[
https://issues.apache.org/jira/browse/OOZIE-2356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Kanter updated OOZIE-2356:
---------------------------------
Attachment: OOZIE-2356.002.patch
That's a good idea. The 002 patch allows specifying it at the oozie-site, job,
and action level. I've updated the tests and docs accordingly.
> Add a way to enable/disable credentials in a workflow
> -----------------------------------------------------
>
> Key: OOZIE-2356
> URL: https://issues.apache.org/jira/browse/OOZIE-2356
> Project: Oozie
> Issue Type: Improvement
> Components: security
> Affects Versions: trunk
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Attachments: OOZIE-2356.001.patch, OOZIE-2356.002.patch
>
>
> Currently, in a Kerberos cluster, you can use the {{<credentials>}} section
> to tell Oozie to get delegation tokens for HCat/Metastore, HS2, HBase, etc.
> However, this is defined in the workflow.xml, which means that Oozie will
> always try to get those tokens, even in an non-secure cluster, where it will
> likely fail. We should add a mechanism to enable/disable getting credentials
> so that the same workflow.xml can be used in both a secure and non-secure
> environment; as it is now, you have to maintain two copies of the
> workflow.xml.
> We can do this fairly simply by adding a job-level property (e.g.
> oozie.credentials.skip=true) that would skip getting delegation tokens.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
