hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ryan Waters (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-14565) Azure: Add Authorization support to ADLS
Date Wed, 21 Jun 2017 21:02:00 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-14565?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ryan Waters updated HADOOP-14565:
---------------------------------
    Description: 
This task is meant to add an Authorizer interface to be used by the ADLS driver in a similar
way to the one used by WASB. The primary difference in functionality being that the implementation
of this Authorizer will be provided by an external jar. This class will be specified through
configuration using "adl.external.authorization.class". 

If this configuration is provided, an instance of the provided class will be created and all
file system calls will be passed through the authorizer, allowing implementations to determine
if the file path and access type (create, open, delete, etc.) being requested is valid. If
the requested implementation class is not found, it will fail initialization of the ADL driver.
If no configuration is provided, calls to the authorizer will be skipped and the driver will
behave as it did previously.  

  was:
As highlighted in HADOOP-13863, current implementation of WASB does not support authorization
to any File System operations. This jira is created to add authorization support for WASB.
The current approach is to enforce authorization via an external REST service (One approach
could be to use component like Ranger to enforce authorization).  The support for authorization
would be hiding behind a configuration flag : "fs.azure.enable.authorization" and the remote
service is expected to be provided via config : "fs.azure.remote.auth.service.url".

The remote service is expected to provide support for the following REST call:  {URL}/CHECK_AUTHORIZATION```

 An example request:
{URL}/CHECK_AUTHORIZATION?wasb_absolute_path=<absolute_path>&operation_type=<operation
type>&delegation_token=<delegation token>




> Azure: Add Authorization support to ADLS
> ----------------------------------------
>
>                 Key: HADOOP-14565
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14565
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/azure
>    Affects Versions: 2.8.0
>            Reporter: Ryan Waters
>            Assignee: Sivaguru Sankaridurg
>             Fix For: 2.9.0, 3.0.0-alpha4
>
>
> This task is meant to add an Authorizer interface to be used by the ADLS driver in a
similar way to the one used by WASB. The primary difference in functionality being that the
implementation of this Authorizer will be provided by an external jar. This class will be
specified through configuration using "adl.external.authorization.class". 
> If this configuration is provided, an instance of the provided class will be created
and all file system calls will be passed through the authorizer, allowing implementations
to determine if the file path and access type (create, open, delete, etc.) being requested
is valid. If the requested implementation class is not found, it will fail initialization
of the ADL driver. If no configuration is provided, calls to the authorizer will be skipped
and the driver will behave as it did previously.  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message