[jira] [Commented] (OOZIE-2356) Add a way to enable/disable credentials in a workflow

["Rohini Palaniswamy (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/OOZIE-2356?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14731335#comment-14731335 ] 

Rohini Palaniswamy commented on OOZIE-2356:
-------------------------------------------

This is a really good one. Can we add couple of enhancements to it?
   - Have a action level override instead of just workflow level. This will be needed if one is talking to different clusters in different actions of the workflow. 
    - Have a Oozie server level property to skip credentials. Soon we would like users to be able to run their production workflows in unit test framework with dummy data. It can be useful at that time.

> Add a way to enable/disable credentials in a workflow
> -----------------------------------------------------
>
>                 Key: OOZIE-2356
>                 URL: https://issues.apache.org/jira/browse/OOZIE-2356
>             Project: Oozie
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: trunk
>            Reporter: Robert Kanter
>            Assignee: Robert Kanter
>         Attachments: OOZIE-2356.001.patch
>
>
> Currently, in a Kerberos cluster, you can use the {{<credentials>}} section to tell Oozie to get delegation tokens for HCat/Metastore, HS2, HBase, etc. However, this is defined in the workflow.xml, which means that Oozie will always try to get those tokens, even in an non-secure cluster, where it will likely fail. We should add a mechanism to enable/disable getting credentials so that the same workflow.xml can be used in both a secure and non-secure environment; as it is now, you have to maintain two copies of the workflow.xml.
> We can do this fairly simply by adding a job-level property (e.g. oozie.credentials.skip=true) that would skip getting delegation tokens.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)