[ https://issues.apache.org/jira/browse/HADOOP-12548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15145563#comment-15145563 ]
Larry McCay commented on HADOOP-12548: -------------------------------------- You may be right. Based on that code, it seems that you should have ended up with a new keystore in that location but only if flush() were to be called. Yes - it seems that the intent is that when you load a provider with a potentially valid path that the keystore will be loaded there and available to be written to. If you were to do an operation that required a write - such as: add or delete a credential then flush would be called to write it to disk. Configuration.getPassword() does not require a write so it probably never got realized on disk. So in essence, we are seeing the creation of a previously non-existent keystore through the JCEKS provider in a valid location within HDFS but it is only in memory. We then ask for an alias that does not exist in it and it returns null which is the expected behavior. I don't believe that the keystore is being written to disk. If this is a concern then we can take it up in a new JIRA and would have to consider the other consumers of the credential provider API as you said - such as the credential CLI command. I think throwing an exception at this point would affect a bunch of code around protecting SSL related credentials and the like and across different projects. > read s3 creds from a Credential Provider > ---------------------------------------- > > Key: HADOOP-12548 > URL: https://issues.apache.org/jira/browse/HADOOP-12548 > Project: Hadoop Common > Issue Type: New Feature > Components: fs/s3 > Reporter: Allen Wittenauer > Assignee: Larry McCay > Attachments: CredentialProviderAPIforS3FS-002.pdf, > HADOOP-12548-01.patch, HADOOP-12548-02.patch, HADOOP-12548-03.patch, > HADOOP-12548-04.patch, HADOOP-12548-05.patch, HADOOP-12548-06.patch, > HADOOP-12548-07.patch > > > It would be good if we could read s3 creds from a source other than via a > java property/Hadoop configuration option -- This message was sent by Atlassian JIRA (v6.3.4#6332)