be/src/common/kerberos/kerberos_ticket_mgr.h

Source
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements.  See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership.  The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License.  You may obtain a copy of the License at
//
//   http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied.  See the License for the
// specific language governing permissions and limitations
// under the License.

#pragma once

#include <atomic>
#include <chrono>
#include <memory>
#include <mutex>
#include <string>
#include <thread>
#include <unordered_map>
#include <vector>

#include "cctz/time_zone.h"
#include "common/kerberos/kerberos_config.h"
#include "common/kerberos/kerberos_ticket_cache.h"
#include "common/status.h"

namespace doris {

class Block;

namespace kerberos {

// Structure to hold a ticket cache instance and its last access time
struct KerberosTicketEntry {
    std::shared_ptr<KerberosTicketCache> cache;
    std::chrono::steady_clock::time_point last_access_time;
};

// Manager class responsible for maintaining multiple Kerberos ticket caches
// and handling their lifecycle, including creation, access, and cleanup
class KerberosTicketMgr {
public:
    // Constructor that takes the expiration time for unused ticket caches
    explicit KerberosTicketMgr(const std::string& root_path);

    // Get or create a ticket cache for the given Kerberos configuration
    // Logic: Checks if cache exists, if not creates new one, initializes it,
    // performs login, and starts periodic refresh
    Status get_or_set_ticket_cache(const KerberosConfig& config,
                                   std::shared_ptr<KerberosTicketCache>* ticket_cache);

    Status remove_ticket_cache(const std::string& principal, const std::string& keytab_path);

    // Get the ticket cache object. This is used by HdfsHandler to hold a reference
    std::shared_ptr<KerberosTicketCache> get_ticket_cache(const std::string& principal,
                                                          const std::string& keytab_path);

    // Get detailed information about all active Kerberos ticket caches
    std::vector<KerberosTicketInfo> get_krb_ticket_cache_info();

    // Set the cleanup interval for testing purpose
    void set_cleanup_interval(std::chrono::seconds interval) { _cleanup_interval = interval; }

    void get_ticket_cache_info_block(Block* block, const cctz::time_zone& ctz);

    virtual ~KerberosTicketMgr();

protected:
    // Prevent copying of ticket manager instances
    KerberosTicketMgr(const KerberosTicketMgr&) = delete;
    KerberosTicketMgr& operator=(const KerberosTicketMgr&) = delete;

    // Factory method to create new ticket cache instances
    // Can be overridden in tests to provide mock implementations
    virtual std::shared_ptr<KerberosTicketCache> _make_new_ticket_cache(
            const KerberosConfig& config);

    // Start the cleanup thread
    void _start_cleanup_thread();
    // Stop the cleanup thread
    void _stop_cleanup_thread();
    // Cleanup thread function
    void _cleanup_loop();

protected:
    // The root dir of ticket caches
    std::string _root_path;
    // Map storing ticket caches, keyed by MD5 hash of principal and keytab path
    std::unordered_map<std::string, KerberosTicketEntry> _ticket_caches;
    // Mutex for thread-safe access to the ticket cache map
    std::mutex _mutex;

    // Cleanup thread related members
    std::atomic<bool> _should_stop_cleanup_thread {false};
    std::unique_ptr<std::thread> _cleanup_thread;
    std::chrono::seconds _cleanup_interval {3600}; // Default to 1 hour
};

} // namespace kerberos
} // namespace doris

Line	Count	Source
1		// Licensed to the Apache Software Foundation (ASF) under one
2		// or more contributor license agreements. See the NOTICE file
3		// distributed with this work for additional information
4		// regarding copyright ownership. The ASF licenses this file
5		// to you under the Apache License, Version 2.0 (the
6		// "License"); you may not use this file except in compliance
7		// with the License. You may obtain a copy of the License at
8		//
9		// http://www.apache.org/licenses/LICENSE-2.0
10		//
11		// Unless required by applicable law or agreed to in writing,
12		// software distributed under the License is distributed on an
13		// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14		// KIND, either express or implied. See the License for the
15		// specific language governing permissions and limitations
16		// under the License.
17
18		#pragma once
19
20		#include <atomic>
21		#include <chrono>
22		#include <memory>
23		#include <mutex>
24		#include <string>
25		#include <thread>
26		#include <unordered_map>
27		#include <vector>
28
29		#include "cctz/time_zone.h"
30		#include "common/kerberos/kerberos_config.h"
31		#include "common/kerberos/kerberos_ticket_cache.h"
32		#include "common/status.h"
33
34		namespace doris {
35
36		class Block;
37
38		namespace kerberos {
39
40		// Structure to hold a ticket cache instance and its last access time
41		struct KerberosTicketEntry {
42		std::shared_ptr<KerberosTicketCache> cache;
43		std::chrono::steady_clock::time_point last_access_time;
44		};
45
46		// Manager class responsible for maintaining multiple Kerberos ticket caches
47		// and handling their lifecycle, including creation, access, and cleanup
48		class KerberosTicketMgr {
49		public:
50		// Constructor that takes the expiration time for unused ticket caches
51		explicit KerberosTicketMgr(const std::string& root_path);
52
53		// Get or create a ticket cache for the given Kerberos configuration
54		// Logic: Checks if cache exists, if not creates new one, initializes it,
55		// performs login, and starts periodic refresh
56		Status get_or_set_ticket_cache(const KerberosConfig& config,
57		std::shared_ptr<KerberosTicketCache>* ticket_cache);
58
59		Status remove_ticket_cache(const std::string& principal, const std::string& keytab_path);
60
61		// Get the ticket cache object. This is used by HdfsHandler to hold a reference
62		std::shared_ptr<KerberosTicketCache> get_ticket_cache(const std::string& principal,
63		const std::string& keytab_path);
64
65		// Get detailed information about all active Kerberos ticket caches
66		std::vector<KerberosTicketInfo> get_krb_ticket_cache_info();
67
68		// Set the cleanup interval for testing purpose
69	0	void set_cleanup_interval(std::chrono::seconds interval) { _cleanup_interval = interval; }
70
71		void get_ticket_cache_info_block(Block* block, const cctz::time_zone& ctz);
72
73		virtual ~KerberosTicketMgr();
74
75		protected:
76		// Prevent copying of ticket manager instances
77		KerberosTicketMgr(const KerberosTicketMgr&) = delete;
78		KerberosTicketMgr& operator=(const KerberosTicketMgr&) = delete;
79
80		// Factory method to create new ticket cache instances
81		// Can be overridden in tests to provide mock implementations
82		virtual std::shared_ptr<KerberosTicketCache> _make_new_ticket_cache(
83		const KerberosConfig& config);
84
85		// Start the cleanup thread
86		void _start_cleanup_thread();
87		// Stop the cleanup thread
88		void _stop_cleanup_thread();
89		// Cleanup thread function
90		void _cleanup_loop();
91
92		protected:
93		// The root dir of ticket caches
94		std::string _root_path;
95		// Map storing ticket caches, keyed by MD5 hash of principal and keytab path
96		std::unordered_map<std::string, KerberosTicketEntry> _ticket_caches;
97		// Mutex for thread-safe access to the ticket cache map
98		std::mutex _mutex;
99
100		// Cleanup thread related members
101		std::atomic<bool> _should_stop_cleanup_thread {false};
102		std::unique_ptr<std::thread> _cleanup_thread;
103		std::chrono::seconds _cleanup_interval {3600}; // Default to 1 hour
104		};
105
106		} // namespace kerberos
107		} // namespace doris

Coverage Report

Created: 2026-03-12 16:03