Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13863

Azure: Add a new SAS key mode for WASB.

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.8.0
    • 2.9.0, 3.0.0-alpha2
    • fs/azure
    • None
    • Reviewed

    Description

      Current implementation of WASB, only supports Azure storage keys and SAS key being provided via org.apache.hadoop.conf.Configuration, which results in these secrets residing in the same address space as the WASB process and providing complete access to the Azure storage account and its containers. Added to the fact that WASB does not inherently support ACL's, WASB is its current implementation cannot be securely used for environments like secure hadoop cluster. This JIRA is created to add a new mode in WASB, which operates on Azure Storage SAS keys, which can provide fine grained timed access to containers and blobs, providing a segway into supporting WASB for secure hadoop cluster.

      More details about the issue and the proposal are provided in the design proposal document.

      Attachments

        1. HADOOP-13863.001.patch
          47 kB
          Dushyanth
        2. HADOOP-13863.002.patch
          50 kB
          Dushyanth
        3. Proposal-Document.pdf
          459 kB
          Dushyanth
        4. HADOOP-13863.003.patch
          70 kB
          Dushyanth
        5. HADOOP-13863.004.patch
          72 kB
          Dushyanth
        6. HADOOP-13863.005.patch
          72 kB
          Dushyanth
        7. HADOOP-13863.006.patch
          70 kB
          Mingliang Liu
        8. HADOOP-13863.007.patch
          73 kB
          Dushyanth

        Issue Links

          Activity

            People

              dchickabasapa Dushyanth
              dchickabasapa Dushyanth
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: