[
https://issues.apache.org/jira/browse/HADOOP-18618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17741321#comment-17741321
]
ASF GitHub Bot commented on HADOOP-18618:
-----------------------------------------
steveloughran commented on code in PR #5352:
URL: https://github.com/apache/hadoop/pull/5352#discussion_r1257309280
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java:
##########
@@ -2483,6 +2483,38 @@ public char[] getPasswordFromCredentialProviders(String
name)
return pass;
}
+ /**
+ * Try and resolve the provided element name as a credential provider
+ * alias from the given provider path.
+ * @param name alias of the provisioned credential
+ * @param providerURI The URI of the provider path
+ * @return password or null if not found
+ * @throws IOException when error in fetching password
+ */
+ public char[] getPasswordFromCredentialProvider(String name, URI providerUri)
+ throws IOException {
+ try {
+ CredentialProvider provider = CredentialProviderFactory.getProvider(this,
+ providerUri);
+ if (provider != null) {
+ try {
+ CredentialEntry entry = getCredentialEntry(provider, name);
+ if (entry != null) {
+ return entry.getCredential();
+ }
+ } catch (IOException ioe) {
+ String msg = String.format(
+ "Can't get key %s from key provider of type: %s.", name,
+ provider.getClass().getName());
+ throw NetUtils.wrapWithMessage(ioe, msg);
+ }
+ }
+ } catch (IOException ioe) {
Review Comment:
this will ignore the work done on L2509; really wrapWithMessage() should be
invoked for all, and exactly once.
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/CredentialProviderFactory.java:
##########
@@ -110,4 +110,26 @@ public static List<CredentialProvider>
getProviders(Configuration conf
}
return result;
}
+
+ /**
+ * Get the CredentialProvider for a given provider URI.
+ *
+ * @param conf The configuration object
+ * @param providerURI The URI of the provider path
+ * @return The CredentialProvider
+ * @throws IOException If an I/O error occurs
+ */
+ public static CredentialProvider getProvider(Configuration conf,
+ URI providerUri) throws IOException {
+ synchronized (serviceLoader) {
+ for (CredentialProviderFactory factory : serviceLoader) {
+ CredentialProvider kp = factory.createProvider(providerUri, conf);
+ if (kp != null) {
+ return kp;
+ }
+ }
+ }
+ throw new IOException(
Review Comment:
PathIOException with path as URI.toString
or FileNotFoundException
> Support custom property for credential provider path
> ----------------------------------------------------
>
> Key: HADOOP-18618
> URL: https://issues.apache.org/jira/browse/HADOOP-18618
> Project: Hadoop Common
> Issue Type: Improvement
> Components: common
> Affects Versions: 3.1.3
> Reporter: Surendra Singh Lilhore
> Assignee: Surendra Singh Lilhore
> Priority: Minor
> Labels: pull-request-available
>
> Hadoop allows the configuration of a credential provider path through the
> property "{*}hadoop.security.credential.provider.path{*}", and the
> {{Configuration#getPassword()}} method retrieves the credentials from this
> provider.
> However, using common credential provider properties for components like
> Hive, HDFS, and MapReduce can cause issues when they want to configure
> separate JCEKS files for credentials. For example, the value in the
> core-site.xml property file can be overridden by the hive-site.xml property
> file. To resolve this, all components should share a common credential
> provider path and add all their credentials.
> Azure storage supports account-specific credentials, and thus the credential
> provider should permit the configuration of separate JCEKS files for each
> account, such as the property
> "{*}fs.azure.account.credential.provider.path.<account>.blob.core.windows.net{*}".
> To accommodate this, the {{Configuration#getPassword()}} method should accept
> a custom property for the credential provider path and retrieve its value.
> The current default property can be overridden to achieve this.
> {code:java}
> public char[] getPassword(String name) throws IOException {
> ......
> ......
> }
> public char[] getPassword(String name, String providerKey) throws IOException
> {
> ......
> ......
> }{code}
>
> One Example is, Ambari
> [CustomServiceOrchestrator|https://github.com/apache/ambari/blob/trunk/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py#L312]
> service override the core-site.xml value for other component. This fix is
> very much needed for Ambari.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
