[jira] [Commented] (HADOOP-12548) read s3 creds from a Credential Provider

[Matthew Paduano (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-12548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15145138#comment-15145138
 ] 

Matthew Paduano commented on HADOOP-12548:
------------------------------------------

I did a little more debugging.


When the first string ("jceks") is munged, an exception is thrown at:

Caused by: java.io.IOException: Configuration problem with provider path.
        at 
org.apache.hadoop.conf.Configuration.getPasswordFromCredentialProviders(Configuration.java:2059)
        at 
org.apache.hadoop.conf.Configuration.getPassword(Configuration.java:1992)
        at 
org.apache.hadoop.fs.s3a.S3AFileSystem.getAWSAccessKeys(S3AFileSystem.java:308)
        ... 11 more
Caused by: java.io.IOException: No CredentialProviderFactory for 
ceks://hdfs@localhost:9000/user/mattp/aws.jceks in 
hadoop.security.credential.provider.path
        at 
org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:66)
        at 
org.apache.hadoop.conf.Configuration.getPasswordFromCredentialProviders(Configuration.java:2024)




When the second string ("hdfs") is munged, an exception is thrown at:

Caused by: java.io.IOException: Configuration problem with provider path.
        at 
org.apache.hadoop.conf.Configuration.getPasswordFromCredentialProviders(Configuration.java:2059)
        at 
org.apache.hadoop.conf.Configuration.getPassword(Configuration.java:1992)
        at 
org.apache.hadoop.fs.s3a.S3AFileSystem.getAWSAccessKeys(S3AFileSystem.java:308)
        ... 11 more
Caused by: java.io.IOException: No FileSystem for scheme: dfs
        at 
org.apache.hadoop.fs.FileSystem.getFileSystemClass(FileSystem.java:2774)
        at 
org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:2785)



But when the third string ("aws.jceks") is munged, the code in 
Configuration.getPassword* does not
bother to throw an exception.     In particular, a line in 
getPasswordFromCredentialProviders() that might
throw an exc returns null instead:

       CredentialEntry entry = provider.getCredentialEntry(name);

I did not find the specific impl of this code and did not trace it through the 
HDFS access.  I am 
guessing something in that layer threw some sort of FileNotFoundExc and it got 
eaten in the impl code?

> read s3 creds from a Credential Provider
> ----------------------------------------
>
>                 Key: HADOOP-12548
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12548
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: fs/s3
>            Reporter: Allen Wittenauer
>            Assignee: Larry McCay
>         Attachments: CredentialProviderAPIforS3FS-002.pdf, 
> HADOOP-12548-01.patch, HADOOP-12548-02.patch, HADOOP-12548-03.patch, 
> HADOOP-12548-04.patch, HADOOP-12548-05.patch, HADOOP-12548-06.patch, 
> HADOOP-12548-07.patch
>
>
> It would be good if we could read s3 creds from a source other than via a 
> java property/Hadoop configuration option



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)