You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oozie.apache.org by "Robert Kanter (JIRA)" <ji...@apache.org> on 2015/09/04 03:38:45 UTC
[jira] [Updated] (OOZIE-2356) Add a way to enable/disable
credentials in a workflow
[ https://issues.apache.org/jira/browse/OOZIE-2356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Kanter updated OOZIE-2356:
---------------------------------
Attachment: OOZIE-2356.001.patch
The patch adds the job-level {{oozie.credentials.skip}} property, which defaults to false. It also makes some improvements in skipping some stuff if we're not going to load credentials to be more efficient. Unit test and docs too.
> Add a way to enable/disable credentials in a workflow
> -----------------------------------------------------
>
> Key: OOZIE-2356
> URL: https://issues.apache.org/jira/browse/OOZIE-2356
> Project: Oozie
> Issue Type: Improvement
> Components: security
> Affects Versions: trunk
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Attachments: OOZIE-2356.001.patch
>
>
> Currently, in a Kerberos cluster, you can use the {{<credentials>}} section to tell Oozie to get delegation tokens for HCat/Metastore, HS2, HBase, etc. However, this is defined in the workflow.xml, which means that Oozie will always try to get those tokens, even in an non-secure cluster, where it will likely fail. We should add a mechanism to enable/disable getting credentials so that the same workflow.xml can be used in both a secure and non-secure environment; as it is now, you have to maintain two copies of the workflow.xml.
> We can do this fairly simply by adding a job-level property (e.g. oozie.credentials.skip=true) that would skip getting delegation tokens.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)