diff --git a/presto-docs/src/main/sphinx/connector/hive.rst b/presto-docs/src/main/sphinx/connector/hive.rst index c1d065ea536bc..7b33d6199f338 100644 --- a/presto-docs/src/main/sphinx/connector/hive.rst +++ b/presto-docs/src/main/sphinx/connector/hive.rst @@ -231,6 +231,16 @@ Property Name Description ``hive.metastore.glue.default-warehouse-dir`` Hive Glue metastore default warehouse directory +``hive.metastore.glue.aws-access-key`` AWS access key to use to connect to the Glue Catalog. If + specified along with ``hive.metastore.glue.aws-secret-key``, + this parameter takes precedence over + ``hive.metastore.glue.iam-role``. + +``hive.metastore.glue.aws-secret-key`` AWS secret key to use to connect to the Glue Catalog. If + specified along with ``hive.metastore.glue.aws-access-key``, + this parameter takes precedence over + ``hive.metastore.glue.iam-role``. + ``hive.metastore.glue.catalogid`` The ID of the Glue Catalog in which the metadata database resides. diff --git a/presto-hive-metastore/src/main/java/com/facebook/presto/hive/metastore/glue/GlueHiveMetastore.java b/presto-hive-metastore/src/main/java/com/facebook/presto/hive/metastore/glue/GlueHiveMetastore.java index 7fe2ec8505d73..7f8a8e3385519 100644 --- a/presto-hive-metastore/src/main/java/com/facebook/presto/hive/metastore/glue/GlueHiveMetastore.java +++ b/presto-hive-metastore/src/main/java/com/facebook/presto/hive/metastore/glue/GlueHiveMetastore.java @@ -16,6 +16,8 @@ import com.amazonaws.AmazonServiceException; import com.amazonaws.ClientConfiguration; import com.amazonaws.auth.AWSCredentialsProvider; +import com.amazonaws.auth.AWSStaticCredentialsProvider; +import com.amazonaws.auth.BasicAWSCredentials; import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import com.amazonaws.metrics.RequestMetricCollector; @@ -202,7 +204,12 @@ else if (config.getPinGlueClientToCurrentRegion()) { } } - if (config.getIamRole().isPresent()) { + if (config.getAwsAccessKey().isPresent() && config.getAwsSecretKey().isPresent()) { + AWSCredentialsProvider credentialsProvider = new AWSStaticCredentialsProvider( + new BasicAWSCredentials(config.getAwsAccessKey().get(), config.getAwsSecretKey().get())); + asyncGlueClientBuilder.setCredentials(credentialsProvider); + } + else if (config.getIamRole().isPresent()) { AWSCredentialsProvider credentialsProvider = new STSAssumeRoleSessionCredentialsProvider .Builder(config.getIamRole().get(), "roleSessionName") .build(); diff --git a/presto-hive-metastore/src/main/java/com/facebook/presto/hive/metastore/glue/GlueHiveMetastoreConfig.java b/presto-hive-metastore/src/main/java/com/facebook/presto/hive/metastore/glue/GlueHiveMetastoreConfig.java index 4a56957635b87..d2f17a75492d4 100644 --- a/presto-hive-metastore/src/main/java/com/facebook/presto/hive/metastore/glue/GlueHiveMetastoreConfig.java +++ b/presto-hive-metastore/src/main/java/com/facebook/presto/hive/metastore/glue/GlueHiveMetastoreConfig.java @@ -15,6 +15,7 @@ import com.facebook.airlift.configuration.Config; import com.facebook.airlift.configuration.ConfigDescription; +import com.facebook.airlift.configuration.ConfigSecuritySensitive; import javax.validation.constraints.Max; import javax.validation.constraints.Min; @@ -33,6 +34,8 @@ public class GlueHiveMetastoreConfig private int partitionSegments = 5; private int getPartitionThreads = 20; private Optional iamRole = Optional.empty(); + private Optional awsAccessKey = Optional.empty(); + private Optional awsSecretKey = Optional.empty(); public Optional getGlueRegion() { @@ -167,4 +170,31 @@ public GlueHiveMetastoreConfig setIamRole(String iamRole) this.iamRole = Optional.ofNullable(iamRole); return this; } + + public Optional getAwsAccessKey() + { + return awsAccessKey; + } + + @Config("hive.metastore.glue.aws-access-key") + @ConfigDescription("Hive Glue metastore AWS access key") + public GlueHiveMetastoreConfig setAwsAccessKey(String awsAccessKey) + { + this.awsAccessKey = Optional.ofNullable(awsAccessKey); + return this; + } + + public Optional getAwsSecretKey() + { + return awsSecretKey; + } + + @Config("hive.metastore.glue.aws-secret-key") + @ConfigDescription("Hive Glue metastore AWS secret key") + @ConfigSecuritySensitive + public GlueHiveMetastoreConfig setAwsSecretKey(String awsSecretKey) + { + this.awsSecretKey = Optional.ofNullable(awsSecretKey); + return this; + } } diff --git a/presto-hive-metastore/src/test/java/com/facebook/presto/hive/metastore/glue/TestGlueHiveMetastoreConfig.java b/presto-hive-metastore/src/test/java/com/facebook/presto/hive/metastore/glue/TestGlueHiveMetastoreConfig.java index fb42acdfead70..b7b072bf14ebd 100644 --- a/presto-hive-metastore/src/test/java/com/facebook/presto/hive/metastore/glue/TestGlueHiveMetastoreConfig.java +++ b/presto-hive-metastore/src/test/java/com/facebook/presto/hive/metastore/glue/TestGlueHiveMetastoreConfig.java @@ -37,7 +37,9 @@ public void testDefaults() .setCatalogId(null) .setPartitionSegments(5) .setGetPartitionThreads(20) - .setIamRole(null)); + .setIamRole(null) + .setAwsAccessKey(null) + .setAwsSecretKey(null)); } @Test @@ -54,6 +56,8 @@ public void testExplicitPropertyMapping() .put("hive.metastore.glue.partitions-segments", "10") .put("hive.metastore.glue.get-partition-threads", "42") .put("hive.metastore.glue.iam-role", "role") + .put("hive.metastore.glue.aws-access-key", "ABC") + .put("hive.metastore.glue.aws-secret-key", "DEF") .build(); GlueHiveMetastoreConfig expected = new GlueHiveMetastoreConfig() @@ -66,7 +70,9 @@ public void testExplicitPropertyMapping() .setCatalogId("0123456789") .setPartitionSegments(10) .setGetPartitionThreads(42) - .setIamRole("role"); + .setIamRole("role") + .setAwsAccessKey("ABC") + .setAwsSecretKey("DEF"); assertFullMapping(properties, expected); }