[jira] [Commented] (HADOOP-12846) Credential Provider Recursive Dependencies

Sat, 27 Feb 2016 14:12:42 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-12846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15170738#comment-15170738
 ] 

Larry McCay commented on HADOOP-12846:
--------------------------------------

Hey [~cnauroth] - thanks for the review.

I was letting the bad URI go through and get caught by the credential provider 
factory rather than stop things here.
I also intended to follow up with a separate patch for s3a - I can add it in 
here instead if you think that is better.

> Credential Provider Recursive Dependencies
> ------------------------------------------
>
>                 Key: HADOOP-12846
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12846
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>         Attachments: HADOOP-12846-001.patch, HADOOP-12846-002.patch, 
> HADOOP-12846-003.patch
>
>
> There are a few credential provider integration points in which the use of a 
> certain type of provider in a certain filesystem causes a recursive infinite 
> loop. 
> For instance, a component such as sqoop can be protecting a db password in a 
> credential provider within the wasb/azure filesystem. Now that HADOOP-12555 
> has introduced the ability to protect the access keys for wasb we suddenly 
> need access to wasb to get the database keys which initiates the attempt to 
> get the access keys from wasb - since there is a provider path configured for 
> sqoop.
> For such integrations, those in which it doesn't make sense to protect the 
> access keys inside the thing that we need the keys to access, we need a 
> solution to avoid this recursion - other than dictating what filesystems can 
> be used by other components.
> This patch proposes the ability to scrub the configured provider path of any 
> provider types that would be incompatible with the integration point. In 
> other words, before calling Configuration.getPassword for the access keys to 
> wasb, we can remove any configured providers that require access to wasb.
> This will require some regex expressions that can be used to identify the 
> configuration of such provider uri's within the provider path parameter.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to