Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14831 Über-jira: S3a phase IV: Hadoop 3.1 features
  3. HADOOP-14507

extend per-bucket secret key config with explicit getPassword() on fs.s3a.$bucket.secret.key


    • Type: Sub-task
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.8.1
    • Fix Version/s: 3.1.0
    • Component/s: fs/s3
    • Labels:
    • Target Version/s:


      Per-bucket jceks support turns out to be complex as you have to manage multiple jecks files & configure the client to ask for the right one. This is because we're calling Configuration.getPassword{"fs,s3a.secret.key".

      If before that, we do a check for the explict id, key, session key in the properties fs.s3a.$bucket.secret ( & c), we could have a single JCEKs file with all the secrets for different bucket. You would only need to explicitly point the base config to the secrets file, and the right credentials would be picked up, if set


        1. HADOOP-14507-008.patch
          39 kB
          Steve Loughran
        2. HADOOP-14507-007.patch
          39 kB
          Steve Loughran
        3. HADOOP-14507-006.patch
          35 kB
          Steve Loughran
        4. HADOOP-14507-006.patch
          35 kB
          Steve Loughran
        5. HADOOP-14507-005.patch
          35 kB
          Steve Loughran
        6. HADOOP-14507-004.patch
          30 kB
          Steve Loughran
        7. HADOOP-14507-003.patch
          29 kB
          Steve Loughran
        8. HADOOP-14507-002.patch
          17 kB
          Steve Loughran
        9. HADOOP-14507-001.patch
          5 kB
          Steve Loughran

          Issue Links



              • Assignee:
                stevel@apache.org Steve Loughran
                stevel@apache.org Steve Loughran
              • Votes:
                0 Vote for this issue
                9 Start watching this issue


                • Created: