org.apache.hadoop.hive.thrift
Class ZooKeeperTokenStore

java.lang.Object
  org.apache.hadoop.hive.thrift.ZooKeeperTokenStore

All Implemented Interfaces:

Closeable, org.apache.hadoop.conf.Configurable, DelegationTokenStore

public class ZooKeeperTokenStore
extends Object
implements DelegationTokenStore

ZooKeeper token store implementation.

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.hadoop.hive.thrift.DelegationTokenStore

DelegationTokenStore.TokenStoreException

Field Summary

protected static String

ZK_SEQ_FORMAT

Constructor Summary

protected	ZooKeeperTokenStore() Default constructor for dynamic instantiation w/ Configurable (ReflectionUtils does not support Configuration constructor injection).
	ZooKeeperTokenStore(String hostPort)

Method Summary

int	addMasterKey(String s) Add new master key.
boolean	addToken(DelegationTokenIdentifier tokenIdentifier, org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation token) Add token.
void	close()
static org.apache.zookeeper.ZooKeeper	createConnectedClient(String connectString, int sessionTimeout, long connectTimeout, org.apache.zookeeper.Watcher... watchers) Create a ZooKeeper session that is in connected state.
static String	ensurePath(org.apache.zookeeper.ZooKeeper zk, String path, List<org.apache.zookeeper.data.ACL> acl) Create a path if it does not already exist ("mkdir -p")
List<DelegationTokenIdentifier>	getAllDelegationTokenIdentifiers() List of all token identifiers in the store.
org.apache.hadoop.conf.Configuration	getConf()
String[]	getMasterKeys() Return all master keys.
static int	getPermFromString(String permString) Parse ACL permission string, from ZooKeeperMain private method
org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation	getToken(DelegationTokenIdentifier tokenIdentifier) Get token.
static List<org.apache.zookeeper.data.ACL>	parseACLs(String aclString) Parse comma separated list of ACL entries to secure generated nodes, e.g.
boolean	removeMasterKey(int keySeq) Remove key for given id.
boolean	removeToken(DelegationTokenIdentifier tokenIdentifier) Remove token.
void	setConf(org.apache.hadoop.conf.Configuration conf)
void	setStore(Object hmsHandler)
void	updateMasterKey(int keySeq, String s) Update master key (for expiration and setting store assigned sequence within key)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ZK_SEQ_FORMAT

protected static final String ZK_SEQ_FORMAT

See Also:

Constant Field Values

Constructor Detail

ZooKeeperTokenStore

protected ZooKeeperTokenStore()

Default constructor for dynamic instantiation w/ Configurable (ReflectionUtils does not support Configuration constructor injection).

ZooKeeperTokenStore

public ZooKeeperTokenStore(String hostPort)

Method Detail

createConnectedClient

public static org.apache.zookeeper.ZooKeeper createConnectedClient(String connectString,
                                                                   int sessionTimeout,
                                                                   long connectTimeout,
                                                                   org.apache.zookeeper.Watcher... watchers)
                                                            throws IOException

Create a ZooKeeper session that is in connected state.

Parameters:

connectString - ZooKeeper connect String

sessionTimeout - ZooKeeper session timeout

connectTimeout - milliseconds to wait for connection, 0 or negative value means no wait

watchers -

Returns:

Throws:

InterruptedException

IOException

ensurePath

public static String ensurePath(org.apache.zookeeper.ZooKeeper zk,
                                String path,
                                List<org.apache.zookeeper.data.ACL> acl)
                         throws org.apache.zookeeper.KeeperException,
                                InterruptedException

Create a path if it does not already exist ("mkdir -p")

Parameters:

zk - ZooKeeper session

path - string with '/' separator

acl - list of ACL entries

Returns:

Throws:

org.apache.zookeeper.KeeperException

InterruptedException

getPermFromString

public static int getPermFromString(String permString)

Parse ACL permission string, from ZooKeeperMain private method

Parameters:

permString -

Returns:

parseACLs

public static List<org.apache.zookeeper.data.ACL> parseACLs(String aclString)

Parse comma separated list of ACL entries to secure generated nodes, e.g. sasl:hive/host1@MY.DOMAIN:cdrwa,sasl:hive/host2@MY.DOMAIN:cdrwa

Parameters:

aclString -

Returns:

ACL list

setConf

public void setConf(org.apache.hadoop.conf.Configuration conf)

Specified by:

setConf in interface org.apache.hadoop.conf.Configurable

getConf

public org.apache.hadoop.conf.Configuration getConf()

Specified by:

getConf in interface org.apache.hadoop.conf.Configurable

addMasterKey

public int addMasterKey(String s)

Description copied from interface: DelegationTokenStore

Add new master key. The token store assigns and returns the sequence number. Caller needs to use the identifier to update the key (since it is embedded in the key).

Specified by:

addMasterKey in interface DelegationTokenStore

Returns:

sequence number for new key

updateMasterKey

public void updateMasterKey(int keySeq,
                            String s)

Description copied from interface: DelegationTokenStore

Update master key (for expiration and setting store assigned sequence within key)

Specified by:

updateMasterKey in interface DelegationTokenStore

removeMasterKey

public boolean removeMasterKey(int keySeq)

Description copied from interface: DelegationTokenStore

Remove key for given id.

Specified by:

removeMasterKey in interface DelegationTokenStore

Returns:

false if key no longer present, true otherwise.

getMasterKeys

public String[] getMasterKeys()

Description copied from interface: DelegationTokenStore

Return all master keys.

Specified by:

getMasterKeys in interface DelegationTokenStore

Returns:

addToken

public boolean addToken(DelegationTokenIdentifier tokenIdentifier,
                        org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation token)

Description copied from interface: DelegationTokenStore

Add token. If identifier is already present, token won't be added.

Specified by:

addToken in interface DelegationTokenStore

Returns:

true if token was added, false for existing identifier

removeToken

public boolean removeToken(DelegationTokenIdentifier tokenIdentifier)

Description copied from interface: DelegationTokenStore

Remove token. Return value can be used by caller to detect concurrency.

Specified by:

removeToken in interface DelegationTokenStore

Returns:

true if token was removed, false if it was already removed.

getToken

public org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation getToken(DelegationTokenIdentifier tokenIdentifier)

Description copied from interface: DelegationTokenStore

Get token. Returns null if the token does not exist.

Specified by:

getToken in interface DelegationTokenStore

Returns:

getAllDelegationTokenIdentifiers

public List<DelegationTokenIdentifier> getAllDelegationTokenIdentifiers()

Description copied from interface: DelegationTokenStore

List of all token identifiers in the store. This is used to remove expired tokens and a potential scalability improvement would be to partition by master key id

Specified by:

getAllDelegationTokenIdentifiers in interface DelegationTokenStore

Returns:

close

public void close()
           throws IOException

Specified by:

close in interface Closeable

Throws:

IOException

setStore

public void setStore(Object hmsHandler)
              throws DelegationTokenStore.TokenStoreException

Specified by:

setStore in interface DelegationTokenStore

Throws:

DelegationTokenStore.TokenStoreException