[jira] [Comment Edited] (HIVE-26464) New credential provider for replicating to the cloud

Wed, 24 Aug 2022 09:32:06 -0700 


    [ 
https://issues.apache.org/jira/browse/HIVE-26464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17584359#comment-17584359
 ] 

Larry McCay edited comment on HIVE-26464 at 8/24/22 4:31 PM:
-------------------------------------------------------------

[~pfelker] - can you explain the actual problem that is being solved here?
I'd like to understand the value that this additional indirection is trying to 
provide given the current implementation.

Also, why is this a Hive JIRA and not a general purpose HADOOP credential 
provider improvement.

While I'm at it... :)

It seems like this could just be introduced as another alternative to 
retrieving the password - though I still need to understand what value it 
provides - rather than a whole new provider.


was (Author: lmccay):
[~pfelker] - can you explain the actual problem that is being solved here?
I'd like to understand the value that this additional indirection is trying to 
provide given the current implementation.

> New credential provider for replicating to the cloud
> ----------------------------------------------------
>
>                 Key: HIVE-26464
>                 URL: https://issues.apache.org/jira/browse/HIVE-26464
>             Project: Hive
>          Issue Type: Task
>          Components: HiveServer2, repl
>            Reporter: Peter Felker
>            Assignee: Peter Felker
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> In {{ReplDumpTask}}, if the following *new* config is provided in 
> {{HiveConf}}:
> * {{hive.repl.cloud.credential.provider.path}}
> then the HS2 credstore URI scheme, contained by {{HiveConf}} with key 
> {{hadoop.security.credential.provider.path}}, should be updated so that it 
> will start with new scheme: {{hiverepljceks}}. For instance:
> {code}jceks://file/path/to/credstore/creds.localjceks{code}
> will become:
> {code}hiverepljceks://file/path/to/credstore/creds.localjceks{code}
> This new scheme, {{hiverepljceks}}, will make Hadoop to use a *new* 
> credential provider, which will do the following:
> # Load the HS2 keystore file, defined by key 
> {{hadoop.security.credential.provider.path}}
> # Gets a password from the HS2 keystore file, with key: 
> {{hive.repl.cloud.credential.provider.password}}
> # This password will be used to load another keystore file, located on HDFS 
> and specified by the new config mentioned before: 
> {{hive.repl.cloud.credential.provider.path}}. This contains the cloud 
> credentials for the Hive cloud replication.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to