[
https://issues.apache.org/jira/browse/HADOOP-15694?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16603880#comment-16603880
]
Sean Mackrory commented on HADOOP-15694:
----------------------------------------
Attaching a version rebased on the latest HADOOP-15407 branch. Integration
tests now seem to be getting skipped, which I need to look into, but the unit
tests all run successfully. My only concern with the new changes is that a
regular Configuration will get passed to the CustomDelegationTokenProviders and
there's no way around that because it wouldn't otherwise comply with Hadoop
Common interfaces. I don't think that concern is well-founded because it would
be lacking account name context anyway. But it's late so I'm calling it out in
case I'm not thinking straight right now :)
{quote} Could you also update the ABFS configuration keys in "testing_azure.md"
related to this change?{quote}
I don't believe any changes are required there. Any configuration before should
still work, and in a test configuration I think it still makes sense to have
account-specific configuration, because you have to configure account-specific
details in that file anyway. I would personally still choose to be more
explicit in unit tests.
> ABFS: Allow OAuth credentials to not be tied to accounts
> --------------------------------------------------------
>
> Key: HADOOP-15694
> URL: https://issues.apache.org/jira/browse/HADOOP-15694
> Project: Hadoop Common
> Issue Type: Sub-task
> Reporter: Sean Mackrory
> Assignee: Sean Mackrory
> Priority: Major
> Attachments: HADOOP-15694.001.patch, HADOOP-15694.002.patch,
> HADOOP-15694.003.patch
>
>
> Now that there's OAuth support, it's possible to have a notion of identity
> that's distinct from the account itself. If a cluster is configured via OAuth
> with it's own identity, it's likely operators will want to use that identity
> regardless of which storage account a job uses.
> So OAuth configs right now (and probably others) are looked up with
> <config_key>.<account>. I propose that we add a function for looking up these
> configs that returns an account-specific value if it exists, but in the event
> it does not will also try to return <config_key>, if that exists.
> I can work on a patch for this if nobody has any objections.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
