HADOOP-12804. Read Proxy Password from Credential Providers in S3 FileSystem. Contributed by Larry McCay.

This commit is contained in:
Steve Loughran 2016-11-25 13:33:32 +00:00
parent 6fe5ffd05d
commit 9701ab48e8
2 changed files with 43 additions and 5 deletions

View File

@ -118,7 +118,8 @@ interface S3ClientFactory {
* @throws IllegalArgumentException if misconfigured
*/
private static void initProxySupport(Configuration conf,
ClientConfiguration awsConf) throws IllegalArgumentException {
ClientConfiguration awsConf)
throws IllegalArgumentException, IOException {
String proxyHost = conf.getTrimmed(PROXY_HOST, "");
int proxyPort = conf.getInt(PROXY_PORT, -1);
if (!proxyHost.isEmpty()) {
@ -135,7 +136,11 @@ interface S3ClientFactory {
}
}
String proxyUsername = conf.getTrimmed(PROXY_USERNAME);
String proxyPassword = conf.getTrimmed(PROXY_PASSWORD);
String proxyPassword = null;
char[] proxyPass = conf.getPassword(PROXY_PASSWORD);
if (proxyPass != null) {
proxyPassword = new String(proxyPass).trim();
}
if ((proxyUsername == null) != (proxyPassword == null)) {
String msg = "Proxy error: " + PROXY_USERNAME + " or " +
PROXY_PASSWORD + " set without the other.";
@ -147,11 +152,11 @@ interface S3ClientFactory {
awsConf.setProxyDomain(conf.getTrimmed(PROXY_DOMAIN));
awsConf.setProxyWorkstation(conf.getTrimmed(PROXY_WORKSTATION));
if (LOG.isDebugEnabled()) {
LOG.debug("Using proxy server {}:{} as user {} with password {} on " +
"domain {} as workstation {}", awsConf.getProxyHost(),
LOG.debug("Using proxy server {}:{} as user {} on " +
"domain {} as workstation {}", awsConf.getProxyHost(),
awsConf.getProxyPort(),
String.valueOf(awsConf.getProxyUsername()),
awsConf.getProxyPassword(), awsConf.getProxyDomain(),
awsConf.getProxyDomain(),
awsConf.getProxyWorkstation());
}
} else if (proxyPort >= 0) {

View File

@ -175,6 +175,39 @@ public class ITestS3AConfiguration {
}
}
@Test
public void testProxyPasswordFromCredentialProvider() throws Exception {
ClientConfiguration awsConf = new ClientConfiguration();
// set up conf to have a cred provider
final Configuration conf2 = new Configuration();
final File file = tempDir.newFile("test.jks");
final URI jks = ProviderUtils.nestURIForLocalJavaKeyStoreProvider(
file.toURI());
conf2.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
jks.toString());
provisionProxyPassword(conf2, "password");
// let's set the password in config and ensure that it uses the credential
// provider provisioned value instead.
conf2.set(Constants.PROXY_PASSWORD, "passwordLJM");
char[] pwd = conf2.getPassword(Constants.PROXY_PASSWORD);
assertNotNull("Proxy password should not retrun null.", pwd);
if (pwd != null) {
assertEquals("Proxy password override did NOT work.", "password",
new String(pwd));
}
}
void provisionProxyPassword(final Configuration conf2, String pwd)
throws Exception {
// add our password to the provider
final CredentialProvider provider =
CredentialProviderFactory.getProviders(conf2).get(0);
provider.createCredentialEntry(Constants.PROXY_PASSWORD, pwd.toCharArray());
provider.flush();
}
@Test
public void testUsernameInconsistentWithPassword() throws Exception {
conf = new Configuration();