hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13863) Azure: Add a new SAS key mode for WASB.
Date Thu, 15 Dec 2016 15:46:58 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15751692#comment-15751692

Steve Loughran commented on HADOOP-13863:

Coming along nicely.

* {{"fs.azure.sas.expiry.period"}} should be read using {{getTimeDuration}}; caller is free
to choose a time. Just use a default like "1d" or "24h" for the per-day value.
* docs haven't marked example json and URLs as code. Either indent by 4 spaces or surround
code sections with ``` triples.
* As discussed, feel free to put the defaults into core-defaults.xml. We do that for other
object stores too.
 Minor style issues

* Checkstyle is complaining a lot; ideally it should be down to ~0 complaints.
* {{RemoteSASKeyGeneratorImpl}} could just {{import static WasbRemoteCallHelper.*}} for the
* lines are all too wide. It's been discussed recently, and preferred length is just 80 chars,
with the odd overrun allowed. Why? Makes side-by-side patch comparison easier?
* {{SASKeyGeneratorInterface}} appears to be indenting with tabs, or is 8+ spaces wide.
* Could the javadocs for the constants all use{{@value}} to declare the defined value. IDEs
which popup javadocs like this.

> Azure: Add a new SAS key mode for WASB.
> ---------------------------------------
>                 Key: HADOOP-13863
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13863
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: azure, fs/azure
>    Affects Versions: 2.8.0
>            Reporter: Dushyanth
>            Assignee: Dushyanth
>         Attachments: HADOOP-13863.001.patch, HADOOP-13863.002.patch, HADOOP-13863.003.patch,
> Current implementation of WASB, only supports Azure storage keys and SAS key being provided
via org.apache.hadoop.conf.Configuration, which results in these secrets residing in the same
address space as the WASB process and providing complete access to the Azure storage account
and its containers. Added to the fact that WASB does not inherently support ACL's, WASB is
its current implementation cannot be securely used for environments like secure hadoop cluster.
This JIRA is created to add a new mode in WASB, which operates on Azure Storage SAS keys,
which can provide fine grained timed access to containers and blobs, providing a segway into
supporting WASB for secure hadoop cluster.
> More details about the issue and the proposal are provided in the design proposal document.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message