[
https://issues.apache.org/jira/browse/HIVE-26464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17584730#comment-17584730
]
Peter Felker edited comment on HIVE-26464 at 8/25/22 10:36 AM:
---------------------------------------------------------------
Hi [~lmccay]:
As I see, you've read the [Hive Replication Keystore
Management|https://docs.google.com/document/u/1/d/1ZRveqNCvFn__UFke7pKx3KZ2r6_AH7Z4MBDKuuapJHE/edit]
documentation. This answers why we implemented it this way.
As for the the other question:
{quote}
why is this a Hive JIRA and not a general purpose HADOOP credential provider
improvement.
{quote}
It's a good point, this really could be a general Hadoop credential provider.
However we're not Hadoop committers, we work on Hive replication code and there
are just a few people in the team who can merge the changes upstream. So we're
kind of limited.
was (Author: JIRAUSER294231):
Hi [~lmccay]:
As I see, you've read the [Hive Replication Keystore
Management|https://docs.google.com/document/u/1/d/1ZRveqNCvFn__UFke7pKx3KZ2r6_AH7Z4MBDKuuapJHE/edit]
documentation. This answers why we implemented it this way.
As for the the other question:
{quote}
why is this a Hive JIRA and not a general purpose HADOOP credential provider
improvement.
{quote}
It's a good point, this really could be a general Hadoop credential provider.
However we're not Hadoop committers, we work on Hive replication code and there
are just a few people in the team who can merge the changes upstream. So we're
kind of limited.
So [~lmccay], what do you think? Are you OK with this change?
> New credential provider for replicating to the cloud
> ----------------------------------------------------
>
> Key: HIVE-26464
> URL: https://issues.apache.org/jira/browse/HIVE-26464
> Project: Hive
> Issue Type: Task
> Components: HiveServer2, repl
> Reporter: Peter Felker
> Assignee: Peter Felker
> Priority: Major
> Labels: pull-request-available
> Time Spent: 50m
> Remaining Estimate: 0h
>
> In {{ReplDumpTask}}, if the following *new* config is provided in
> {{HiveConf}}:
> * {{hive.repl.cloud.credential.provider.path}}
> then the HS2 credstore URI scheme, contained by {{HiveConf}} with key
> {{hadoop.security.credential.provider.path}}, should be updated so that it
> will start with new scheme: {{hiverepljceks}}. For instance:
> {code}jceks://file/path/to/credstore/creds.localjceks{code}
> will become:
> {code}hiverepljceks://file/path/to/credstore/creds.localjceks{code}
> This new scheme, {{hiverepljceks}}, will make Hadoop to use a *new*
> credential provider, which will do the following:
> # Load the HS2 keystore file, defined by key
> {{hadoop.security.credential.provider.path}}
> # Gets a password from the HS2 keystore file, with key:
> {{hive.repl.cloud.credential.provider.password}}
> # This password will be used to load another keystore file, located on HDFS
> and specified by the new config mentioned before:
> {{hive.repl.cloud.credential.provider.path}}. This contains the cloud
> credentials for the Hive cloud replication.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
