[jira] [Commented] (HADOOP-12548) read s3 creds from a Credential Provider

Fri, 12 Feb 2016 18:30:33 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-12548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15145729#comment-15145729
 ] 

Larry McCay commented on HADOOP-12548:
--------------------------------------

While looking at the docs for S3A, I notice:

1. There is nothing in the existing docs for the added use of the credential 
providers in S3 and S3N that already existed. I could add that as well. Though 
there are semantic differences in the processing order of precedence between 
what I just added in S3A and the existing functionality there. If those 
filesystems are being deprecated or used less maybe we shouldn't add anything 
there?
2. There is a proxyPassword parameter as well that we could also protect use 
credential providers. I don't think that I would want to hold up this patch for 
it but would be willing to file a new JIRA to add that support as well - if we 
want that. Currently it seems that the proxyPassword is in the config in clear 
text.

{quote}
      String proxyUsername = conf.getTrimmed(PROXY_USERNAME);
      String proxyPassword = conf.getTrimmed(PROXY_PASSWORD);
      if ((proxyUsername == null) != (proxyPassword == null)) {
        String msg = "Proxy error: " + PROXY_USERNAME + " or " +
            PROXY_PASSWORD + " set without the other.";
        LOG.error(msg);
        throw new IllegalArgumentException(msg);
      }
{quote}

I will add the docs for S3A use of credential providers in HADOOP-11031 and get 
a patch ready for review there next.

Just let me know about #2 above.

> read s3 creds from a Credential Provider
> ----------------------------------------
>
>                 Key: HADOOP-12548
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12548
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: fs/s3
>            Reporter: Allen Wittenauer
>            Assignee: Larry McCay
>         Attachments: CredentialProviderAPIforS3FS-002.pdf, 
> HADOOP-12548-01.patch, HADOOP-12548-02.patch, HADOOP-12548-03.patch, 
> HADOOP-12548-04.patch, HADOOP-12548-05.patch, HADOOP-12548-06.patch, 
> HADOOP-12548-07.patch
>
>
> It would be good if we could read s3 creds from a source other than via a 
> java property/Hadoop configuration option



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to