[
https://issues.apache.org/jira/browse/HADOOP-14439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16017274#comment-16017274
]
Steve Loughran commented on HADOOP-14439:
-----------------------------------------
Given the security risk of secrets in keys, and the fact with per-bucket
config, I don't want to go back to retaining the secrets in the logs.
But if it is breaking downstream code, we may have to go with it, just keeping
up the warning messaging.
Before that, we should see if there is anything we can do in the downstream
code that they'll be happy to take onboard.
Finally, given our goal of killing secrets-in-keys entirely, at least by 2018,
maybe we should just say this is time to move on?
> regression: secret stripping from S3x URIs breaks some mapping code
> -------------------------------------------------------------------
>
> Key: HADOOP-14439
> URL: https://issues.apache.org/jira/browse/HADOOP-14439
> Project: Hadoop Common
> Issue Type: Bug
> Components: fs/s3
> Affects Versions: 2.8.0
> Environment: Spark 2.1
> Reporter: Steve Loughran
> Priority: Minor
>
> Surfaced in SPARK-20799
> Spark is listing the contents of a path with getFileStatus(path), then
> looking up the path value doing a lookup of the contents.
> Apparently the lookup is failing to find files if you have a secret in the
> key, {{s3a://key:secret@bucket/path}}.
> Presumably this is because the stripped values aren't matching.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
