[
https://issues.apache.org/jira/browse/HIVE-17371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16192232#comment-16192232
]
Vihang Karajgaonkar commented on HIVE-17371:
--------------------------------------------
bq. These configurations are also there in MetastoreDelegationTokenManager.
Looks like in HIVE-17241, the suggestion by Vaibhav Gumashta was to have
duplicate code for this for HS2 and standalone-metastore. However, in my
opinion, it would be better to share this code rather than duplicate it,
specially since this concerns with security, and I don't see this evolving
differently for HS2. I think we might want to duplicate code primarily if the
use case for non metastore parts of hive and metastore is expected to evolve
differently.
Agreed that we should try to avoid duplicating this code.
bq. Won't it be possible to remove this hierarchy out of hive-shims ?
Do you mean moving DelegationTokenSecretManager also to Metastore? This class
is passed in to the HadoopAuthBridge.Server which is used by both HS2 and
Metastore which is why I am saying the hive-shims will also start depending on
metastore if we do that.
> Move tokenstores to metastore module
> ------------------------------------
>
> Key: HIVE-17371
> URL: https://issues.apache.org/jira/browse/HIVE-17371
> Project: Hive
> Issue Type: Sub-task
> Components: Metastore
> Reporter: Vihang Karajgaonkar
> Assignee: Vihang Karajgaonkar
> Attachments: HIVE-17371.01.patch
>
>
> The {{getTokenStore}} method will not work for the {{DBTokenStore}} and
> {{ZKTokenStore}} since they implement
> {{org.apache.hadoop.hive.thrift.DelegationTokenStore}} instead of
> {{org.apache.hadoop.hive.metastore.security.DelegationTokenStore}}
> {code}
> private DelegationTokenStore getTokenStore(Configuration conf) throws
> IOException {
> String tokenStoreClassName =
> MetastoreConf.getVar(conf,
> MetastoreConf.ConfVars.DELEGATION_TOKEN_STORE_CLS, "");
> // The second half of this if is to catch cases where users are passing
> in a HiveConf for
> // configuration. It will have set the default value of
> // "hive.cluster.delegation.token.store .class" to
> // "org.apache.hadoop.hive.thrift.MemoryTokenStore" as part of its
> construction. But this is
> // the hive-shims version of the memory store. We want to convert this
> to our default value.
> if (StringUtils.isBlank(tokenStoreClassName) ||
>
> "org.apache.hadoop.hive.thrift.MemoryTokenStore".equals(tokenStoreClassName))
> {
> return new MemoryTokenStore();
> }
> try {
> Class<? extends DelegationTokenStore> storeClass =
>
> Class.forName(tokenStoreClassName).asSubclass(DelegationTokenStore.class);
> return ReflectionUtils.newInstance(storeClass, conf);
> } catch (ClassNotFoundException e) {
> throw new IOException("Error initializing delegation token store: " +
> tokenStoreClassName, e);
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
