[
https://issues.apache.org/jira/browse/HADOOP-19736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18085919#comment-18085919
]
Steve Loughran commented on HADOOP-19736:
-----------------------------------------
FYI These new tests fail if your config doesn't known the FS is an HNS.
{code}
INFO] Running org.apache.hadoop.fs.azurebfs.ITestAzureBlobFileSystemUserBoundSAS
[ERROR] Tests run: 6, Failures: 0, Errors: 6, Skipped: 0, Time elapsed: 0.085 s
<<< FAILURE! -- in
org.apache.hadoop.fs.azurebfs.ITestAzureBlobFileSystemUserBoundSAS
[ERROR]
org.apache.hadoop.fs.azurebfs.ITestAzureBlobFileSystemUserBoundSAS.testOAuthTokenProviderAndSASTokenFlow
-- Time elapsed: 0.002 s <<< ERROR!
Cannot convert Trilean.UNKNOWN to boolean
at
org.apache.hadoop.fs.azurebfs.enums.Trilean.toBoolean(Trilean.java:74)
at
org.apache.hadoop.fs.azurebfs.ITestAzureBlobFileSystemUserBoundSAS.<init>(ITestAzureBlobFileSystemUserBoundSAS.java:82)
at
java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
at
java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
at java.base/java.util.Optional.orElseGet(Optional.java:364)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
[ERROR]
org.apache.hadoop.fs.azurebfs.ITestAzureBlobFileSystemUserBoundSAS.testOperationWithValidAndExpiredSASToken
-- Time elapsed: 0.003 s <<< ERROR!
Cannot convert Trilean.UNKNOWN to boolean
at
org.apache.hadoop.fs.azurebfs.enums.Trilean.toBoolean(Trilean.java:74)
at
org.apache.hadoop.fs.azurebfs.ITestAzureBlobFileSystemUserBoundSAS.<init>(ITestAzureBlobFileSystemUserBoundSAS.java:82)
at
java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
at
java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
at java.base/java.util.Optional.orElseGet(Optional.java:364)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
[ERROR]
org.apache.hadoop.fs.azurebfs.ITestAzureBlobFileSystemUserBoundSAS.testShouldFailWhenSduoidMismatchesServicePrincipalId
-- Time elapsed: 0.001 s <<< ERROR!
Cannot convert Trilean.UNKNOWN to boolean
at
org.apache.hadoop.fs.azurebfs.enums.Trilean.toBoolean(Trilean.java:74)
at
org.apache.hadoop.fs.azurebfs.ITestAzureBlobFileSystemUserBoundSAS.<init>(ITestAzureBlobFileSystemUserBoundSAS.java:82)
at
java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
at
java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
at java.base/java.util.Optional.orElseGet(Optional.java:364)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
[ERROR]
org.apache.hadoop.fs.azurebfs.ITestAzureBlobFileSystemUserBoundSAS.testGPSFailsWithInvalidSASToken
-- Time elapsed: 0.001 s <<< ERROR!
Cannot convert Trilean.UNKNOWN to boolean
at
org.apache.hadoop.fs.azurebfs.enums.Trilean.toBoolean(Trilean.java:74)
at
org.apache.hadoop.fs.azurebfs.ITestAzureBlobFileSystemUserBoundSAS.<init>(ITestAzureBlobFileSystemUserBoundSAS.java:82)
at
java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
at
java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
at java.base/java.util.Optional.orElseGet(Optional.java:364)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
[ERROR]
org.apache.hadoop.fs.azurebfs.ITestAzureBlobFileSystemUserBoundSAS.testBasicOperations
-- Time elapsed: 0 s <<< ERROR!
Cannot convert Trilean.UNKNOWN to boolean
at
org.apache.hadoop.fs.azurebfs.enums.Trilean.toBoolean(Trilean.java:74)
at
org.apache.hadoop.fs.azurebfs.ITestAzureBlobFileSystemUserBoundSAS.<init>(ITestAzureBlobFileSystemUserBoundSAS.java:82)
at
java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
at
java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
at java.base/java.util.Optional.orElseGet(Optional.java:364)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
[ERROR]
org.apache.hadoop.fs.azurebfs.ITestAzureBlobFileSystemUserBoundSAS.testCreateFailsWithInvalidOAuthToken
-- Time elapsed: 0.002 s <<< ERROR!
Cannot convert Trilean.UNKNOWN to boolean
at
org.apache.hadoop.fs.azurebfs.enums.Trilean.toBoolean(Trilean.java:74)
at
org.apache.hadoop.fs.azurebfs.ITestAzureBlobFileSystemUserBoundSAS.<init>(ITestAzureBlobFileSystemUserBoundSAS.java:82)
at
java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
at
java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481)
at java.base/java.util.Optional.orElseGet(Optional.java:364)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
{code}
> ABFS: Support for new auth type: User-bound SAS
> -----------------------------------------------
>
> Key: HADOOP-19736
> URL: https://issues.apache.org/jira/browse/HADOOP-19736
> Project: Hadoop Common
> Issue Type: Task
> Components: fs/azure
> Affects Versions: 3.4.1, 3.4.2
> Reporter: Manika Joshi
> Assignee: Manika Joshi
> Priority: Major
> Labels: pull-request-available
>
> Adding support for new authentication type: user bound SAS
> User-bound SAS (Shared Access Signature) binds a SAS token to a specific user
> identity rather than just granting access based on possession of the token.
> This approach addresses key vulnerabilities in previous SAS mechanisms.
> The SAS token for it includes identity-binding parameters (e.g., skdutid,
> sduoid) that correspond to the user’s Entra tenant and object ID.
> When accessing storage, the user must present a valid Entra access token
> matching these parameters.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
