hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sivaguru Sankaridurg (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-13930) Azure: Add Authorization support to WASB
Date Wed, 22 Feb 2017 10:15:44 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-13930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sivaguru Sankaridurg updated HADOOP-13930:
------------------------------------------
    Attachment: HADOOP-13930.009.patch

Hopefully this should fix KerberosAuthException thrown from tests in hadoop-common

testFileOutput(org.apache.hadoop.security.TestKDiag)  Time elapsed: 0.039 sec  <<<
ERROR!
org.apache.hadoop.security.KerberosAuthException: Login failure for user: foo@EXAMPLE.COM
from keytab /testptch/hadoop/hadoop-common-project/hadoop-common/target/keytab javax.security.auth.login.LoginException:
Unable to obtain password from user

> Azure: Add Authorization support to WASB
> ----------------------------------------
>
>                 Key: HADOOP-13930
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13930
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/azure
>    Affects Versions: 2.8.0
>            Reporter: Dushyanth
>            Assignee: Sivaguru Sankaridurg
>         Attachments: HADOOP-13930.001.patch, HADOOP-13930.002.patch, HADOOP-13930.003.patch,
HADOOP-13930.004.patch, HADOOP-13930.005.patch, HADOOP-13930.006.patch, HADOOP-13930.007.patch,
HADOOP-13930.008.patch, HADOOP-13930.009.patch
>
>
> As highlighted in HADOOP-13863, current implementation of WASB does not support authorization
to any File System operations. This jira is created to add authorization support for WASB.
The current approach is to enforce authorization via an external REST service (One approach
could be to use component like Ranger to enforce authorization).  The support for authorization
would be hiding behind a configuration flag : "fs.azure.enable.authorization" and the remote
service is expected to be provided via config : "fs.azure.remote.auth.service.url".
> The remote service is expected to provide support for the following REST call:  {URL}/CHECK_AUTHORIZATION```
>  An example request:
> {URL}/CHECK_AUTHORIZATION?wasb_absolute_path=<absolute_path>&operation_type=<operation
type>&delegation_token=<delegation token>



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message