diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java index 7553abb79950bd91667bb3552baff90788e5e173..974c74e22c4e2e542e82cbe67a5d0d3cf33fd984 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java @@ -28,7 +28,6 @@ import org.apache.hadoop.hive.shims.ShimLoader; import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.UserGroupInformation; -import org.apache.hadoop.security.token.Token; /** * SecureCmdDoAs - Helper class for setting parameters and env necessary for @@ -46,9 +45,7 @@ public SecureCmdDoAs(HiveConf conf) throws HiveException, IOException{ String uname = UserGroupInformation.getLoginUser().getShortUserName(); FileSystem fs = FileSystem.get(conf); Credentials cred = new Credentials(); - // Use method addDelegationTokens instead of getDelegationToken to get all the tokens including KMS. - fs.addDelegationTokens(uname, cred); - + ShimLoader.getHadoopShims().addDelegationTokens(fs, cred, uname); tokenFile = File.createTempFile("hive_hadoop_delegation_token", null); tokenPath = new Path(tokenFile.toURI()); diff --git a/shims/0.20S/src/main/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java b/shims/0.20S/src/main/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java index d5f26032a4ef91b44e91302018ff913eed61cd37..1ac49351252337f4ea8bd71a4033a6bcb64c37be 100644 --- a/shims/0.20S/src/main/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java +++ b/shims/0.20S/src/main/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java @@ -66,7 +66,9 @@ import org.apache.hadoop.mapreduce.TaskAttemptContext; import org.apache.hadoop.mapreduce.TaskAttemptID; import org.apache.hadoop.mapreduce.TaskID; +import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.KerberosName; +import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.util.Progressable; import org.apache.hadoop.util.Tool; @@ -692,4 +694,10 @@ public HdfsEncryptionShim createHdfsEncryptionShim(FileSystem fs, Configuration public Path getPathWithoutSchemeAndAuthority(Path path) { return path; } + + @Override + public void addDelegationTokens(FileSystem fs, Credentials cred, String uname) throws IOException { + Token fsToken = fs.getDelegationToken(uname); + cred.addToken(fsToken.getService(), fsToken); + } } diff --git a/shims/0.23/src/main/java/org/apache/hadoop/hive/shims/Hadoop23Shims.java b/shims/0.23/src/main/java/org/apache/hadoop/hive/shims/Hadoop23Shims.java index bb4a190245af7c880bc0ac1ef0991cb7aa51805f..ba182af4e67f0cf9af8cc65014e27a44d682c82e 100644 --- a/shims/0.23/src/main/java/org/apache/hadoop/hive/shims/Hadoop23Shims.java +++ b/shims/0.23/src/main/java/org/apache/hadoop/hive/shims/Hadoop23Shims.java @@ -87,6 +87,7 @@ import org.apache.hadoop.mapreduce.task.TaskAttemptContextImpl; import org.apache.hadoop.net.NetUtils; import org.apache.hadoop.security.authentication.util.KerberosName; +import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.util.Progressable; import org.apache.hadoop.util.Tool; @@ -1311,4 +1312,8 @@ private int compareKeyStrength(String keyname1, String keyname2) throws IOExcept public Path getPathWithoutSchemeAndAuthority(Path path) { return Path.getPathWithoutSchemeAndAuthority(path); } + public void addDelegationTokens(FileSystem fs, Credentials cred, String uname) throws IOException { + // Use method addDelegationTokens instead of getDelegationToken to get all the tokens including KMS. + fs.addDelegationTokens(uname, cred); + } } diff --git a/shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java b/shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java index 93379cfc2a83640972a012227b47803a4e177ee5..b550b6e0d64ee79ba2076a64f669fd2b697ea692 100644 --- a/shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java +++ b/shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java @@ -34,6 +34,7 @@ import javax.security.auth.login.LoginException; import com.google.common.annotations.VisibleForTesting; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; @@ -62,6 +63,7 @@ import org.apache.hadoop.mapreduce.TaskAttemptContext; import org.apache.hadoop.mapreduce.TaskAttemptID; import org.apache.hadoop.mapreduce.TaskID; +import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.util.Progressable; @@ -706,4 +708,13 @@ public void deleteKey(String keyName) throws IOException { public HdfsEncryptionShim createHdfsEncryptionShim(FileSystem fs, Configuration conf) throws IOException; public Path getPathWithoutSchemeAndAuthority(Path path); + + /** + * Get Delegation token and add it to Credential. + * @param fs FileSystem object to HDFS + * @param cred Credentials object to add the token to. + * @param uname user name. + * @throws IOException If an error occurred on adding the token. + */ + public void addDelegationTokens(FileSystem fs, Credentials cred, String uname) throws IOException; } diff --git a/shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java b/shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java index 279a02cf21e827b3a5eb8f706bf4f92ec0dd0a55..89d779837c7996d30fb61b34ae076e042d397c56 100644 --- a/shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java +++ b/shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java @@ -49,6 +49,7 @@ import org.apache.hadoop.mapred.lib.CombineFileInputFormat; import org.apache.hadoop.mapred.lib.CombineFileSplit; import org.apache.hadoop.mapreduce.Job; +import org.apache.hadoop.security.Credentials; import org.apache.hadoop.util.Progressable; /** @@ -388,4 +389,7 @@ public void checkFileAccess(FileSystem fs, FileStatus stat, FsAction action) throws IOException, AccessControlException, Exception { DefaultFileAccess.checkFileAccess(fs, stat, action); } + + @Override + abstract public void addDelegationTokens(FileSystem fs, Credentials cred, String uname) throws IOException; }