hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13252) add logging of what's going on in s3 auth to help debug problems
Date Thu, 09 Jun 2016 21:17:21 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15323376#comment-15323376

Chris Nauroth commented on HADOOP-13252:

There really isn't very much code to {{AWSCredentialsProviderChain}}:


It's pretty much just a list of the underlying providers and a loop to call {{getCredentials()}}
on each one in sequence.  If we'd prefer different logging, I don't think it would be too
cumbersome to make our own chain implementation and use that instead.

> add logging of what's going on in s3 auth to help debug problems
> ----------------------------------------------------------------
>                 Key: HADOOP-13252
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13252
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 2.8.0
>            Reporter: Steve Loughran
>            Priority: Minor
> We've now got some fairly complex auth mechanisms going on: -hadoop config, KMS, env
vars, "none". IF something isn't working, it's going to be a lot harder to debug.
> I propose *carefully* adding some debug messages to identify which auth provider is doing
the auth, so we can see if the env vars were kicking in, sysprops, etc.
> What we mustn't do is leak any secrets: this should be identifying whether properties
and env vars are set, not what their values are. I don't believe that this will generate a
security risk.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message