hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12059) S3Credentials should support use of CredentialProvider
Date Thu, 04 Jun 2015 05:26:38 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12059?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14572186#comment-14572186

Larry McCay commented on HADOOP-12059:

Hi [~busbey] - Couple comments:

* it seems to me that wrapLocalFileUri should really be added to ProviderUtils rather than
to the credential provider itself. There is a bit of a blurred line due to the fact that it
creates a localjceks based URI but since it isn't part of the CredentialProvider interface
and is basically needed for tests - I think it should go in either the ProviderUtils class
or just be part of the test.
* I also just wanted to point out that the local version of the keystore provider is primarily
useful when you CAN'T store the keystore in HDFS. For instance, the LDAPGroupsMapping can't
use the Hadoop FileSystem abstraction because it causes a recursive infinite loop in order
to look up groups to see if you can access the keystore. I just wanted to make sure that you
were aware of the regular JavaKeyStoreProvider which allows for local file or hdfs.

> S3Credentials should support use of CredentialProvider
> ------------------------------------------------------
>                 Key: HADOOP-12059
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12059
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Sean Busbey
>            Assignee: Sean Busbey
>         Attachments: HADOOP-12059.1.patch, HADOOP-12059.2.patch
> Right now S3Credentials only works with cleartext passwords in configs (as a secret access
key or the URI). The non-URI version should use credential providers with a fallback to the
clear text option.

This message was sent by Atlassian JIRA

View raw message