org.apache.hadoop.hive.thrift

Class ZooKeeperTokenStore

java.lang.Object

org.apache.hadoop.hive.thrift.ZooKeeperTokenStore

All Implemented Interfaces:

Closeable, AutoCloseable, org.apache.hadoop.conf.Configurable, DelegationTokenStore

public class ZooKeeperTokenStore
extends Object
implements DelegationTokenStore

ZooKeeper token store implementation.

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.hadoop.hive.thrift.DelegationTokenStore

DelegationTokenStore.TokenStoreException

Field Summary

Fields

Modifier and Type	Field and Description
protected static String	ZK_SEQ_FORMAT

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	ZooKeeperTokenStore() Default constructor for dynamic instantiation w/ Configurable (ReflectionUtils does not support Configuration constructor injection).

Method Summary

Methods

Modifier and Type	Method and Description
int	addMasterKey(String s) Add new master key.
boolean	addToken(DelegationTokenIdentifier tokenIdentifier, org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation token) Add token.
void	close()
void	ensurePath(String path, List<org.apache.zookeeper.data.ACL> acl) Create a path if it does not already exist ("mkdir -p")
List<DelegationTokenIdentifier>	getAllDelegationTokenIdentifiers() List of all token identifiers in the store.
org.apache.hadoop.conf.Configuration	getConf()
String[]	getMasterKeys() Return all master keys.
static int	getPermFromString(String permString) Parse ACL permission string, from ZooKeeperMain private method
org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation	getToken(DelegationTokenIdentifier tokenIdentifier) Get token.
void	init(Object objectStore, HadoopThriftAuthBridge.Server.ServerMode smode)
static List<org.apache.zookeeper.data.ACL>	parseACLs(String aclString) Parse comma separated list of ACL entries to secure generated nodes, e.g.
boolean	removeMasterKey(int keySeq) Remove key for given id.
boolean	removeToken(DelegationTokenIdentifier tokenIdentifier) Remove token.
void	setConf(org.apache.hadoop.conf.Configuration conf)
void	updateMasterKey(int keySeq, String s) Update master key (for expiration and setting store assigned sequence within key)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ZK_SEQ_FORMAT

protected static final String ZK_SEQ_FORMAT

See Also:

Constant Field Values

Constructor Detail

ZooKeeperTokenStore

protected ZooKeeperTokenStore()

Default constructor for dynamic instantiation w/ Configurable (ReflectionUtils does not support Configuration constructor injection).

Method Detail

ensurePath

public void ensurePath(String path,
              List<org.apache.zookeeper.data.ACL> acl)
                throws DelegationTokenStore.TokenStoreException

Create a path if it does not already exist ("mkdir -p")

Parameters:

path - string with '/' separator

acl - list of ACL entries

Throws:

TokenStoreException

DelegationTokenStore.TokenStoreException

getPermFromString

public static int getPermFromString(String permString)

Parse ACL permission string, from ZooKeeperMain private method

Parameters:

permString -

Returns:

parseACLs

public static List<org.apache.zookeeper.data.ACL> parseACLs(String aclString)

Parse comma separated list of ACL entries to secure generated nodes, e.g. sasl:hive/host1@MY.DOMAIN:cdrwa,sasl:hive/host2@MY.DOMAIN:cdrwa

Parameters:

aclString -

Returns:

ACL list

setConf

public void setConf(org.apache.hadoop.conf.Configuration conf)

Specified by:

setConf in interface org.apache.hadoop.conf.Configurable

getConf

public org.apache.hadoop.conf.Configuration getConf()

Specified by:

getConf in interface org.apache.hadoop.conf.Configurable

addMasterKey

public int addMasterKey(String s)

Description copied from interface: DelegationTokenStore

Add new master key. The token store assigns and returns the sequence number. Caller needs to use the identifier to update the key (since it is embedded in the key).

Specified by:

addMasterKey in interface DelegationTokenStore

Returns:

sequence number for new key

updateMasterKey

public void updateMasterKey(int keySeq,
                   String s)

Description copied from interface: DelegationTokenStore

Update master key (for expiration and setting store assigned sequence within key)

Specified by:

updateMasterKey in interface DelegationTokenStore

removeMasterKey

public boolean removeMasterKey(int keySeq)

Description copied from interface: DelegationTokenStore

Remove key for given id.

Specified by:

removeMasterKey in interface DelegationTokenStore

Returns:

false if key no longer present, true otherwise.

getMasterKeys

public String[] getMasterKeys()

Description copied from interface: DelegationTokenStore

Return all master keys.

Specified by:

getMasterKeys in interface DelegationTokenStore

Returns:

addToken

public boolean addToken(DelegationTokenIdentifier tokenIdentifier,
               org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation token)

Description copied from interface: DelegationTokenStore

Add token. If identifier is already present, token won't be added.

Specified by:

addToken in interface DelegationTokenStore

Returns:

true if token was added, false for existing identifier

removeToken

public boolean removeToken(DelegationTokenIdentifier tokenIdentifier)

Description copied from interface: DelegationTokenStore

Remove token. Return value can be used by caller to detect concurrency.

Specified by:

removeToken in interface DelegationTokenStore

Returns:

true if token was removed, false if it was already removed.

getToken

public org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation getToken(DelegationTokenIdentifier tokenIdentifier)

Description copied from interface: DelegationTokenStore

Get token. Returns null if the token does not exist.

Specified by:

getToken in interface DelegationTokenStore

Returns:

getAllDelegationTokenIdentifiers

public List<DelegationTokenIdentifier> getAllDelegationTokenIdentifiers()

Description copied from interface: DelegationTokenStore

List of all token identifiers in the store. This is used to remove expired tokens and a potential scalability improvement would be to partition by master key id

Specified by:

getAllDelegationTokenIdentifiers in interface DelegationTokenStore

Returns:

close

public void close()
           throws IOException

Specified by:

close in interface Closeable

Specified by:

close in interface AutoCloseable

Throws:

IOException

init

public void init(Object objectStore,
        HadoopThriftAuthBridge.Server.ServerMode smode)

Specified by:

init in interface DelegationTokenStore

Parameters:

objectStore - ObjectStore used by DBTokenStore

smode - Indicate whether this is a metastore or hiveserver2 token store