HADOOP-12804. Read Proxy Password from Credential Providers in S3 FileSystem. Contributed by Larry McCay.

2016-11-25 13:33:32 +00:00 · 2016-11-25 13:33:32 +00:00 · 9701ab48e8
parent 6fe5ffd05d
commit 9701ab48e8
2 changed files with 43 additions and 5 deletions
--- a/hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/S3ClientFactory.java
+++ b/hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/S3ClientFactory.java
@ -118,7 +118,8 @@ interface S3ClientFactory {
     * @throws IllegalArgumentException if misconfigured
     */
    private static void initProxySupport(Configuration conf,
-        ClientConfiguration awsConf) throws IllegalArgumentException {
+        ClientConfiguration awsConf)
            throws IllegalArgumentException, IOException {
      String proxyHost = conf.getTrimmed(PROXY_HOST, "");
      int proxyPort = conf.getInt(PROXY_PORT, -1);
      if (!proxyHost.isEmpty()) {
@ -135,7 +136,11 @@ interface S3ClientFactory {
          }
        }
        String proxyUsername = conf.getTrimmed(PROXY_USERNAME);
-        String proxyPassword = conf.getTrimmed(PROXY_PASSWORD);
+        String proxyPassword = null;
        char[] proxyPass = conf.getPassword(PROXY_PASSWORD);
        if (proxyPass != null) {
          proxyPassword = new String(proxyPass).trim();
        }
        if ((proxyUsername == null) != (proxyPassword == null)) {
          String msg = "Proxy error: " + PROXY_USERNAME + " or " +
              PROXY_PASSWORD + " set without the other.";
@ -147,11 +152,11 @@ interface S3ClientFactory {
        awsConf.setProxyDomain(conf.getTrimmed(PROXY_DOMAIN));
        awsConf.setProxyWorkstation(conf.getTrimmed(PROXY_WORKSTATION));
        if (LOG.isDebugEnabled()) {
-          LOG.debug("Using proxy server {}:{} as user {} with password {} on " +
+          LOG.debug("Using proxy server {}:{} as user {} on " +
                "domain {} as workstation {}", awsConf.getProxyHost(),
              awsConf.getProxyPort(),
              String.valueOf(awsConf.getProxyUsername()),
-              awsConf.getProxyPassword(), awsConf.getProxyDomain(),
+              awsConf.getProxyDomain(),
              awsConf.getProxyWorkstation());
        }
      } else if (proxyPort >= 0) {
--- a/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/ITestS3AConfiguration.java
+++ b/hadoop-tools/hadoop-aws/src/test/java/org/apache/hadoop/fs/s3a/ITestS3AConfiguration.java
@ -175,6 +175,39 @@ public class ITestS3AConfiguration {
    }
  }
  @Test
  public void testProxyPasswordFromCredentialProvider() throws Exception {
    ClientConfiguration awsConf = new ClientConfiguration();
    // set up conf to have a cred provider
    final Configuration conf2 = new Configuration();
    final File file = tempDir.newFile("test.jks");
    final URI jks = ProviderUtils.nestURIForLocalJavaKeyStoreProvider(
        file.toURI());
    conf2.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
        jks.toString());
    provisionProxyPassword(conf2, "password");
    // let's set the password in config and ensure that it uses the credential
    // provider provisioned value instead.
    conf2.set(Constants.PROXY_PASSWORD, "passwordLJM");
    char[] pwd = conf2.getPassword(Constants.PROXY_PASSWORD);
    assertNotNull("Proxy password should not retrun null.", pwd);
    if (pwd != null) {
      assertEquals("Proxy password override did NOT work.", "password",
          new String(pwd));
    }
  }
  void provisionProxyPassword(final Configuration conf2, String pwd)
      throws Exception {
    // add our password to the provider
    final CredentialProvider provider =
        CredentialProviderFactory.getProviders(conf2).get(0);
    provider.createCredentialEntry(Constants.PROXY_PASSWORD, pwd.toCharArray());
    provider.flush();
  }
  @Test
  public void testUsernameInconsistentWithPassword() throws Exception {
    conf = new Configuration();