[
https://issues.apache.org/jira/browse/HADOOP-19781?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18051068#comment-18051068
]
Sneha Vijayarajan commented on HADOOP-19781:
--------------------------------------------
Hi [~felipepessoto] , Get-account-information API cannot be used as most often
the identity that is running hadoop workloads do not have the needed RBAC that
is needed for this control plane action.
On the data plane, workload running identities might have needed RBAC or in
other cases have only ACLs permissions and no RBACs. The means to detect
account type hence needs to be agnostic of identity's permission which is what
the current code logic with ACL provides.
> AzureBlobFileSystemStore getNamespaceEnabledInformationFromServer shouldn't
> use ACL
> -----------------------------------------------------------------------------------
>
> Key: HADOOP-19781
> URL: https://issues.apache.org/jira/browse/HADOOP-19781
> Project: Hadoop Common
> Issue Type: Bug
> Components: fs/azure
> Affects Versions: 3.4.2
> Reporter: Felipe
> Priority: Major
>
> The method getNamespaceEnabledInformationFromServer uses a call to ACL api
> to detect if storage account has hierarchical namespace enabled.
> [https://github.com/apache/hadoop/blob/aeaa9b3712037c0d0240ec2353144f2a95018d4f/hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/AzureBlobFileSystemStore.java#L426C1-L427C1]
>
> Using side-effect and exceptions is fragile. Azure provides an API to find
> this information:
> [https://learn.microsoft.com/en-us/rest/api/storageservices/get-account-information]
>
> |{{x-ms-is-hns-enabled}}|Version 2019-07-07 and later. Indicates if the
> account has a hierarchical namespace enabled.|
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
