[ https://issues.apache.org/jira/browse/ACCUMULO-3890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14577680#comment-14577680 ]
Josh Elser commented on ACCUMULO-3890: -------------------------------------- bq. Granted the existing publicly available implementations are all based on something file-like. But you never know what's coming in the future...and moving secrets into an external store and hooking them up via the CredentialProvider is an appealing story. I'm not sure if you're trying to be coy, but we can't really design for something we don't know is coming. If you have something that we can keep in mind to avoid invalidating any changes we make, please tell us now so we can fix this once. bq. I had a peek at some of the latest CredentialProvider code; the getCredentialEntry() call does have a cache, but I don't see any calls to actually populate that cache. Wonder what's going on there; you might want to investigate that bit first. Looking at branch-2.7, I still don't see anything that adds to that cache like you mentioned. [~lmccay] do you know if it's a known issue that the JKS provider doesn't put elements into the cache (or did we just miss how that happens)? If the cache isn't being used properly, we should fix this in Hadoop (and maybe add a patch into Accumulo to prevent it from bashing the NN to pieces on the broken versions). > Use of CredentialProvider results in a lot of NN ops > ---------------------------------------------------- > > Key: ACCUMULO-3890 > URL: https://issues.apache.org/jira/browse/ACCUMULO-3890 > Project: Accumulo > Issue Type: Bug > Affects Versions: 1.6.1, 1.6.2, 1.7.0 > Reporter: Billie Rinaldi > Assignee: Billie Rinaldi > Fix For: 1.6.3, 1.7.1, 1.8.0 > > > Every time we access a sensitive property or iterate over a configuration > when there is a CredentialProvider configured, it results in NN operations > (as evidenced by FSNamesystem.audit logs). I think that we could assume the > CredentialProvider is static, read its properties once and cache them in > memory to avoid these unnecessary reads. -- This message was sent by Atlassian JIRA (v6.3.4#6332)