[
https://issues.apache.org/jira/browse/HADOOP-17397?focusedWorklogId=518284&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-518284
]
ASF GitHub Bot logged work on HADOOP-17397:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 01/Dec/20 05:22
Start Date: 01/Dec/20 05:22
Worklog Time Spent: 10m
Work Description: ThomasMarquardt opened a new pull request #2504:
URL: https://github.com/apache/hadoop/pull/2504
DETAILS:
The previous commit for HADOOP-17397 was not the correct fix.
DelegationSASGenerator.getDelegationSAS
should return sp=p for the set-permission and set-acl operations. The
tests have also been updated as
follows:
1. When saoid and suoid are not specified, skoid must have an RBAC role
assignment which grants
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/modifyPermissions/action
and sp=p
to set permissions or set ACL.
2. When saoid or suiod is specified, same as 1) but furthermore the
saoid or suoid must be an owner of
the file or directory in order for the operation to succeed.
3. When saoid or suiod is specified, the ownership check is bypassed by
also including 'o' (ownership)
in the SAS permission (for example, sp=op). Note that 'o' grants the
saoid or suoid the ability to
change the file or directory owner to themself, and they can also
change the owning group. Generally
speaking, if a trusted authorizer would like to give a user the
ability to change the permissions or
ACL, then that user should be the file or directory owner.
TEST RESULTS:
namespace.enabled=true
auth.type=SharedKey
-------------------
$mvn -T 1C -Dparallel-tests=abfs -Dscale -DtestsThreadCount=8 clean
verify
Tests run: 90, Failures: 0, Errors: 0, Skipped: 0
Tests run: 462, Failures: 0, Errors: 0, Skipped: 24
Tests run: 208, Failures: 0, Errors: 0, Skipped: 24
namespace.enabled=true
auth.type=OAuth
-------------------
$mvn -T 1C -Dparallel-tests=abfs -Dscale -DtestsThreadCount=8 clean
verify
Tests run: 90, Failures: 0, Errors: 0, Skipped: 0
Tests run: 462, Failures: 0, Errors: 0, Skipped: 70
Tests run: 208, Failures: 0, Errors: 0, Skipped: 141
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 518284)
Time Spent: 1h (was: 50m)
> ABFS: SAS Test updates for version and permission update
> --------------------------------------------------------
>
> Key: HADOOP-17397
> URL: https://issues.apache.org/jira/browse/HADOOP-17397
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/azure
> Affects Versions: 3.3.0
> Reporter: Sneha Vijayarajan
> Assignee: Sneha Vijayarajan
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.3.1
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> This Jira will track the below 2 updates to SAS test code:
> # Upgrading the SAS version in Service SAS generator (test code)
> # Updating the permission in Delegation SAS to "op" from "p" for ACL
> operation as identities added as suoid/saoid added by tests are not owners of
> test path (Again test code).
> [Relevant public documentation:
> https://docs.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas#specify-a-signed-object-id-for-a-security-principal-preview|https://docs.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas#specify-a-signed-object-id-for-a-security-principal-preview]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
