[jira] [Commented] (HADOOP-16105) WASB in secure mode does not set connectingUsingSAS

[Steve Loughran (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-16105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16765232#comment-16765232
 ] 

Steve Loughran commented on HADOOP-16105:
-----------------------------------------

OK, I understand this now. I'd thought that it wasn't actually connecting, 
which would be a major issue that people should have seen. It's a bit more 
subtle

The {{connectingUsingSAS}} flag tells the client not to check for the existence 
of the bucket, on the basis that the granted account *may not have the 
permissions to probe for that state*. 

Which is why if you connect using SAS outside of secure mode, the existence 
check is disabled.

In secure mode tests, if your a/c has the right permissions, everything works, 
so the fact that the property was null doesn't surface. 

You need the following conditions
# secure mode = true
# client doesn't have permissions to call 
{{container.downloadAttributes(getInstrumentedContext())}}

Setting the {{connectingUsingSAS}} property to true disables the existence 
checks on the first file IO operation. 

I've got the patch for this, along with a test which does a best effort attempt 
to replicate the problem by (a) deleting the container and (b) expecting the 
fact that the container is not found to surface a bit later in the write file 
codepath.

It also
 * stops the test setup deletion of the account credentials in secure mode 
(they're needed to generate the local SAS key)
 * Adds logging @ debug as to what is going on in the secure mode codepath
 * {{LocalSASKeyGeneratorImpl}} to raise a SASKeyGenerationException if the 
account key is null/empty. This means that the error message is more meaningful 
than an IllegalArgumentException about base-64 decoding. 


> WASB in secure mode does not set connectingUsingSAS
> ---------------------------------------------------
>
>                 Key: HADOOP-16105
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16105
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs/azure
>    Affects Versions: 2.8.5, 3.1.2
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Major
>
> If you run WASB in secure mode, it doesn't set {{connectingUsingSAS}} to 
> true, which can break things



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org