Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14831 Über-jira: S3a phase IV: Hadoop 3.1 features
  3. HADOOP-14507

extend per-bucket secret key config with explicit getPassword() on fs.s3a.$bucket.secret.key

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 2.8.1
    • 3.1.0
    • fs/s3
    • None

    Description

      Per-bucket jceks support turns out to be complex as you have to manage multiple jecks files & configure the client to ask for the right one. This is because we're calling Configuration.getPassword{"fs,s3a.secret.key".

      If before that, we do a check for the explict id, key, session key in the properties fs.s3a.$bucket.secret ( & c), we could have a single JCEKs file with all the secrets for different bucket. You would only need to explicitly point the base config to the secrets file, and the right credentials would be picked up, if set

      Attachments

        1. HADOOP-14507-001.patch
          5 kB
          Steve Loughran
        2. HADOOP-14507-002.patch
          17 kB
          Steve Loughran
        3. HADOOP-14507-003.patch
          29 kB
          Steve Loughran
        4. HADOOP-14507-004.patch
          30 kB
          Steve Loughran
        5. HADOOP-14507-005.patch
          35 kB
          Steve Loughran
        6. HADOOP-14507-006.patch
          35 kB
          Steve Loughran
        7. HADOOP-14507-006.patch
          35 kB
          Steve Loughran
        8. HADOOP-14507-007.patch
          39 kB
          Steve Loughran
        9. HADOOP-14507-008.patch
          39 kB
          Steve Loughran

        Issue Links

          Activity

            People

              stevel@apache.org Steve Loughran
              stevel@apache.org Steve Loughran
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: