hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vihang Karajgaonkar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-17371) Move tokenstores to metastore module
Date Thu, 05 Oct 2017 00:06:00 GMT

    [ https://issues.apache.org/jira/browse/HIVE-17371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16192232#comment-16192232
] 

Vihang Karajgaonkar commented on HIVE-17371:
--------------------------------------------

bq. These configurations are also there in MetastoreDelegationTokenManager. Looks like in
HIVE-17241, the suggestion by Vaibhav Gumashta was to have duplicate code for this for HS2
and standalone-metastore. However, in my opinion, it would be better to share this code rather
than duplicate it, specially since this concerns with security, and I don't see this evolving
differently for HS2. I think we might want to duplicate code primarily if the use case for
non metastore parts of hive and metastore is expected to evolve differently.

Agreed that we should try to avoid duplicating this code.

bq. Won't it be possible to remove this hierarchy out of hive-shims ?

Do you mean moving DelegationTokenSecretManager also to Metastore? This class is passed in
to the HadoopAuthBridge.Server which is used by both HS2 and Metastore which is why I am saying
the hive-shims will also start depending on metastore if we do that. 

> Move tokenstores to metastore module
> ------------------------------------
>
>                 Key: HIVE-17371
>                 URL: https://issues.apache.org/jira/browse/HIVE-17371
>             Project: Hive
>          Issue Type: Sub-task
>          Components: Metastore
>            Reporter: Vihang Karajgaonkar
>            Assignee: Vihang Karajgaonkar
>         Attachments: HIVE-17371.01.patch
>
>
> The {{getTokenStore}} method will not work for the {{DBTokenStore}} and {{ZKTokenStore}}
since they implement {{org.apache.hadoop.hive.thrift.DelegationTokenStore}} instead of  {{org.apache.hadoop.hive.metastore.security.DelegationTokenStore}}
> {code}
> private DelegationTokenStore getTokenStore(Configuration conf) throws IOException {
>     String tokenStoreClassName =
>         MetastoreConf.getVar(conf, MetastoreConf.ConfVars.DELEGATION_TOKEN_STORE_CLS,
"");
>     // The second half of this if is to catch cases where users are passing in a HiveConf
for
>     // configuration.  It will have set the default value of
>     // "hive.cluster.delegation.token.store .class" to
>     // "org.apache.hadoop.hive.thrift.MemoryTokenStore" as part of its construction.
 But this is
>     // the hive-shims version of the memory store.  We want to convert this to our default
value.
>     if (StringUtils.isBlank(tokenStoreClassName) ||
>         "org.apache.hadoop.hive.thrift.MemoryTokenStore".equals(tokenStoreClassName))
{
>       return new MemoryTokenStore();
>     }
>     try {
>       Class<? extends DelegationTokenStore> storeClass =
>           Class.forName(tokenStoreClassName).asSubclass(DelegationTokenStore.class);
>       return ReflectionUtils.newInstance(storeClass, conf);
>     } catch (ClassNotFoundException e) {
>       throw new IOException("Error initializing delegation token store: " + tokenStoreClassName,
e);
>     }
>   }
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message