[jira] [Commented] (HADOOP-13754) Hadoop-Azure Update WASB URI format to support SAS token in it.

Mon, 24 Oct 2016 12:55:00 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-13754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15603015#comment-15603015
 ] 

Steve Loughran commented on HADOOP-13754:
-----------------------------------------

I'm going to need a very good justification for this. Because we can't stop 
those URIs leaking in the logs everywhere, and those tokens are the secrets 
needed to gain access to it. 

We recently went to some effort in HADOOP-3733 to try and stop this in s3a, by 
stripping them out early, not using them in equivalence tests, etc —but still 
they end up throughout the logs. Which is why it's something that s3a now warns 
"may be removed in future"

Assuming you are doing it to do cross-credential bucket access, azure and s3a 
Hadoop both need a better way of doing this than embedding secrets into paths 
which get everywhere

> Hadoop-Azure Update WASB URI format to support SAS token in it.
> ---------------------------------------------------------------
>
>                 Key: HADOOP-13754
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13754
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: azure
>    Affects Versions: 2.7.3, 3.0.0-alpha1, 3.0.0-alpha2
>            Reporter: Sumit Dubey
>             Fix For: 2.7.3
>
>         Attachments: HADOOP-13754-branch-2.7.3.patch
>
>   Original Estimate: 3h
>  Remaining Estimate: 3h
>
> Currently Azure WASB adapter code supports wasb url in this format 
> wasb://[containername@]youraccount.blob.core.windows.net/testDir with the 
> credentials retrieved from configuration and scoped to a container.
> With this change we want 
> 1) change the url to contain file level sas token in the url
> wasb://[containername[:<Base64UrlEncodedFileSAStoken>]]@youraccount.blob.core.windows.net/testDir
> 2) Scope access to a blob/file level.
> 3) Tests to test the new url format



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to