Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13945

Azure: Add Kerberos and Delegation token support to WASB client.

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.8.0
    • 2.9.0, 3.0.0-alpha4
    • fs/azure
    • None
    • Reviewed

    Description

      Current implementation of Azure storage client for Hadoop (WASB) does not support Kerberos Authentication and FileSystem authorization, which makes it unusable in secure environments with multi user setup.
      To make WASB client more suitable to run in Secure environments, there are 2 initiatives under way for providing the authorization (HADOOP-13930) and fine grained access control (HADOOP-13863) support.

      This JIRA is created to add Kerberos and delegation token support to WASB client to fetch Azure Storage SAS keys (from Remote service as discussed in HADOOP-13863), which provides fine grained timed access to containers and blobs.
      For delegation token management, the proposal is it use the same REST service which being used to generate the SAS Keys.

      Attachments

        1. HADOOP-13945.1.patch
          55 kB
          Santhosh G Nayak
        2. HADOOP-13945.10.patch
          49 kB
          Mingliang Liu
        3. HADOOP-13945.11.patch
          49 kB
          Santhosh G Nayak
        4. HADOOP-13945.2.patch
          30 kB
          Santhosh G Nayak
        5. HADOOP-13945.3.patch
          70 kB
          Santhosh G Nayak
        6. HADOOP-13945.4.patch
          71 kB
          Santhosh G Nayak
        7. HADOOP-13945.5.patch
          71 kB
          Santhosh G Nayak
        8. HADOOP-13945.6.patch
          47 kB
          Santhosh G Nayak
        9. HADOOP-13945.7.patch
          48 kB
          Santhosh G Nayak
        10. HADOOP-13945.8.patch
          48 kB
          Santhosh G Nayak
        11. HADOOP-13945.9.patch
          49 kB
          Mingliang Liu

        Issue Links

          is cloned by

          Sub-task - The sub-task of the issue HADOOP-14579 Add Kerberos and Delegation token support to ADLS client

          • Major - Major loss of function.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-13930 Azure: Add Authorization support to WASB

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              snayak Santhosh G Nayak
              snayak Santhosh G Nayak
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: