[
https://issues.apache.org/jira/browse/HADOOP-18618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17740186#comment-17740186
]
ASF GitHub Bot commented on HADOOP-18618:
-----------------------------------------
steveloughran commented on code in PR #5352:
URL: https://github.com/apache/hadoop/pull/5352#discussion_r1253054904
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java:
##########
@@ -2483,6 +2483,36 @@ public char[] getPasswordFromCredentialProviders(String
name)
return pass;
}
+ /**
+ * Try and resolve the provided element name as a credential provider
+ * alias from the given provider path.
+ * @param name alias of the provisioned credential
+ * @param name credProviderPath path for credential provider
+ * @return password or null if not found
+ * @throws IOException when error in fetching password
+ */
+ public char[] getPasswordFromCredentialProvider(String name, String
credProviderPath)
+ throws IOException {
+ try {
+ CredentialProvider provider = CredentialProviderFactory.getProvider(this,
+ credProviderPath);
+ if (provider != null) {
+ try {
+ CredentialEntry entry = getCredentialEntry(provider, name);
+ if (entry != null) {
+ return entry.getCredential();
+ }
+ } catch (IOException ioe) {
+ throw new IOException("Can't get key " + name + " from key provider"
Review Comment:
this loses the original class. how about making
NetUtils.wrapException() public and using it to generate an IOE of the same
type, where possible.
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/CredentialProviderFactory.java:
##########
@@ -110,4 +110,31 @@ public static List<CredentialProvider>
getProviders(Configuration conf
}
return result;
}
+
+ /**
+ * Get CredentialProvider for hive provider path.
+ *
+ * @param conf configuration object
+ * @param credProviderPath provider path
+ * @return credProviderPath object
+ */
+ public static CredentialProvider getProvider(Configuration conf,
+ String credProviderPath) throws IOException {
Review Comment:
have caller pass in the URI; makes it their problem to create that from a
Path, string, etc.
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/CredentialProviderFactory.java:
##########
@@ -110,4 +110,31 @@ public static List<CredentialProvider>
getProviders(Configuration conf
}
return result;
}
+
+ /**
+ * Get CredentialProvider for hive provider path.
Review Comment:
nit: not just hive
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java:
##########
@@ -2483,6 +2483,36 @@ public char[] getPasswordFromCredentialProviders(String
name)
return pass;
}
+ /**
+ * Try and resolve the provided element name as a credential provider
+ * alias from the given provider path.
+ * @param name alias of the provisioned credential
+ * @param name credProviderPath path for credential provider
+ * @return password or null if not found
+ * @throws IOException when error in fetching password
+ */
+ public char[] getPasswordFromCredentialProvider(String name, String
credProviderPath)
Review Comment:
have caller pass in the URI; makes it their problem to create that from a
Path, string, etc. change name appropriately
> Support custom property for credential provider path
> ----------------------------------------------------
>
> Key: HADOOP-18618
> URL: https://issues.apache.org/jira/browse/HADOOP-18618
> Project: Hadoop Common
> Issue Type: Improvement
> Components: common
> Affects Versions: 3.1.3
> Reporter: Surendra Singh Lilhore
> Assignee: Surendra Singh Lilhore
> Priority: Minor
> Labels: pull-request-available
>
> Hadoop allows the configuration of a credential provider path through the
> property "{*}hadoop.security.credential.provider.path{*}", and the
> {{Configuration#getPassword()}} method retrieves the credentials from this
> provider.
> However, using common credential provider properties for components like
> Hive, HDFS, and MapReduce can cause issues when they want to configure
> separate JCEKS files for credentials. For example, the value in the
> core-site.xml property file can be overridden by the hive-site.xml property
> file. To resolve this, all components should share a common credential
> provider path and add all their credentials.
> Azure storage supports account-specific credentials, and thus the credential
> provider should permit the configuration of separate JCEKS files for each
> account, such as the property
> "{*}fs.azure.account.credential.provider.path.<account>.blob.core.windows.net{*}".
> To accommodate this, the {{Configuration#getPassword()}} method should accept
> a custom property for the credential provider path and retrieve its value.
> The current default property can be overridden to achieve this.
> {code:java}
> public char[] getPassword(String name) throws IOException {
> ......
> ......
> }
> public char[] getPassword(String name, String providerKey) throws IOException
> {
> ......
> ......
> }{code}
>
> One Example is, Ambari
> [CustomServiceOrchestrator|https://github.com/apache/ambari/blob/trunk/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py#L312]
> service override the core-site.xml value for other component. This fix is
> very much needed for Ambari.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
