hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-14507) extend per-bucket secret key config with explicit getPassword() on fs.s3a.$bucket.secret,key
Date Thu, 15 Feb 2018 16:46:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14507?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16365895#comment-16365895

Steve Loughran commented on HADOOP-14507:

Which key provider API are you talking about?

What I'm trying to support here is that you can have all your secrets in a JCEKS file which
can be passed in, and have a consistent place to keep your secrets. Should I be using a different
API which will pick up the same data from the file?

> extend per-bucket secret key config with explicit getPassword() on fs.s3a.$bucket.secret,key
> --------------------------------------------------------------------------------------------
>                 Key: HADOOP-14507
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14507
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 2.8.1
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Critical
>         Attachments: HADOOP-14507-001.patch, HADOOP-14507-002.patch, HADOOP-14507-003.patch,
HADOOP-14507-004.patch, HADOOP-14507-005.patch, HADOOP-14507-006.patch, HADOOP-14507-006.patch,
> Per-bucket jceks support turns out to be complex as you have to manage multiple jecks
files & configure the client to ask for the right one. This is because we're calling {{Configuration.getPassword{"fs,s3a.secret.key"}}.

> If before that, we do a check for the explict id, key, session key in the properties
{{fs.s3a.$bucket.secret}} ( & c), we could have a single JCEKs file with all the secrets
for different bucket. You would only need to explicitly point the base config to the secrets
file, and the right credentials would be picked up, if set

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message