[
https://issues.apache.org/jira/browse/HADOOP-12059?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14574552#comment-14574552
]
Sean Busbey commented on HADOOP-12059:
--------------------------------------
{quote}
it seems to me that wrapLocalFileUri should really be added to ProviderUtils
rather than to the credential provider itself. There is a bit of a blurred line
due to the fact that it creates a localjceks based URI but since it isn't part
of the CredentialProvider interface and is basically needed for tests - I think
it should go in either the ProviderUtils class or just be part of the test.
{quote}
I'm happy to place the helper function where ever y'all would like. However,
it's important to note that the wrapper is just implementing the munging
described in the javadocs for LJKSP, it's not the same as the one described in
ProviderUtils.unnest (though that one is a superset). I figure it ought not be
a part of the specific test since it's generally useful for other tests that
need to similarly test against a local jks.
Is something like {{ProviderUtils.nestLocalFileUriInLocalJavaKeyStoreProvider}}
preferable?
{quote}
I also just wanted to point out that the local version of the keystore provider
is primarily useful when you CAN'T store the keystore in HDFS. For instance,
the LDAPGroupsMapping can't use the Hadoop FileSystem abstraction because it
causes a recursive infinite loop in order to look up groups to see if you can
access the keystore. I just wanted to make sure that you were aware of the
regular JavaKeyStoreProvider which allows for local file or hdfs.
{quote}
Yep, I saw it. The test is meant to be lightweight without access to a
minicluster, so it seemed best to ensure only local jks would be used.
> S3Credentials should support use of CredentialProvider
> ------------------------------------------------------
>
> Key: HADOOP-12059
> URL: https://issues.apache.org/jira/browse/HADOOP-12059
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Sean Busbey
> Assignee: Sean Busbey
> Attachments: HADOOP-12059.1.patch, HADOOP-12059.2.patch
>
>
> Right now S3Credentials only works with cleartext passwords in configs (as a
> secret access key or the URI). The non-URI version should use credential
> providers with a fallback to the clear text option.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
