Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.6.0
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      By using Configuration.getPassword the credential provider API can be used to provide an alternative to storing the ssl and ldap bind passwords in clear text within the configuration files.

      getPassword will enable us to not sure clear text passwords when required and provide backward compatibility for when it is not necessary and existing deployments.

      1. HADOOP-10905.patch
        6 kB
        Larry McCay
      2. HADOOP-10905.patch
        6 kB
        Larry McCay

        Activity

        Hide
        Larry McCay added a comment -

        Patch that uptakes credential provider API through the use of Configuration.getPassword while providing backward compatibility.

        Show
        Larry McCay added a comment - Patch that uptakes credential provider API through the use of Configuration.getPassword while providing backward compatibility.
        Hide
        Hadoop QA added a comment -

        +1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12659256/HADOOP-10905.patch
        against trunk revision .

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 1 new or modified test files.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 javadoc. There were no new javadoc warning messages.

        +1 eclipse:eclipse. The patch built with eclipse:eclipse.

        +1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common.

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/4407//testReport/
        Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/4407//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12659256/HADOOP-10905.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 1 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 2.0.3) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common. +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/4407//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/4407//console This message is automatically generated.
        Hide
        Larry McCay added a comment -

        There is a potential NPE resulting from getPassword implementation that may return null instead of an empty string or defaultPass.

        Show
        Larry McCay added a comment - There is a potential NPE resulting from getPassword implementation that may return null instead of an empty string or defaultPass.
        Hide
        Larry McCay added a comment -

        Patch that ensures that null is never returned by the getPassword method.

        Show
        Larry McCay added a comment - Patch that ensures that null is never returned by the getPassword method.
        Hide
        Hadoop QA added a comment -

        +1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12659671/HADOOP-10905.patch
        against trunk revision .

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 1 new or modified test files.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 javadoc. There were no new javadoc warning messages.

        +1 eclipse:eclipse. The patch built with eclipse:eclipse.

        +1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-common.

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/4418//testReport/
        Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/4418//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - +1 overall . Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12659671/HADOOP-10905.patch against trunk revision . +1 @author . The patch does not contain any @author tags. +1 tests included . The patch appears to include 1 new or modified test files. +1 javac . The applied patch does not increase the total number of javac compiler warnings. +1 javadoc . There were no new javadoc warning messages. +1 eclipse:eclipse . The patch built with eclipse:eclipse. +1 findbugs . The patch does not introduce any new Findbugs (version 2.0.3) warnings. +1 release audit . The applied patch does not increase the total number of release audit warnings. +1 core tests . The patch passed unit tests in hadoop-common-project/hadoop-common. +1 contrib tests . The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/4418//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/4418//console This message is automatically generated.
        Hide
        Larry McCay added a comment -

        Vinod Kumar Vavilapalli - could I bother you for a quick review of this patch and commit as appropriate? Thanks!

        Show
        Larry McCay added a comment - Vinod Kumar Vavilapalli - could I bother you for a quick review of this patch and commit as appropriate? Thanks!
        Hide
        Larry McCay added a comment -

        When it is ready it will need to go to branch-2 as well as trunk.

        Show
        Larry McCay added a comment - When it is ready it will need to go to branch-2 as well as trunk.
        Hide
        Brandon Li added a comment -

        +1. The patch looks good to me.

        Show
        Brandon Li added a comment - +1. The patch looks good to me.
        Hide
        Brandon Li added a comment -

        I've committed the patch to branch-2. Thank you, Larry McCay, for the contribution!

        Show
        Brandon Li added a comment - I've committed the patch to branch-2. Thank you, Larry McCay , for the contribution!
        Hide
        Brandon Li added a comment -

        I've committed the patch to branch-2. Thank you, Larry McCay, for the contribution!

        Show
        Brandon Li added a comment - I've committed the patch to branch-2. Thank you, Larry McCay , for the contribution!
        Hide
        Larry McCay added a comment -

        Thank you, Brandon Li!

        Show
        Larry McCay added a comment - Thank you, Brandon Li !
        Hide
        Hudson added a comment -

        FAILURE: Integrated in Hadoop-trunk-Commit #6019 (See https://builds.apache.org/job/Hadoop-trunk-Commit/6019/)
        HADOOP-10905. LdapGroupsMapping Should use configuration.getPassword for SSL and LDAP Passwords. Contributed by Larry McCay (brandonli: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1616054)

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
        Show
        Hudson added a comment - FAILURE: Integrated in Hadoop-trunk-Commit #6019 (See https://builds.apache.org/job/Hadoop-trunk-Commit/6019/ ) HADOOP-10905 . LdapGroupsMapping Should use configuration.getPassword for SSL and LDAP Passwords. Contributed by Larry McCay (brandonli: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1616054 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
        Hide
        Hudson added a comment -

        FAILURE: Integrated in Hadoop-Yarn-trunk #635 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/635/)
        HADOOP-10905. LdapGroupsMapping Should use configuration.getPassword for SSL and LDAP Passwords. Contributed by Larry McCay (brandonli: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1616054)

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
        Show
        Hudson added a comment - FAILURE: Integrated in Hadoop-Yarn-trunk #635 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/635/ ) HADOOP-10905 . LdapGroupsMapping Should use configuration.getPassword for SSL and LDAP Passwords. Contributed by Larry McCay (brandonli: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1616054 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
        Hide
        Hudson added a comment -

        FAILURE: Integrated in Hadoop-Hdfs-trunk #1829 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1829/)
        HADOOP-10905. LdapGroupsMapping Should use configuration.getPassword for SSL and LDAP Passwords. Contributed by Larry McCay (brandonli: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1616054)

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
        Show
        Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk #1829 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1829/ ) HADOOP-10905 . LdapGroupsMapping Should use configuration.getPassword for SSL and LDAP Passwords. Contributed by Larry McCay (brandonli: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1616054 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
        Hide
        Hudson added a comment -

        FAILURE: Integrated in Hadoop-Mapreduce-trunk #1855 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1855/)
        HADOOP-10905. LdapGroupsMapping Should use configuration.getPassword for SSL and LDAP Passwords. Contributed by Larry McCay (brandonli: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1616054)

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java
        Show
        Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk #1855 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1855/ ) HADOOP-10905 . LdapGroupsMapping Should use configuration.getPassword for SSL and LDAP Passwords. Contributed by Larry McCay (brandonli: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1616054 ) /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java

          People

          • Assignee:
            Larry McCay
            Reporter:
            Larry McCay
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development