Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 87F61200BE6 for ; Sun, 25 Dec 2016 15:48:00 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 7B755160B25; Sun, 25 Dec 2016 14:48:00 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id CC778160B0E for ; Sun, 25 Dec 2016 15:47:59 +0100 (CET) Received: (qmail 80335 invoked by uid 500); 25 Dec 2016 14:47:58 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 80319 invoked by uid 99); 25 Dec 2016 14:47:58 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 25 Dec 2016 14:47:58 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 955392C2A68 for ; Sun, 25 Dec 2016 14:47:58 +0000 (UTC) Date: Sun, 25 Dec 2016 14:47:58 +0000 (UTC) From: "Kai Sasaki (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-13863) Azure: Add a new SAS key mode for WASB. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Sun, 25 Dec 2016 14:48:00 -0000 [ https://issues.apache.org/jira/browse/HADOOP-13863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15776587#comment-15776587 ] Kai Sasaki commented on HADOOP-13863: ------------------------------------- This patch seems to broke {{hadoop.conf.TestCommonConfigurationFields}}. Do we need to include {{AzureNativeFileSystemStore}} in {{TestCommonConfigurationFields}}? But it will introduce cyclic dependencies between hadoop-common and hadoop-azure modules. > Azure: Add a new SAS key mode for WASB. > --------------------------------------- > > Key: HADOOP-13863 > URL: https://issues.apache.org/jira/browse/HADOOP-13863 > Project: Hadoop Common > Issue Type: Improvement > Components: azure, fs/azure > Affects Versions: 2.8.0 > Reporter: Dushyanth > Assignee: Dushyanth > Fix For: 2.9.0, 3.0.0-alpha2 > > Attachments: HADOOP-13863.001.patch, HADOOP-13863.002.patch, HADOOP-13863.003.patch, HADOOP-13863.004.patch, HADOOP-13863.005.patch, HADOOP-13863.006.patch, HADOOP-13863.007.patch, Proposal-Document.pdf > > > Current implementation of WASB, only supports Azure storage keys and SAS key being provided via org.apache.hadoop.conf.Configuration, which results in these secrets residing in the same address space as the WASB process and providing complete access to the Azure storage account and its containers. Added to the fact that WASB does not inherently support ACL's, WASB is its current implementation cannot be securely used for environments like secure hadoop cluster. This JIRA is created to add a new mode in WASB, which operates on Azure Storage SAS keys, which can provide fine grained timed access to containers and blobs, providing a segway into supporting WASB for secure hadoop cluster. > More details about the issue and the proposal are provided in the design proposal document. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-issues-help@hadoop.apache.org