diff --git common/src/java/org/apache/hadoop/hive/conf/HiveConf.java common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index b8870f2..300d737 100644 --- common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -177,6 +177,7 @@ public String decode(String value) { HiveConf.ConfVars.METASTORE_KERBEROS_KEYTAB_FILE, HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL, HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL, + HiveConf.ConfVars.METASTORE_TOKEN_SIGNATURE, HiveConf.ConfVars.METASTORE_CACHE_PINOBJTYPES, HiveConf.ConfVars.METASTORE_CONNECTION_POOLING_TYPE, HiveConf.ConfVars.METASTORE_VALIDATE_TABLES, @@ -623,6 +624,8 @@ private static void populateLlapDaemonVarsSet(Set llapDaemonVarsSetLocal METASTORE_USE_THRIFT_COMPACT_PROTOCOL("hive.metastore.thrift.compact.protocol.enabled", false, "If true, the metastore Thrift interface will use TCompactProtocol. When false (default) TBinaryProtocol will be used.\n" + "Setting it to true will break compatibility with older clients running TBinaryProtocol."), + METASTORE_TOKEN_SIGNATURE("hive.metastore.token.signature", "", + "The delegation token service name to match when selecting a token from the current user's tokens."), METASTORE_CLUSTER_DELEGATION_TOKEN_STORE_CLS("hive.cluster.delegation.token.store.class", "org.apache.hadoop.hive.thrift.MemoryTokenStore", "The delegation token store implementation. Set to org.apache.hadoop.hive.thrift.ZooKeeperTokenStore for load-balanced cluster."), diff --git hcatalog/core/src/main/java/org/apache/hive/hcatalog/common/HCatUtil.java hcatalog/core/src/main/java/org/apache/hive/hcatalog/common/HCatUtil.java index 3ee30ed..f3bfcfa 100644 --- hcatalog/core/src/main/java/org/apache/hive/hcatalog/common/HCatUtil.java +++ hcatalog/core/src/main/java/org/apache/hive/hcatalog/common/HCatUtil.java @@ -627,7 +627,7 @@ public static HiveConf getHiveConf(Configuration conf) } if (conf.get(HCatConstants.HCAT_KEY_TOKEN_SIGNATURE) != null) { - hiveConf.set("hive.metastore.token.signature", + hiveConf.setVar(HiveConf.ConfVars.METASTORE_TOKEN_SIGNATURE, conf.get(HCatConstants.HCAT_KEY_TOKEN_SIGNATURE)); } diff --git hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/SecureProxySupport.java hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/SecureProxySupport.java index 13f3c9b..e71bc04 100644 --- hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/SecureProxySupport.java +++ hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/SecureProxySupport.java @@ -128,7 +128,7 @@ public void addEnv(Map env) { public void addArgs(List args) { if (isEnabled) { args.add("-D"); - args.add("hive.metastore.token.signature=" + getHcatServiceStr()); + args.add(HiveConf.ConfVars.METASTORE_TOKEN_SIGNATURE + "=" + getHcatServiceStr()); args.add("-D"); args.add("proxy.user.name=" + user); } diff --git itests/hive-unit-hadoop2/src/test/java/org/apache/hadoop/hive/thrift/TestHadoopAuthBridge23.java itests/hive-unit-hadoop2/src/test/java/org/apache/hadoop/hive/thrift/TestHadoopAuthBridge23.java index d07162b..698a0cd 100644 --- itests/hive-unit-hadoop2/src/test/java/org/apache/hadoop/hive/thrift/TestHadoopAuthBridge23.java +++ itests/hive-unit-hadoop2/src/test/java/org/apache/hadoop/hive/thrift/TestHadoopAuthBridge23.java @@ -352,7 +352,7 @@ private void obtainTokenAndAddIntoUGI(UserGroupInformation clientUgi, clientUgi.getShortUserName().equals(d.getUser().getShortUserName())); if (tokenSig != null) { - conf.set("hive.metastore.token.signature", tokenSig); + conf.set(HiveConf.ConfVars.METASTORE_TOKEN_SIGNATURE, tokenSig); t.setService(new Text(tokenSig)); } //add the token to the clientUgi for securely talking to the metastore diff --git metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java index cdd12ab..f5a4e29 100644 --- metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java +++ metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java @@ -424,7 +424,7 @@ private void open() throws MetaException { // this should happen on the map/reduce tasks if the client added the // tokens into hadoop's credential store in the front end during job // submission. - String tokenSig = conf.get("hive.metastore.token.signature"); + String tokenSig = conf.getVar(ConfVars.METASTORE_TOKEN_SIGNATURE); // tokenSig could be null tokenStrForm = Utils.getTokenStrForm(tokenSig); if(tokenStrForm != null) { diff --git service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java index 025b0b8..f7b3412 100644 --- service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java +++ service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java @@ -115,7 +115,7 @@ public void close() throws HiveSQLException { private void setDelegationToken(String hmsDelegationTokenStr) throws HiveSQLException { this.hmsDelegationTokenStr = hmsDelegationTokenStr; if (hmsDelegationTokenStr != null) { - getHiveConf().set("hive.metastore.token.signature", HS2TOKEN); + getHiveConf().setVar(HiveConf.ConfVars.METASTORE_TOKEN_SIGNATURE, HS2TOKEN); try { Utils.setTokenStr(sessionUgi, hmsDelegationTokenStr, HS2TOKEN); } catch (IOException e) {