges(); - void get_delegation_token(std::string& _return, const std::string& renewer_kerberos_principal_name); - void send_get_delegation_token(const std::string& renewer_kerberos_principal_name); + void get_delegation_token(std::string& _return, const std::string& token_owner, const std::string& renewer_kerberos_principal_name); + void send_get_delegation_token(const std::string& token_owner, const std::string& renewer_kerberos_principal_name); void recv_get_delegation_token(std::string& _return); - void get_delegation_token_with_signature(std::string& _return, const std::string& renewer_kerberos_principal_name, const std::string& token_signature); - void send_get_delegation_token_with_signature(const std::string& renewer_kerberos_principal_name, const std::string& token_signature); - void recv_get_delegation_token_with_signature(std::string& _return); int64_t renew_delegation_token(const std::string& token_str_form); void send_renew_delegation_token(const std::string& token_str_form); int64_t recv_renew_delegation_token(); @@ -7122,7 +7009,6 @@ class ThriftHiveMetastoreProcessor : virtual public ::apache::thrift::TProcessor void process_grant_privileges(int32_t seqid, ::apache::thrift::protocol::TProtocol* iprot, ::apache::thrift::protocol::TProtocol* oprot); void process_revoke_privileges(int32_t seqid, ::apache::thrift::protocol::TProtocol* iprot, ::apache::thrift::protocol::TProtocol* oprot); void process_get_delegation_token(int32_t seqid, ::apache::thrift::protocol::TProtocol* iprot, ::apache::thrift::protocol::TProtocol* oprot); - void process_get_delegation_token_with_signature(int32_t seqid, ::apache::thrift::protocol::TProtocol* iprot, ::apache::thrift::protocol::TProtocol* oprot); void process_renew_delegation_token(int32_t seqid, ::apache::thrift::protocol::TProtocol* iprot, ::apache::thrift::protocol::TProtocol* oprot); void process_cancel_delegation_token(int32_t seqid, ::apache::thrift::protocol::TProtocol* iprot, ::apache::thrift::protocol::TProtocol* oprot); public: @@ -7183,7 +7069,6 @@ class ThriftHiveMetastoreProcessor : virtual public ::apache::thrift::TProcessor processMap_["grant_privileges"] = &ThriftHiveMetastoreProcessor::process_grant_privileges; processMap_["revoke_privileges"] = &ThriftHiveMetastoreProcessor::process_revoke_privileges; processMap_["get_delegation_token"] = &ThriftHiveMetastoreProcessor::process_get_delegation_token; - processMap_["get_delegation_token_with_signature"] = &ThriftHiveMetastoreProcessor::process_get_delegation_token_with_signature; processMap_["renew_delegation_token"] = &ThriftHiveMetastoreProcessor::process_renew_delegation_token; processMap_["cancel_delegation_token"] = &ThriftHiveMetastoreProcessor::process_cancel_delegation_token; } @@ -7794,26 +7679,14 @@ class ThriftHiveMetastoreMultiface : virtual public ThriftHiveMetastoreIf, publi } } - void get_delegation_token(std::string& _return, const std::string& renewer_kerberos_principal_name) { - uint32_t sz = ifaces_.size(); - for (uint32_t i = 0; i < sz; ++i) { - if (i == sz - 1) { - ifaces_[i]->get_delegation_token(_return, renewer_kerberos_principal_name); - return; - } else { - ifaces_[i]->get_delegation_token(_return, renewer_kerberos_principal_name); - } - } - } - - void get_delegation_token_with_signature(std::string& _return, const std::string& renewer_kerberos_principal_name, const std::string& token_signature) { + void get_delegation_token(std::string& _return, const std::string& token_owner, const std::string& renewer_kerberos_principal_name) { uint32_t sz = ifaces_.size(); for (uint32_t i = 0; i < sz; ++i) { if (i == sz - 1) { - ifaces_[i]->get_delegation_token_with_signature(_return, renewer_kerberos_principal_name, token_signature); + ifaces_[i]->get_delegation_token(_return, token_owner, renewer_kerberos_principal_name); return; } else { - ifaces_[i]->get_delegation_token_with_signature(_return, renewer_kerberos_principal_name, token_signature); + ifaces_[i]->get_delegation_token(_return, token_owner, renewer_kerberos_principal_name); } } } diff --git metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp index 686a663..0e81d67 100644 --- metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp +++ metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp @@ -287,16 +287,11 @@ class ThriftHiveMetastoreHandler : virtual public ThriftHiveMetastoreIf { printf("revoke_privileges\n"); } - void get_delegation_token(std::string& _return, const std::string& renewer_kerberos_principal_name) { + void get_delegation_token(std::string& _return, const std::string& token_owner, const std::string& renewer_kerberos_principal_name) { // Your implementation goes here printf("get_delegation_token\n"); } - void get_delegation_token_with_signature(std::string& _return, const std::string& renewer_kerberos_principal_name, const std::string& token_signature) { - // Your implementation goes here - printf("get_delegation_token_with_signature\n"); - } - int64_t renew_delegation_token(const std::string& token_str_form) { // Your implementation goes here printf("renew_delegation_token\n"); diff --git metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java index 3780c83..5a5d49c 100644 --- metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java +++ metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java @@ -139,9 +139,7 @@ public class ThriftHiveMetastore { public boolean revoke_privileges(PrivilegeBag privileges) throws MetaException, TException; - public String get_delegation_token(String renewer_kerberos_principal_name) throws MetaException, TException; - - public String get_delegation_token_with_signature(String renewer_kerberos_principal_name, String token_signature) throws MetaException, TException; + public String get_delegation_token(String token_owner, String renewer_kerberos_principal_name) throws MetaException, TException; public long renew_delegation_token(String token_str_form) throws MetaException, TException; @@ -257,9 +255,7 @@ public class ThriftHiveMetastore { public void revoke_privileges(PrivilegeBag privileges, AsyncMethodCallback resultHandler) throws TException; - public void get_delegation_token(String renewer_kerberos_principal_name, AsyncMethodCallback resultHandler) throws TException; - - public void get_delegation_token_with_signature(String renewer_kerberos_principal_name, String token_signature, AsyncMethodCallback resultHandler) throws TException; + public void get_delegation_token(String token_owner, String renewer_kerberos_principal_name, AsyncMethodCallback resultHandler) throws TException; public void renew_delegation_token(String token_str_form, AsyncMethodCallback resultHandler) throws TException; @@ -2533,16 +2529,17 @@ public class ThriftHiveMetastore { throw new TApplicationException(TApplicationException.MISSING_RESULT, "revoke_privileges failed: unknown result"); } - public String get_delegation_token(String renewer_kerberos_principal_name) throws MetaException, TException + public String get_delegation_token(String token_owner, String renewer_kerberos_principal_name) throws MetaException, TException { - send_get_delegation_token(renewer_kerberos_principal_name); + send_get_delegation_token(token_owner, renewer_kerberos_principal_name); return recv_get_delegation_token(); } - public void send_get_delegation_token(String renewer_kerberos_principal_name) throws TException + public void send_get_delegation_token(String token_owner, String renewer_kerberos_principal_name) throws TException { oprot_.writeMessageBegin(new TMessage("get_delegation_token", TMessageType.CALL, ++seqid_)); get_delegation_token_args args = new get_delegation_token_args(); + args.setToken_owner(token_owner); args.setRenewer_kerberos_principal_name(renewer_kerberos_principal_name); args.write(oprot_); oprot_.writeMessageEnd(); @@ -2572,46 +2569,6 @@ public class ThriftHiveMetastore { throw new TApplicationException(TApplicationException.MISSING_RESULT, "get_delegation_token failed: unknown result"); } - public String get_delegation_token_with_signature(String renewer_kerberos_principal_name, String token_signature) throws MetaException, TException - { - send_get_delegation_token_with_signature(renewer_kerberos_principal_name, token_signature); - return recv_get_delegation_token_with_signature(); - } - - public void send_get_delegation_token_with_signature(String renewer_kerberos_principal_name, String token_signature) throws TException - { - oprot_.writeMessageBegin(new TMessage("get_delegation_token_with_signature", TMessageType.CALL, ++seqid_)); - get_delegation_token_with_signature_args args = new get_delegation_token_with_signature_args(); - args.setRenewer_kerberos_principal_name(renewer_kerberos_principal_name); - args.setToken_signature(token_signature); - args.write(oprot_); - oprot_.writeMessageEnd(); - oprot_.getTransport().flush(); - } - - public String recv_get_delegation_token_with_signature() throws MetaException, TException - { - TMessage msg = iprot_.readMessageBegin(); - if (msg.type == TMessageType.EXCEPTION) { - TApplicationException x = TApplicationException.read(iprot_); - iprot_.readMessageEnd(); - throw x; - } - if (msg.seqid != seqid_) { - throw new TApplicationException(TApplicationException.BAD_SEQUENCE_ID, "get_delegation_token_with_signature failed: out of sequence response"); - } - get_delegation_token_with_signature_result result = new get_delegation_token_with_signature_result(); - result.read(iprot_); - iprot_.readMessageEnd(); - if (result.isSetSuccess()) { - return result.success; - } - if (result.o1 != null) { - throw result.o1; - } - throw new TApplicationException(TApplicationException.MISSING_RESULT, "get_delegation_token_with_signature failed: unknown result"); - } - public long renew_delegation_token(String token_str_form) throws MetaException, TException { send_renew_delegation_token(token_str_form); @@ -4576,22 +4533,25 @@ public class ThriftHiveMetastore { } } - public void get_delegation_token(String renewer_kerberos_principal_name, AsyncMethodCallback resultHandler) throws TException { + public void get_delegation_token(String token_owner, String renewer_kerberos_principal_name, AsyncMethodCallback resultHandler) throws TException { checkReady(); - get_delegation_token_call method_call = new get_delegation_token_call(renewer_kerberos_principal_name, resultHandler, this, protocolFactory, transport); + get_delegation_token_call method_call = new get_delegation_token_call(token_owner, renewer_kerberos_principal_name, resultHandler, this, protocolFactory, transport); manager.call(method_call); } public static class get_delegation_token_call extends TAsyncMethodCall { + private String token_owner; private String renewer_kerberos_principal_name; - public get_delegation_token_call(String renewer_kerberos_principal_name, AsyncMethodCallback resultHandler, TAsyncClient client, TProtocolFactory protocolFactory, TNonblockingTransport transport) throws TException { + public get_delegation_token_call(String token_owner, String renewer_kerberos_principal_name, AsyncMethodCallback resultHandler, TAsyncClient client, TProtocolFactory protocolFactory, TNonblockingTransport transport) throws TException { super(client, protocolFactory, transport, resultHandler, false); + this.token_owner = token_owner; this.renewer_kerberos_principal_name = renewer_kerberos_principal_name; } public void write_args(TProtocol prot) throws TException { prot.writeMessageBegin(new TMessage("get_delegation_token", TMessageType.CALL, 0)); get_delegation_token_args args = new get_delegation_token_args(); + args.setToken_owner(token_owner); args.setRenewer_kerberos_principal_name(renewer_kerberos_principal_name); args.write(prot); prot.writeMessageEnd(); @@ -4607,40 +4567,6 @@ public class ThriftHiveMetastore { } } - public void get_delegation_token_with_signature(String renewer_kerberos_principal_name, String token_signature, AsyncMethodCallback resultHandler) throws TException { - checkReady(); - get_delegation_token_with_signature_call method_call = new get_delegation_token_with_signature_call(renewer_kerberos_principal_name, token_signature, resultHandler, this, protocolFactory, transport); - manager.call(method_call); - } - - public static class get_delegation_token_with_signature_call extends TAsyncMethodCall { - private String renewer_kerberos_principal_name; - private String token_signature; - public get_delegation_token_with_signature_call(String renewer_kerberos_principal_name, String token_signature, AsyncMethodCallback resultHandler, TAsyncClient client, TProtocolFactory protocolFactory, TNonblockingTransport transport) throws TException { - super(client, protocolFactory, transport, resultHandler, false); - this.renewer_kerberos_principal_name = renewer_kerberos_principal_name; - this.token_signature = token_signature; - } - - public void write_args(TProtocol prot) throws TException { - prot.writeMessageBegin(new TMessage("get_delegation_token_with_signature", TMessageType.CALL, 0)); - get_delegation_token_with_signature_args args = new get_delegation_token_with_signature_args(); - args.setRenewer_kerberos_principal_name(renewer_kerberos_principal_name); - args.setToken_signature(token_signature); - args.write(prot); - prot.writeMessageEnd(); - } - - public String getResult() throws MetaException, TException { - if (getState() != State.RESPONSE_READ) { - throw new IllegalStateException("Method call not finished!"); - } - TMemoryInputTransport memoryTransport = new TMemoryInputTransport(getFrameBuffer().array()); - TProtocol prot = client.getProtocolFactory().getProtocol(memoryTransport); - return (new Client(prot)).recv_get_delegation_token_with_signature(); - } - } - public void renew_delegation_token(String token_str_form, AsyncMethodCallback resultHandler) throws TException { checkReady(); renew_delegation_token_call method_call = new renew_delegation_token_call(token_str_form, resultHandler, this, protocolFactory, transport); @@ -4765,7 +4691,6 @@ public class ThriftHiveMetastore { processMap_.put("grant_privileges", new grant_privileges()); processMap_.put("revoke_privileges", new revoke_privileges()); processMap_.put("get_delegation_token", new get_delegation_token()); - processMap_.put("get_delegation_token_with_signature", new get_delegation_token_with_signature()); processMap_.put("renew_delegation_token", new renew_delegation_token()); processMap_.put("cancel_delegation_token", new cancel_delegation_token()); } @@ -6917,7 +6842,7 @@ public class ThriftHiveMetastore { iprot.readMessageEnd(); get_delegation_token_result result = new get_delegation_token_result(); try { - result.success = iface_.get_delegation_token(args.renewer_kerberos_principal_name); + result.success = iface_.get_delegation_token(args.token_owner, args.renewer_kerberos_principal_name); } catch (MetaException o1) { result.o1 = o1; } catch (Throwable th) { @@ -6937,44 +6862,6 @@ public class ThriftHiveMetastore { } - private class get_delegation_token_with_signature implements ProcessFunction { - public void process(int seqid, TProtocol iprot, TProtocol oprot) throws TException - { - get_delegation_token_with_signature_args args = new get_delegation_token_with_signature_args(); - try { - args.read(iprot); - } catch (TProtocolException e) { - iprot.readMessageEnd(); - TApplicationException x = new TApplicationException(TApplicationException.PROTOCOL_ERROR, e.getMessage()); - oprot.writeMessageBegin(new TMessage("get_delegation_token_with_signature", TMessageType.EXCEPTION, seqid)); - x.write(oprot); - oprot.writeMessageEnd(); - oprot.getTransport().flush(); - return; - } - iprot.readMessageEnd(); - get_delegation_token_with_signature_result result = new get_delegation_token_with_signature_result(); - try { - result.success = iface_.get_delegation_token_with_signature(args.renewer_kerberos_principal_name, args.token_signature); - } catch (MetaException o1) { - result.o1 = o1; - } catch (Throwable th) { - LOGGER.error("Internal error processing get_delegation_token_with_signature", th); - TApplicationException x = new TApplicationException(TApplicationException.INTERNAL_ERROR, "Internal error processing get_delegation_token_with_signature"); - oprot.writeMessageBegin(new TMessage("get_delegation_token_with_signature", TMessageType.EXCEPTION, seqid)); - x.write(oprot); - oprot.writeMessageEnd(); - oprot.getTransport().flush(); - return; - } - oprot.writeMessageBegin(new TMessage("get_delegation_token_with_signature", TMessageType.REPLY, seqid)); - result.write(oprot); - oprot.writeMessageEnd(); - oprot.getTransport().flush(); - } - - } - private class renew_delegation_token implements ProcessFunction { public void process(int seqid, TProtocol iprot, TProtocol oprot) throws TException { @@ -52098,13 +51985,16 @@ public class ThriftHiveMetastore { public static class get_delegation_token_args implements TBase, java.io.Serializable, Cloneable { private static final TStruct STRUCT_DESC = new TStruct("get_delegation_token_args"); - private static final TField RENEWER_KERBEROS_PRINCIPAL_NAME_FIELD_DESC = new TField("renewer_kerberos_principal_name", TType.STRING, (short)1); + private static final TField TOKEN_OWNER_FIELD_DESC = new TField("token_owner", TType.STRING, (short)1); + private static final TField RENEWER_KERBEROS_PRINCIPAL_NAME_FIELD_DESC = new TField("renewer_kerberos_principal_name", TType.STRING, (short)2); + private String token_owner; private String renewer_kerberos_principal_name; /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ public enum _Fields implements TFieldIdEnum { - RENEWER_KERBEROS_PRINCIPAL_NAME((short)1, "renewer_kerberos_principal_name"); + TOKEN_OWNER((short)1, "token_owner"), + RENEWER_KERBEROS_PRINCIPAL_NAME((short)2, "renewer_kerberos_principal_name"); private static final Map byName = new HashMap(); @@ -52119,7 +52009,9 @@ public class ThriftHiveMetastore { */ public static _Fields findByThriftId(int fieldId) { switch(fieldId) { - case 1: // RENEWER_KERBEROS_PRINCIPAL_NAME + case 1: // TOKEN_OWNER + return TOKEN_OWNER; + case 2: // RENEWER_KERBEROS_PRINCIPAL_NAME return RENEWER_KERBEROS_PRINCIPAL_NAME; default: return null; @@ -52165,6 +52057,8 @@ public class ThriftHiveMetastore { public static final Map<_Fields, FieldMetaData> metaDataMap; static { Map<_Fields, FieldMetaData> tmpMap = new EnumMap<_Fields, FieldMetaData>(_Fields.class); + tmpMap.put(_Fields.TOKEN_OWNER, new FieldMetaData("token_owner", TFieldRequirementType.DEFAULT, + new FieldValueMetaData(TType.STRING))); tmpMap.put(_Fields.RENEWER_KERBEROS_PRINCIPAL_NAME, new FieldMetaData("renewer_kerberos_principal_name", TFieldRequirementType.DEFAULT, new FieldValueMetaData(TType.STRING))); metaDataMap = Collections.unmodifiableMap(tmpMap); @@ -52175,9 +52069,11 @@ public class ThriftHiveMetastore { } public get_delegation_token_args( + String token_owner, String renewer_kerberos_principal_name) { this(); + this.token_owner = token_owner; this.renewer_kerberos_principal_name = renewer_kerberos_principal_name; } @@ -52185,6 +52081,9 @@ public class ThriftHiveMetastore { * Performs a deep copy on other. */ public get_delegation_token_args(get_delegation_token_args other) { + if (other.isSetToken_owner()) { + this.token_owner = other.token_owner; + } if (other.isSetRenewer_kerberos_principal_name()) { this.renewer_kerberos_principal_name = other.renewer_kerberos_principal_name; } @@ -52196,663 +52095,31 @@ public class ThriftHiveMetastore { @Override public void clear() { + this.token_owner = null; this.renewer_kerberos_principal_name = null; } - public String getRenewer_kerberos_principal_name() { - return this.renewer_kerberos_principal_name; - } - - public void setRenewer_kerberos_principal_name(String renewer_kerberos_principal_name) { - this.renewer_kerberos_principal_name = renewer_kerberos_principal_name; - } - - public void unsetRenewer_kerberos_principal_name() { - this.renewer_kerberos_principal_name = null; - } - - /** Returns true if field renewer_kerberos_principal_name is set (has been asigned a value) and false otherwise */ - public boolean isSetRenewer_kerberos_principal_name() { - return this.renewer_kerberos_principal_name != null; - } - - public void setRenewer_kerberos_principal_nameIsSet(boolean value) { - if (!value) { - this.renewer_kerberos_principal_name = null; - } - } - - public void setFieldValue(_Fields field, Object value) { - switch (field) { - case RENEWER_KERBEROS_PRINCIPAL_NAME: - if (value == null) { - unsetRenewer_kerberos_principal_name(); - } else { - setRenewer_kerberos_principal_name((String)value); - } - break; - - } - } - - public Object getFieldValue(_Fields field) { - switch (field) { - case RENEWER_KERBEROS_PRINCIPAL_NAME: - return getRenewer_kerberos_principal_name(); - - } - throw new IllegalStateException(); - } - - /** Returns true if field corresponding to fieldID is set (has been asigned a value) and false otherwise */ - public boolean isSet(_Fields field) { - if (field == null) { - throw new IllegalArgumentException(); - } - - switch (field) { - case RENEWER_KERBEROS_PRINCIPAL_NAME: - return isSetRenewer_kerberos_principal_name(); - } - throw new IllegalStateException(); - } - - @Override - public boolean equals(Object that) { - if (that == null) - return false; - if (that instanceof get_delegation_token_args) - return this.equals((get_delegation_token_args)that); - return false; - } - - public boolean equals(get_delegation_token_args that) { - if (that == null) - return false; - - boolean this_present_renewer_kerberos_principal_name = true && this.isSetRenewer_kerberos_principal_name(); - boolean that_present_renewer_kerberos_principal_name = true && that.isSetRenewer_kerberos_principal_name(); - if (this_present_renewer_kerberos_principal_name || that_present_renewer_kerberos_principal_name) { - if (!(this_present_renewer_kerberos_principal_name && that_present_renewer_kerberos_principal_name)) - return false; - if (!this.renewer_kerberos_principal_name.equals(that.renewer_kerberos_principal_name)) - return false; - } - - return true; - } - - @Override - public int hashCode() { - return 0; - } - - public int compareTo(get_delegation_token_args other) { - if (!getClass().equals(other.getClass())) { - return getClass().getName().compareTo(other.getClass().getName()); - } - - int lastComparison = 0; - get_delegation_token_args typedOther = (get_delegation_token_args)other; - - lastComparison = Boolean.valueOf(isSetRenewer_kerberos_principal_name()).compareTo(typedOther.isSetRenewer_kerberos_principal_name()); - if (lastComparison != 0) { - return lastComparison; - } - if (isSetRenewer_kerberos_principal_name()) { - lastComparison = TBaseHelper.compareTo(this.renewer_kerberos_principal_name, typedOther.renewer_kerberos_principal_name); - if (lastComparison != 0) { - return lastComparison; - } - } - return 0; - } - - public _Fields fieldForId(int fieldId) { - return _Fields.findByThriftId(fieldId); - } - - public void read(TProtocol iprot) throws TException { - TField field; - iprot.readStructBegin(); - while (true) - { - field = iprot.readFieldBegin(); - if (field.type == TType.STOP) { - break; - } - switch (field.id) { - case 1: // RENEWER_KERBEROS_PRINCIPAL_NAME - if (field.type == TType.STRING) { - this.renewer_kerberos_principal_name = iprot.readString(); - } else { - TProtocolUtil.skip(iprot, field.type); - } - break; - default: - TProtocolUtil.skip(iprot, field.type); - } - iprot.readFieldEnd(); - } - iprot.readStructEnd(); - validate(); - } - - public void write(TProtocol oprot) throws TException { - validate(); - - oprot.writeStructBegin(STRUCT_DESC); - if (this.renewer_kerberos_principal_name != null) { - oprot.writeFieldBegin(RENEWER_KERBEROS_PRINCIPAL_NAME_FIELD_DESC); - oprot.writeString(this.renewer_kerberos_principal_name); - oprot.writeFieldEnd(); - } - oprot.writeFieldStop(); - oprot.writeStructEnd(); - } - - @Override - public String toString() { - StringBuilder sb = new StringBuilder("get_delegation_token_args("); - boolean first = true; - - sb.append("renewer_kerberos_principal_name:"); - if (this.renewer_kerberos_principal_name == null) { - sb.append("null"); - } else { - sb.append(this.renewer_kerberos_principal_name); - } - first = false; - sb.append(")"); - return sb.toString(); - } - - public void validate() throws TException { - // check for required fields - } - - } - - public static class get_delegation_token_result implements TBase, java.io.Serializable, Cloneable { - private static final TStruct STRUCT_DESC = new TStruct("get_delegation_token_result"); - - private static final TField SUCCESS_FIELD_DESC = new TField("success", TType.STRING, (short)0); - private static final TField O1_FIELD_DESC = new TField("o1", TType.STRUCT, (short)1); - - private String success; - private MetaException o1; - - /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ - public enum _Fields implements TFieldIdEnum { - SUCCESS((short)0, "success"), - O1((short)1, "o1"); - - private static final Map byName = new HashMap(); - - static { - for (_Fields field : EnumSet.allOf(_Fields.class)) { - byName.put(field.getFieldName(), field); - } - } - - /** - * Find the _Fields constant that matches fieldId, or null if its not found. - */ - public static _Fields findByThriftId(int fieldId) { - switch(fieldId) { - case 0: // SUCCESS - return SUCCESS; - case 1: // O1 - return O1; - default: - return null; - } - } - - /** - * Find the _Fields constant that matches fieldId, throwing an exception - * if it is not found. - */ - public static _Fields findByThriftIdOrThrow(int fieldId) { - _Fields fields = findByThriftId(fieldId); - if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!"); - return fields; - } - - /** - * Find the _Fields constant that matches name, or null if its not found. - */ - public static _Fields findByName(String name) { - return byName.get(name); - } - - private final short _thriftId; - private final String _fieldName; - - _Fields(short thriftId, String fieldName) { - _thriftId = thriftId; - _fieldName = fieldName; - } - - public short getThriftFieldId() { - return _thriftId; - } - - public String getFieldName() { - return _fieldName; - } - } - - // isset id assignments - - public static final Map<_Fields, FieldMetaData> metaDataMap; - static { - Map<_Fields, FieldMetaData> tmpMap = new EnumMap<_Fields, FieldMetaData>(_Fields.class); - tmpMap.put(_Fields.SUCCESS, new FieldMetaData("success", TFieldRequirementType.DEFAULT, - new FieldValueMetaData(TType.STRING))); - tmpMap.put(_Fields.O1, new FieldMetaData("o1", TFieldRequirementType.DEFAULT, - new FieldValueMetaData(TType.STRUCT))); - metaDataMap = Collections.unmodifiableMap(tmpMap); - FieldMetaData.addStructMetaDataMap(get_delegation_token_result.class, metaDataMap); - } - - public get_delegation_token_result() { - } - - public get_delegation_token_result( - String success, - MetaException o1) - { - this(); - this.success = success; - this.o1 = o1; - } - - /** - * Performs a deep copy on other. - */ - public get_delegation_token_result(get_delegation_token_result other) { - if (other.isSetSuccess()) { - this.success = other.success; - } - if (other.isSetO1()) { - this.o1 = new MetaException(other.o1); - } - } - - public get_delegation_token_result deepCopy() { - return new get_delegation_token_result(this); - } - - @Override - public void clear() { - this.success = null; - this.o1 = null; - } - - public String getSuccess() { - return this.success; - } - - public void setSuccess(String success) { - this.success = success; - } - - public void unsetSuccess() { - this.success = null; - } - - /** Returns true if field success is set (has been asigned a value) and false otherwise */ - public boolean isSetSuccess() { - return this.success != null; + public String getToken_owner() { + return this.token_owner; } - public void setSuccessIsSet(boolean value) { - if (!value) { - this.success = null; - } + public void setToken_owner(String token_owner) { + this.token_owner = token_owner; } - public MetaException getO1() { - return this.o1; + public void unsetToken_owner() { + this.token_owner = null; } - public void setO1(MetaException o1) { - this.o1 = o1; + /** Returns true if field token_owner is set (has been asigned a value) and false otherwise */ + public boolean isSetToken_owner() { + return this.token_owner != null; } - public void unsetO1() { - this.o1 = null; - } - - /** Returns true if field o1 is set (has been asigned a value) and false otherwise */ - public boolean isSetO1() { - return this.o1 != null; - } - - public void setO1IsSet(boolean value) { + public void setToken_ownerIsSet(boolean value) { if (!value) { - this.o1 = null; - } - } - - public void setFieldValue(_Fields field, Object value) { - switch (field) { - case SUCCESS: - if (value == null) { - unsetSuccess(); - } else { - setSuccess((String)value); - } - break; - - case O1: - if (value == null) { - unsetO1(); - } else { - setO1((MetaException)value); - } - break; - - } - } - - public Object getFieldValue(_Fields field) { - switch (field) { - case SUCCESS: - return getSuccess(); - - case O1: - return getO1(); - - } - throw new IllegalStateException(); - } - - /** Returns true if field corresponding to fieldID is set (has been asigned a value) and false otherwise */ - public boolean isSet(_Fields field) { - if (field == null) { - throw new IllegalArgumentException(); - } - - switch (field) { - case SUCCESS: - return isSetSuccess(); - case O1: - return isSetO1(); - } - throw new IllegalStateException(); - } - - @Override - public boolean equals(Object that) { - if (that == null) - return false; - if (that instanceof get_delegation_token_result) - return this.equals((get_delegation_token_result)that); - return false; - } - - public boolean equals(get_delegation_token_result that) { - if (that == null) - return false; - - boolean this_present_success = true && this.isSetSuccess(); - boolean that_present_success = true && that.isSetSuccess(); - if (this_present_success || that_present_success) { - if (!(this_present_success && that_present_success)) - return false; - if (!this.success.equals(that.success)) - return false; - } - - boolean this_present_o1 = true && this.isSetO1(); - boolean that_present_o1 = true && that.isSetO1(); - if (this_present_o1 || that_present_o1) { - if (!(this_present_o1 && that_present_o1)) - return false; - if (!this.o1.equals(that.o1)) - return false; - } - - return true; - } - - @Override - public int hashCode() { - return 0; - } - - public int compareTo(get_delegation_token_result other) { - if (!getClass().equals(other.getClass())) { - return getClass().getName().compareTo(other.getClass().getName()); - } - - int lastComparison = 0; - get_delegation_token_result typedOther = (get_delegation_token_result)other; - - lastComparison = Boolean.valueOf(isSetSuccess()).compareTo(typedOther.isSetSuccess()); - if (lastComparison != 0) { - return lastComparison; - } - if (isSetSuccess()) { - lastComparison = TBaseHelper.compareTo(this.success, typedOther.success); - if (lastComparison != 0) { - return lastComparison; - } - } - lastComparison = Boolean.valueOf(isSetO1()).compareTo(typedOther.isSetO1()); - if (lastComparison != 0) { - return lastComparison; - } - if (isSetO1()) { - lastComparison = TBaseHelper.compareTo(this.o1, typedOther.o1); - if (lastComparison != 0) { - return lastComparison; - } - } - return 0; - } - - public _Fields fieldForId(int fieldId) { - return _Fields.findByThriftId(fieldId); - } - - public void read(TProtocol iprot) throws TException { - TField field; - iprot.readStructBegin(); - while (true) - { - field = iprot.readFieldBegin(); - if (field.type == TType.STOP) { - break; - } - switch (field.id) { - case 0: // SUCCESS - if (field.type == TType.STRING) { - this.success = iprot.readString(); - } else { - TProtocolUtil.skip(iprot, field.type); - } - break; - case 1: // O1 - if (field.type == TType.STRUCT) { - this.o1 = new MetaException(); - this.o1.read(iprot); - } else { - TProtocolUtil.skip(iprot, field.type); - } - break; - default: - TProtocolUtil.skip(iprot, field.type); - } - iprot.readFieldEnd(); - } - iprot.readStructEnd(); - validate(); - } - - public void write(TProtocol oprot) throws TException { - oprot.writeStructBegin(STRUCT_DESC); - - if (this.isSetSuccess()) { - oprot.writeFieldBegin(SUCCESS_FIELD_DESC); - oprot.writeString(this.success); - oprot.writeFieldEnd(); - } else if (this.isSetO1()) { - oprot.writeFieldBegin(O1_FIELD_DESC); - this.o1.write(oprot); - oprot.writeFieldEnd(); + this.token_owner = null; } - oprot.writeFieldStop(); - oprot.writeStructEnd(); - } - - @Override - public String toString() { - StringBuilder sb = new StringBuilder("get_delegation_token_result("); - boolean first = true; - - sb.append("success:"); - if (this.success == null) { - sb.append("null"); - } else { - sb.append(this.success); - } - first = false; - if (!first) sb.append(", "); - sb.append("o1:"); - if (this.o1 == null) { - sb.append("null"); - } else { - sb.append(this.o1); - } - first = false; - sb.append(")"); - return sb.toString(); - } - - public void validate() throws TException { - // check for required fields - } - - } - - public static class get_delegation_token_with_signature_args implements TBase, java.io.Serializable, Cloneable { - private static final TStruct STRUCT_DESC = new TStruct("get_delegation_token_with_signature_args"); - - private static final TField RENEWER_KERBEROS_PRINCIPAL_NAME_FIELD_DESC = new TField("renewer_kerberos_principal_name", TType.STRING, (short)1); - private static final TField TOKEN_SIGNATURE_FIELD_DESC = new TField("token_signature", TType.STRING, (short)2); - - private String renewer_kerberos_principal_name; - private String token_signature; - - /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ - public enum _Fields implements TFieldIdEnum { - RENEWER_KERBEROS_PRINCIPAL_NAME((short)1, "renewer_kerberos_principal_name"), - TOKEN_SIGNATURE((short)2, "token_signature"); - - private static final Map byName = new HashMap(); - - static { - for (_Fields field : EnumSet.allOf(_Fields.class)) { - byName.put(field.getFieldName(), field); - } - } - - /** - * Find the _Fields constant that matches fieldId, or null if its not found. - */ - public static _Fields findByThriftId(int fieldId) { - switch(fieldId) { - case 1: // RENEWER_KERBEROS_PRINCIPAL_NAME - return RENEWER_KERBEROS_PRINCIPAL_NAME; - case 2: // TOKEN_SIGNATURE - return TOKEN_SIGNATURE; - default: - return null; - } - } - - /** - * Find the _Fields constant that matches fieldId, throwing an exception - * if it is not found. - */ - public static _Fields findByThriftIdOrThrow(int fieldId) { - _Fields fields = findByThriftId(fieldId); - if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!"); - return fields; - } - - /** - * Find the _Fields constant that matches name, or null if its not found. - */ - public static _Fields findByName(String name) { - return byName.get(name); - } - - private final short _thriftId; - private final String _fieldName; - - _Fields(short thriftId, String fieldName) { - _thriftId = thriftId; - _fieldName = fieldName; - } - - public short getThriftFieldId() { - return _thriftId; - } - - public String getFieldName() { - return _fieldName; - } - } - - // isset id assignments - - public static final Map<_Fields, FieldMetaData> metaDataMap; - static { - Map<_Fields, FieldMetaData> tmpMap = new EnumMap<_Fields, FieldMetaData>(_Fields.class); - tmpMap.put(_Fields.RENEWER_KERBEROS_PRINCIPAL_NAME, new FieldMetaData("renewer_kerberos_principal_name", TFieldRequirementType.DEFAULT, - new FieldValueMetaData(TType.STRING))); - tmpMap.put(_Fields.TOKEN_SIGNATURE, new FieldMetaData("token_signature", TFieldRequirementType.DEFAULT, - new FieldValueMetaData(TType.STRING))); - metaDataMap = Collections.unmodifiableMap(tmpMap); - FieldMetaData.addStructMetaDataMap(get_delegation_token_with_signature_args.class, metaDataMap); - } - - public get_delegation_token_with_signature_args() { - } - - public get_delegation_token_with_signature_args( - String renewer_kerberos_principal_name, - String token_signature) - { - this(); - this.renewer_kerberos_principal_name = renewer_kerberos_principal_name; - this.token_signature = token_signature; - } - - /** - * Performs a deep copy on other. - */ - public get_delegation_token_with_signature_args(get_delegation_token_with_signature_args other) { - if (other.isSetRenewer_kerberos_principal_name()) { - this.renewer_kerberos_principal_name = other.renewer_kerberos_principal_name; - } - if (other.isSetToken_signature()) { - this.token_signature = other.token_signature; - } - } - - public get_delegation_token_with_signature_args deepCopy() { - return new get_delegation_token_with_signature_args(this); - } - - @Override - public void clear() { - this.renewer_kerberos_principal_name = null; - this.token_signature = null; } public String getRenewer_kerberos_principal_name() { @@ -52878,44 +52145,21 @@ public class ThriftHiveMetastore { } } - public String getToken_signature() { - return this.token_signature; - } - - public void setToken_signature(String token_signature) { - this.token_signature = token_signature; - } - - public void unsetToken_signature() { - this.token_signature = null; - } - - /** Returns true if field token_signature is set (has been asigned a value) and false otherwise */ - public boolean isSetToken_signature() { - return this.token_signature != null; - } - - public void setToken_signatureIsSet(boolean value) { - if (!value) { - this.token_signature = null; - } - } - public void setFieldValue(_Fields field, Object value) { switch (field) { - case RENEWER_KERBEROS_PRINCIPAL_NAME: + case TOKEN_OWNER: if (value == null) { - unsetRenewer_kerberos_principal_name(); + unsetToken_owner(); } else { - setRenewer_kerberos_principal_name((String)value); + setToken_owner((String)value); } break; - case TOKEN_SIGNATURE: + case RENEWER_KERBEROS_PRINCIPAL_NAME: if (value == null) { - unsetToken_signature(); + unsetRenewer_kerberos_principal_name(); } else { - setToken_signature((String)value); + setRenewer_kerberos_principal_name((String)value); } break; @@ -52924,12 +52168,12 @@ public class ThriftHiveMetastore { public Object getFieldValue(_Fields field) { switch (field) { + case TOKEN_OWNER: + return getToken_owner(); + case RENEWER_KERBEROS_PRINCIPAL_NAME: return getRenewer_kerberos_principal_name(); - case TOKEN_SIGNATURE: - return getToken_signature(); - } throw new IllegalStateException(); } @@ -52941,10 +52185,10 @@ public class ThriftHiveMetastore { } switch (field) { + case TOKEN_OWNER: + return isSetToken_owner(); case RENEWER_KERBEROS_PRINCIPAL_NAME: return isSetRenewer_kerberos_principal_name(); - case TOKEN_SIGNATURE: - return isSetToken_signature(); } throw new IllegalStateException(); } @@ -52953,15 +52197,24 @@ public class ThriftHiveMetastore { public boolean equals(Object that) { if (that == null) return false; - if (that instanceof get_delegation_token_with_signature_args) - return this.equals((get_delegation_token_with_signature_args)that); + if (that instanceof get_delegation_token_args) + return this.equals((get_delegation_token_args)that); return false; } - public boolean equals(get_delegation_token_with_signature_args that) { + public boolean equals(get_delegation_token_args that) { if (that == null) return false; + boolean this_present_token_owner = true && this.isSetToken_owner(); + boolean that_present_token_owner = true && that.isSetToken_owner(); + if (this_present_token_owner || that_present_token_owner) { + if (!(this_present_token_owner && that_present_token_owner)) + return false; + if (!this.token_owner.equals(that.token_owner)) + return false; + } + boolean this_present_renewer_kerberos_principal_name = true && this.isSetRenewer_kerberos_principal_name(); boolean that_present_renewer_kerberos_principal_name = true && that.isSetRenewer_kerberos_principal_name(); if (this_present_renewer_kerberos_principal_name || that_present_renewer_kerberos_principal_name) { @@ -52971,15 +52224,6 @@ public class ThriftHiveMetastore { return false; } - boolean this_present_token_signature = true && this.isSetToken_signature(); - boolean that_present_token_signature = true && that.isSetToken_signature(); - if (this_present_token_signature || that_present_token_signature) { - if (!(this_present_token_signature && that_present_token_signature)) - return false; - if (!this.token_signature.equals(that.token_signature)) - return false; - } - return true; } @@ -52988,30 +52232,30 @@ public class ThriftHiveMetastore { return 0; } - public int compareTo(get_delegation_token_with_signature_args other) { + public int compareTo(get_delegation_token_args other) { if (!getClass().equals(other.getClass())) { return getClass().getName().compareTo(other.getClass().getName()); } int lastComparison = 0; - get_delegation_token_with_signature_args typedOther = (get_delegation_token_with_signature_args)other; + get_delegation_token_args typedOther = (get_delegation_token_args)other; - lastComparison = Boolean.valueOf(isSetRenewer_kerberos_principal_name()).compareTo(typedOther.isSetRenewer_kerberos_principal_name()); + lastComparison = Boolean.valueOf(isSetToken_owner()).compareTo(typedOther.isSetToken_owner()); if (lastComparison != 0) { return lastComparison; } - if (isSetRenewer_kerberos_principal_name()) { - lastComparison = TBaseHelper.compareTo(this.renewer_kerberos_principal_name, typedOther.renewer_kerberos_principal_name); + if (isSetToken_owner()) { + lastComparison = TBaseHelper.compareTo(this.token_owner, typedOther.token_owner); if (lastComparison != 0) { return lastComparison; } } - lastComparison = Boolean.valueOf(isSetToken_signature()).compareTo(typedOther.isSetToken_signature()); + lastComparison = Boolean.valueOf(isSetRenewer_kerberos_principal_name()).compareTo(typedOther.isSetRenewer_kerberos_principal_name()); if (lastComparison != 0) { return lastComparison; } - if (isSetToken_signature()) { - lastComparison = TBaseHelper.compareTo(this.token_signature, typedOther.token_signature); + if (isSetRenewer_kerberos_principal_name()) { + lastComparison = TBaseHelper.compareTo(this.renewer_kerberos_principal_name, typedOther.renewer_kerberos_principal_name); if (lastComparison != 0) { return lastComparison; } @@ -53033,16 +52277,16 @@ public class ThriftHiveMetastore { break; } switch (field.id) { - case 1: // RENEWER_KERBEROS_PRINCIPAL_NAME + case 1: // TOKEN_OWNER if (field.type == TType.STRING) { - this.renewer_kerberos_principal_name = iprot.readString(); + this.token_owner = iprot.readString(); } else { TProtocolUtil.skip(iprot, field.type); } break; - case 2: // TOKEN_SIGNATURE + case 2: // RENEWER_KERBEROS_PRINCIPAL_NAME if (field.type == TType.STRING) { - this.token_signature = iprot.readString(); + this.renewer_kerberos_principal_name = iprot.readString(); } else { TProtocolUtil.skip(iprot, field.type); } @@ -53060,38 +52304,38 @@ public class ThriftHiveMetastore { validate(); oprot.writeStructBegin(STRUCT_DESC); + if (this.token_owner != null) { + oprot.writeFieldBegin(TOKEN_OWNER_FIELD_DESC); + oprot.writeString(this.token_owner); + oprot.writeFieldEnd(); + } if (this.renewer_kerberos_principal_name != null) { oprot.writeFieldBegin(RENEWER_KERBEROS_PRINCIPAL_NAME_FIELD_DESC); oprot.writeString(this.renewer_kerberos_principal_name); oprot.writeFieldEnd(); } - if (this.token_signature != null) { - oprot.writeFieldBegin(TOKEN_SIGNATURE_FIELD_DESC); - oprot.writeString(this.token_signature); - oprot.writeFieldEnd(); - } oprot.writeFieldStop(); oprot.writeStructEnd(); } @Override public String toString() { - StringBuilder sb = new StringBuilder("get_delegation_token_with_signature_args("); + StringBuilder sb = new StringBuilder("get_delegation_token_args("); boolean first = true; - sb.append("renewer_kerberos_principal_name:"); - if (this.renewer_kerberos_principal_name == null) { + sb.append("token_owner:"); + if (this.token_owner == null) { sb.append("null"); } else { - sb.append(this.renewer_kerberos_principal_name); + sb.append(this.token_owner); } first = false; if (!first) sb.append(", "); - sb.append("token_signature:"); - if (this.token_signature == null) { + sb.append("renewer_kerberos_principal_name:"); + if (this.renewer_kerberos_principal_name == null) { sb.append("null"); } else { - sb.append(this.token_signature); + sb.append(this.renewer_kerberos_principal_name); } first = false; sb.append(")"); @@ -53104,8 +52348,8 @@ public class ThriftHiveMetastore { } - public static class get_delegation_token_with_signature_result implements TBase, java.io.Serializable, Cloneable { - private static final TStruct STRUCT_DESC = new TStruct("get_delegation_token_with_signature_result"); + public static class get_delegation_token_result implements TBase, java.io.Serializable, Cloneable { + private static final TStruct STRUCT_DESC = new TStruct("get_delegation_token_result"); private static final TField SUCCESS_FIELD_DESC = new TField("success", TType.STRING, (short)0); private static final TField O1_FIELD_DESC = new TField("o1", TType.STRUCT, (short)1); @@ -53184,13 +52428,13 @@ public class ThriftHiveMetastore { tmpMap.put(_Fields.O1, new FieldMetaData("o1", TFieldRequirementType.DEFAULT, new FieldValueMetaData(TType.STRUCT))); metaDataMap = Collections.unmodifiableMap(tmpMap); - FieldMetaData.addStructMetaDataMap(get_delegation_token_with_signature_result.class, metaDataMap); + FieldMetaData.addStructMetaDataMap(get_delegation_token_result.class, metaDataMap); } - public get_delegation_token_with_signature_result() { + public get_delegation_token_result() { } - public get_delegation_token_with_signature_result( + public get_delegation_token_result( String success, MetaException o1) { @@ -53202,7 +52446,7 @@ public class ThriftHiveMetastore { /** * Performs a deep copy on other. */ - public get_delegation_token_with_signature_result(get_delegation_token_with_signature_result other) { + public get_delegation_token_result(get_delegation_token_result other) { if (other.isSetSuccess()) { this.success = other.success; } @@ -53211,8 +52455,8 @@ public class ThriftHiveMetastore { } } - public get_delegation_token_with_signature_result deepCopy() { - return new get_delegation_token_with_signature_result(this); + public get_delegation_token_result deepCopy() { + return new get_delegation_token_result(this); } @Override @@ -53319,12 +52563,12 @@ public class ThriftHiveMetastore { public boolean equals(Object that) { if (that == null) return false; - if (that instanceof get_delegation_token_with_signature_result) - return this.equals((get_delegation_token_with_signature_result)that); + if (that instanceof get_delegation_token_result) + return this.equals((get_delegation_token_result)that); return false; } - public boolean equals(get_delegation_token_with_signature_result that) { + public boolean equals(get_delegation_token_result that) { if (that == null) return false; @@ -53354,13 +52598,13 @@ public class ThriftHiveMetastore { return 0; } - public int compareTo(get_delegation_token_with_signature_result other) { + public int compareTo(get_delegation_token_result other) { if (!getClass().equals(other.getClass())) { return getClass().getName().compareTo(other.getClass().getName()); } int lastComparison = 0; - get_delegation_token_with_signature_result typedOther = (get_delegation_token_with_signature_result)other; + get_delegation_token_result typedOther = (get_delegation_token_result)other; lastComparison = Boolean.valueOf(isSetSuccess()).compareTo(typedOther.isSetSuccess()); if (lastComparison != 0) { @@ -53441,7 +52685,7 @@ public class ThriftHiveMetastore { @Override public String toString() { - StringBuilder sb = new StringBuilder("get_delegation_token_with_signature_result("); + StringBuilder sb = new StringBuilder("get_delegation_token_result("); boolean first = true; sb.append("success:"); diff --git metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php index 5eb01c6..6549ab6 100644 --- metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php +++ metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php @@ -63,8 +63,7 @@ interface ThriftHiveMetastoreIf extends FacebookServiceIf { public function list_privileges($principal_name, $principal_type, $hiveObject); public function grant_privileges($privileges); public function revoke_privileges($privileges); - public function get_delegation_token($renewer_kerberos_principal_name); - public function get_delegation_token_with_signature($renewer_kerberos_principal_name, $token_signature); + public function get_delegation_token($token_owner, $renewer_kerberos_principal_name); public function renew_delegation_token($token_str_form); public function cancel_delegation_token($token_str_form); } @@ -3114,15 +3113,16 @@ class ThriftHiveMetastoreClient extends FacebookServiceClient implements ThriftH throw new Exception("revoke_privileges failed: unknown result"); } - public function get_delegation_token($renewer_kerberos_principal_name) + public function get_delegation_token($token_owner, $renewer_kerberos_principal_name) { - $this->send_get_delegation_token($renewer_kerberos_principal_name); + $this->send_get_delegation_token($token_owner, $renewer_kerberos_principal_name); return $this->recv_get_delegation_token(); } - public function send_get_delegation_token($renewer_kerberos_principal_name) + public function send_get_delegation_token($token_owner, $renewer_kerberos_principal_name) { $args = new metastore_ThriftHiveMetastore_get_delegation_token_args(); + $args->token_owner = $token_owner; $args->renewer_kerberos_principal_name = $renewer_kerberos_principal_name; $bin_accel = ($this->output_ instanceof TProtocol::$TBINARYPROTOCOLACCELERATED) && function_exists('thrift_protocol_write_binary'); if ($bin_accel) @@ -3168,61 +3168,6 @@ class ThriftHiveMetastoreClient extends FacebookServiceClient implements ThriftH throw new Exception("get_delegation_token failed: unknown result"); } - public function get_delegation_token_with_signature($renewer_kerberos_principal_name, $token_signature) - { - $this->send_get_delegation_token_with_signature($renewer_kerberos_principal_name, $token_signature); - return $this->recv_get_delegation_token_with_signature(); - } - - public function send_get_delegation_token_with_signature($renewer_kerberos_principal_name, $token_signature) - { - $args = new metastore_ThriftHiveMetastore_get_delegation_token_with_signature_args(); - $args->renewer_kerberos_principal_name = $renewer_kerberos_principal_name; - $args->token_signature = $token_signature; - $bin_accel = ($this->output_ instanceof TProtocol::$TBINARYPROTOCOLACCELERATED) && function_exists('thrift_protocol_write_binary'); - if ($bin_accel) - { - thrift_protocol_write_binary($this->output_, 'get_delegation_token_with_signature', TMessageType::CALL, $args, $this->seqid_, $this->output_->isStrictWrite()); - } - else - { - $this->output_->writeMessageBegin('get_delegation_token_with_signature', TMessageType::CALL, $this->seqid_); - $args->write($this->output_); - $this->output_->writeMessageEnd(); - $this->output_->getTransport()->flush(); - } - } - - public function recv_get_delegation_token_with_signature() - { - $bin_accel = ($this->input_ instanceof TProtocol::$TBINARYPROTOCOLACCELERATED) && function_exists('thrift_protocol_read_binary'); - if ($bin_accel) $result = thrift_protocol_read_binary($this->input_, 'metastore_ThriftHiveMetastore_get_delegation_token_with_signature_result', $this->input_->isStrictRead()); - else - { - $rseqid = 0; - $fname = null; - $mtype = 0; - - $this->input_->readMessageBegin($fname, $mtype, $rseqid); - if ($mtype == TMessageType::EXCEPTION) { - $x = new TApplicationException(); - $x->read($this->input_); - $this->input_->readMessageEnd(); - throw $x; - } - $result = new metastore_ThriftHiveMetastore_get_delegation_token_with_signature_result(); - $result->read($this->input_); - $this->input_->readMessageEnd(); - } - if ($result->success !== null) { - return $result->success; - } - if ($result->o1 !== null) { - throw $result->o1; - } - throw new Exception("get_delegation_token_with_signature failed: unknown result"); - } - public function renew_delegation_token($token_str_form) { $this->send_renew_delegation_token($token_str_form); @@ -15418,200 +15363,34 @@ class metastore_ThriftHiveMetastore_revoke_privileges_result { class metastore_ThriftHiveMetastore_get_delegation_token_args { static $_TSPEC; + public $token_owner = null; public $renewer_kerberos_principal_name = null; public function __construct($vals=null) { if (!isset(self::$_TSPEC)) { self::$_TSPEC = array( 1 => array( - 'var' => 'renewer_kerberos_principal_name', - 'type' => TType::STRING, - ), - ); - } - if (is_array($vals)) { - if (isset($vals['renewer_kerberos_principal_name'])) { - $this->renewer_kerberos_principal_name = $vals['renewer_kerberos_principal_name']; - } - } - } - - public function getName() { - return 'ThriftHiveMetastore_get_delegation_token_args'; - } - - public function read($input) - { - $xfer = 0; - $fname = null; - $ftype = 0; - $fid = 0; - $xfer += $input->readStructBegin($fname); - while (true) - { - $xfer += $input->readFieldBegin($fname, $ftype, $fid); - if ($ftype == TType::STOP) { - break; - } - switch ($fid) - { - case 1: - if ($ftype == TType::STRING) { - $xfer += $input->readString($this->renewer_kerberos_principal_name); - } else { - $xfer += $input->skip($ftype); - } - break; - default: - $xfer += $input->skip($ftype); - break; - } - $xfer += $input->readFieldEnd(); - } - $xfer += $input->readStructEnd(); - return $xfer; - } - - public function write($output) { - $xfer = 0; - $xfer += $output->writeStructBegin('ThriftHiveMetastore_get_delegation_token_args'); - if ($this->renewer_kerberos_principal_name !== null) { - $xfer += $output->writeFieldBegin('renewer_kerberos_principal_name', TType::STRING, 1); - $xfer += $output->writeString($this->renewer_kerberos_principal_name); - $xfer += $output->writeFieldEnd(); - } - $xfer += $output->writeFieldStop(); - $xfer += $output->writeStructEnd(); - return $xfer; - } - -} - -class metastore_ThriftHiveMetastore_get_delegation_token_result { - static $_TSPEC; - - public $success = null; - public $o1 = null; - - public function __construct($vals=null) { - if (!isset(self::$_TSPEC)) { - self::$_TSPEC = array( - 0 => array( - 'var' => 'success', - 'type' => TType::STRING, - ), - 1 => array( - 'var' => 'o1', - 'type' => TType::STRUCT, - 'class' => 'metastore_MetaException', - ), - ); - } - if (is_array($vals)) { - if (isset($vals['success'])) { - $this->success = $vals['success']; - } - if (isset($vals['o1'])) { - $this->o1 = $vals['o1']; - } - } - } - - public function getName() { - return 'ThriftHiveMetastore_get_delegation_token_result'; - } - - public function read($input) - { - $xfer = 0; - $fname = null; - $ftype = 0; - $fid = 0; - $xfer += $input->readStructBegin($fname); - while (true) - { - $xfer += $input->readFieldBegin($fname, $ftype, $fid); - if ($ftype == TType::STOP) { - break; - } - switch ($fid) - { - case 0: - if ($ftype == TType::STRING) { - $xfer += $input->readString($this->success); - } else { - $xfer += $input->skip($ftype); - } - break; - case 1: - if ($ftype == TType::STRUCT) { - $this->o1 = new metastore_MetaException(); - $xfer += $this->o1->read($input); - } else { - $xfer += $input->skip($ftype); - } - break; - default: - $xfer += $input->skip($ftype); - break; - } - $xfer += $input->readFieldEnd(); - } - $xfer += $input->readStructEnd(); - return $xfer; - } - - public function write($output) { - $xfer = 0; - $xfer += $output->writeStructBegin('ThriftHiveMetastore_get_delegation_token_result'); - if ($this->success !== null) { - $xfer += $output->writeFieldBegin('success', TType::STRING, 0); - $xfer += $output->writeString($this->success); - $xfer += $output->writeFieldEnd(); - } - if ($this->o1 !== null) { - $xfer += $output->writeFieldBegin('o1', TType::STRUCT, 1); - $xfer += $this->o1->write($output); - $xfer += $output->writeFieldEnd(); - } - $xfer += $output->writeFieldStop(); - $xfer += $output->writeStructEnd(); - return $xfer; - } - -} - -class metastore_ThriftHiveMetastore_get_delegation_token_with_signature_args { - static $_TSPEC; - - public $renewer_kerberos_principal_name = null; - public $token_signature = null; - - public function __construct($vals=null) { - if (!isset(self::$_TSPEC)) { - self::$_TSPEC = array( - 1 => array( - 'var' => 'renewer_kerberos_principal_name', + 'var' => 'token_owner', 'type' => TType::STRING, ), 2 => array( - 'var' => 'token_signature', + 'var' => 'renewer_kerberos_principal_name', 'type' => TType::STRING, ), ); } if (is_array($vals)) { + if (isset($vals['token_owner'])) { + $this->token_owner = $vals['token_owner']; + } if (isset($vals['renewer_kerberos_principal_name'])) { $this->renewer_kerberos_principal_name = $vals['renewer_kerberos_principal_name']; } - if (isset($vals['token_signature'])) { - $this->token_signature = $vals['token_signature']; - } } } public function getName() { - return 'ThriftHiveMetastore_get_delegation_token_with_signature_args'; + return 'ThriftHiveMetastore_get_delegation_token_args'; } public function read($input) @@ -15631,14 +15410,14 @@ class metastore_ThriftHiveMetastore_get_delegation_token_with_signature_args { { case 1: if ($ftype == TType::STRING) { - $xfer += $input->readString($this->renewer_kerberos_principal_name); + $xfer += $input->readString($this->token_owner); } else { $xfer += $input->skip($ftype); } break; case 2: if ($ftype == TType::STRING) { - $xfer += $input->readString($this->token_signature); + $xfer += $input->readString($this->renewer_kerberos_principal_name); } else { $xfer += $input->skip($ftype); } @@ -15655,15 +15434,15 @@ class metastore_ThriftHiveMetastore_get_delegation_token_with_signature_args { public function write($output) { $xfer = 0; - $xfer += $output->writeStructBegin('ThriftHiveMetastore_get_delegation_token_with_signature_args'); - if ($this->renewer_kerberos_principal_name !== null) { - $xfer += $output->writeFieldBegin('renewer_kerberos_principal_name', TType::STRING, 1); - $xfer += $output->writeString($this->renewer_kerberos_principal_name); + $xfer += $output->writeStructBegin('ThriftHiveMetastore_get_delegation_token_args'); + if ($this->token_owner !== null) { + $xfer += $output->writeFieldBegin('token_owner', TType::STRING, 1); + $xfer += $output->writeString($this->token_owner); $xfer += $output->writeFieldEnd(); } - if ($this->token_signature !== null) { - $xfer += $output->writeFieldBegin('token_signature', TType::STRING, 2); - $xfer += $output->writeString($this->token_signature); + if ($this->renewer_kerberos_principal_name !== null) { + $xfer += $output->writeFieldBegin('renewer_kerberos_principal_name', TType::STRING, 2); + $xfer += $output->writeString($this->renewer_kerberos_principal_name); $xfer += $output->writeFieldEnd(); } $xfer += $output->writeFieldStop(); @@ -15673,7 +15452,7 @@ class metastore_ThriftHiveMetastore_get_delegation_token_with_signature_args { } -class metastore_ThriftHiveMetastore_get_delegation_token_with_signature_result { +class metastore_ThriftHiveMetastore_get_delegation_token_result { static $_TSPEC; public $success = null; @@ -15704,7 +15483,7 @@ class metastore_ThriftHiveMetastore_get_delegation_token_with_signature_result { } public function getName() { - return 'ThriftHiveMetastore_get_delegation_token_with_signature_result'; + return 'ThriftHiveMetastore_get_delegation_token_result'; } public function read($input) @@ -15749,7 +15528,7 @@ class metastore_ThriftHiveMetastore_get_delegation_token_with_signature_result { public function write($output) { $xfer = 0; - $xfer += $output->writeStructBegin('ThriftHiveMetastore_get_delegation_token_with_signature_result'); + $xfer += $output->writeStructBegin('ThriftHiveMetastore_get_delegation_token_result'); if ($this->success !== null) { $xfer += $output->writeFieldBegin('success', TType::STRING, 0); $xfer += $output->writeString($this->success); diff --git metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote old mode 100644 new mode 100755 index 8ed1c0e..125637c --- metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote +++ metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote @@ -74,8 +74,7 @@ if len(sys.argv) <= 1 or sys.argv[1] == '--help': print ' list_privileges(string principal_name, PrincipalType principal_type, HiveObjectRef hiveObject)' print ' bool grant_privileges(PrivilegeBag privileges)' print ' bool revoke_privileges(PrivilegeBag privileges)' - print ' string get_delegation_token(string renewer_kerberos_principal_name)' - print ' string get_delegation_token_with_signature(string renewer_kerberos_principal_name, string token_signature)' + print ' string get_delegation_token(string token_owner, string renewer_kerberos_principal_name)' print ' i64 renew_delegation_token(string token_str_form)' print ' void cancel_delegation_token(string token_str_form)' print '' @@ -447,16 +446,10 @@ elif cmd == 'revoke_privileges': pp.pprint(client.revoke_privileges(eval(args[0]),)) elif cmd == 'get_delegation_token': - if len(args) != 1: - print 'get_delegation_token requires 1 args' - sys.exit(1) - pp.pprint(client.get_delegation_token(args[0],)) - -elif cmd == 'get_delegation_token_with_signature': if len(args) != 2: - print 'get_delegation_token_with_signature requires 2 args' + print 'get_delegation_token requires 2 args' sys.exit(1) - pp.pprint(client.get_delegation_token_with_signature(args[0],args[1],)) + pp.pprint(client.get_delegation_token(args[0],args[1],)) elif cmd == 'renew_delegation_token': if len(args) != 1: diff --git metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py index f5ed00f..4c7af29 100644 --- metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py +++ metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py @@ -461,21 +461,14 @@ class Iface(fb303.FacebookService.Iface): """ pass - def get_delegation_token(self, renewer_kerberos_principal_name): + def get_delegation_token(self, token_owner, renewer_kerberos_principal_name): """ Parameters: + - token_owner - renewer_kerberos_principal_name """ pass - def get_delegation_token_with_signature(self, renewer_kerberos_principal_name, token_signature): - """ - Parameters: - - renewer_kerberos_principal_name - - token_signature - """ - pass - def renew_delegation_token(self, token_str_form): """ Parameters: @@ -2408,17 +2401,19 @@ class Client(fb303.FacebookService.Client, Iface): raise result.o1 raise TApplicationException(TApplicationException.MISSING_RESULT, "revoke_privileges failed: unknown result"); - def get_delegation_token(self, renewer_kerberos_principal_name): + def get_delegation_token(self, token_owner, renewer_kerberos_principal_name): """ Parameters: + - token_owner - renewer_kerberos_principal_name """ - self.send_get_delegation_token(renewer_kerberos_principal_name) + self.send_get_delegation_token(token_owner, renewer_kerberos_principal_name) return self.recv_get_delegation_token() - def send_get_delegation_token(self, renewer_kerberos_principal_name): + def send_get_delegation_token(self, token_owner, renewer_kerberos_principal_name): self._oprot.writeMessageBegin('get_delegation_token', TMessageType.CALL, self._seqid) args = get_delegation_token_args() + args.token_owner = token_owner args.renewer_kerberos_principal_name = renewer_kerberos_principal_name args.write(self._oprot) self._oprot.writeMessageEnd() @@ -2440,40 +2435,6 @@ class Client(fb303.FacebookService.Client, Iface): raise result.o1 raise TApplicationException(TApplicationException.MISSING_RESULT, "get_delegation_token failed: unknown result"); - def get_delegation_token_with_signature(self, renewer_kerberos_principal_name, token_signature): - """ - Parameters: - - renewer_kerberos_principal_name - - token_signature - """ - self.send_get_delegation_token_with_signature(renewer_kerberos_principal_name, token_signature) - return self.recv_get_delegation_token_with_signature() - - def send_get_delegation_token_with_signature(self, renewer_kerberos_principal_name, token_signature): - self._oprot.writeMessageBegin('get_delegation_token_with_signature', TMessageType.CALL, self._seqid) - args = get_delegation_token_with_signature_args() - args.renewer_kerberos_principal_name = renewer_kerberos_principal_name - args.token_signature = token_signature - args.write(self._oprot) - self._oprot.writeMessageEnd() - self._oprot.trans.flush() - - def recv_get_delegation_token_with_signature(self, ): - (fname, mtype, rseqid) = self._iprot.readMessageBegin() - if mtype == TMessageType.EXCEPTION: - x = TApplicationException() - x.read(self._iprot) - self._iprot.readMessageEnd() - raise x - result = get_delegation_token_with_signature_result() - result.read(self._iprot) - self._iprot.readMessageEnd() - if result.success != None: - return result.success - if result.o1 != None: - raise result.o1 - raise TApplicationException(TApplicationException.MISSING_RESULT, "get_delegation_token_with_signature failed: unknown result"); - def renew_delegation_token(self, token_str_form): """ Parameters: @@ -2594,7 +2555,6 @@ class Processor(fb303.FacebookService.Processor, Iface, TProcessor): self._processMap["grant_privileges"] = Processor.process_grant_privileges self._processMap["revoke_privileges"] = Processor.process_revoke_privileges self._processMap["get_delegation_token"] = Processor.process_get_delegation_token - self._processMap["get_delegation_token_with_signature"] = Processor.process_get_delegation_token_with_signature self._processMap["renew_delegation_token"] = Processor.process_renew_delegation_token self._processMap["cancel_delegation_token"] = Processor.process_cancel_delegation_token @@ -3445,7 +3405,7 @@ class Processor(fb303.FacebookService.Processor, Iface, TProcessor): iprot.readMessageEnd() result = get_delegation_token_result() try: - result.success = self._handler.get_delegation_token(args.renewer_kerberos_principal_name) + result.success = self._handler.get_delegation_token(args.token_owner, args.renewer_kerberos_principal_name) except MetaException, o1: result.o1 = o1 oprot.writeMessageBegin("get_delegation_token", TMessageType.REPLY, seqid) @@ -3453,20 +3413,6 @@ class Processor(fb303.FacebookService.Processor, Iface, TProcessor): oprot.writeMessageEnd() oprot.trans.flush() - def process_get_delegation_token_with_signature(self, seqid, iprot, oprot): - args = get_delegation_token_with_signature_args() - args.read(iprot) - iprot.readMessageEnd() - result = get_delegation_token_with_signature_result() - try: - result.success = self._handler.get_delegation_token_with_signature(args.renewer_kerberos_principal_name, args.token_signature) - except MetaException, o1: - result.o1 = o1 - oprot.writeMessageBegin("get_delegation_token_with_signature", TMessageType.REPLY, seqid) - result.write(oprot) - oprot.writeMessageEnd() - oprot.trans.flush() - def process_renew_delegation_token(self, seqid, iprot, oprot): args = renew_delegation_token_args() args.read(iprot) @@ -12047,15 +11993,18 @@ class revoke_privileges_result: class get_delegation_token_args: """ Attributes: + - token_owner - renewer_kerberos_principal_name """ thrift_spec = ( None, # 0 - (1, TType.STRING, 'renewer_kerberos_principal_name', None, None, ), # 1 + (1, TType.STRING, 'token_owner', None, None, ), # 1 + (2, TType.STRING, 'renewer_kerberos_principal_name', None, None, ), # 2 ) - def __init__(self, renewer_kerberos_principal_name=None,): + def __init__(self, token_owner=None, renewer_kerberos_principal_name=None,): + self.token_owner = token_owner self.renewer_kerberos_principal_name = renewer_kerberos_principal_name def read(self, iprot): @@ -12069,145 +12018,12 @@ class get_delegation_token_args: break if fid == 1: if ftype == TType.STRING: - self.renewer_kerberos_principal_name = iprot.readString(); - else: - iprot.skip(ftype) - else: - iprot.skip(ftype) - iprot.readFieldEnd() - iprot.readStructEnd() - - def write(self, oprot): - if oprot.__class__ == TBinaryProtocol.TBinaryProtocolAccelerated and self.thrift_spec is not None and fastbinary is not None: - oprot.trans.write(fastbinary.encode_binary(self, (self.__class__, self.thrift_spec))) - return - oprot.writeStructBegin('get_delegation_token_args') - if self.renewer_kerberos_principal_name != None: - oprot.writeFieldBegin('renewer_kerberos_principal_name', TType.STRING, 1) - oprot.writeString(self.renewer_kerberos_principal_name) - oprot.writeFieldEnd() - oprot.writeFieldStop() - oprot.writeStructEnd() - def validate(self): - return - - - def __repr__(self): - L = ['%s=%r' % (key, value) - for key, value in self.__dict__.iteritems()] - return '%s(%s)' % (self.__class__.__name__, ', '.join(L)) - - def __eq__(self, other): - return isinstance(other, self.__class__) and self.__dict__ == other.__dict__ - - def __ne__(self, other): - return not (self == other) - -class get_delegation_token_result: - """ - Attributes: - - success - - o1 - """ - - thrift_spec = ( - (0, TType.STRING, 'success', None, None, ), # 0 - (1, TType.STRUCT, 'o1', (MetaException, MetaException.thrift_spec), None, ), # 1 - ) - - def __init__(self, success=None, o1=None,): - self.success = success - self.o1 = o1 - - def read(self, iprot): - if iprot.__class__ == TBinaryProtocol.TBinaryProtocolAccelerated and isinstance(iprot.trans, TTransport.CReadableTransport) and self.thrift_spec is not None and fastbinary is not None: - fastbinary.decode_binary(self, iprot.trans, (self.__class__, self.thrift_spec)) - return - iprot.readStructBegin() - while True: - (fname, ftype, fid) = iprot.readFieldBegin() - if ftype == TType.STOP: - break - if fid == 0: - if ftype == TType.STRING: - self.success = iprot.readString(); - else: - iprot.skip(ftype) - elif fid == 1: - if ftype == TType.STRUCT: - self.o1 = MetaException() - self.o1.read(iprot) - else: - iprot.skip(ftype) - else: - iprot.skip(ftype) - iprot.readFieldEnd() - iprot.readStructEnd() - - def write(self, oprot): - if oprot.__class__ == TBinaryProtocol.TBinaryProtocolAccelerated and self.thrift_spec is not None and fastbinary is not None: - oprot.trans.write(fastbinary.encode_binary(self, (self.__class__, self.thrift_spec))) - return - oprot.writeStructBegin('get_delegation_token_result') - if self.success != None: - oprot.writeFieldBegin('success', TType.STRING, 0) - oprot.writeString(self.success) - oprot.writeFieldEnd() - if self.o1 != None: - oprot.writeFieldBegin('o1', TType.STRUCT, 1) - self.o1.write(oprot) - oprot.writeFieldEnd() - oprot.writeFieldStop() - oprot.writeStructEnd() - def validate(self): - return - - - def __repr__(self): - L = ['%s=%r' % (key, value) - for key, value in self.__dict__.iteritems()] - return '%s(%s)' % (self.__class__.__name__, ', '.join(L)) - - def __eq__(self, other): - return isinstance(other, self.__class__) and self.__dict__ == other.__dict__ - - def __ne__(self, other): - return not (self == other) - -class get_delegation_token_with_signature_args: - """ - Attributes: - - renewer_kerberos_principal_name - - token_signature - """ - - thrift_spec = ( - None, # 0 - (1, TType.STRING, 'renewer_kerberos_principal_name', None, None, ), # 1 - (2, TType.STRING, 'token_signature', None, None, ), # 2 - ) - - def __init__(self, renewer_kerberos_principal_name=None, token_signature=None,): - self.renewer_kerberos_principal_name = renewer_kerberos_principal_name - self.token_signature = token_signature - - def read(self, iprot): - if iprot.__class__ == TBinaryProtocol.TBinaryProtocolAccelerated and isinstance(iprot.trans, TTransport.CReadableTransport) and self.thrift_spec is not None and fastbinary is not None: - fastbinary.decode_binary(self, iprot.trans, (self.__class__, self.thrift_spec)) - return - iprot.readStructBegin() - while True: - (fname, ftype, fid) = iprot.readFieldBegin() - if ftype == TType.STOP: - break - if fid == 1: - if ftype == TType.STRING: - self.renewer_kerberos_principal_name = iprot.readString(); + self.token_owner = iprot.readString(); else: iprot.skip(ftype) elif fid == 2: if ftype == TType.STRING: - self.token_signature = iprot.readString(); + self.renewer_kerberos_principal_name = iprot.readString(); else: iprot.skip(ftype) else: @@ -12219,15 +12035,15 @@ class get_delegation_token_with_signature_args: if oprot.__class__ == TBinaryProtocol.TBinaryProtocolAccelerated and self.thrift_spec is not None and fastbinary is not None: oprot.trans.write(fastbinary.encode_binary(self, (self.__class__, self.thrift_spec))) return - oprot.writeStructBegin('get_delegation_token_with_signature_args') + oprot.writeStructBegin('get_delegation_token_args') + if self.token_owner != None: + oprot.writeFieldBegin('token_owner', TType.STRING, 1) + oprot.writeString(self.token_owner) + oprot.writeFieldEnd() if self.renewer_kerberos_principal_name != None: - oprot.writeFieldBegin('renewer_kerberos_principal_name', TType.STRING, 1) + oprot.writeFieldBegin('renewer_kerberos_principal_name', TType.STRING, 2) oprot.writeString(self.renewer_kerberos_principal_name) oprot.writeFieldEnd() - if self.token_signature != None: - oprot.writeFieldBegin('token_signature', TType.STRING, 2) - oprot.writeString(self.token_signature) - oprot.writeFieldEnd() oprot.writeFieldStop() oprot.writeStructEnd() def validate(self): @@ -12245,7 +12061,7 @@ class get_delegation_token_with_signature_args: def __ne__(self, other): return not (self == other) -class get_delegation_token_with_signature_result: +class get_delegation_token_result: """ Attributes: - success @@ -12290,7 +12106,7 @@ class get_delegation_token_with_signature_result: if oprot.__class__ == TBinaryProtocol.TBinaryProtocolAccelerated and self.thrift_spec is not None and fastbinary is not None: oprot.trans.write(fastbinary.encode_binary(self, (self.__class__, self.thrift_spec))) return - oprot.writeStructBegin('get_delegation_token_with_signature_result') + oprot.writeStructBegin('get_delegation_token_result') if self.success != None: oprot.writeFieldBegin('success', TType.STRING, 0) oprot.writeString(self.success) diff --git metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb index 5f828bf..51533e7 100644 --- metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb +++ metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb @@ -894,13 +894,13 @@ module ThriftHiveMetastore raise ::Thrift::ApplicationException.new(::Thrift::ApplicationException::MISSING_RESULT, 'revoke_privileges failed: unknown result') end - def get_delegation_token(renewer_kerberos_principal_name) - send_get_delegation_token(renewer_kerberos_principal_name) + def get_delegation_token(token_owner, renewer_kerberos_principal_name) + send_get_delegation_token(token_owner, renewer_kerberos_principal_name) return recv_get_delegation_token() end - def send_get_delegation_token(renewer_kerberos_principal_name) - send_message('get_delegation_token', Get_delegation_token_args, :renewer_kerberos_principal_name => renewer_kerberos_principal_name) + def send_get_delegation_token(token_owner, renewer_kerberos_principal_name) + send_message('get_delegation_token', Get_delegation_token_args, :token_owner => token_owner, :renewer_kerberos_principal_name => renewer_kerberos_principal_name) end def recv_get_delegation_token() @@ -910,22 +910,6 @@ module ThriftHiveMetastore raise ::Thrift::ApplicationException.new(::Thrift::ApplicationException::MISSING_RESULT, 'get_delegation_token failed: unknown result') end - def get_delegation_token_with_signature(renewer_kerberos_principal_name, token_signature) - send_get_delegation_token_with_signature(renewer_kerberos_principal_name, token_signature) - return recv_get_delegation_token_with_signature() - end - - def send_get_delegation_token_with_signature(renewer_kerberos_principal_name, token_signature) - send_message('get_delegation_token_with_signature', Get_delegation_token_with_signature_args, :renewer_kerberos_principal_name => renewer_kerberos_principal_name, :token_signature => token_signature) - end - - def recv_get_delegation_token_with_signature() - result = receive_message(Get_delegation_token_with_signature_result) - return result.success unless result.success.nil? - raise result.o1 unless result.o1.nil? - raise ::Thrift::ApplicationException.new(::Thrift::ApplicationException::MISSING_RESULT, 'get_delegation_token_with_signature failed: unknown result') - end - def renew_delegation_token(token_str_form) send_renew_delegation_token(token_str_form) return recv_renew_delegation_token() @@ -1633,24 +1617,13 @@ module ThriftHiveMetastore args = read_args(iprot, Get_delegation_token_args) result = Get_delegation_token_result.new() begin - result.success = @handler.get_delegation_token(args.renewer_kerberos_principal_name) + result.success = @handler.get_delegation_token(args.token_owner, args.renewer_kerberos_principal_name) rescue MetaException => o1 result.o1 = o1 end write_result(result, oprot, 'get_delegation_token', seqid) end - def process_get_delegation_token_with_signature(seqid, iprot, oprot) - args = read_args(iprot, Get_delegation_token_with_signature_args) - result = Get_delegation_token_with_signature_result.new() - begin - result.success = @handler.get_delegation_token_with_signature(args.renewer_kerberos_principal_name, args.token_signature) - rescue MetaException => o1 - result.o1 = o1 - end - write_result(result, oprot, 'get_delegation_token_with_signature', seqid) - end - def process_renew_delegation_token(seqid, iprot, oprot) args = read_args(iprot, Renew_delegation_token_args) result = Renew_delegation_token_result.new() @@ -3718,9 +3691,11 @@ module ThriftHiveMetastore class Get_delegation_token_args include ::Thrift::Struct, ::Thrift::Struct_Union - RENEWER_KERBEROS_PRINCIPAL_NAME = 1 + TOKEN_OWNER = 1 + RENEWER_KERBEROS_PRINCIPAL_NAME = 2 FIELDS = { + TOKEN_OWNER => {:type => ::Thrift::Types::STRING, :name => 'token_owner'}, RENEWER_KERBEROS_PRINCIPAL_NAME => {:type => ::Thrift::Types::STRING, :name => 'renewer_kerberos_principal_name'} } @@ -3750,42 +3725,6 @@ module ThriftHiveMetastore ::Thrift::Struct.generate_accessors self end - class Get_delegation_token_with_signature_args - include ::Thrift::Struct, ::Thrift::Struct_Union - RENEWER_KERBEROS_PRINCIPAL_NAME = 1 - TOKEN_SIGNATURE = 2 - - FIELDS = { - RENEWER_KERBEROS_PRINCIPAL_NAME => {:type => ::Thrift::Types::STRING, :name => 'renewer_kerberos_principal_name'}, - TOKEN_SIGNATURE => {:type => ::Thrift::Types::STRING, :name => 'token_signature'} - } - - def struct_fields; FIELDS; end - - def validate - end - - ::Thrift::Struct.generate_accessors self - end - - class Get_delegation_token_with_signature_result - include ::Thrift::Struct, ::Thrift::Struct_Union - SUCCESS = 0 - O1 = 1 - - FIELDS = { - SUCCESS => {:type => ::Thrift::Types::STRING, :name => 'success'}, - O1 => {:type => ::Thrift::Types::STRUCT, :name => 'o1', :class => MetaException} - } - - def struct_fields; FIELDS; end - - def validate - end - - ::Thrift::Struct.generate_accessors self - end - class Renew_delegation_token_args include ::Thrift::Struct, ::Thrift::Struct_Union TOKEN_STR_FORM = 1 diff --git metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java index 7f7c3cd..bb644ec 100644 --- metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java +++ metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java @@ -25,7 +25,6 @@ import static org.apache.hadoop.hive.metastore.MetaStoreUtils.validateName; import java.io.IOException; import java.net.InetAddress; -import java.net.Socket; import java.util.ArrayList; import java.util.Formatter; import java.util.HashMap; @@ -86,12 +85,10 @@ import org.apache.hadoop.util.StringUtils; import org.apache.thrift.TException; import org.apache.thrift.TProcessor; import org.apache.thrift.protocol.TBinaryProtocol; -import org.apache.thrift.protocol.TProtocol; import org.apache.thrift.server.TServer; import org.apache.thrift.server.TThreadPoolServer; import org.apache.thrift.transport.TServerSocket; import org.apache.thrift.transport.TServerTransport; -import org.apache.thrift.transport.TSocket; import org.apache.thrift.transport.TTransportFactory; import com.facebook.fb303.FacebookBase; @@ -105,6 +102,7 @@ public class HiveMetaStore extends ThriftHiveMetastore { HiveMetaStore.class); private static HadoopThriftAuthBridge.Server saslServer; + private static boolean useSasl; public static class HMSHandler extends FacebookBase implements ThriftHiveMetastore.Iface { @@ -148,20 +146,20 @@ public class HiveMetaStore extends ThriftHiveMetastore { }; private final void logAuditEvent(String cmd) { - if (!ShimLoader.getHadoopShims().isSecureShimImpl() || cmd == null) { + if (!useSasl || cmd == null) { return; } - + UserGroupInformation ugi; try { ugi = ShimLoader.getHadoopShims().getUGIForConf(getConf()); } catch (Exception ex) { throw new RuntimeException(ex); } - InetAddress addr = TLoggingProcessor.getRemoteAddress(); + InetAddress addr = saslServer.getRemoteAddress(); final Formatter fmt = auditFormatter.get(); ((StringBuilder)fmt.out()).setLength(0); - auditLog.info(fmt.format(AUDIT_FORMAT, ugi.getUserName(), + auditLog.info(fmt.format(AUDIT_FORMAT, ugi.getUserName(), addr == null ? "unknown-ip-addr" : addr.toString(), cmd).toString()); } @@ -486,7 +484,7 @@ public class HiveMetaStore extends ThriftHiveMetastore { try { Metrics.startScope(function); } catch (IOException e) { - LOG.debug("Exception when starting metrics scope" + LOG.debug("Exception when starting metrics scope" + e.getClass().getName() + " " + e.getMessage()); MetaStoreUtils.printStackTrace(e); } @@ -2762,7 +2760,7 @@ public class HiveMetaStore extends ThriftHiveMetastore { if (partName != null) { Partition part = null; part = get_partition_by_name(dbName, tableName, partName); - List mPartitionCols + List mPartitionCols = ms.listPrincipalPartitionColumnGrants(principalName, principalType, dbName, tableName, partName, columnName); if (mPartitionCols.size() > 0) { @@ -2986,22 +2984,6 @@ public class HiveMetaStore extends ThriftHiveMetastore { } @Override - public String get_delegation_token_with_signature( - String renewer_kerberos_principal_name, - String token_signature) throws MetaException, TException { - startFunction("get_delegation_token_with_signature"); - try { - return - HiveMetaStore.getDelegationToken(renewer_kerberos_principal_name, - token_signature); - } catch(IOException e) { - throw new MetaException(e.getMessage()); - } finally { - endFunction("get_delegation_token_with_signature"); - } - } - - @Override public long renew_delegation_token(String token_str_form) throws MetaException, TException { startFunction("renew_delegation_token"); @@ -3015,16 +2997,20 @@ public class HiveMetaStore extends ThriftHiveMetastore { } @Override - public String get_delegation_token(String renewer_kerberos_principal_name) + public String get_delegation_token(String token_owner, + String renewer_kerberos_principal_name) throws MetaException, TException { - startFunction("get_delegation_token_with_signature"); + startFunction("get_delegation_token"); try { return - HiveMetaStore.getDelegationToken(renewer_kerberos_principal_name); + HiveMetaStore.getDelegationToken(token_owner, + renewer_kerberos_principal_name); } catch(IOException e) { throw new MetaException(e.getMessage()); + } catch (InterruptedException e) { + throw new MetaException(e.getMessage()); } finally { - endFunction("get_delegation_token_with_signature"); + endFunction("get_delegation_token"); } } @@ -3038,22 +3024,14 @@ public class HiveMetaStore extends ThriftHiveMetastore { ) throws IOException { saslServer.cancelDelegationToken(tokenStrForm); } - /** - * Get a new delegation token. - * @param renewer the designated renewer - * @param token_signature an identifier that is set as the service on the generated token - */ - public static String getDelegationToken(String renewer, String token_signature - )throws IOException { - return saslServer.getDelegationToken(renewer, token_signature); - } /** * Get a new delegation token. * @param renewer the designated renewer */ - public static String getDelegationToken(String renewer)throws IOException { - return saslServer.getDelegationToken(renewer); + public static String getDelegationToken(String owner, String renewer) + throws IOException, InterruptedException { + return saslServer.getDelegationToken(owner, renewer); } /** * Renew a delegation token to extend its lifetime. @@ -3101,13 +3079,12 @@ public class HiveMetaStore extends ThriftHiveMetastore { int minWorkerThreads = conf.getIntVar(HiveConf.ConfVars.METASTORESERVERMINTHREADS); int maxWorkerThreads = conf.getIntVar(HiveConf.ConfVars.METASTORESERVERMAXTHREADS); boolean tcpKeepAlive = conf.getBoolVar(HiveConf.ConfVars.METASTORE_TCP_KEEP_ALIVE); - boolean useSasl = conf.getBoolVar(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL); + useSasl = conf.getBoolVar(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL); TServerTransport serverTransport = tcpKeepAlive ? new TServerSocketKeepAlive(port) : new TServerSocket(port); - TProcessor processor = - new TLoggingProcessor(new ThriftHiveMetastore.Processor(handler)); + TProcessor processor = new ThriftHiveMetastore.Processor(handler); TTransportFactory transFactory; if (useSasl) { saslServer = bridge.createServer( @@ -3142,29 +3119,4 @@ public class HiveMetaStore extends ThriftHiveMetastore { throw x; } } - //Assists audit logger - gets the remote client's IP address. - private static class TLoggingProcessor implements TProcessor { - private final static ThreadLocal remoteAddress = - new ThreadLocal() { - @Override - protected synchronized InetAddress initialValue() { - return null; - } - }; - TProcessor wrapped; - TLoggingProcessor(TProcessor wrapped) { - this.wrapped = wrapped; - } - static InetAddress getRemoteAddress() { - return remoteAddress.get(); - } - public boolean process(final TProtocol inProt, final TProtocol outProt) - throws TException { - if (TSocket.class.isAssignableFrom(inProt.getTransport().getClass())) { - Socket socket = ((TSocket)inProt.getTransport()).getSocket(); - remoteAddress.set(socket.getInetAddress()); - } - return wrapped.process(inProt, outProt); - } - } } diff --git metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java index 5a9b61e..edae10b 100644 --- metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java +++ metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java @@ -51,7 +51,6 @@ import org.apache.hadoop.hive.metastore.api.Partition; import org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet; import org.apache.hadoop.hive.metastore.api.PrincipalType; import org.apache.hadoop.hive.metastore.api.PrivilegeBag; -import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo; import org.apache.hadoop.hive.metastore.api.Role; import org.apache.hadoop.hive.metastore.api.Table; import org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore; @@ -582,7 +581,7 @@ public class HiveMetaStoreClient implements IMetaStoreClient { return deepCopyPartitions( client.get_partitions_ps(db_name, tbl_name, part_vals, max_parts)); } - + @Override public List listPartitionsWithAuthInfo(String db_name, String tbl_name, short max_parts, String user_name, List group_names) @@ -648,7 +647,7 @@ public class HiveMetaStoreClient implements IMetaStoreClient { List part_vals) throws NoSuchObjectException, MetaException, TException { return deepCopy(client.get_partition(db_name, tbl_name, part_vals)); } - + @Override public Partition getPartitionWithAuthInfo(String db_name, String tbl_name, List part_vals, String user_name, List group_names) @@ -1005,13 +1004,13 @@ public class HiveMetaStoreClient implements IMetaStoreClient { public boolean drop_role(String roleName) throws MetaException, TException { return client.drop_role(roleName); } - + @Override public List list_roles(String principalName, PrincipalType principalType) throws MetaException, TException { return client.list_roles(principalName, principalType); } - + @Override public List listRoleNames() throws MetaException, TException { return client.get_role_names(); @@ -1049,25 +1048,15 @@ public class HiveMetaStoreClient implements IMetaStoreClient { return client.list_privileges(principalName, principalType, hiveObject); } - @Override - public String getDelegationTokenWithSignature(String renewerKerberosPrincipalName, - String tokenSignature) throws - MetaException, TException { - if(localMetaStore) { - throw new UnsupportedOperationException("getDelegationToken() can be " + - "called only in thrift (non local) mode"); - } - return client.get_delegation_token_with_signature(renewerKerberosPrincipalName, tokenSignature); - } @Override - public String getDelegationToken(String renewerKerberosPrincipalName) throws + public String getDelegationToken(String owner, String renewerKerberosPrincipalName) throws MetaException, TException { if(localMetaStore) { throw new UnsupportedOperationException("getDelegationToken() can be " + "called only in thrift (non local) mode"); } - return client.get_delegation_token(renewerKerberosPrincipalName); + return client.get_delegation_token(owner, renewerKerberosPrincipalName); } @Override diff --git metastore/src/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java metastore/src/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java index 5d445f5..d2df42f 100644 --- metastore/src/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java +++ metastore/src/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java @@ -269,7 +269,7 @@ public interface IMetaStoreClient { public Partition getPartition(String dbName, String tblName, String name) throws MetaException, UnknownTableException, NoSuchObjectException, TException; - + /** * @param dbName * @param tableName @@ -285,7 +285,7 @@ public interface IMetaStoreClient { public Partition getPartitionWithAuthInfo(String dbName, String tableName, List pvals, String userName, List groupNames) throws MetaException, UnknownTableException, NoSuchObjectException, TException; - + /** * @param tbl_name * @param db_name @@ -314,7 +314,7 @@ public interface IMetaStoreClient { * @param userName * @param groupNames * @return - * @throws NoSuchObjectException + * @throws NoSuchObjectException */ public List listPartitionsWithAuthInfo(String dbName, String tableName, short s, String userName, List groupNames) @@ -328,7 +328,7 @@ public interface IMetaStoreClient { * @param userName * @param groupNames * @return - * @throws NoSuchObjectException + * @throws NoSuchObjectException */ public List listPartitionsWithAuthInfo(String dbName, String tableName, List partialPvals, short s, String userName, @@ -531,7 +531,7 @@ public interface IMetaStoreClient { public boolean dropIndex(String db_name, String tbl_name, String name, boolean deleteData) throws NoSuchObjectException, MetaException, TException; - + /** * @param Role * role object @@ -545,8 +545,8 @@ public interface IMetaStoreClient { /** * @param role_name * role name - * @param db_name - * + * @param db_name + * * @return * @throws MetaException * @throws TException @@ -556,13 +556,13 @@ public interface IMetaStoreClient { /** * list all role names * @return - * @throws TException - * @throws MetaException + * @throws TException + * @throws MetaException */ public List listRoleNames() throws MetaException, TException; /** - * + * * @param role_name * @param user_name * @param principalType @@ -584,7 +584,7 @@ public interface IMetaStoreClient { * user name * @param principalType * @param db_name - * + * * @return * @throws MetaException * @throws TException @@ -593,7 +593,7 @@ public interface IMetaStoreClient { PrincipalType principalType) throws MetaException, TException; /** - * + * * @param principalName * @param principalType * @return @@ -614,7 +614,7 @@ public interface IMetaStoreClient { public PrincipalPrivilegeSet get_privilege_set(HiveObjectRef hiveObject, String user_name, List group_names) throws MetaException, TException; - + /** * @param principal_name * @param principal_type @@ -647,21 +647,11 @@ public interface IMetaStoreClient { /** * @param renewerKerberosPrincipalName - * @param tokenSignature - * @return - * @throws MetaException - * @throws TException - */ - public String getDelegationTokenWithSignature(String renewerKerberosPrincipalName, String tokenSignature) - throws MetaException, TException; - - /** - * @param renewerKerberosPrincipalName * @return * @throws MetaException * @throws TException */ - public String getDelegationToken(String renewerKerberosPrincipalName) + public String getDelegationToken(String owner, String renewerKerberosPrincipalName) throws MetaException, TException; /** diff --git service/src/gen/thrift/gen-py/hive_service/ThriftHive-remote service/src/gen/thrift/gen-py/hive_service/ThriftHive-remote old mode 100644 new mode 100755 diff --git shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java index 35f8eb8..1d2ad66 100644 --- shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java +++ shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java @@ -446,7 +446,7 @@ public class Hadoop20SShims implements HadoopShims { public UserGroupInformation getUGIForConf(Configuration conf) throws IOException { return UserGroupInformation.getCurrentUser(); } - + @Override public boolean isSecureShimImpl() { return true; diff --git shims/src/0.20S/java/org/apache/hadoop/hive/thrift/DelegationTokenSecretManager.java shims/src/0.20S/java/org/apache/hadoop/hive/thrift/DelegationTokenSecretManager.java index 0e048c7..29114f0 100644 --- shims/src/0.20S/java/org/apache/hadoop/hive/thrift/DelegationTokenSecretManager.java +++ shims/src/0.20S/java/org/apache/hadoop/hive/thrift/DelegationTokenSecretManager.java @@ -70,7 +70,7 @@ public class DelegationTokenSecretManager return renewToken(t, user); } - public synchronized String getDelegationToken(String renewer, String tokenSignature) throws IOException { + public synchronized String getDelegationToken(String renewer) throws IOException { UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); Text owner = new Text(ugi.getUserName()); Text realUser = null; @@ -81,14 +81,7 @@ public class DelegationTokenSecretManager new DelegationTokenIdentifier(owner, new Text(renewer), realUser); Token t = new Token( ident, this); - if(tokenSignature != null) { - t.setService(new Text(tokenSignature)); - } return t.encodeToUrlString(); } - - public synchronized String getDelegationToken(String renewer) throws IOException { - return getDelegationToken(renewer, null); - } } diff --git shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java index fd042c7..fa361f1 100644 --- shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java +++ shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java @@ -18,6 +18,8 @@ package org.apache.hadoop.hive.thrift; import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; import java.security.PrivilegedAction; import java.security.PrivilegedExceptionAction; @@ -40,6 +42,7 @@ import org.apache.hadoop.security.SaslRpcServer; import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.SaslRpcServer.AuthMethod; +import org.apache.hadoop.security.authorize.ProxyUsers; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.TokenIdentifier; import org.apache.hadoop.security.token.SecretManager.InvalidToken; @@ -48,6 +51,7 @@ import org.apache.thrift.TProcessor; import org.apache.thrift.protocol.TProtocol; import org.apache.thrift.transport.TSaslClientTransport; import org.apache.thrift.transport.TSaslServerTransport; +import org.apache.thrift.transport.TSocket; import org.apache.thrift.transport.TTransport; import org.apache.thrift.transport.TTransportException; import org.apache.thrift.transport.TTransportFactory; @@ -419,8 +423,28 @@ import org.apache.thrift.transport.TTransportFactory; } @Override - public String getDelegationToken(String renewer) throws IOException { - return secretManager.getDelegationToken(renewer); + public String getDelegationToken(final String owner, final String renewer) + throws IOException, InterruptedException { + //if the user asking the token is same as the 'owner' then don't do + //any proxy authorization checks. For cases like oozie, where it gets + //a delegation token for another user, we need to make sure oozie is + //authorized to get a delegation token. + //Do all checks on short names + UserGroupInformation currUser = UserGroupInformation.getCurrentUser(); + UserGroupInformation ownerUgi = UserGroupInformation.createRemoteUser(owner); + if (!ownerUgi.getShortUserName().equals(currUser.getShortUserName())) { + //in the case of proxy users, the getCurrentUser will return the + //real user (for e.g. oozie) due to the doAs that happened just before the + //server started executing the method getDelegationToken in the MetaStore + ownerUgi = UserGroupInformation.createProxyUser(owner, + UserGroupInformation.getCurrentUser()); + ProxyUsers.authorize(ownerUgi, getRemoteAddress().getHostAddress(), null); + } + return ownerUgi.doAs(new PrivilegedExceptionAction() { + public String run() throws IOException { + return secretManager.getDelegationToken(renewer); + } + }); } @Override @@ -429,17 +453,22 @@ import org.apache.thrift.transport.TTransportFactory; } @Override - public String getDelegationToken(String renewer, String token_signature) - throws IOException { - return secretManager.getDelegationToken(renewer, token_signature); - } - - @Override public void cancelDelegationToken(String tokenStrForm) throws IOException { secretManager.cancelDelegationToken(tokenStrForm); } - + private final static ThreadLocal remoteAddress = + new ThreadLocal() { + @Override + protected synchronized InetAddress initialValue() { + return null; + } + }; + @Override + public InetAddress getRemoteAddress() { + return remoteAddress.get(); + } + /** CallbackHandler for SASL DIGEST-MD5 mechanism */ // This code is pretty much completely based on Hadoop's // SaslRpcServer.SaslDigestCallbackHandler - the only reason we could not @@ -549,6 +578,10 @@ import org.apache.thrift.transport.TTransportFactory; throw new TException(e.getMessage()); } } + if (TSocket.class.isAssignableFrom(inProt.getTransport().getClass())) { + Socket socket = ((TSocket)inProt.getTransport()).getSocket(); + remoteAddress.set(socket.getInetAddress()); + } try { UserGroupInformation clientUgi = UserGroupInformation.createProxyUser( endUser, UserGroupInformation.getLoginUser()); diff --git shims/src/common/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java shims/src/common/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java index 301ad5a..ecaa2d7 100644 --- shims/src/common/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java +++ shims/src/common/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge.java @@ -19,6 +19,7 @@ package org.apache.hadoop.hive.thrift; import java.io.IOException; +import java.net.InetAddress; import org.apache.hadoop.conf.Configuration; import org.apache.thrift.TProcessor; @@ -66,10 +67,11 @@ import org.apache.thrift.transport.TTransportFactory; public static abstract class Server { public abstract TTransportFactory createTransportFactory() throws TTransportException; public abstract TProcessor wrapProcessor(TProcessor processor); + public abstract InetAddress getRemoteAddress(); public abstract void startDelegationTokenSecretManager(Configuration conf) throws IOException; - public abstract String getDelegationToken(String renewer) throws IOException; + public abstract String getDelegationToken(String owner, String renewer) + throws IOException, InterruptedException; public abstract long renewDelegationToken(String tokenStrForm) throws IOException; - public abstract String getDelegationToken(String renewer, String token_signature) throws IOException; public abstract void cancelDelegationToken(String tokenStrForm) throws IOException; } } diff --git shims/src/test/org/apache/hadoop/hive/thrift/TestHadoop20SAuthBridge.java shims/src/test/org/apache/hadoop/hive/thrift/TestHadoop20SAuthBridge.java index fd06c37..6d2eaa7 100644 --- shims/src/test/org/apache/hadoop/hive/thrift/TestHadoop20SAuthBridge.java +++ shims/src/test/org/apache/hadoop/hive/thrift/TestHadoop20SAuthBridge.java @@ -30,6 +30,8 @@ import org.apache.hadoop.hive.metastore.HiveMetaStore; import org.apache.hadoop.hive.metastore.HiveMetaStoreClient; import org.apache.hadoop.hive.metastore.api.Database; import org.apache.hadoop.hive.metastore.api.MetaException; +import org.apache.hadoop.io.Text; +import org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier; import org.apache.hadoop.security.SaslRpcServer; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.SaslRpcServer.AuthMethod; @@ -107,18 +109,15 @@ public class TestHadoop20SAuthBridge extends TestCase { //through the thrift interface). Obtaining a token makes the secret manager //aware of the user and that it gave the token to the user String tokenStrForm; - if (tokenSig == null) { - tokenStrForm = - HiveMetaStore.getDelegationToken(clientUgi.getShortUserName()); - } else { - tokenStrForm = - HiveMetaStore.getDelegationToken(clientUgi.getShortUserName(), - tokenSig); - conf.set("hive.metastore.token.signature", tokenSig); - } - + tokenStrForm = + HiveMetaStore.getDelegationToken(clientUgi.getShortUserName(), + clientUgi.getShortUserName()); Token t= new Token(); t.decodeFromUrlString(tokenStrForm); + if (tokenSig != null) { + conf.set("hive.metastore.token.signature", tokenSig); + t.setService(new Text(tokenSig)); + } //add the token to the clientUgi for securely talking to the metastore clientUgi.addToken(t); //Create the metastore client as the clientUgi. Doing so this