[
https://issues.apache.org/jira/browse/HADOOP-14581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16062882#comment-16062882
]
Steve Loughran commented on HADOOP-14581:
-----------------------------------------
h3. {{NativeAzureFileSystem}}
2966: You should use {{getTrimmed}} to have leading, trailing whitespace cut;
we do that for all new properties.
I think here you could actually use {{getStrings()}} to get the list, and treat
an empty list as the same as an entry "*": all. Why use that method? Existing
regression tests.
* needs policy for: * in the string: maybe fail fast for illegal setup?
* needs policy for "". Right now it probably fails. Should it be a skip.
h3. {{TestNativeAzureFileSystemAuthorization}}
* try a string like {{"user1,user2 , user3 ,,user4 "}} to see what happens. I'd
expect the leading/trailing spaces stripped, empty element skipped.
* also try {{" user1, *"}} to verify that it gets rejected.
Here's the test policy I'm writing down; a formalisation of what's been
mentioned before
https://github.com/steveloughran/hadoop/blob/azure/HADOOP-14553-testing/hadoop-tools/hadoop-azure/src/site/markdown/testing_azure.md
for now, can you state which Azure endpoint you did a {{mvn -T 1C test}} run
on the hadoop-azure module. Thanks.
h3. Other
* Docs.
> Restrict setOwner to list of user when security is enabled in wasb
> ------------------------------------------------------------------
>
> Key: HADOOP-14581
> URL: https://issues.apache.org/jira/browse/HADOOP-14581
> Project: Hadoop Common
> Issue Type: Bug
> Components: fs/azure
> Affects Versions: 3.0.0-alpha3
> Reporter: Varada Hemeswari
> Assignee: Varada Hemeswari
> Labels: azure, fs, secure, wasb
> Attachments: HADOOP-14581.1.patch
>
>
> Currently in azure FS, setOwner api is exposed to all the users accessing the
> file system.
> When Authorization is enabled, access to some files/folders is given to
> particular users based on whether the user is the owner of the file.
> So setOwner has to be restricted to limited set of users to prevent users
> from exploiting owner based authorization of files and folders.
> Introducing a new config called fs.azure.chown.allowed.userlist which is a
> comma seperated list of users who are allowed to perform chown operation when
> authorization is enabled.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
