surendralilhore commented on code in PR #5352:
URL: https://github.com/apache/hadoop/pull/5352#discussion_r1102299179
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java:
##########
@@ -2405,6 +2405,30 @@ public char[] getPassword(String name) throws
IOException {
return pass;
}
+ /**
+ * Get the value for a known password configuration element.
+ * In order to enable the elimination of clear text passwords in config,
+ * this method attempts to resolve the property name as an alias through
+ * the CredentialProvider API and conditionally fallsback to config. This
+ * method accept external provider property name.
+ * @param name property name
+ * @param providerKey provider property name
+ * @return password
+ * @throws IOException when error in fetching password
+ */
+ public char[] getPassword(String name, String providerKey)
Review Comment:
Thank @lmccay and @steveloughran for review and suggestion.
I have a suggestion, if you all agree to it. We will not modify the
`Configuration#getPassword()` API. This JIRA is to provide an API to retrieve
the credentials from an external provider path, rather than the one configured
in `hadoop.security.credential.provider.path`.
Can we simply pass the credential provider path in
`Configuration#getPasswordFromCredentialProvider()` so that the name of the API
makes it clear that it is reading the credentials from the specified provider
path or from the default property `hadoop.security.credential.provider.path`?
```
/**
* Read credential for name from provider path provided in common property
* hadoop.security.credential.provider.path.
*/
public char[] getPasswordFromCredentialProvider(String name)
throws IOException {
}
/**
* Read credential for name from given provider path.
*/
public char[] getPasswordFromCredentialProvider(String name,
String providerPath) throws IOException {
}
```
I plan to use `Configuration#getPasswordFromCredentialProvider(name,
providerPath)` in JIRA HADOOP-18626 to retrieve the key in the
[SimpleKeyProvider](https://github.com/apache/hadoop/blob/trunk/hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azure/SimpleKeyProvider.java#L47)
as below :
```
public String getStorageAccountKey(String accountName, Configuration conf)
throws KeyProviderException {
String key = null;
try {
.......
.......
String wasbKeyProvider = conf
.get(getStorageAccountCredentialProviderPath(accountName));
char[] keyChars = null;
if (wasbKeyProvider != null) {
LOG.debug("Tying to get wasb key from configured provider path in "
+ getStorageAccountCredentialProviderPath(accountName));
keyChars = c.getPasswordFromCredentialProvider(
getStorageAccountKeyName(accountName), wasbKeyProvider);
}
.......
.......
return key;
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
