[
https://issues.apache.org/jira/browse/HADOOP-13863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dushyanth updated HADOOP-13863:
-------------------------------
Attachment: HADOOP-13863.001.patch
First iteration of the support to add SAS key mode for WASB.
This patch has following limitations:
1) Supports only LocalSASKey mode.
2) No support for renewal of SAS keys
Testing: This patch has been tested for both Non-SAS key mode and SAS-key mode
for live azure storage tests.
> Hadoop - Azure: Add a new SAS key mode for WASB.
> ------------------------------------------------
>
> Key: HADOOP-13863
> URL: https://issues.apache.org/jira/browse/HADOOP-13863
> Project: Hadoop Common
> Issue Type: Improvement
> Components: azure, fs/azure
> Affects Versions: 2.8.0
> Reporter: Dushyanth
> Assignee: Dushyanth
> Attachments: HADOOP-13863.001.patch, WASB-SAS Key Mode-Design
> Proposal.pdf
>
>
> Current implementation of WASB, only supports Azure storage keys and SAS key
> being provided via org.apache.hadoop.conf.Configuration, which results in
> these secrets residing in the same address space as the WASB process and
> providing complete access to the Azure storage account and its containers.
> Added to the fact that WASB does not inherently support ACL's, WASB is its
> current implementation cannot be securely used for environments like secure
> hadoop cluster. This JIRA is created to add a new mode in WASB, which
> operates on Azure Storage SAS keys, which can provide fine grained timed
> access to containers and blobs, providing a segway into supporting WASB for
> secure hadoop cluster.
> More details about the issue and the proposal are provided in the design
> proposal document.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
