[
https://issues.apache.org/jira/browse/HADOOP-13754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15603339#comment-15603339
]
Sumit Dubey commented on HADOOP-13754:
--------------------------------------
Steve, Thanks for going over this. Our use case is more scoped than the s3a
case you mentioned.
We are trying to use encoded SAS token
(https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/
) which are time-limited, scope-limited, access-limited(generally read-only!).
The exposure resulting from SAS token is much more limited that say a s3 bucket
key which I believe is a potentially time-unbounded secret key for all the
files inside s3 bucket.
> Hadoop-Azure Update WASB URI format to support SAS token in it.
> ---------------------------------------------------------------
>
> Key: HADOOP-13754
> URL: https://issues.apache.org/jira/browse/HADOOP-13754
> Project: Hadoop Common
> Issue Type: Improvement
> Components: azure
> Affects Versions: 2.7.3, 3.0.0-alpha1, 3.0.0-alpha2
> Reporter: Sumit Dubey
> Fix For: 2.7.3
>
> Attachments: HADOOP-13754-branch-2.7.3.patch
>
> Original Estimate: 3h
> Remaining Estimate: 3h
>
> Currently Azure WASB adapter code supports wasb url in this format
> wasb://[containername@]youraccount.blob.core.windows.net/testDir with the
> credentials retrieved from configuration and scoped to a container.
> With this change we want
> 1) change the url to contain file level sas token in the url
> wasb://[containername[:<Base64UrlEncodedFileSAStoken>]]@youraccount.blob.core.windows.net/testDir
> 2) Scope access to a blob/file level.
> 3) Tests to test the new url format
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
