Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11031

Design Document for Credential Provider API

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.8.0, 3.0.0-alpha1
    • Component/s: site
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      Provide detailed overview of the design, intent and use of the credential management API.

      1. HADOOP-11031-003.patch
        13 kB
        Larry McCay
      2. HADOOP-11031-002.patch
        13 kB
        Larry McCay
      3. HADOOP-11031-001.patch
        13 kB
        Larry McCay
      4. CredentialProviderAPI.md
        7 kB
        Larry McCay

        Issue Links

          Activity

          Hide
          lmccay Larry McCay added a comment -

          Thanks, Chris Nauroth!

          Show
          lmccay Larry McCay added a comment - Thanks, Chris Nauroth !
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-trunk-Commit #9326 (See https://builds.apache.org/job/Hadoop-trunk-Commit/9326/)
          HADOOP-11031. Design Document for Credential Provider API. Contributed (cnauroth: rev 8ab7658025616d154decd97578de3327ec6f9109)

          • hadoop-common-project/hadoop-common/CHANGES.txt
          • hadoop-tools/hadoop-aws/src/site/markdown/tools/hadoop-aws/index.md
          • hadoop-project/src/site/site.xml
          • hadoop-common-project/hadoop-common/src/site/markdown/CredentialProviderAPI.md
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-trunk-Commit #9326 (See https://builds.apache.org/job/Hadoop-trunk-Commit/9326/ ) HADOOP-11031 . Design Document for Credential Provider API. Contributed (cnauroth: rev 8ab7658025616d154decd97578de3327ec6f9109) hadoop-common-project/hadoop-common/CHANGES.txt hadoop-tools/hadoop-aws/src/site/markdown/tools/hadoop-aws/index.md hadoop-project/src/site/site.xml hadoop-common-project/hadoop-common/src/site/markdown/CredentialProviderAPI.md
          Hide
          cnauroth Chris Nauroth added a comment -

          I have committed this to trunk, branch-2 and branch-2.8. Larry, thanks for the documentation! I have already found this to be useful.

          Show
          cnauroth Chris Nauroth added a comment - I have committed this to trunk, branch-2 and branch-2.8. Larry, thanks for the documentation! I have already found this to be useful.
          Hide
          cnauroth Chris Nauroth added a comment -

          After further testing, +1 for patch v003, and no need to provide another update. Today I learned that in JDK 8, the JavaDocs have switched to using hyphens instead of parentheses for the argument list in method anchors. When building the site with JDK 8, the syntax in patch v003 works fine. For JDK 7 builds, it's not really broken either, because it still links to the class-level JavaDocs. Let's go with v003, and when the builds switch over to JDK 8, they'll automatically start providing more specific links that go straight to the method.

          I'll commit this later today.

          Show
          cnauroth Chris Nauroth added a comment - After further testing, +1 for patch v003, and no need to provide another update. Today I learned that in JDK 8, the JavaDocs have switched to using hyphens instead of parentheses for the argument list in method anchors. When building the site with JDK 8, the syntax in patch v003 works fine. For JDK 7 builds, it's not really broken either, because it still links to the class-level JavaDocs. Let's go with v003, and when the builds switch over to JDK 8, they'll automatically start providing more specific links that go straight to the method. I'll commit this later today.
          Hide
          cnauroth Chris Nauroth added a comment -

          Darn, I cannot find a way to make Markdown hyperlink straight to the getPassword method. It doesn't like the parentheses nested in the URL.

          file:///private/tmp/hadoop-site/hadoop-project/api/org/apache/hadoop/conf/Configuration.html#getPassword(java.lang.String)

          I tried all sorts of crazy escaping and even URL-encoding the parens, but nothing worked.

          It appears we've struggled with this before. The WebHDFS documentation has taken the approach of only linking to the top-level class and not the individual method. For example, see the link to FileSystem.create here:

          http://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Create_and_Write_to_a_File

          I guess we could switch to that style so that it's consistent. The Markdown would look like this:

          [Configuration](../../api/org/apache/hadoop/conf/Configuration.html).getPassword
          

          I'll be +1 after that change. Thank you, Larry!

          Show
          cnauroth Chris Nauroth added a comment - Darn, I cannot find a way to make Markdown hyperlink straight to the getPassword method. It doesn't like the parentheses nested in the URL. file:///private/tmp/hadoop-site/hadoop-project/api/org/apache/hadoop/conf/Configuration.html#getPassword(java.lang.String ) I tried all sorts of crazy escaping and even URL-encoding the parens, but nothing worked. It appears we've struggled with this before. The WebHDFS documentation has taken the approach of only linking to the top-level class and not the individual method. For example, see the link to FileSystem.create here: http://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/WebHDFS.html#Create_and_Write_to_a_File I guess we could switch to that style so that it's consistent. The Markdown would look like this: [Configuration](../../api/org/apache/hadoop/conf/Configuration.html).getPassword I'll be +1 after that change. Thank you, Larry!
          Hide
          lmccay Larry McCay added a comment -

          I am hoping that this latest revision is good for now.
          I plan on creating new JIRAs to tack outstanding documentation concerns around:

          • currently available provider details
          • creating new providers
          • common usage scenarios: ssl, distcp with AWS S3A, etc
          Show
          lmccay Larry McCay added a comment - I am hoping that this latest revision is good for now. I plan on creating new JIRAs to tack outstanding documentation concerns around: currently available provider details creating new providers common usage scenarios: ssl, distcp with AWS S3A, etc
          Hide
          hadoopqa Hadoop QA added a comment -
          +1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 11s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          0 mvndep 0m 18s Maven dependency ordering for branch
          +1 mvnsite 1m 46s trunk passed
          0 mvndep 0m 16s Maven dependency ordering for patch
          +1 mvnsite 1m 37s the patch passed
          +1 whitespace 0m 0s Patch has no whitespace issues.
          +1 xml 0m 0s The patch has no ill-formed XML file.
          +1 asflicense 0m 31s Patch does not generate ASF License warnings.
          4m 52s



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:0ca8df7
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12788371/HADOOP-11031-003.patch
          JIRA Issue HADOOP-11031
          Optional Tests asflicense mvnsite xml
          uname Linux 64e65b5e8040 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / a0c95b5
          modules C: hadoop-project hadoop-common-project/hadoop-common hadoop-tools/hadoop-aws U: .
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8656/console
          Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - +1 overall Vote Subsystem Runtime Comment 0 reexec 0m 11s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. 0 mvndep 0m 18s Maven dependency ordering for branch +1 mvnsite 1m 46s trunk passed 0 mvndep 0m 16s Maven dependency ordering for patch +1 mvnsite 1m 37s the patch passed +1 whitespace 0m 0s Patch has no whitespace issues. +1 xml 0m 0s The patch has no ill-formed XML file. +1 asflicense 0m 31s Patch does not generate ASF License warnings. 4m 52s Subsystem Report/Notes Docker Image:yetus/hadoop:0ca8df7 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12788371/HADOOP-11031-003.patch JIRA Issue HADOOP-11031 Optional Tests asflicense mvnsite xml uname Linux 64e65b5e8040 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / a0c95b5 modules C: hadoop-project hadoop-common-project/hadoop-common hadoop-tools/hadoop-aws U: . Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8656/console Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          lmccay Larry McCay added a comment -

          Links to the Configuration#getPassword javadocs were added as suggested. I will leave the env variable and password file details for another time. We need to properly call out the details of each out of the box provider type as well. Since these are details specific to keystore based providers they would be appropriate for that time.

          Show
          lmccay Larry McCay added a comment - Links to the Configuration#getPassword javadocs were added as suggested. I will leave the env variable and password file details for another time. We need to properly call out the details of each out of the box provider type as well. Since these are details specific to keystore based providers they would be appropriate for that time.
          Hide
          cnauroth Chris Nauroth added a comment -

          Thanks, Larry. I missed that change in the phrasing, and I agree that it addresses point 4.

          I'm also comfortable skipping point 6 considering the rationale you just gave.

          I think that just leaves point 3 (hyperlink to the JavaDocs).

          Show
          cnauroth Chris Nauroth added a comment - Thanks, Larry. I missed that change in the phrasing, and I agree that it addresses point 4. I'm also comfortable skipping point 6 considering the rationale you just gave. I think that just leaves point 3 (hyperlink to the JavaDocs).
          Hide
          lmccay Larry McCay added a comment -

          3. Where the Configuration#getPassword method is mentioned, we can make it a hyperlink to the JavaDocs.

          Will do.

          4. The document mentions that it will cover "how to create custom providers" and "an example of its use will be included", but I didn't find that. I assume it just wasn't done yet, so please consider adding it in the next patch revision. I also think it's acceptable to drop the mention of it and defer that kind of deep customization to a later patch. I think the initial goal here was to make basic usage easier to understand.

          The patch should have changed that to "This document aims to describe the design of the CredentialProvider API, the out of the box implementations, where they are used and how to adopt their use." Maybe you are seeing this somewhere else that I missed?

          6. I think we should discuss how to control the keystore password for the jceks provider (HADOOP_CREDSTORE_PASSWORD environment variable or hadoop.security.credstore.java-keystore-provider.password-file configuration property if not in environment).

          I didn't initially see the hadoop.security.credstore.java-keystore-provider.password-file support in there and though maybe that was just in the key provider API. Now, I see it is in the abstract base class. I'll can cover those as well. The environment variable approach isn't very useful since it can't be set into the environment easily without it being visible in a script or possible to be available from MR jobs, etc. I'm also not sure of the benefit of the hadoop.security.credstore.java-keystore-provider.password-file. Protecting the password to the keystore in a file that is protected with file permissions is really no different than the keystore itseld being protected with file permissions.

          Show
          lmccay Larry McCay added a comment - 3. Where the Configuration#getPassword method is mentioned, we can make it a hyperlink to the JavaDocs. Will do. 4. The document mentions that it will cover "how to create custom providers" and "an example of its use will be included", but I didn't find that. I assume it just wasn't done yet, so please consider adding it in the next patch revision. I also think it's acceptable to drop the mention of it and defer that kind of deep customization to a later patch. I think the initial goal here was to make basic usage easier to understand. The patch should have changed that to "This document aims to describe the design of the CredentialProvider API, the out of the box implementations, where they are used and how to adopt their use." Maybe you are seeing this somewhere else that I missed? 6. I think we should discuss how to control the keystore password for the jceks provider (HADOOP_CREDSTORE_PASSWORD environment variable or hadoop.security.credstore.java-keystore-provider.password-file configuration property if not in environment). I didn't initially see the hadoop.security.credstore.java-keystore-provider.password-file support in there and though maybe that was just in the key provider API. Now, I see it is in the abstract base class. I'll can cover those as well. The environment variable approach isn't very useful since it can't be set into the environment easily without it being visible in a script or possible to be available from MR jobs, etc. I'm also not sure of the benefit of the hadoop.security.credstore.java-keystore-provider.password-file. Protecting the password to the keystore in a file that is protected with file permissions is really no different than the keystore itseld being protected with file permissions.
          Hide
          cnauroth Chris Nauroth added a comment -

          Hi Larry McCay. Patch v002 is looking better to me. It looks like this has addressed points 1, 2 and 5 from my prior comment. That leaves 3, 4 and 6 as open issues to be addressed (or let me know if you disagree with any of them). To recap, here is a copy-paste:

          3. Where the Configuration#getPassword method is mentioned, we can make it a hyperlink to the JavaDocs.

          4. The document mentions that it will cover "how to create custom providers" and "an example of its use will be included", but I didn't find that. I assume it just wasn't done yet, so please consider adding it in the next patch revision. I also think it's acceptable to drop the mention of it and defer that kind of deep customization to a later patch. I think the initial goal here was to make basic usage easier to understand.

          6. I think we should discuss how to control the keystore password for the jceks provider (HADOOP_CREDSTORE_PASSWORD environment variable or hadoop.security.credstore.java-keystore-provider.password-file configuration property if not in environment).

          Show
          cnauroth Chris Nauroth added a comment - Hi Larry McCay . Patch v002 is looking better to me. It looks like this has addressed points 1, 2 and 5 from my prior comment. That leaves 3, 4 and 6 as open issues to be addressed (or let me know if you disagree with any of them). To recap, here is a copy-paste: 3. Where the Configuration#getPassword method is mentioned, we can make it a hyperlink to the JavaDocs. 4. The document mentions that it will cover "how to create custom providers" and "an example of its use will be included", but I didn't find that. I assume it just wasn't done yet, so please consider adding it in the next patch revision. I also think it's acceptable to drop the mention of it and defer that kind of deep customization to a later patch. I think the initial goal here was to make basic usage easier to understand. 6. I think we should discuss how to control the keystore password for the jceks provider ( HADOOP_CREDSTORE_PASSWORD environment variable or hadoop.security.credstore.java-keystore-provider.password-file configuration property if not in environment).
          Hide
          hadoopqa Hadoop QA added a comment -
          +1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 9s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          0 mvndep 0m 15s Maven dependency ordering for branch
          +1 mvnsite 1m 25s trunk passed
          0 mvndep 0m 15s Maven dependency ordering for patch
          +1 mvnsite 1m 24s the patch passed
          +1 whitespace 0m 0s Patch has no whitespace issues.
          +1 xml 0m 1s The patch has no ill-formed XML file.
          +1 asflicense 0m 24s Patch does not generate ASF License warnings.
          4m 6s



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:0ca8df7
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12788314/HADOOP-11031-002.patch
          JIRA Issue HADOOP-11031
          Optional Tests asflicense mvnsite xml
          uname Linux ea95523f1006 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / 76fab26
          modules C: hadoop-project hadoop-common-project/hadoop-common hadoop-tools/hadoop-aws U: .
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8651/console
          Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - +1 overall Vote Subsystem Runtime Comment 0 reexec 0m 9s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. 0 mvndep 0m 15s Maven dependency ordering for branch +1 mvnsite 1m 25s trunk passed 0 mvndep 0m 15s Maven dependency ordering for patch +1 mvnsite 1m 24s the patch passed +1 whitespace 0m 0s Patch has no whitespace issues. +1 xml 0m 1s The patch has no ill-formed XML file. +1 asflicense 0m 24s Patch does not generate ASF License warnings. 4m 6s Subsystem Report/Notes Docker Image:yetus/hadoop:0ca8df7 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12788314/HADOOP-11031-002.patch JIRA Issue HADOOP-11031 Optional Tests asflicense mvnsite xml uname Linux ea95523f1006 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / 76fab26 modules C: hadoop-project hadoop-common-project/hadoop-common hadoop-tools/hadoop-aws U: . Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8651/console Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          lmccay Larry McCay added a comment -

          002 version to address checkstyle issues

          Show
          lmccay Larry McCay added a comment - 002 version to address checkstyle issues
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 13m 35s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          0 mvndep 0m 48s Maven dependency ordering for branch
          +1 mvnsite 1m 33s trunk passed
          0 mvndep 0m 15s Maven dependency ordering for patch
          +1 mvnsite 1m 23s the patch passed
          -1 whitespace 0m 0s The patch has 2 line(s) that end in whitespace. Use git apply --whitespace=fix.
          -1 whitespace 0m 0s The patch has 4 line(s) with tabs.
          +1 xml 0m 1s The patch has no ill-formed XML file.
          +1 asflicense 0m 27s Patch does not generate ASF License warnings.
          18m 26s



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:0ca8df7
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12788299/HADOOP-11031-001.patch
          JIRA Issue HADOOP-11031
          Optional Tests asflicense mvnsite xml
          uname Linux 45cbbb02d81c 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / 76fab26
          whitespace https://builds.apache.org/job/PreCommit-HADOOP-Build/8648/artifact/patchprocess/whitespace-eol.txt
          whitespace https://builds.apache.org/job/PreCommit-HADOOP-Build/8648/artifact/patchprocess/whitespace-tabs.txt
          modules C: hadoop-project hadoop-common-project/hadoop-common hadoop-tools/hadoop-aws U: .
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8648/console
          Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 13m 35s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. 0 mvndep 0m 48s Maven dependency ordering for branch +1 mvnsite 1m 33s trunk passed 0 mvndep 0m 15s Maven dependency ordering for patch +1 mvnsite 1m 23s the patch passed -1 whitespace 0m 0s The patch has 2 line(s) that end in whitespace. Use git apply --whitespace=fix. -1 whitespace 0m 0s The patch has 4 line(s) with tabs. +1 xml 0m 1s The patch has no ill-formed XML file. +1 asflicense 0m 27s Patch does not generate ASF License warnings. 18m 26s Subsystem Report/Notes Docker Image:yetus/hadoop:0ca8df7 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12788299/HADOOP-11031-001.patch JIRA Issue HADOOP-11031 Optional Tests asflicense mvnsite xml uname Linux 45cbbb02d81c 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / 76fab26 whitespace https://builds.apache.org/job/PreCommit-HADOOP-Build/8648/artifact/patchprocess/whitespace-eol.txt whitespace https://builds.apache.org/job/PreCommit-HADOOP-Build/8648/artifact/patchprocess/whitespace-tabs.txt modules C: hadoop-project hadoop-common-project/hadoop-common hadoop-tools/hadoop-aws U: . Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8648/console Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
          Hide
          lmccay Larry McCay added a comment -

          Initial patch adding credential provider API page and its usage within S3A Filesystem.

          Show
          lmccay Larry McCay added a comment - Initial patch adding credential provider API page and its usage within S3A Filesystem.
          Hide
          lmccay Larry McCay added a comment -

          Chris Nauroth - thanks for the review!
          I will incorporate your suggestions and continue with the cross project links.

          Show
          lmccay Larry McCay added a comment - Chris Nauroth - thanks for the review! I will incorporate your suggestions and continue with the cross project links.
          Hide
          cnauroth Chris Nauroth added a comment -

          Hi Larry McCay. This content looks great. I have a few suggestions.

          1. Let's update site.xml to put a link to this page in the left navigation. This seems to make sense in the Common section, right after the link to HTTP Authentication.
          2. The last hyperlink in the table of contents doesn't work correctly. I think it needs to be changed to this.
                 - [The hadoop credential Command](#The_hadoop_credential_Command)
            
          3. Where the Configuration#getPassword method is mentioned, we can make it a hyperlink to the JavaDocs.
          4. The document mentions that it will cover "how to create custom providers" and "an example of its use will be included", but I didn't find that. I assume it just wasn't done yet, so please consider adding it in the next patch revision. I also think it's acceptable to drop the mention of it and defer that kind of deep customization to a later patch. I think the initial goal here was to make basic usage easier to understand.
          5. The table entry for SSL Passwords ends with "Components". It looks like this was either a leftover word or an uncompleted sentence.
          6. I think we should discuss how to control the keystore password for the jceks provider (HADOOP_CREDSTORE_PASSWORD environment variable or hadoop.security.credstore.java-keystore-provider.password-file configuration property if not in environemnt).

          Being that this is a common facility being used by other projects, is it appropriate to include them all in the table of integration points and link to their specific documentation as appropriate?

          Yes, I think this makes sense. I also think it makes sense for the targeted pages to back-link over to CredentialProviderAPI.html, so that their users are guided to the documentation. That would be a bigger change though obviously.

          Show
          cnauroth Chris Nauroth added a comment - Hi Larry McCay . This content looks great. I have a few suggestions. Let's update site.xml to put a link to this page in the left navigation. This seems to make sense in the Common section, right after the link to HTTP Authentication. The last hyperlink in the table of contents doesn't work correctly. I think it needs to be changed to this. - [The hadoop credential Command](#The_hadoop_credential_Command) Where the Configuration#getPassword method is mentioned, we can make it a hyperlink to the JavaDocs. The document mentions that it will cover "how to create custom providers" and "an example of its use will be included", but I didn't find that. I assume it just wasn't done yet, so please consider adding it in the next patch revision. I also think it's acceptable to drop the mention of it and defer that kind of deep customization to a later patch. I think the initial goal here was to make basic usage easier to understand. The table entry for SSL Passwords ends with "Components". It looks like this was either a leftover word or an uncompleted sentence. I think we should discuss how to control the keystore password for the jceks provider ( HADOOP_CREDSTORE_PASSWORD environment variable or hadoop.security.credstore.java-keystore-provider.password-file configuration property if not in environemnt). Being that this is a common facility being used by other projects, is it appropriate to include them all in the table of integration points and link to their specific documentation as appropriate? Yes, I think this makes sense. I also think it makes sense for the targeted pages to back-link over to CredentialProviderAPI.html, so that their users are guided to the documentation. That would be a bigger change though obviously.
          Hide
          lmccay Larry McCay added a comment -

          Attached overview of Credential Provider API page for quick review.
          Especially with regard to the table of supported features and how it contains ecosystem projects as well.

          Show
          lmccay Larry McCay added a comment - Attached overview of Credential Provider API page for quick review. Especially with regard to the table of supported features and how it contains ecosystem projects as well.
          Hide
          lmccay Larry McCay added a comment -

          Initial version of the cred provider API page.

          Show
          lmccay Larry McCay added a comment - Initial version of the cred provider API page.
          Hide
          lmccay Larry McCay added a comment -

          Continuing the discussion for credential provider docs from HADOOP-12548 to this JIRA.

          I've begin a high level overview of the Credential Provider framework and all of its integration points.
          One thing that is an open question for me is that there are many integration points that are outside of Hadoop common but still within the Hadoop ecosystem.

          Being that this is a common facility being used by other projects, is it appropriate to include them all in the table of integration points and link to their specific documentation as appropriate?

          Show
          lmccay Larry McCay added a comment - Continuing the discussion for credential provider docs from HADOOP-12548 to this JIRA. I've begin a high level overview of the Credential Provider framework and all of its integration points. One thing that is an open question for me is that there are many integration points that are outside of Hadoop common but still within the Hadoop ecosystem. Being that this is a common facility being used by other projects, is it appropriate to include them all in the table of integration points and link to their specific documentation as appropriate?
          Hide
          vinodkv Vinod Kumar Vavilapalli added a comment -

          Moving bugs out of previously closed releases into the next minor release 2.8.0.

          Show
          vinodkv Vinod Kumar Vavilapalli added a comment - Moving bugs out of previously closed releases into the next minor release 2.8.0.

            People

            • Assignee:
              lmccay Larry McCay
              Reporter:
              lmccay Larry McCay
            • Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development