hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Santhosh G Nayak (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-13945) Azure: Add Kerberos and Delegation token support to WASB client.
Date Wed, 04 Jan 2017 13:37:58 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-13945?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Santhosh G Nayak updated HADOOP-13945:
    Attachment: HADOOP-13945.2.patch

[~liuml07], Thanks for reviewing the patch. I have attached another working patch addressing
following review comments,
1) Added log statements with meaningful messages.
2) I will try to add tests it in the next iteration.
3) Marked Constants class as final with a private constructor. 
4) Not added {{getSASKey()}} method as static in the current iteration, as the method depends
on the instance delegation token.
5) Fixed most of checkstyle related warnings.
6) I have not incorporated this change in the current iteration, as {{AbstractDelegationTokenSelector#selectToken()}}
selects the token based on service and token kind. We wanted only based on the kind of the

There are some more changes planned as part of this JIRA,
- Adding retries and client side fail over mechanisms while trying to obtain  delegation tokens
and Azure Storage SAS keys from remote service.
- Ability to provide customized connection configurator while trying to connect to remote

> Azure: Add Kerberos and Delegation token support to WASB client.
> ----------------------------------------------------------------
>                 Key: HADOOP-13945
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13945
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/azure
>    Affects Versions: 2.8.0
>            Reporter: Santhosh G Nayak
>            Assignee: Santhosh G Nayak
>         Attachments: HADOOP-13945.1.patch, HADOOP-13945.2.patch
> Current implementation of Azure storage client for Hadoop ({{WASB}}) does not support
Kerberos Authentication and FileSystem authorization, which makes it unusable in secure environments
with multi user setup. 
> To make {{WASB}} client more suitable to run in Secure environments, there are 2 initiatives
under way for providing the authorization (HADOOP-13930) and fine grained access control (HADOOP-13863)
> This JIRA is created to add Kerberos and delegation token support to {{WASB}} client
to fetch Azure Storage SAS keys (from Remote service as discussed in HADOOP-13863), which
provides fine grained timed access to containers and blobs. 
> For delegation token management, the proposal is it use the same REST service which being
used to generate the SAS Keys.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message