[
https://issues.apache.org/jira/browse/HADOOP-14565?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ryan Waters updated HADOOP-14565:
---------------------------------
Description:
This task is meant to add an Authorizer interface to be used by the ADLS driver
in a similar way to the one used by WASB. The primary difference in
functionality being that the implementation of this Authorizer will be provided
by an external jar. This class will be specified through configuration using
"adl.external.authorization.class".
If this configuration is provided, an instance of the provided class will be
created and all file system calls will be passed through the authorizer,
allowing implementations to determine if the file path and access type (create,
open, delete, etc.) being requested is valid. If the requested implementation
class is not found, it will fail initialization of the ADL driver. If no
configuration is provided, calls to the authorizer will be skipped and the
driver will behave as it did previously.
was:
As highlighted in HADOOP-13863, current implementation of WASB does not support
authorization to any File System operations. This jira is created to add
authorization support for WASB. The current approach is to enforce
authorization via an external REST service (One approach could be to use
component like Ranger to enforce authorization). The support for authorization
would be hiding behind a configuration flag : "fs.azure.enable.authorization"
and the remote service is expected to be provided via config :
"fs.azure.remote.auth.service.url".
The remote service is expected to provide support for the following REST call:
{URL}/CHECK_AUTHORIZATION```
An example request:
{URL}/CHECK_AUTHORIZATION?wasb_absolute_path=<absolute_path>&operation_type=<operation
type>&delegation_token=<delegation token>
> Azure: Add Authorization support to ADLS
> ----------------------------------------
>
> Key: HADOOP-14565
> URL: https://issues.apache.org/jira/browse/HADOOP-14565
> Project: Hadoop Common
> Issue Type: Improvement
> Components: fs/azure
> Affects Versions: 2.8.0
> Reporter: Ryan Waters
> Assignee: Sivaguru Sankaridurg
> Fix For: 2.9.0, 3.0.0-alpha4
>
>
> This task is meant to add an Authorizer interface to be used by the ADLS
> driver in a similar way to the one used by WASB. The primary difference in
> functionality being that the implementation of this Authorizer will be
> provided by an external jar. This class will be specified through
> configuration using "adl.external.authorization.class".
> If this configuration is provided, an instance of the provided class will be
> created and all file system calls will be passed through the authorizer,
> allowing implementations to determine if the file path and access type
> (create, open, delete, etc.) being requested is valid. If the requested
> implementation class is not found, it will fail initialization of the ADL
> driver. If no configuration is provided, calls to the authorizer will be
> skipped and the driver will behave as it did previously.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
