[
https://issues.apache.org/jira/browse/HADOOP-10769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14049375#comment-14049375
]
Larry McCay commented on HADOOP-10769:
--------------------------------------
I'm sorry for not making my point more clearly.
Say we want a key provider for an external key system that does not use
delegation tokens but some other token instead.
Should we add a getXToken as well?
I am just trying to abstract away things like authentication tokens required by
proprietary providers and at the same time accommodate the KMS provider without
imposing this method on every provider.
So, if we were to create an execution context that we can then add to the
credentials object then it could be picked up by the services/tasks at runtime.
Unfortunately, we will have to know about certain names in order to put them in
through the right method and get them out from the right method. Unless we
added a new method for setting/getting the whole context....?
I'm not sure what you are getting at with the "if the KeyProvider is not
accessible from services/tasks in the cluster it is pretty much useless."
statement. How would a more generic approach to getting required tokens make
the key provider less accessible?
Anyway, I would be more comfortable with a more generic approach to this issue.
This is after all an SPI contract for accommodating arbitrary providers. If KMS
has a requirement for extra context information at runtime then others likely
do as well.
> Add getDelegationToken() method to KeyProvider
> ----------------------------------------------
>
> Key: HADOOP-10769
> URL: https://issues.apache.org/jira/browse/HADOOP-10769
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
>
> The KeyProvider API needs to return delegation tokens to enable access to the
> KeyProvider from processes without Kerberos credentials (ie Yarn containers).
> This is required for HDFS encryption and KMS integration.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
