Uploaded image for project: 'Oozie'
  1. Oozie
  2. OOZIE-2356

Add a way to enable/disable credentials in a workflow

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: trunk
    • Fix Version/s: 4.3.0
    • Component/s: security
    • Labels:
      None

      Description

      Currently, in a Kerberos cluster, you can use the <credentials> section to tell Oozie to get delegation tokens for HCat/Metastore, HS2, HBase, etc. However, this is defined in the workflow.xml, which means that Oozie will always try to get those tokens, even in an non-secure cluster, where it will likely fail. We should add a mechanism to enable/disable getting credentials so that the same workflow.xml can be used in both a secure and non-secure environment; as it is now, you have to maintain two copies of the workflow.xml.

      We can do this fairly simply by adding a job-level property (e.g. oozie.credentials.skip=true) that would skip getting delegation tokens.

        Attachments

        1. OOZIE-2356.001.patch
          9 kB
          Robert Kanter
        2. OOZIE-2356.002.patch
          17 kB
          Robert Kanter

          Activity

            People

            • Assignee:
              rkanter Robert Kanter
              Reporter:
              rkanter Robert Kanter
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: