[
https://issues.apache.org/jira/browse/HADOOP-18516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17825549#comment-17825549
]
ASF GitHub Bot commented on HADOOP-18516:
-----------------------------------------
anmolanmol1234 commented on code in PR #6552:
URL: https://github.com/apache/hadoop/pull/6552#discussion_r1503721707
##########
hadoop-tools/hadoop-azure/src/test/java/org/apache/hadoop/fs/azurebfs/ITestAzureBlobFileSystemChooseSAS.java:
##########
@@ -128,11 +130,18 @@ public void testOnlyFixedTokenConfigured() throws
Exception {
try (AzureBlobFileSystem newTestFs = (AzureBlobFileSystem)
FileSystem.newInstance(testAbfsConfig.getRawConfiguration())) {
- // Asserting that account SAS is used as both filesystem and blob level
operations succeed.
- newTestFs.getFileStatus(new Path("/"));
- Path testPath = new Path("/testCorrectSASToken");
- newTestFs.create(testPath).close();
- newTestFs.delete(new Path("/"), true);
+ // Asserting that FixedSASTokenProvider is used.
+ Assertions.assertThat(testAbfsConfig.getSASTokenProvider())
+ .describedAs("Custom SASTokenProvider Class must be used")
+ .isInstanceOf(FixedSASTokenProvider.class);
+
+ // Assert that Account SAS is used and only read operations are
permitted.
Review Comment:
Why was create passing in the last test case and would give Access Denied
exception now ?
> [ABFS]: Support fixed SAS token config in addition to Custom SASTokenProvider
> Implementation
> --------------------------------------------------------------------------------------------
>
> Key: HADOOP-18516
> URL: https://issues.apache.org/jira/browse/HADOOP-18516
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/azure
> Affects Versions: 3.4.0
> Reporter: Sree Bhattacharyya
> Assignee: Anuj Modi
> Priority: Minor
> Labels: pull-request-available
>
> This PR introduces a new configuration for Fixed SAS Tokens:
> *"fs.azure.sas.fixed.token"*
> Using this new configuration, users can configure a fixed SAS Token in the
> account settings files itself. Ideally, this should be used with SAS Tokens
> that are scoped at a container or account level (Service or Account SAS),
> which can be considered to be a constant for one account or container, over
> multiple operations.
> The other method of using a SAS Token remains valid as well, where a user
> provides a custom implementation of the SASTokenProvider interface, using
> which a SAS Token are obtained.
> When an Account SAS Token is configured as the fixed SAS Token, and it is
> used, it is ensured that operations are within the scope of the SAS Token.
> The code checks for whether the fixed token and the token provider class
> implementation are configured. In the case of both being set, preference is
> given to the custom SASTokenProvider implementation. It must be noted that if
> such an implementation provides a SAS Token which has a lower scope than
> Account SAS, some filesystem and service level operations might be out of
> scope and may not succeed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
