[jira] [Commented] (HADOOP-13945) Azure: Add Kerberos and Delegation token support to WASB client.

Thu, 16 Mar 2017 12:38:59 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-13945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15928704#comment-15928704
 ] 

Steve Loughran commented on HADOOP-13945:
-----------------------------------------

in {{RemoteWasbAuthorizerImpl.getSASKey()}} ,InterruptedException should be 
rethrow, or the thread interrupte state set...don't want to lose the shutdown 
event.
as any raised IOE text isn't preserved, the {{SASKeyGenerationException}} which 
be raised afterwards will lose the text/stack trace. Needs to be preserved for 
the sake of the support team.

Similarly, {{RemoteWasbAuthorizerImpl.init()}} logs an IOE but doesn't retain 
it to rethrow. Should be used to init the cause in the wasb exception.

> Azure: Add Kerberos and Delegation token support to WASB client.
> ----------------------------------------------------------------
>
>                 Key: HADOOP-13945
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13945
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/azure
>    Affects Versions: 2.8.0
>            Reporter: Santhosh G Nayak
>            Assignee: Santhosh G Nayak
>         Attachments: HADOOP-13945.1.patch, HADOOP-13945.2.patch, 
> HADOOP-13945.3.patch, HADOOP-13945.4.patch, HADOOP-13945.5.patch, 
> HADOOP-13945.6.patch, HADOOP-13945.7.patch, HADOOP-13945.8.patch
>
>
> Current implementation of Azure storage client for Hadoop ({{WASB}}) does not 
> support Kerberos Authentication and FileSystem authorization, which makes it 
> unusable in secure environments with multi user setup. 
> To make {{WASB}} client more suitable to run in Secure environments, there 
> are 2 initiatives under way for providing the authorization (HADOOP-13930) 
> and fine grained access control (HADOOP-13863) support.
> This JIRA is created to add Kerberos and delegation token support to {{WASB}} 
> client to fetch Azure Storage SAS keys (from Remote service as discussed in 
> HADOOP-13863), which provides fine grained timed access to containers and 
> blobs. 
> For delegation token management, the proposal is it use the same REST service 
> which being used to generate the SAS Keys.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to