[
https://issues.apache.org/jira/browse/HIVE-17371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16192012#comment-16192012
]
Thejas M Nair commented on HIVE-17371:
--------------------------------------
bq. Functionality-vise in case of HiveDelegationTokenManager, it doesn't do
anything specific for HS2 except that it defines some delegation token specific
default configuration values like key update interval, token renewal and
lifetime durations.
These configurations are also there in MetastoreDelegationTokenManager. Looks
like in HIVE-17241, the suggestion by [~vgumashta] was to have duplicate code
for this for HS2 and standalone-metastore. However, in my opinion, it would be
better to share this code rather than duplicate it, specially since this
concerns with security, and I don't see this evolving differently for HS2. I
think we might want to duplicate code primarily if the use case for non
metastore parts of hive and metastore is expected to evolve differently.
bq. Moving the class hierarchy of TokenStoreDelegationTokenSecretManager to
standalone-metastore might not be ideal because then hive-shims project will
depend on metastore which doesn't seem right.
Won't it be possible to remove this hierarchy out of hive-shims ?
> Move tokenstores to metastore module
> ------------------------------------
>
> Key: HIVE-17371
> URL: https://issues.apache.org/jira/browse/HIVE-17371
> Project: Hive
> Issue Type: Sub-task
> Components: Metastore
> Reporter: Vihang Karajgaonkar
> Assignee: Vihang Karajgaonkar
> Attachments: HIVE-17371.01.patch
>
>
> The {{getTokenStore}} method will not work for the {{DBTokenStore}} and
> {{ZKTokenStore}} since they implement
> {{org.apache.hadoop.hive.thrift.DelegationTokenStore}} instead of
> {{org.apache.hadoop.hive.metastore.security.DelegationTokenStore}}
> {code}
> private DelegationTokenStore getTokenStore(Configuration conf) throws
> IOException {
> String tokenStoreClassName =
> MetastoreConf.getVar(conf,
> MetastoreConf.ConfVars.DELEGATION_TOKEN_STORE_CLS, "");
> // The second half of this if is to catch cases where users are passing
> in a HiveConf for
> // configuration. It will have set the default value of
> // "hive.cluster.delegation.token.store .class" to
> // "org.apache.hadoop.hive.thrift.MemoryTokenStore" as part of its
> construction. But this is
> // the hive-shims version of the memory store. We want to convert this
> to our default value.
> if (StringUtils.isBlank(tokenStoreClassName) ||
>
> "org.apache.hadoop.hive.thrift.MemoryTokenStore".equals(tokenStoreClassName))
> {
> return new MemoryTokenStore();
> }
> try {
> Class<? extends DelegationTokenStore> storeClass =
>
> Class.forName(tokenStoreClassName).asSubclass(DelegationTokenStore.class);
> return ReflectionUtils.newInstance(storeClass, conf);
> } catch (ClassNotFoundException e) {
> throw new IOException("Error initializing delegation token store: " +
> tokenStoreClassName, e);
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
