[
https://issues.apache.org/jira/browse/HADOOP-13863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15751692#comment-15751692
]
Steve Loughran commented on HADOOP-13863:
-----------------------------------------
Coming along nicely.
* {{"fs.azure.sas.expiry.period"}} should be read using {{getTimeDuration}};
caller is free to choose a time. Just use a default like "1d" or "24h" for the
per-day value.
* docs haven't marked example json and URLs as code. Either indent by 4 spaces
or surround code sections with ``` triples.
* As discussed, feel free to put the defaults into core-defaults.xml. We do
that for other object stores too.
Minor style issues
* Checkstyle is complaining a lot; ideally it should be down to ~0 complaints.
* {{RemoteSASKeyGeneratorImpl}} could just {{import static
WasbRemoteCallHelper.*}} for the constants
* lines are all too wide. It's been discussed recently, and preferred length is
just 80 chars, with the odd overrun allowed. Why? Makes side-by-side patch
comparison easier?
* {{SASKeyGeneratorInterface}} appears to be indenting with tabs, or is 8+
spaces wide.
* Could the javadocs for the constants all use{{@value}} to declare the defined
value. IDEs which popup javadocs like this.
> Azure: Add a new SAS key mode for WASB.
> ---------------------------------------
>
> Key: HADOOP-13863
> URL: https://issues.apache.org/jira/browse/HADOOP-13863
> Project: Hadoop Common
> Issue Type: Improvement
> Components: azure, fs/azure
> Affects Versions: 2.8.0
> Reporter: Dushyanth
> Assignee: Dushyanth
> Attachments: HADOOP-13863.001.patch, HADOOP-13863.002.patch,
> HADOOP-13863.003.patch, Proposal-Document.pdf
>
>
> Current implementation of WASB, only supports Azure storage keys and SAS key
> being provided via org.apache.hadoop.conf.Configuration, which results in
> these secrets residing in the same address space as the WASB process and
> providing complete access to the Azure storage account and its containers.
> Added to the fact that WASB does not inherently support ACL's, WASB is its
> current implementation cannot be securely used for environments like secure
> hadoop cluster. This JIRA is created to add a new mode in WASB, which
> operates on Azure Storage SAS keys, which can provide fine grained timed
> access to containers and blobs, providing a segway into supporting WASB for
> secure hadoop cluster.
> More details about the issue and the proposal are provided in the design
> proposal document.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
