[jira] [Commented] (HIVE-26464) New credential provider for replicating to the cloud

Thu, 01 Sep 2022 05:17:04 -0700 


    [ 
https://issues.apache.org/jira/browse/HIVE-26464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17598924#comment-17598924
 ] 

Peter Felker commented on HIVE-26464:
-------------------------------------

Hi All,

I withdrew [GitHub Pull Request 
#3526|https://github.com/apache/hive/pull/3526], because we'd decided to 
improve the Hadoop credential provider, so that we don't have to introduce a 
new credential provider class in Hive.

> New credential provider for replicating to the cloud
> ----------------------------------------------------
>
>                 Key: HIVE-26464
>                 URL: https://issues.apache.org/jira/browse/HIVE-26464
>             Project: Hive
>          Issue Type: Task
>          Components: HiveServer2, repl
>            Reporter: Peter Felker
>            Assignee: Peter Felker
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> For a more detailed explanation, see: [Hive Replication Keystore Management 
> |https://docs.google.com/document/d/1ZRveqNCvFn__UFke7pKx3KZ2r6_AH7Z4MBDKuuapJHE/edit]
> In {{ReplDumpTask}}, if the following *new* config is provided in 
> {{HiveConf}}:
> * {{hive.repl.cloud.credential.provider.path}}
> then the HS2 credstore URI scheme, contained by {{HiveConf}} with key 
> {{hadoop.security.credential.provider.path}}, should be updated so that it 
> will start with new scheme: {{hiverepljceks}}. For instance:
> {code}jceks://file/path/to/credstore/creds.localjceks{code}
> will become:
> {code}hiverepljceks://file/path/to/credstore/creds.localjceks{code}
> This new scheme, {{hiverepljceks}}, will make Hadoop to use a *new* 
> credential provider, which will do the following:
> # Load the HS2 keystore file, defined by key 
> {{hadoop.security.credential.provider.path}}
> # Gets a password from the HS2 keystore file, with key: 
> {{hive.repl.cloud.credential.provider.password}}
> # This password will be used to load another keystore file, located on HDFS 
> and specified by the new config mentioned before: 
> {{hive.repl.cloud.credential.provider.path}}. This contains the cloud 
> credentials for the Hive cloud replication.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to