[
https://issues.apache.org/jira/browse/HADOOP-13945?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Santhosh G Nayak updated HADOOP-13945:
--------------------------------------
Attachment: HADOOP-13945.6.patch
Thanks [~liuml07] for reviewing the patch.
I have created a rebased patch excluding the changes in HADOOP-13930 (as it is
already committed) and addressed the following review comments,
(1) {{fs.azure.authorization.remote.service.url}} was introduced in
HADOOP-13930. Current patch does not have any reference to it.
(2) In code to log a message, keeping the exception as well.
(3) Unfortunately,
{{UserGroupInformation.getCurrentUser().getCredentials().getToken(WasbDelegationTokenIdentifier.TOKEN_KIND)}}
does not work, it takes only alias. Moving this logic to a util method.
(4) Fixed the nit by removing {{()}} for {{&&}} in {{if (isSecurityEnabled &&
(delegationToken != null && !delegationToken.isEmpty()))}}.
(5) Added {{package-info.java}} instead of {{package.html}}.
(6) Created Util methods to avoid duplicate code wherever possible.
(7), (8), (9) and (10) comments are related changes in HADOOP-13930 and already
addressed there.
(11) Handled it appropriately to the best of my knowledge, let me know if think
otherwise.
> Azure: Add Kerberos and Delegation token support to WASB client.
> ----------------------------------------------------------------
>
> Key: HADOOP-13945
> URL: https://issues.apache.org/jira/browse/HADOOP-13945
> Project: Hadoop Common
> Issue Type: Improvement
> Components: fs/azure
> Affects Versions: 2.8.0
> Reporter: Santhosh G Nayak
> Assignee: Santhosh G Nayak
> Attachments: HADOOP-13945.1.patch, HADOOP-13945.2.patch,
> HADOOP-13945.3.patch, HADOOP-13945.4.patch, HADOOP-13945.5.patch,
> HADOOP-13945.6.patch
>
>
> Current implementation of Azure storage client for Hadoop ({{WASB}}) does not
> support Kerberos Authentication and FileSystem authorization, which makes it
> unusable in secure environments with multi user setup.
> To make {{WASB}} client more suitable to run in Secure environments, there
> are 2 initiatives under way for providing the authorization (HADOOP-13930)
> and fine grained access control (HADOOP-13863) support.
> This JIRA is created to add Kerberos and delegation token support to {{WASB}}
> client to fetch Azure Storage SAS keys (from Remote service as discussed in
> HADOOP-13863), which provides fine grained timed access to containers and
> blobs.
> For delegation token management, the proposal is it use the same REST service
> which being used to generate the SAS Keys.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
