[
https://issues.apache.org/jira/browse/OOZIE-2272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Kanter updated OOZIE-2272:
---------------------------------
Attachment: OOZIE-2272.001.patch
Unfortunately, {{CredentialProvider}} is only in Hadoop 2.6.0+, so to support
all Hadoop 2.x and Hadoop 1.x, we have to do some ugly reflection :(
The patch hides the ugly reflection in {{ConfigurationService}}.
{{CredentialProvider}} normally gets called automatically when you call it's
{{getPassword}} method, so I mirrored that in {{ConfigurationService}}. For
the passwords, you can now call
{{ConfigurationService.getPassword(PROP_NAME)}}, and it will try to use the
{{CredentialProvider}} if it's supported in the version of Hadoop you're using.
Otherwise, it simply returns the value normally.
> Use Hadoop's CredentialProvider for passwords in oozie-site
> -----------------------------------------------------------
>
> Key: OOZIE-2272
> URL: https://issues.apache.org/jira/browse/OOZIE-2272
> Project: Oozie
> Issue Type: Improvement
> Components: security
> Affects Versions: trunk
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Attachments: OOZIE-2272.001.patch
>
>
> We have a few passwords in oozie-site:
> - {{oozie.email.smtp.password}}
> - {{oozie.service.JPAService.jdbc.password}}
> It would be good if we supported Hadoop's {{CredentialProvider}} so that the
> passwords can be specified in an external encrypted file. The file can be
> prepared as described
> [here|http://hadoop.apache.org/docs/r2.7.0/hadoop-project-dist/hadoop-common/CommandsManual.html#credential]
> in the Hadoop docs.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
