[jira] [Commented] (HIVE-26464) New credential provider for replicating to the cloud

Thu, 25 Aug 2022 02:27:06 -0700 


    [ 
https://issues.apache.org/jira/browse/HIVE-26464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17584730#comment-17584730
 ] 

Peter Felker commented on HIVE-26464:
-------------------------------------

Hi [~lmccay]:

As I see, you've read the [Hive Replication Keystore 
Management|https://docs.google.com/document/u/1/d/1ZRveqNCvFn__UFke7pKx3KZ2r6_AH7Z4MBDKuuapJHE/edit]
 documentation. This answers why we implemented it this way.

As for the the other question:
{quote}
why is this a Hive JIRA and not a general purpose HADOOP credential provider 
improvement.
{quote}
It's a good point, this really could be a general Hadoop credential provider. 
However we're not Hadoop committers, we work on Hive replication code and there 
are just a few people in the team who can merge the changes upstream. So we're 
kind of limited.

> New credential provider for replicating to the cloud
> ----------------------------------------------------
>
>                 Key: HIVE-26464
>                 URL: https://issues.apache.org/jira/browse/HIVE-26464
>             Project: Hive
>          Issue Type: Task
>          Components: HiveServer2, repl
>            Reporter: Peter Felker
>            Assignee: Peter Felker
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> In {{ReplDumpTask}}, if the following *new* config is provided in 
> {{HiveConf}}:
> * {{hive.repl.cloud.credential.provider.path}}
> then the HS2 credstore URI scheme, contained by {{HiveConf}} with key 
> {{hadoop.security.credential.provider.path}}, should be updated so that it 
> will start with new scheme: {{hiverepljceks}}. For instance:
> {code}jceks://file/path/to/credstore/creds.localjceks{code}
> will become:
> {code}hiverepljceks://file/path/to/credstore/creds.localjceks{code}
> This new scheme, {{hiverepljceks}}, will make Hadoop to use a *new* 
> credential provider, which will do the following:
> # Load the HS2 keystore file, defined by key 
> {{hadoop.security.credential.provider.path}}
> # Gets a password from the HS2 keystore file, with key: 
> {{hive.repl.cloud.credential.provider.password}}
> # This password will be used to load another keystore file, located on HDFS 
> and specified by the new config mentioned before: 
> {{hive.repl.cloud.credential.provider.path}}. This contains the cloud 
> credentials for the Hive cloud replication.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to