[
https://issues.apache.org/jira/browse/HADOOP-14935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16201894#comment-16201894
]
Santhosh G Nayak edited comment on HADOOP-14935 at 10/12/17 12:48 PM:
----------------------------------------------------------------------
Thanks [~steve_l] for reviewing the patch and tuning few tests.
Addressed comments from TODO section in v4 patch,
- Introduced a new test class
{{TestNativeAzureFileSystemAuthorizationGetFileStatus}} which sets
{{fs.azure.enable.authorization.getfilestatus}} to {{true}} and runs the same
authorization test, that way all the code paths are covered.
- Separated the tests for different permission combinations.
- New sticky bit related rename tests may have passed because of the additional
policies configured for {{getFileStatus()}} to work.
Testing: All the tests passed with Azure South India storage endpoint.
was (Author: snayak):
Thanks [~steve_l] for reviewing the patch and tuning few tests.
Addressed comments from TODO section in v4 patch,
- Introduced a new test class
{{TestNativeAzureFileSystemAuthorizationGetFileStatus}} which sets
{{fs.azure.enable.authorization.getfilestatus}} to {{true}} and runs the same
authorization test, that way all the code paths are covered.
- Separated the tests for different permission combinations.
- New sticky bit related rename tests may have passed because of the additional
policies configured for {{getFileStatus()}} to work.
> Azure: POSIX permissions are taking effect in access() method even when
> authorization is enabled
> ------------------------------------------------------------------------------------------------
>
> Key: HADOOP-14935
> URL: https://issues.apache.org/jira/browse/HADOOP-14935
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/azure
> Affects Versions: 2.9.0
> Reporter: Santhosh G Nayak
> Assignee: Santhosh G Nayak
> Attachments: HADOOP-14935-003.patch, HADOOP-14935-004.patch,
> HADOOP-14935.1.patch, HADOOP-14935.2.patch
>
>
> FileSystem implementation class for azure i.e. {{NativeAzureFileSystem}} does
> not override {{access(path,mode)}} method and uses the default implementation
> from the base class. This base implementaion uses the POSIX permissions to
> check if the requested user has access to given path or not even when
> authorization is enabled, which is incorrect.
> {{NativeAzureFileSystem.access()}} in authorization enabled mode should use
> the authorization mechanism provided instead of relying on the POSIX
> permission ons. So the proposal is to override {{FileSystem.access()}} method
> in {{NativeAzureFileSystem}} such that it honors the authorization mechanism
> configured in authorization enabled mode and falls back to POSIX permissions
> otherwise.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
