[
https://issues.apache.org/jira/browse/HADOOP-13945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15798285#comment-15798285
]
Santhosh G Nayak edited comment on HADOOP-13945 at 1/4/17 1:42 PM:
-------------------------------------------------------------------
[~liuml07], Thanks for reviewing the patch. I have attached another working
patch addressing following review comments,
1) Added log statements with meaningful messages.
2) I will try to add tests it in the next iteration.
3) Marked Constants class as final with a private constructor.
4) Not added {{getSASKey()}} method as static in the current iteration, as the
method depends on the instance delegation token.
5) Fixed most of checkstyle related warnings.
6) I have not incorporated this change in the current iteration, as
{{AbstractDelegationTokenSelector#selectToken()}} selects the token based on
service and token kind. We wanted only based on the kind of the token.
There are some more changes planned as part of this JIRA in subsequent
iterations,
- Adding retries and client side fail over mechanisms while trying to obtain
delegation tokens and Azure Storage SAS keys from remote service.
- Ability to provide customized connection configurator while trying to connect
to remote service.
was (Author: snayak):
[~liuml07], Thanks for reviewing the patch. I have attached another working
patch addressing following review comments,
1) Added log statements with meaningful messages.
2) I will try to add tests it in the next iteration.
3) Marked Constants class as final with a private constructor.
4) Not added {{getSASKey()}} method as static in the current iteration, as the
method depends on the instance delegation token.
5) Fixed most of checkstyle related warnings.
6) I have not incorporated this change in the current iteration, as
{{AbstractDelegationTokenSelector#selectToken()}} selects the token based on
service and token kind. We wanted only based on the kind of the token.
There are some more changes planned as part of this JIRA,
- Adding retries and client side fail over mechanisms while trying to obtain
delegation tokens and Azure Storage SAS keys from remote service.
- Ability to provide customized connection configurator while trying to connect
to remote service.
> Azure: Add Kerberos and Delegation token support to WASB client.
> ----------------------------------------------------------------
>
> Key: HADOOP-13945
> URL: https://issues.apache.org/jira/browse/HADOOP-13945
> Project: Hadoop Common
> Issue Type: Improvement
> Components: fs/azure
> Affects Versions: 2.8.0
> Reporter: Santhosh G Nayak
> Assignee: Santhosh G Nayak
> Attachments: HADOOP-13945.1.patch, HADOOP-13945.2.patch
>
>
> Current implementation of Azure storage client for Hadoop ({{WASB}}) does not
> support Kerberos Authentication and FileSystem authorization, which makes it
> unusable in secure environments with multi user setup.
> To make {{WASB}} client more suitable to run in Secure environments, there
> are 2 initiatives under way for providing the authorization (HADOOP-13930)
> and fine grained access control (HADOOP-13863) support.
> This JIRA is created to add Kerberos and delegation token support to {{WASB}}
> client to fetch Azure Storage SAS keys (from Remote service as discussed in
> HADOOP-13863), which provides fine grained timed access to containers and
> blobs.
> For delegation token management, the proposal is it use the same REST service
> which being used to generate the SAS Keys.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
