subject:"\[jira\] \[Updated\] \(HADOOP\-10607\) Create an API to Separate Credentials\/Password Storage from Applications"

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-07-17 Thread Owen O'Malley (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Owen O'Malley updated HADOOP-10607:
---

Fix Version/s: (was: 2.5.0)
   2.6.0

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0, 2.6.0
>
> Attachments: 10607-10.patch, 10607-11.patch, 10607-12.patch, 
> 10607-2.patch, 10607-3.patch, 10607-4.patch, 10607-5.patch, 10607-6.patch, 
> 10607-7.patch, 10607-8.patch, 10607-9.patch, 10607-branch-2.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-07-17 Thread Owen O'Malley (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Owen O'Malley updated HADOOP-10607:
---

Fix Version/s: 2.5.0

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0, 2.5.0
>
> Attachments: 10607-10.patch, 10607-11.patch, 10607-12.patch, 
> 10607-2.patch, 10607-3.patch, 10607-4.patch, 10607-5.patch, 10607-6.patch, 
> 10607-7.patch, 10607-8.patch, 10607-9.patch, 10607-branch-2.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-19 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Attachment: 10607-branch-2.patch

patch to merge to branch-2 added

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-10.patch, 10607-11.patch, 10607-12.patch, 
> 10607-2.patch, 10607-3.patch, 10607-4.patch, 10607-5.patch, 10607-6.patch, 
> 10607-7.patch, 10607-8.patch, 10607-9.patch, 10607-branch-2.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-18 Thread Owen O'Malley (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Owen O'Malley updated HADOOP-10607:
---

Resolution: Fixed
Status: Resolved  (was: Patch Available)

I just committed this. Thanks, Larry!

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-10.patch, 10607-11.patch, 10607-12.patch, 
> 10607-2.patch, 10607-3.patch, 10607-4.patch, 10607-5.patch, 10607-6.patch, 
> 10607-7.patch, 10607-8.patch, 10607-9.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-12 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Patch Available  (was: Open)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-10.patch, 10607-11.patch, 10607-12.patch, 
> 10607-2.patch, 10607-3.patch, 10607-4.patch, 10607-5.patch, 10607-6.patch, 
> 10607-7.patch, 10607-8.patch, 10607-9.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-12 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Attachment: 10607-12.patch

Addresses the additional context for IOExceptions that are caught within the 
getPassword method. Also separated the credential provider api and fallback to 
config code into discreet methods to address readability and cumbersome style 
of having them together.

Leaving the credential as a char[] for now for reasons described earlier in the 
comments.

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-10.patch, 10607-11.patch, 10607-12.patch, 
> 10607-2.patch, 10607-3.patch, 10607-4.patch, 10607-5.patch, 10607-6.patch, 
> 10607-7.patch, 10607-8.patch, 10607-9.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-12 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Open  (was: Patch Available)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-10.patch, 10607-11.patch, 10607-2.patch, 
> 10607-3.patch, 10607-4.patch, 10607-5.patch, 10607-6.patch, 10607-7.patch, 
> 10607-8.patch, 10607-9.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-11 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Attachment: 10607-11.patch

Added missing apache license header.

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-10.patch, 10607-11.patch, 10607-2.patch, 
> 10607-3.patch, 10607-4.patch, 10607-5.patch, 10607-6.patch, 10607-7.patch, 
> 10607-8.patch, 10607-9.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-11 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Patch Available  (was: Open)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-10.patch, 10607-11.patch, 10607-2.patch, 
> 10607-3.patch, 10607-4.patch, 10607-5.patch, 10607-6.patch, 10607-7.patch, 
> 10607-8.patch, 10607-9.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-11 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Open  (was: Patch Available)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-10.patch, 10607-2.patch, 10607-3.patch, 
> 10607-4.patch, 10607-5.patch, 10607-6.patch, 10607-7.patch, 10607-8.patch, 
> 10607-9.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-11 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Patch Available  (was: Open)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-10.patch, 10607-2.patch, 10607-3.patch, 
> 10607-4.patch, 10607-5.patch, 10607-6.patch, 10607-7.patch, 10607-8.patch, 
> 10607-9.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-11 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Open  (was: Patch Available)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-10.patch, 10607-2.patch, 10607-3.patch, 
> 10607-4.patch, 10607-5.patch, 10607-6.patch, 10607-7.patch, 10607-8.patch, 
> 10607-9.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-11 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Attachment: 10607-10.patch

Addresses the points in [~owen.omalley]'s review.

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-10.patch, 10607-2.patch, 10607-3.patch, 
> 10607-4.patch, 10607-5.patch, 10607-6.patch, 10607-7.patch, 10607-8.patch, 
> 10607-9.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-03 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Attachment: 10607-9.patch

Fixed hadoop shell script error

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 
> 10607-5.patch, 10607-6.patch, 10607-7.patch, 10607-8.patch, 10607-9.patch, 
> 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-03 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Patch Available  (was: Open)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 
> 10607-5.patch, 10607-6.patch, 10607-7.patch, 10607-8.patch, 10607-9.patch, 
> 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-03 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Open  (was: Patch Available)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 
> 10607-5.patch, 10607-6.patch, 10607-7.patch, 10607-8.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-03 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Open  (was: Patch Available)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 
> 10607-5.patch, 10607-6.patch, 10607-7.patch, 10607-8.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-03 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Patch Available  (was: Open)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 
> 10607-5.patch, 10607-6.patch, 10607-7.patch, 10607-8.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-03 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Attachment: 10607-8.patch

Removed extraneous whitespace that I inadvertently added.

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 
> 10607-5.patch, 10607-6.patch, 10607-7.patch, 10607-8.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-02 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Open  (was: Patch Available)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 
> 10607-5.patch, 10607-6.patch, 10607-7.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-02 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Patch Available  (was: Open)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 
> 10607-5.patch, 10607-6.patch, 10607-7.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-02 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Attachment: 10607-7.patch

Resolved findbug issue.

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 
> 10607-5.patch, 10607-6.patch, 10607-7.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-01 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Patch Available  (was: Open)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 
> 10607-5.patch, 10607-6.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-01 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Attachment: 10607-6.patch

New revision of the patch that removes the backward compatibility alias token 
syntax and method and adds a Configuration.getPassword(String name) to get a 
password from either the credential provider API or fallback to the config file 
for clear text. Also addressed the rest of [~owen.omalley]'s - except for the 
ConfigurationCredentialProvider implementation. See previous comments about 
this. We can add this in a follow up patch if still desired.

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 
> 10607-5.patch, 10607-6.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-06-01 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Open  (was: Patch Available)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 
> 10607-5.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-05-17 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Open  (was: Patch Available)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 
> 10607-5.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-05-17 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Attachment: 10607-5.patch

gitx has been flaking out on me - the javadoc warning is fixed now. ugh.

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 
> 10607-5.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-05-17 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Patch Available  (was: Open)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 
> 10607-5.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-05-16 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Attachment: 10607-2.patch

Removed java 7 reference to fix build failure.

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-05-16 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Patch Available  (was: Open)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-05-16 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Attachment: 10607-4.patch

Fixed javadoc warning

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-05-16 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Open  (was: Patch Available)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607-4.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-05-16 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Attachment: 10607-3.patch

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-05-16 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Patch Available  (was: Open)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-05-16 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Patch Available  (was: Open)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-05-16 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Open  (was: Patch Available)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607-3.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-05-16 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Open  (was: Patch Available)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607-2.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to separate Credentials/Password Storage from Applications

2014-05-15 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Description: 
As with the filesystem API, we need to provide a generic mechanism to support 
multiple credential storage mechanisms that are potentially from third parties. 

We need the ability to eliminate the storage of passwords and secrets in clear 
text within configuration files or within code.

Toward that end, I propose an API that is configured using a list of URLs of 
CredentialProviders. The implementation will look for implementations using the 
ServiceLoader interface and thus support third party libraries.

Two providers will be included in this patch. One using the credentials cache 
in MapReduce jobs and the other using Java KeyStores from either HDFS or local 
file system. 



  was:
As with the filesystem API, we need to provide a generic mechanism to support 
multiple key storage mechanisms that are potentially from third parties. 

An additional requirement for long term data lakes is to keep multiple versions 
of each key so that keys can be rolled periodically without requiring the 
entire data set to be re-written. Rolling keys provides containment in the 
event of keys being leaked.

Toward that end, I propose an API that is configured using a list of URLs of 
KeyProviders. The implementation will look for implementations using the 
ServiceLoader interface and thus support third party libraries.

Two providers will be included in this patch. One using the credentials cache 
in MapReduce jobs and the other using Java KeyStores from either HDFS or local 
file system. 




> Create an API to separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: Bug
>  Components: security
>Reporter: Larry McCay
>Assignee: Owen O'Malley
> Fix For: 3.0.0
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to separate Credentials/Password Storage from Applications

2014-05-13 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Description: 
As with the filesystem API, we need to provide a generic mechanism to support 
multiple credential storage mechanisms that are potentially from third parties. 

We need the ability to eliminate the storage of passwords and secrets in clear 
text within configuration files or within code.

Toward that end, I propose an API that is configured using a list of URLs of 
CredentialProviders. The implementation will look for implementations using the 
ServiceLoader interface and thus support third party libraries.

Two providers will be included in this patch. One using the credentials cache 
in MapReduce jobs and the other using Java KeyStores from either HDFS or local 
file system. 

A CredShell CLI will also be included in this patch which provides the ability 
to manage the credentials within the stores.



  was:
As with the filesystem API, we need to provide a generic mechanism to support 
multiple credential storage mechanisms that are potentially from third parties. 

We need the ability to eliminate the storage of passwords and secrets in clear 
text within configuration files or within code.

Toward that end, I propose an API that is configured using a list of URLs of 
CredentialProviders. The implementation will look for implementations using the 
ServiceLoader interface and thus support third party libraries.

Two providers will be included in this patch. One using the credentials cache 
in MapReduce jobs and the other using Java KeyStores from either HDFS or local 
file system. 




> Create an API to separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: Bug
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to separate Credentials/Password Storage from Applications

2014-05-13 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Issue Type: New Feature  (was: Bug)

> Create an API to separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to separate Credentials/Password Storage from Applications

2014-05-13 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Status: Patch Available  (was: Open)

> Create an API to separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: Bug
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications

2014-05-13 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Summary: Create an API to Separate Credentials/Password Storage from 
Applications  (was: Create an API to separate Credentials/Password Storage from 
Applications)

> Create an API to Separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: New Feature
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (HADOOP-10607) Create an API to separate Credentials/Password Storage from Applications

2014-05-13 Thread Larry McCay (JIRA)


 [ 
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated HADOOP-10607:
-

Attachment: 10607.patch

Initial patch contribution

> Create an API to separate Credentials/Password Storage from Applications
> 
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
>  Issue Type: Bug
>  Components: security
>Reporter: Larry McCay
>Assignee: Larry McCay
> Fix For: 3.0.0
>
> Attachments: 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support 
> multiple credential storage mechanisms that are potentially from third 
> parties. 
> We need the ability to eliminate the storage of passwords and secrets in 
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of 
> CredentialProviders. The implementation will look for implementations using 
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache 
> in MapReduce jobs and the other using Java KeyStores from either HDFS or 
> local file system. 
> A CredShell CLI will also be included in this patch which provides the 
> ability to manage the credentials within the stores.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

43 matches

Mail list logo