Search in sources :

Example 1 with GetTokenResponseProto

use of org.apache.hadoop.hive.llap.daemon.rpc.LlapDaemonProtocolProtos.GetTokenResponseProto in project hive by apache.

the class LlapProtocolServerImpl method getDelegationToken.

@Override
public GetTokenResponseProto getDelegationToken(RpcController controller, GetTokenRequestProto request) throws ServiceException {
    if (secretManager == null) {
        throw new ServiceException("Operation not supported on unsecure cluster");
    }
    UserGroupInformation callingUser = null;
    Token<LlapTokenIdentifier> token = null;
    try {
        callingUser = UserGroupInformation.getCurrentUser();
        // Determine if the user would need to sign fragments.
        boolean isSigningRequired = determineIfSigningIsRequired(callingUser);
        token = secretManager.createLlapToken(request.hasAppId() ? request.getAppId() : null, null, isSigningRequired);
    } catch (IOException e) {
        throw new ServiceException(e);
    }
    if (isRestrictedToClusterUser && !clusterUser.equals(callingUser.getShortUserName())) {
        throw new ServiceException("Management protocol ACL is too permissive. The access has been" + " automatically restricted to " + clusterUser + "; " + callingUser.getShortUserName() + " is denied access. Please set " + ConfVars.LLAP_VALIDATE_ACLS.varname + " to false," + " or adjust " + ConfVars.LLAP_MANAGEMENT_ACL.varname + " and " + ConfVars.LLAP_MANAGEMENT_ACL_DENY.varname + " to a more restrictive ACL.");
    }
    ByteArrayDataOutput out = ByteStreams.newDataOutput();
    try {
        token.write(out);
    } catch (IOException e) {
        throw new ServiceException(e);
    }
    ByteString bs = ByteString.copyFrom(out.toByteArray());
    GetTokenResponseProto response = GetTokenResponseProto.newBuilder().setToken(bs).build();
    return response;
}
Also used : LlapTokenIdentifier(org.apache.hadoop.hive.llap.security.LlapTokenIdentifier) ServiceException(com.google.protobuf.ServiceException) GetTokenResponseProto(org.apache.hadoop.hive.llap.daemon.rpc.LlapDaemonProtocolProtos.GetTokenResponseProto) ByteString(com.google.protobuf.ByteString) ByteArrayDataOutput(com.google.common.io.ByteArrayDataOutput) IOException(java.io.IOException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Aggregations

ByteArrayDataOutput (com.google.common.io.ByteArrayDataOutput)1 ByteString (com.google.protobuf.ByteString)1 ServiceException (com.google.protobuf.ServiceException)1 IOException (java.io.IOException)1 GetTokenResponseProto (org.apache.hadoop.hive.llap.daemon.rpc.LlapDaemonProtocolProtos.GetTokenResponseProto)1 LlapTokenIdentifier (org.apache.hadoop.hive.llap.security.LlapTokenIdentifier)1 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1