Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14831 Über-jira: S3a phase IV: Hadoop 3.1 features
  3. HADOOP-14507

extend per-bucket secret key config with explicit getPassword() on fs.s3a.$bucket.secret.key

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 2.8.1
    • 3.1.0
    • fs/s3
    • None

    Description

      Per-bucket jceks support turns out to be complex as you have to manage multiple jecks files & configure the client to ask for the right one. This is because we're calling Configuration.getPassword{"fs,s3a.secret.key".

      If before that, we do a check for the explict id, key, session key in the properties fs.s3a.$bucket.secret ( & c), we could have a single JCEKs file with all the secrets for different bucket. You would only need to explicitly point the base config to the secrets file, and the right credentials would be picked up, if set

      Attachments

        1. HADOOP-14507-001.patch
          5 kB
          Steve Loughran
        2. HADOOP-14507-002.patch
          17 kB
          Steve Loughran
        3. HADOOP-14507-003.patch
          29 kB
          Steve Loughran
        4. HADOOP-14507-004.patch
          30 kB
          Steve Loughran
        5. HADOOP-14507-005.patch
          35 kB
          Steve Loughran
        6. HADOOP-14507-006.patch
          35 kB
          Steve Loughran
        7. HADOOP-14507-006.patch
          35 kB
          Steve Loughran
        8. HADOOP-14507-007.patch
          39 kB
          Steve Loughran
        9. HADOOP-14507-008.patch
          39 kB
          Steve Loughran

        Issue Links

          contains

          Sub-task - The sub-task of the issue HADOOP-14723 reinstate URI parameter in AWSCredentialProvider constructors

          • Major - Major loss of function.
          • Resolved
          depends upon

          Sub-task - The sub-task of the issue HADOOP-14723 reinstate URI parameter in AWSCredentialProvider constructors

          • Major - Major loss of function.
          • Resolved
          is broken by

          Sub-task - The sub-task of the issue HADOOP-14135 Remove URI parameter in AWSCredentialProvider constructors

          • Major - Major loss of function.
          • Resolved
          is depended upon by

          Sub-task - The sub-task of the issue HADOOP-14614 Hive doesn't let s3a patch the credential provider path

          • Major - Major loss of function.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-14821 Executing the command 'hdfs -Dhadoop.security.credential.provider.path=file1.jceks,file2.jceks' fails if permission is denied to some files

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-13972 ADLS to support per-store configuration

          • Major - Major loss of function.
          • Resolved
          relates to

          Sub-task - The sub-task of the issue HADOOP-14324 Refine S3 server-side-encryption key as encryption secret; improve error reporting and diagnostics

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved
          supercedes

          Sub-task - The sub-task of the issue HADOOP-14625 error message in S3AUtils.getServerSideEncryptionKey() needs to expand property constant

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Resolved

          Activity

            People

              stevel@apache.org Steve Loughran
              stevel@apache.org Steve Loughran
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: