hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-14899) Restrict Access to setPermission operation when authorization is enabled in WASB
Date Fri, 06 Oct 2017 13:51:02 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-14899?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Steve Loughran updated HADOOP-14899:
    Attachment: HADOOP-14899-005.patch


I've been reviewing related patches I now understand what the code is trying to do, and how
to run the tests. I'm happy with it, with some final tweaks to go past yetus before I commit,
mostly in the test code.

HADOOP-14899 patch 005
    * use Preconditions. to do the argument checking in isAllowedUser
    * factor out assertOwnerEquals, assertPermissionEquals in tests; include file status in
assertion text
    * marked variables used in runnables as final, so Java 7 compilation should be straightforward.
    * some minor IDE-suggested tweaks

Testing: All the auth tests, Azure ireland; auth enabled
 T E S T S
Running org.apache.hadoop.fs.azure.ITestNativeAzureFSAuthorizationCaching
Tests run: 46, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 110.543 sec - in org.apache.hadoop.fs.azure.ITestNativeAzureFSAuthorizationCaching
Running org.apache.hadoop.fs.azure.ITestNativeAzureFSAuthWithBlobSpecificKeys
Tests run: 45, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 98.376 sec - in org.apache.hadoop.fs.azure.ITestNativeAzureFSAuthWithBlobSpecificKeys
Running org.apache.hadoop.fs.azure.TestNativeAzureFileSystemAuthorization
Tests run: 45, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 98.405 sec - in org.apache.hadoop.fs.azure.TestNativeAzureFileSystemAuthorization

Results :

Tests run: 136, Failures: 0, Errors: 0, Skipped: 0

> Restrict Access to setPermission operation when authorization is enabled in WASB
> --------------------------------------------------------------------------------
>                 Key: HADOOP-14899
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14899
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/azure
>            Reporter: Kannapiran Srinivasan
>            Assignee: Kannapiran Srinivasan
>              Labels: fs, secure, wasb
>         Attachments: HADOOP-14899-001.patch, HADOOP-14899-002.patch, HADOOP-14899-003.patch,
HADOOP-14899-004.patch, HADOOP-14899-005.patch
> In case of authorization enabled Wasb clusters, we need to restrict setting permissions
on files or folders to owner or list of privileged users.
> Currently in the WASB implementation even when authorization is enabled there is no check
happens while doing setPermission call. In this JIRA we would like to add the check on the
setPermission call in NativeAzureFileSystem implementation so that only owner or the privileged
list of users or daemon users can change the permissions of files/folders

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message