[HIVE-26464] New credential provider for replicating to the cloud - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: HiveServer2, repl
Labels:
- pull-request-available

Description

For a more detailed explanation, see: Hive Replication Keystore Management

In ReplDumpTask, if the following new config is provided in HiveConf:

hive.repl.cloud.credential.provider.path

then the HS2 credstore URI scheme, contained by HiveConf with key hadoop.security.credential.provider.path, should be updated so that it will start with new scheme: hiverepljceks. For instance:

jceks://file/path/to/credstore/creds.localjceks

will become:

hiverepljceks://file/path/to/credstore/creds.localjceks

This new scheme, hiverepljceks, will make Hadoop to use a new credential provider, which will do the following:

Load the HS2 keystore file, defined by key hadoop.security.credential.provider.path
Gets a password from the HS2 keystore file, with key: hive.repl.cloud.credential.provider.password
This password will be used to load another keystore file, located on HDFS and specified by the new config mentioned before: hive.repl.cloud.credential.provider.path. This contains the cloud credentials for the Hive cloud replication.

Attachments

Issue Links

links to

GitHub Pull Request #3526

Activity

People

Assignee:: Peter Felker

Reporter:: Peter Felker

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11/Aug/22 17:51

Updated:: 01/Sep/22 12:16

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 10m