[jira] [Commented] (HADOOP-12804) Read Proxy Password from Credential Providers in S3 FileSystem

[Steve Loughran (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-12804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15630129#comment-15630129
 ] 

Steve Loughran commented on HADOOP-12804:
-----------------------------------------

right. There's one little detail that still needs to be worked on; this patch 
won't raise an exception if the username is defined but the password isn't, 
because the check for a username being valid only happens if the password is 
defined.

{code}
141       if (proxyPass != null) {
142               proxyPassword = new String(proxyPass).trim();
143               if ((proxyUsername == null) || (proxyPassword == null)) {     
// proxyPassword is never null here
144                 String msg = "Proxy error: " + PROXY_USERNAME + " or " +
145                     PROXY_PASSWORD + " set without the other.";
146                 LOG.error(msg);
147                 throw new IllegalArgumentException(msg);
148               }
{code}

Does that matter? It's good form to provide useful diagnostics here. 

> Read Proxy Password from Credential Providers in S3 FileSystem
> --------------------------------------------------------------
>
>                 Key: HADOOP-12804
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12804
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 2.8.0, 3.0.0-alpha1
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>            Priority: Minor
>         Attachments: HADOOP-12804-001.patch, HADOOP-12804-003.patch, 
> HADOOP-12804-004.patch, HADOOP-12804-005.patch, 
> HADOOP-12804-branch-2-002.patch, HADOOP-12804-branch-2-003.patch
>
>
> HADOOP-12548 added credential provider support for the AWS credentials to 
> S3FileSystem. This JIRA is for considering the use of the credential 
> providers for the proxy password as well.
> Instead of adding the proxy password to the config file directly and in clear 
> text, we could provision it in addition to the AWS credentials into a 
> credential provider and keep it out of clear text.
> In terms of usage, it could be added to the same credential store as the AWS 
> credentials or potentially to a more universally available path - since it is 
> the same for everyone. This would however require multiple providers to be 
> configured in the provider.path property and more open file permissions on 
> the store itself.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org