[
https://issues.apache.org/jira/browse/HADOOP-13863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15720581#comment-15720581
]
Dushyanth commented on HADOOP-13863:
------------------------------------
Thanks [[email protected]] for the review of the draft. To answer your
questions:
1)
https://docs.microsoft.com/en-us/azure/storage/storage-dotnet-shared-access-signature-part-1
2) The layer is going to be a layer with auth support, as well as logic to
support renewel of the SAS keys. Hence it made more sense to have a separate
implementation rather than polluting the current StorageInterfaceImpl
implementation. We expect the feature to be added iteratively, the first
iteration is expected to be introduction of the SAS key mode with just
copy-paste and get an initial read on the approach, and then the plan is to add
the renewel process.
3) Yes, the local SAS key mode will allow to desk the SAS key mode of execution
on anyone's desktop. The HttpClient mode, will have to be tested is specific
setups.
> Hadoop - Azure: Add a new SAS key mode for WASB.
> ------------------------------------------------
>
> Key: HADOOP-13863
> URL: https://issues.apache.org/jira/browse/HADOOP-13863
> Project: Hadoop Common
> Issue Type: Improvement
> Components: azure, fs/azure
> Affects Versions: 2.8.0
> Reporter: Dushyanth
> Assignee: Dushyanth
> Attachments: WASB-SAS Key Mode-Design Proposal.pdf
>
>
> Current implementation of WASB, only supports Azure storage keys and SAS key
> being provided via org.apache.hadoop.conf.Configuration, which results in
> these secrets residing in the same address space as the WASB process and
> providing complete access to the Azure storage account and its containers.
> Added to the fact that WASB does not inherently support ACL's, WASB is its
> current implementation cannot be securely used for environments like secure
> hadoop cluster. This JIRA is created to add a new mode in WASB, which
> operates on Azure Storage SAS keys, which can provide fine grained timed
> access to containers and blobs, providing a segway into supporting WASB for
> secure hadoop cluster.
> More details about the issue and the proposal are provided in the design
> proposal document.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
