SmartData 3.4.0 and later support JindoFS OSS credential providers. You can use a JindoFS OSS credential provider to save an encrypted AccessKey pair into a file. This prevents the AccessKey pair from being leaked.
Configure a JindoFS OSS credential provider
- Go to the SmartData service.
- Log on to the Alibaba Cloud EMR console.
- In the top navigation bar, select the region where your cluster resides. Select the resource group as required. By default, all resources of the account appear.
- Click the Cluster Management tab.
- On the Cluster Management page that appears, find the target cluster and click Details in the Actions column.
- In the left-side navigation pane, click Cluster Service and then SmartData.
- Go to the smartdata-site tab.
- Click the Configure tab.
- In the Service Configuration section, click the smartdata-site tab.
- Add configuration information.
- Save the configuration.
- In the upper-right corner of the Service Configuration section, click Save.
- In the Confirm Changes dialog box, specify Description and turn on Auto-update Configuration.
- Click OK.
Credential provider types
You can select different credential providers based on your business requirements:
- Global configuration
- TemporaryAliyunCredentialsProvider
This credential provider is suitable for scenarios in which an AccessKey pair with a validity period and a security token with a validity period are used to access OSS.
Parameter Description fs.jfs.cache.oss.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.TemporaryAliyunCredentialsProvider. fs.jfs.cache.oss.accessKeyId The AccessKey ID used to access an OSS bucket. fs.jfs.cache.oss.accessKeySecret The AccessKey secret used to access the OSS bucket. fs.jfs.cache.oss.securityToken The temporary security token used to access the OSS bucket. - SimpleAliyunCredentialsProvider
This credential provider is suitable for scenarios in which an AccessKey pair with a long validity period is used to access OSS.
Parameter Description fs.jfs.cache.oss.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.SimpleAliyunCredentialsProvider. fs.jfs.cache.oss.accessKeyId The AccessKey ID used to access an OSS bucket. fs.jfs.cache.oss.accessKeySecret The AccessKey secret used to access the OSS bucket. - EnvironmentVariableCredentialsProvider
To use this credential provider, you must configure the related parameters in environment variables. The parameters are described in the following table.
Parameter Description fs.jfs.cache.oss.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.EnvironmentVariableCredentialsProvider. ALIYUN_ACCESS_KEY_ID The AccessKey ID used to access an OSS bucket. ALIYUN_ACCESS_KEY_SECRET The AccessKey secret used to access the OSS bucket. ALIYUN_SECURITY_TOKEN The temporary security token used to access the OSS bucket. Note This parameter is required only when you configure a token that has a validity period. - JindoCommonCredentialsProvider
This is a common credential provider. After you configure the parameters described in the following table, you can use this credential provider in both JindoOSS and JindoFS.
Parameter Description fs.jfs.cache.oss.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.JindoCommonCredentialsProvider. jindo.common.accessKeyId The AccessKey ID used to access an OSS bucket. jindo.common.accessKeySecret The AccessKey secret used to access the OSS bucket. jindo.common.securityToken The temporary security token used to access the OSS bucket. - EcsStsCredentialsProvider
This credential provider does not require an AccessKey pair. You can access OSS in password-free mode.
Parameter Description fs.jfs.cache.oss.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.EcsStsCredentialsProvider.
- TemporaryAliyunCredentialsProvider
- Bucket-level configuration
- TemporaryAliyunCredentialsProvider
This credential provider is suitable for scenarios in which an AccessKey pair with a validity period and a security token with a validity period are used to access OSS.
Parameter Description fs.jfs.cache.oss.bucket.XXX.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.TemporaryAliyunCredentialsProvider. fs.jfs.cache.oss.bucket.XXX.accessKeyId The AccessKey ID used to access an OSS bucket. fs.jfs.cache.oss.bucket.XXX.accessKeySecret The AccessKey secret used to access the OSS bucket. fs.jfs.cache.oss.bucket.XXX.securityToken The temporary security token used to access the OSS bucket. - SimpleAliyunCredentialsProvider
This credential provider is suitable for scenarios in which an AccessKey pair with a long validity period is used to access OSS.
Parameter Description fs.jfs.cache.oss.bucket.XXX.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.SimpleAliyunCredentialsProvider. fs.jfs.cache.oss.bucket.XXX.accessKeyId The AccessKey ID used to access an OSS bucket. fs.jfs.cache.oss.bucket.XXX.accessKeySecret The AccessKey secret used to access the OSS bucket. - EnvironmentVariableCredentialsProvider
To use this credential provider, you must configure the related parameters in environment variables. The parameters are described in the following table.
Parameter Description fs.jfs.cache.oss.bucket.XXX.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.EnvironmentVariableCredentialsProvider. ALIYUN_ACCESS_KEY_ID The AccessKey ID used to access an OSS bucket. ALIYUN_ACCESS_KEY_SECRET The AccessKey secret used to access the OSS bucket. ALIYUN_SECURITY_TOKEN The temporary security token used to access the OSS bucket. Note This parameter is required only when you configure a token that has a validity period. - JindoCommonCredentialsProvider
This is a common credential provider. After you configure the parameters described in the following table, you can use this credential provider in both JindoOSS and JindoFS.
Parameter Description fs.jfs.cache.oss.bucket.XXX.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.JindoCommonCredentialsProvider. jindo.common.accessKeyId The AccessKey ID used to access an OSS bucket. jindo.common.accessKeySecret The AccessKey secret used to access the OSS bucket. jindo.common.securityToken The temporary security token used to access the OSS bucket. - EcsStsCredentialsProvider
This credential provider does not require an AccessKey pair. You can access OSS in password-free mode.
Parameter Description fs.jfs.cache.oss.bucket.XXX.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.EcsStsCredentialsProvider.
- TemporaryAliyunCredentialsProvider