Kerberos changes for audit feeder and audit rollup service

conduit-audit/src/main/java/com/inmobi/conduit/audit/AuditDBService.java

@@ -4,15 +4,23 @@
 import com.inmobi.conduit.audit.util.AuditDBConstants;
 import com.inmobi.conduit.audit.util.AuditDBHelper;
 import com.inmobi.messaging.ClientConfig;
+import org.apache.commons.lang.Validate;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.SecurityUtil;
+import org.apache.hadoop.security.UserGroupInformation;
 
+import java.io.IOException;
+import java.net.InetAddress;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.Calendar;
 import java.util.Date;
+import java.util.Timer;
+import java.util.TimerTask;
 
 public abstract class AuditDBService implements Runnable {
   // Rollup check point directory and key are added to parent class since
@@ -42,9 +50,64 @@ public AuditDBService(ClientConfig config) {
 
   @Override
   public void run() {
+    boolean isKerberoseEnabled = config.getBoolean(AuditDBConstants.KERBEROSE_ENABLED_KEY,
+            AuditDBConstants.DEFAULT_KERBEROSE_ENABLED_VALUE);
+
+    LOG.info("Kerberose Authentication : " + isKerberoseEnabled);
+
+    if (isKerberoseEnabled) {
+      LOG.info("Starting timertask for KDC ticket refresh.");
+      refereshKDCTicket();
+    }
+
     execute();
   }
 
+  private void refereshKDCTicket() {
+    try {
+      Timer t = new Timer();
+
+      int interval = config.getInteger(AuditDBConstants.KDC_REFERESH_KEY,
+              AuditDBConstants.DEFAULT_KDC_REFERESH_VALUE_MINUTES);
+
+      final String principal = config.getString(AuditDBConstants.KDC_PRINCIPAL);
+      final String keytabFilePath = config.getString(AuditDBConstants.KDC_KEYTAB);
+
+      LOG.info("KDC ticket referesh interval : " + interval);
+
+      t.scheduleAtFixedRate(new TimerTask() {
+
+        @Override
+        public void run() {
+          try {
+            refreshLensTGT(principal, keytabFilePath);
+          } catch (Exception e) {
+            LOG.error("Unable to referesh KDC ticket... " + e.toString());
+        }
+      }
+
+    },0,interval);
+
+    } catch (Exception ex) {
+      LOG.error("Unable to start KDC refresh thread, " + ex.toString());
+      throw new RuntimeException(ex);
+    }
+  }
+
+  private void refreshLensTGT(String principal, String keytabFilePath) throws IOException, IllegalArgumentException {
+
+    Configuration hadoopConf = new Configuration();
+    hadoopConf.set("hadoop.security.authentication", "kerberos");
+
+    UserGroupInformation.setConfiguration(hadoopConf);
+
+    UserGroupInformation.loginUserFromKeytab(principal, keytabFilePath);
+
+    LOG.info("Got Kerberos ticket, keytab: " + keytabFilePath + ", Lens principal: " + principal);
+
+  }
+
+
   public void start() {
     thread = new Thread(this, getServiceName());
     LOG.info("Starting thread " + thread.getName());

conduit-audit/src/main/java/com/inmobi/conduit/audit/util/AuditDBConstants.java

@@ -36,4 +36,12 @@ public interface AuditDBConstants {
   public static final String DEFAULT_DAILY_CHECKPOINT_KEY = "dailyRollupChkPt";
   public static final int DEFAULT_GAP_BTW_ROLLUP_TILLDAYS = 30;
   public static final int DEFAULT_HOURLY_ROLLUP_TILLDAYS = 5;
+
+  public static final String KDC_REFERESH_KEY = "kdc.referesh.interval.miniutes";
+  public static final int DEFAULT_KDC_REFERESH_VALUE_MINUTES = 360;
+  public static final String KERBEROSE_ENABLED_KEY = "kerberos.isenabled";
+  public static final boolean DEFAULT_KERBEROSE_ENABLED_VALUE = false;
+  public static final String KDC_PRINCIPAL = "kdc.principal";
+  public static final String KDC_KEYTAB = "kdc.keytab";
+
 }