diff --git ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java index 7553abb..974c74e 100644 --- ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java +++ ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java @@ -28,7 +28,6 @@ import org.apache.hadoop.hive.shims.ShimLoader; import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.UserGroupInformation; -import org.apache.hadoop.security.token.Token; /** * SecureCmdDoAs - Helper class for setting parameters and env necessary for @@ -46,9 +45,7 @@ public SecureCmdDoAs(HiveConf conf) throws HiveException, IOException{ String uname = UserGroupInformation.getLoginUser().getShortUserName(); FileSystem fs = FileSystem.get(conf); Credentials cred = new Credentials(); - // Use method addDelegationTokens instead of getDelegationToken to get all the tokens including KMS. - fs.addDelegationTokens(uname, cred); - + ShimLoader.getHadoopShims().addDelegationTokens(fs, cred, uname); tokenFile = File.createTempFile("hive_hadoop_delegation_token", null); tokenPath = new Path(tokenFile.toURI()); diff --git shims/0.20S/src/main/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java shims/0.20S/src/main/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java index 0727945..6d8166c 100644 --- shims/0.20S/src/main/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java +++ shims/0.20S/src/main/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java @@ -67,7 +67,9 @@ import org.apache.hadoop.mapreduce.TaskAttemptContext; import org.apache.hadoop.mapreduce.TaskAttemptID; import org.apache.hadoop.mapreduce.TaskID; +import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.KerberosName; +import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.util.Progressable; import org.apache.hadoop.util.Tool; @@ -719,4 +721,10 @@ public int readByteBuffer(FSDataInputStream file, ByteBuffer dest) throws IOExce return result; } } + + @Override + public void addDelegationTokens(FileSystem fs, Credentials cred, String uname) throws IOException { + Token fsToken = fs.getDelegationToken(uname); + cred.addToken(fsToken.getService(), fsToken); + } } diff --git shims/0.23/src/main/java/org/apache/hadoop/hive/shims/Hadoop23Shims.java shims/0.23/src/main/java/org/apache/hadoop/hive/shims/Hadoop23Shims.java index 9168fba..d349068 100644 --- shims/0.23/src/main/java/org/apache/hadoop/hive/shims/Hadoop23Shims.java +++ shims/0.23/src/main/java/org/apache/hadoop/hive/shims/Hadoop23Shims.java @@ -88,6 +88,7 @@ import org.apache.hadoop.mapreduce.task.TaskAttemptContextImpl; import org.apache.hadoop.net.NetUtils; import org.apache.hadoop.security.authentication.util.KerberosName; +import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.util.Progressable; import org.apache.hadoop.util.Tool; @@ -1352,4 +1353,8 @@ public int readByteBuffer(FSDataInputStream file, ByteBuffer dest) throws IOExce } return result; } + public void addDelegationTokens(FileSystem fs, Credentials cred, String uname) throws IOException { + // Use method addDelegationTokens instead of getDelegationToken to get all the tokens including KMS. + fs.addDelegationTokens(uname, cred); + } } diff --git shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java index 08bab90..5a6bc44 100644 --- shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java +++ shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShims.java @@ -34,6 +34,7 @@ import javax.security.auth.login.LoginException; import com.google.common.annotations.VisibleForTesting; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; @@ -62,6 +63,7 @@ import org.apache.hadoop.mapreduce.TaskAttemptContext; import org.apache.hadoop.mapreduce.TaskAttemptID; import org.apache.hadoop.mapreduce.TaskID; +import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.util.Progressable; @@ -717,4 +719,13 @@ public void deleteKey(String keyName) throws IOException { * will be set to old position + number of bytes read. */ int readByteBuffer(FSDataInputStream file, ByteBuffer dest) throws IOException; + + /** + * Get Delegation token and add it to Credential. + * @param fs FileSystem object to HDFS + * @param cred Credentials object to add the token to. + * @param uname user name. + * @throws IOException If an error occurred on adding the token. + */ + public void addDelegationTokens(FileSystem fs, Credentials cred, String uname) throws IOException; } diff --git shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java index 279a02c..89d7798 100644 --- shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java +++ shims/common/src/main/java/org/apache/hadoop/hive/shims/HadoopShimsSecure.java @@ -49,6 +49,7 @@ import org.apache.hadoop.mapred.lib.CombineFileInputFormat; import org.apache.hadoop.mapred.lib.CombineFileSplit; import org.apache.hadoop.mapreduce.Job; +import org.apache.hadoop.security.Credentials; import org.apache.hadoop.util.Progressable; /** @@ -388,4 +389,7 @@ public void checkFileAccess(FileSystem fs, FileStatus stat, FsAction action) throws IOException, AccessControlException, Exception { DefaultFileAccess.checkFileAccess(fs, stat, action); } + + @Override + abstract public void addDelegationTokens(FileSystem fs, Credentials cred, String uname) throws IOException; }