Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14831 Über-jira: S3a phase IV: Hadoop 3.1 features
  3. HADOOP-14507

extend per-bucket secret key config with explicit getPassword() on fs.s3a.$bucket.secret.key

Log workAgile BoardRank to TopRank to BottomAttach filesAttach ScreenshotVotersWatch issueWatchersConvert to IssueMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 2.8.1
    • 3.1.0
    • fs/s3
    • None

    Description

      Per-bucket jceks support turns out to be complex as you have to manage multiple jecks files & configure the client to ask for the right one. This is because we're calling Configuration.getPassword{"fs,s3a.secret.key".

      If before that, we do a check for the explict id, key, session key in the properties fs.s3a.$bucket.secret ( & c), we could have a single JCEKs file with all the secrets for different bucket. You would only need to explicitly point the base config to the secrets file, and the right credentials would be picked up, if set

      Attachments

        1. HADOOP-14507-008.patch
          39 kB
          Steve Loughran
        2. HADOOP-14507-007.patch
          39 kB
          Steve Loughran
        3. HADOOP-14507-006.patch
          35 kB
          Steve Loughran
        4. HADOOP-14507-006.patch
          35 kB
          Steve Loughran
        5. HADOOP-14507-005.patch
          35 kB
          Steve Loughran
        6. HADOOP-14507-004.patch
          30 kB
          Steve Loughran
        7. HADOOP-14507-003.patch
          29 kB
          Steve Loughran
        8. HADOOP-14507-002.patch
          17 kB
          Steve Loughran
        9. HADOOP-14507-001.patch
          5 kB
          Steve Loughran

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            stevel@apache.org Steve Loughran Assign to me
            stevel@apache.org Steve Loughran
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Issue deployment