Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 39FDD200BE8 for ; Thu, 8 Dec 2016 23:35:02 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 38B0C160B0A; Thu, 8 Dec 2016 22:35:02 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 81639160B1F for ; Thu, 8 Dec 2016 23:35:01 +0100 (CET) Received: (qmail 17091 invoked by uid 500); 8 Dec 2016 22:35:00 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 16868 invoked by uid 99); 8 Dec 2016 22:35:00 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Dec 2016 22:35:00 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 759AB2C03DD for ; Thu, 8 Dec 2016 22:35:00 +0000 (UTC) Date: Thu, 8 Dec 2016 22:35:00 +0000 (UTC) From: "Mingliang Liu (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-13863) Hadoop - Azure: Add a new SAS key mode for WASB. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Thu, 08 Dec 2016 22:35:02 -0000 [ https://issues.apache.org/jira/browse/HADOOP-13863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15733601#comment-15733601 ] Mingliang Liu commented on HADOOP-13863: ---------------------------------------- This patch does not apply. {code} 978 if (!(this.storageInteractionLayer instanceof MockStorageInterface) && useSasKeyMode) { 979 connectToAzureStorageInSASKeyMode(accountName, containerName, sessionUri); 980 return; 981 } {code} Probing the implementation details is not ideal, not to mention it's a mocked class in tests. > Hadoop - Azure: Add a new SAS key mode for WASB. > ------------------------------------------------ > > Key: HADOOP-13863 > URL: https://issues.apache.org/jira/browse/HADOOP-13863 > Project: Hadoop Common > Issue Type: Improvement > Components: azure, fs/azure > Affects Versions: 2.8.0 > Reporter: Dushyanth > Assignee: Dushyanth > Attachments: HADOOP-13863.001.patch, WASB-SAS Key Mode-Design Proposal.pdf > > > Current implementation of WASB, only supports Azure storage keys and SAS key being provided via org.apache.hadoop.conf.Configuration, which results in these secrets residing in the same address space as the WASB process and providing complete access to the Azure storage account and its containers. Added to the fact that WASB does not inherently support ACL's, WASB is its current implementation cannot be securely used for environments like secure hadoop cluster. This JIRA is created to add a new mode in WASB, which operates on Azure Storage SAS keys, which can provide fine grained timed access to containers and blobs, providing a segway into supporting WASB for secure hadoop cluster. > More details about the issue and the proposal are provided in the design proposal document. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-issues-help@hadoop.apache.org