Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.8.0
-
None
-
Reviewed
Description
As highlighted in HADOOP-13863, current implementation of WASB does not support authorization to any File System operations. This jira is created to add authorization support for WASB. The current approach is to enforce authorization via an external REST service (One approach could be to use component like Ranger to enforce authorization). The support for authorization would be hiding behind a configuration flag : "fs.azure.enable.authorization" and the remote service is expected to be provided via config : "fs.azure.remote.auth.service.url".
The remote service is expected to provide support for the following REST call:
{URL}/CHECK_AUTHORIZATION```An example request:{URL}
/CHECK_AUTHORIZATION?wasb_absolute_path=<absolute_path>&operation_type=<operation type>&delegation_token=<delegation token>
Attachments
Attachments
Issue Links
- is cloned by
-
HADOOP-14565 Azure: Add Authorization support to ADLS
- Patch Available
- relates to
-
HADOOP-13945 Azure: Add Kerberos and Delegation token support to WASB client.
- Resolved