[ https://issues.apache.org/jira/browse/HADOOP-12846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15169716#comment-15169716 ]
Larry McCay commented on HADOOP-12846: -------------------------------------- Given a configuration (command line) such as -D hadoop.security.credential.provider.path=jceks://wasb/user/hrt_qa/sqoopdbpasswd.jceks this would result in a infinite loop. With a call to ProviderUtils.excludeCredentialProviderTypes(",?jceks://wasb.*,?") this would result in a new configuration object that had no providers in it and therefore no incompatibility at the integration point that looks up access keys. It would therefore avoid the infinite loop. I will have a patch available at some point later today or this evening. > Credential Provider Recursive Dependencies > ------------------------------------------ > > Key: HADOOP-12846 > URL: https://issues.apache.org/jira/browse/HADOOP-12846 > Project: Hadoop Common > Issue Type: Bug > Reporter: Larry McCay > Assignee: Larry McCay > > There are a few credential provider integration points in which the use of a > certain type of provider in a certain filesystem causes a recursive infinite > loop. > For instance, a component such as sqoop can be protecting a db password in a > credential provider within the wasb/azure filesystem. Now that HADOOP-12555 > has introduced the ability to protect the access keys for wasb we suddenly > need access to wasb to get the database keys which initiates the attempt to > get the access keys from wasb - since there is a provider path configured for > sqoop. > For such integrations, those in which it doesn't make sense to protect the > access keys inside the thing that we need the keys to access, we need a > solution to avoid this recursion - other than dictating what filesystems can > be used by other components. > This patch proposes the ability to scrub the configured provider path of any > provider types that would be incompatible with the integration point. In > other words, before calling Configuration.getPassword for the access keys to > wasb, we can remove any configured providers that require access to wasb. > This will require some regex expressions that can be used to identify the > configuration of such provider uri's within the provider path parameter. -- This message was sent by Atlassian JIRA (v6.3.4#6332)