You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oozie.apache.org by "Robert Kanter (JIRA)" <ji...@apache.org> on 2015/06/13 01:31:01 UTC
[jira] [Updated] (OOZIE-2272) Use Hadoop's CredentialProvider for
passwords in oozie-site
[ https://issues.apache.org/jira/browse/OOZIE-2272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Kanter updated OOZIE-2272:
---------------------------------
Attachment: OOZIE-2272.001.patch
Unfortunately, {{CredentialProvider}} is only in Hadoop 2.6.0+, so to support all Hadoop 2.x and Hadoop 1.x, we have to do some ugly reflection :(
The patch hides the ugly reflection in {{ConfigurationService}}. {{CredentialProvider}} normally gets called automatically when you call it's {{getPassword}} method, so I mirrored that in {{ConfigurationService}}. For the passwords, you can now call {{ConfigurationService.getPassword(PROP_NAME)}}, and it will try to use the {{CredentialProvider}} if it's supported in the version of Hadoop you're using. Otherwise, it simply returns the value normally.
> Use Hadoop's CredentialProvider for passwords in oozie-site
> -----------------------------------------------------------
>
> Key: OOZIE-2272
> URL: https://issues.apache.org/jira/browse/OOZIE-2272
> Project: Oozie
> Issue Type: Improvement
> Components: security
> Affects Versions: trunk
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Attachments: OOZIE-2272.001.patch
>
>
> We have a few passwords in oozie-site:
> - {{oozie.email.smtp.password}}
> - {{oozie.service.JPAService.jdbc.password}}
> It would be good if we supported Hadoop's {{CredentialProvider}} so that the passwords can be specified in an external encrypted file. The file can be prepared as described [here|http://hadoop.apache.org/docs/r2.7.0/hadoop-project-dist/hadoop-common/CommandsManual.html#credential] in the Hadoop docs.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)