Examples with LlapTokenIdentifier org.apache.hadoop.hive.llap.security.LlapTokenIdentifier used on opensource projects

Example 11 with LlapTokenIdentifier

use of org.apache.hadoop.hive.llap.security.LlapTokenIdentifier in project hive by apache.

the class LlapTokenClient method extractToken.

private Token<LlapTokenIdentifier> extractToken(ByteString tokenBytes) throws IOException {
    Token<LlapTokenIdentifier> token = new Token<>();
    DataInputByteBuffer in = new DataInputByteBuffer();
    in.reset(tokenBytes.asReadOnlyByteBuffer());
    token.readFields(in);
    return token;
}

Example 12 with LlapTokenIdentifier

use of org.apache.hadoop.hive.llap.security.LlapTokenIdentifier in project hive by apache.

the class LlapProtocolClientProxy method getProxy.

private LlapProtocolBlockingPB getProxy(final LlapNodeId nodeId) {
    String hostId = getHostIdentifier(nodeId.getHostname(), nodeId.getPort());
    LlapProtocolBlockingPB proxy = hostProxies.get(hostId);
    if (proxy == null) {
        if (llapToken == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Creating a client without a token for " + nodeId);
            }
            proxy = new LlapProtocolClientImpl(getConfig(), nodeId.getHostname(), nodeId.getPort(), null, retryPolicy, socketFactory);
        } else {
            final UserGroupInformation ugi = UserGroupInformation.createRemoteUser(llapTokenUser);
            // Clone the token as we'd need to set the service to the one we are talking to.
            Token<LlapTokenIdentifier> nodeToken = new Token<LlapTokenIdentifier>(llapToken);
            SecurityUtil.setTokenService(nodeToken, NetUtils.createSocketAddrForHost(nodeId.getHostname(), nodeId.getPort()));
            ugi.addToken(nodeToken);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Creating a client for " + nodeId + "; the token is " + nodeToken);
            }
            proxy = ugi.doAs(new PrivilegedAction<LlapProtocolBlockingPB>() {

                @Override
                public LlapProtocolBlockingPB run() {
                    return new LlapProtocolClientImpl(getConfig(), nodeId.getHostname(), nodeId.getPort(), ugi, retryPolicy, socketFactory);
                }
            });
        }
        LlapProtocolBlockingPB proxyOld = hostProxies.putIfAbsent(hostId, proxy);
        if (proxyOld != null) {
            // TODO Shutdown the new proxy.
            proxy = proxyOld;
        }
    }
    return proxy;
}

Example 13 with LlapTokenIdentifier

use of org.apache.hadoop.hive.llap.security.LlapTokenIdentifier in project hive by apache.

the class SecretManager method decodeTokenIdentifier.

@Override
public LlapTokenIdentifier decodeTokenIdentifier(Token<LlapTokenIdentifier> token) throws IOException {
    DataInputStream dis = new DataInputStream(new ByteArrayInputStream(token.getIdentifier()));
    LlapTokenIdentifier id = new LlapTokenIdentifier();
    id.readFields(dis);
    dis.close();
    return id;
}

Example 14 with LlapTokenIdentifier

use of org.apache.hadoop.hive.llap.security.LlapTokenIdentifier in project hive by apache.

the class SecretManager method createLlapToken.

public Token<LlapTokenIdentifier> createLlapToken(String appId, String user, boolean isSignatureRequired) throws IOException {
    Text realUser = null, renewer = null;
    if (user == null) {
        UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
        user = ugi.getUserName();
        if (ugi.getRealUser() != null) {
            realUser = new Text(ugi.getRealUser().getUserName());
        }
        renewer = new Text(ugi.getShortUserName());
    } else {
        renewer = new Text(user);
    }
    LlapTokenIdentifier llapId = new LlapTokenIdentifier(new Text(user), renewer, realUser, clusterId, appId, isSignatureRequired);
    // TODO: note that the token is not renewable right now and will last for 2 weeks by default.
    Token<LlapTokenIdentifier> token = new Token<LlapTokenIdentifier>(llapId, this);
    if (LOG.isInfoEnabled()) {
        LOG.info("Created LLAP token {}", token);
    }
    return token;
}

Example 15 with LlapTokenIdentifier

use of org.apache.hadoop.hive.llap.security.LlapTokenIdentifier in project hive by apache.

the class TezSessionState method getLlapToken.

private static Token<LlapTokenIdentifier> getLlapToken(String user, final Configuration conf) throws IOException {
    // TODO: parts of this should be moved out of TezSession to reuse the clients, but there's
    // no good place for that right now (HIVE-13698).
    // TODO: De-link from SessionState. A TezSession can be linked to different Hive Sessions via the pool.
    SessionState session = SessionState.get();
    boolean isInHs2 = session != null && session.isHiveServerQuery();
    Token<LlapTokenIdentifier> token = null;
    // For Tez, we don't use appId to distinguish the tokens.
    LlapCoordinator coordinator = null;
    if (isInHs2) {
        // We are in HS2, get the token locally.
        // TODO: coordinator should be passed in; HIVE-13698. Must be initialized for now.
        coordinator = LlapCoordinator.getInstance();
        if (coordinator == null) {
            throw new IOException("LLAP coordinator not initialized; cannot get LLAP tokens");
        }
        // Signing is not required for Tez.
        token = coordinator.getLocalTokenClient(conf, user).createToken(null, null, false);
    } else {
        // We are not in HS2; always create a new client for now.
        token = new LlapTokenClient(conf).getDelegationToken(null);
    }
    if (LOG.isInfoEnabled()) {
        LOG.info("Obtained a LLAP token: " + token);
    }
    return token;
}