hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thejas M Nair (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-17371) Move tokenstores to metastore module
Date Wed, 04 Oct 2017 20:52:00 GMT

    [ https://issues.apache.org/jira/browse/HIVE-17371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16192012#comment-16192012
] 

Thejas M Nair commented on HIVE-17371:
--------------------------------------

bq. Functionality-vise in case of HiveDelegationTokenManager, it doesn't do anything specific
for HS2 except that it defines some delegation token specific default configuration values
like key update interval, token renewal and lifetime durations.
These configurations are also there in MetastoreDelegationTokenManager. Looks like in HIVE-17241,
the suggestion by [~vgumashta] was to have duplicate code for this for HS2 and standalone-metastore.
However, in my opinion, it would be better to share this code rather than duplicate it, specially
since this concerns with security, and I don't see this evolving differently for HS2. I think
we might want to duplicate code primarily if the use case for non metastore parts of hive
and metastore is expected to evolve differently.

bq. Moving the class hierarchy of TokenStoreDelegationTokenSecretManager to standalone-metastore
might not be ideal because then hive-shims project will depend on metastore which doesn't
seem right.
Won't it be possible to remove this hierarchy out of hive-shims ?



> Move tokenstores to metastore module
> ------------------------------------
>
>                 Key: HIVE-17371
>                 URL: https://issues.apache.org/jira/browse/HIVE-17371
>             Project: Hive
>          Issue Type: Sub-task
>          Components: Metastore
>            Reporter: Vihang Karajgaonkar
>            Assignee: Vihang Karajgaonkar
>         Attachments: HIVE-17371.01.patch
>
>
> The {{getTokenStore}} method will not work for the {{DBTokenStore}} and {{ZKTokenStore}}
since they implement {{org.apache.hadoop.hive.thrift.DelegationTokenStore}} instead of  {{org.apache.hadoop.hive.metastore.security.DelegationTokenStore}}
> {code}
> private DelegationTokenStore getTokenStore(Configuration conf) throws IOException {
>     String tokenStoreClassName =
>         MetastoreConf.getVar(conf, MetastoreConf.ConfVars.DELEGATION_TOKEN_STORE_CLS,
"");
>     // The second half of this if is to catch cases where users are passing in a HiveConf
for
>     // configuration.  It will have set the default value of
>     // "hive.cluster.delegation.token.store .class" to
>     // "org.apache.hadoop.hive.thrift.MemoryTokenStore" as part of its construction.
 But this is
>     // the hive-shims version of the memory store.  We want to convert this to our default
value.
>     if (StringUtils.isBlank(tokenStoreClassName) ||
>         "org.apache.hadoop.hive.thrift.MemoryTokenStore".equals(tokenStoreClassName))
{
>       return new MemoryTokenStore();
>     }
>     try {
>       Class<? extends DelegationTokenStore> storeClass =
>           Class.forName(tokenStoreClassName).asSubclass(DelegationTokenStore.class);
>       return ReflectionUtils.newInstance(storeClass, conf);
>     } catch (ClassNotFoundException e) {
>       throw new IOException("Error initializing delegation token store: " + tokenStoreClassName,
e);
>     }
>   }
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message