HADOOP-12804. Read Proxy Password from Credential Providers in S3 FileSystem. Contributed by Larry McCay.

hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/S3ClientFactory.java

@@ -118,7 +118,8 @@ interface S3ClientFactory {
      * @throws IllegalArgumentException if misconfigured
      */
     private static void initProxySupport(Configuration conf,
-        ClientConfiguration awsConf) throws IllegalArgumentException {
+        ClientConfiguration awsConf)
+            throws IllegalArgumentException, IOException {
       String proxyHost = conf.getTrimmed(PROXY_HOST, "");
       int proxyPort = conf.getInt(PROXY_PORT, -1);
       if (!proxyHost.isEmpty()) {
@@ -135,7 +136,11 @@ interface S3ClientFactory {
           }
         }
         String proxyUsername = conf.getTrimmed(PROXY_USERNAME);
-        String proxyPassword = conf.getTrimmed(PROXY_PASSWORD);
+        String proxyPassword = null;
+        char[] proxyPass = conf.getPassword(PROXY_PASSWORD);
+        if (proxyPass != null) {
+          proxyPassword = new String(proxyPass).trim();
+        }
         if ((proxyUsername == null) != (proxyPassword == null)) {
           String msg = "Proxy error: " + PROXY_USERNAME + " or " +
               PROXY_PASSWORD + " set without the other.";
@@ -147,11 +152,11 @@ interface S3ClientFactory {
         awsConf.setProxyDomain(conf.getTrimmed(PROXY_DOMAIN));
         awsConf.setProxyWorkstation(conf.getTrimmed(PROXY_WORKSTATION));
         if (LOG.isDebugEnabled()) {
-          LOG.debug("Using proxy server {}:{} as user {} with password {} on " +
-                  "domain {} as workstation {}", awsConf.getProxyHost(),
+          LOG.debug("Using proxy server {}:{} as user {} on " +
+                "domain {} as workstation {}", awsConf.getProxyHost(),
               awsConf.getProxyPort(),
               String.valueOf(awsConf.getProxyUsername()),
-              awsConf.getProxyPassword(), awsConf.getProxyDomain(),
+              awsConf.getProxyDomain(),
               awsConf.getProxyWorkstation());
         }
       } else if (proxyPort >= 0) {

hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/ITestS3AConfiguration.java

@@ -175,6 +175,39 @@ public class ITestS3AConfiguration {
     }
   }
 
+  @Test
+  public void testProxyPasswordFromCredentialProvider() throws Exception {
+    ClientConfiguration awsConf = new ClientConfiguration();
+    // set up conf to have a cred provider
+    final Configuration conf2 = new Configuration();
+    final File file = tempDir.newFile("test.jks");
+    final URI jks = ProviderUtils.nestURIForLocalJavaKeyStoreProvider(
+        file.toURI());
+    conf2.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
+        jks.toString());
+
+    provisionProxyPassword(conf2, "password");
+
+    // let's set the password in config and ensure that it uses the credential
+    // provider provisioned value instead.
+    conf2.set(Constants.PROXY_PASSWORD, "passwordLJM");
+    char[] pwd = conf2.getPassword(Constants.PROXY_PASSWORD);
+    assertNotNull("Proxy password should not retrun null.", pwd);
+    if (pwd != null) {
+      assertEquals("Proxy password override did NOT work.", "password",
+          new String(pwd));
+    }
+  }
+
+  void provisionProxyPassword(final Configuration conf2, String pwd)
+      throws Exception {
+    // add our password to the provider
+    final CredentialProvider provider =
+        CredentialProviderFactory.getProviders(conf2).get(0);
+    provider.createCredentialEntry(Constants.PROXY_PASSWORD, pwd.toCharArray());
+    provider.flush();
+  }
+
   @Test
   public void testUsernameInconsistentWithPassword() throws Exception {
     conf = new Configuration();