[jira] [Commented] (HADOOP-17255) JavaKeyStoreProvider fails to create a new key if the keystore is HDFS

Wed, 09 Sep 2020 21:54:09 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-17255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17193369#comment-17193369
 ] 

Akira Ajisaka commented on HADOOP-17255:
----------------------------------------

Thank you [~weichiu] for your comment.

The credential provider document 
([https://hadoop.apache.org/docs/r3.3.0/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html#Provider_Types])
 says how to configure keystore provider for HDFS.
{quote}To wrap filesystem URIs with a jceks URI follow these steps:
 1. Take a filesystem URI such as hdfs://namenode:9001/users/alice/secrets.jceks
 2. Place jceks:// in front of the URL: 
jceks://hdfs://namenode:9001/users/alice/secrets.jceks
 3. Replace the second :// string with an @ symbol: 
jceks://hdfs@namenode:9001/users/alice/secrets.jceks
{quote}
Therefore I thought JavaKeyStoreProvider is supposed to work if the keystore is 
in HDFS.

If it won't work on HDFS, can we add warn or error message if the keystore 
provider is HDFS?

> JavaKeyStoreProvider fails to create a new key if the keystore is HDFS
> ----------------------------------------------------------------------
>
>                 Key: HADOOP-17255
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17255
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: kms
>            Reporter: Akira Ajisaka
>            Assignee: Akira Ajisaka
>            Priority: Critical
>              Labels: pull-request-available
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> The caller of JavaKeyStoreProvider#renameOrFail assumes that it throws 
> FileNotFoundException if the src does not exist. However, 
> JavaKeyStoreProvider#renameOrFail calls the old rename API. In 
> DistributedFileSystem, the old API returns false if the src does not exist.
> That way JavaKeyStoreProvider fails to create a new key if the keystore is 
> HDFS.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to