[jira] [Commented] (HADOOP-14565) Azure: Add Authorization support to ADLS
[ https://issues.apache.org/jira/browse/HADOOP-14565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16113204#comment-16113204 ] Ryan Waters commented on HADOOP-14565: -- These tests fail on trunk without my patch as well. > Azure: Add Authorization support to ADLS > > > Key: HADOOP-14565 > URL: https://issues.apache.org/jira/browse/HADOOP-14565 > Project: Hadoop Common > Issue Type: Improvement > Components: fs/adl >Affects Versions: 2.8.0 >Reporter: Ryan Waters >Assignee: Sivaguru Sankaridurg > Attachments: > HADOOP_14565__Added_authorizer_functionality_to_ADL_driver.patch > > > This task is meant to add an Authorizer interface to be used by the ADLS > driver in a similar way to the one used by WASB. The primary difference in > functionality being that the implementation of this Authorizer will be > provided by an external jar. This class will be specified through > configuration using "adl.external.authorization.class". > If this configuration is provided, an instance of the provided class will be > created and all file system calls will be passed through the authorizer, > allowing implementations to determine if the file path and access type > (create, open, delete, etc.) being requested is valid. If the requested > implementation class is not found or it fails to initialize, it will fail > initialization of the ADL driver. If no configuration is provided, calls to > the authorizer will be skipped and the driver will behave as it did > previously. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14565) Azure: Add Authorization support to ADLS
[ https://issues.apache.org/jira/browse/HADOOP-14565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16112930#comment-16112930 ] Ryan Waters commented on HADOOP-14565: -- Hmm. Didn't get this while running test-patch locally. Will investigate and resubmit another patch. > Azure: Add Authorization support to ADLS > > > Key: HADOOP-14565 > URL: https://issues.apache.org/jira/browse/HADOOP-14565 > Project: Hadoop Common > Issue Type: Improvement > Components: fs/adl >Affects Versions: 2.8.0 >Reporter: Ryan Waters >Assignee: Sivaguru Sankaridurg > Attachments: > HADOOP_14565__Added_authorizer_functionality_to_ADL_driver.patch > > > This task is meant to add an Authorizer interface to be used by the ADLS > driver in a similar way to the one used by WASB. The primary difference in > functionality being that the implementation of this Authorizer will be > provided by an external jar. This class will be specified through > configuration using "adl.external.authorization.class". > If this configuration is provided, an instance of the provided class will be > created and all file system calls will be passed through the authorizer, > allowing implementations to determine if the file path and access type > (create, open, delete, etc.) being requested is valid. If the requested > implementation class is not found or it fails to initialize, it will fail > initialization of the ADL driver. If no configuration is provided, calls to > the authorizer will be skipped and the driver will behave as it did > previously. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14565) Azure: Add Authorization support to ADLS
[ https://issues.apache.org/jira/browse/HADOOP-14565?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ryan Waters updated HADOOP-14565: - Status: Patch Available (was: Open) > Azure: Add Authorization support to ADLS > > > Key: HADOOP-14565 > URL: https://issues.apache.org/jira/browse/HADOOP-14565 > Project: Hadoop Common > Issue Type: Improvement > Components: fs/adl >Affects Versions: 2.8.0 >Reporter: Ryan Waters >Assignee: Sivaguru Sankaridurg > Attachments: > HADOOP_14565__Added_authorizer_functionality_to_ADL_driver.patch > > > This task is meant to add an Authorizer interface to be used by the ADLS > driver in a similar way to the one used by WASB. The primary difference in > functionality being that the implementation of this Authorizer will be > provided by an external jar. This class will be specified through > configuration using "adl.external.authorization.class". > If this configuration is provided, an instance of the provided class will be > created and all file system calls will be passed through the authorizer, > allowing implementations to determine if the file path and access type > (create, open, delete, etc.) being requested is valid. If the requested > implementation class is not found or it fails to initialize, it will fail > initialization of the ADL driver. If no configuration is provided, calls to > the authorizer will be skipped and the driver will behave as it did > previously. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14565) Azure: Add Authorization support to ADLS
[ https://issues.apache.org/jira/browse/HADOOP-14565?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ryan Waters updated HADOOP-14565: - Attachment: HADOOP_14565__Added_authorizer_functionality_to_ADL_driver.patch > Azure: Add Authorization support to ADLS > > > Key: HADOOP-14565 > URL: https://issues.apache.org/jira/browse/HADOOP-14565 > Project: Hadoop Common > Issue Type: Improvement > Components: fs/adl >Affects Versions: 2.8.0 >Reporter: Ryan Waters >Assignee: Sivaguru Sankaridurg > Attachments: > HADOOP_14565__Added_authorizer_functionality_to_ADL_driver.patch > > > This task is meant to add an Authorizer interface to be used by the ADLS > driver in a similar way to the one used by WASB. The primary difference in > functionality being that the implementation of this Authorizer will be > provided by an external jar. This class will be specified through > configuration using "adl.external.authorization.class". > If this configuration is provided, an instance of the provided class will be > created and all file system calls will be passed through the authorizer, > allowing implementations to determine if the file path and access type > (create, open, delete, etc.) being requested is valid. If the requested > implementation class is not found or it fails to initialize, it will fail > initialization of the ADL driver. If no configuration is provided, calls to > the authorizer will be skipped and the driver will behave as it did > previously. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14565) Azure: Add Authorization support to ADLS
[ https://issues.apache.org/jira/browse/HADOOP-14565?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ryan Waters updated HADOOP-14565: - Attachment: (was: HADOOP_14565__Added_authorizer_functionality_to_ADL_driver__Updated_javadoc_to_correspond_1.patch) > Azure: Add Authorization support to ADLS > > > Key: HADOOP-14565 > URL: https://issues.apache.org/jira/browse/HADOOP-14565 > Project: Hadoop Common > Issue Type: Improvement > Components: fs/adl >Affects Versions: 2.8.0 >Reporter: Ryan Waters >Assignee: Sivaguru Sankaridurg > > This task is meant to add an Authorizer interface to be used by the ADLS > driver in a similar way to the one used by WASB. The primary difference in > functionality being that the implementation of this Authorizer will be > provided by an external jar. This class will be specified through > configuration using "adl.external.authorization.class". > If this configuration is provided, an instance of the provided class will be > created and all file system calls will be passed through the authorizer, > allowing implementations to determine if the file path and access type > (create, open, delete, etc.) being requested is valid. If the requested > implementation class is not found or it fails to initialize, it will fail > initialization of the ADL driver. If no configuration is provided, calls to > the authorizer will be skipped and the driver will behave as it did > previously. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14565) Azure: Add Authorization support to ADLS
[ https://issues.apache.org/jira/browse/HADOOP-14565?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ryan Waters updated HADOOP-14565: - Attachment: HADOOP_14565__Added_authorizer_functionality_to_ADL_driver__Updated_javadoc_to_correspond_1.patch > Azure: Add Authorization support to ADLS > > > Key: HADOOP-14565 > URL: https://issues.apache.org/jira/browse/HADOOP-14565 > Project: Hadoop Common > Issue Type: Improvement > Components: fs/adl >Affects Versions: 2.8.0 >Reporter: Ryan Waters >Assignee: Sivaguru Sankaridurg > Attachments: > HADOOP_14565__Added_authorizer_functionality_to_ADL_driver__Updated_javadoc_to_correspond_1.patch > > > This task is meant to add an Authorizer interface to be used by the ADLS > driver in a similar way to the one used by WASB. The primary difference in > functionality being that the implementation of this Authorizer will be > provided by an external jar. This class will be specified through > configuration using "adl.external.authorization.class". > If this configuration is provided, an instance of the provided class will be > created and all file system calls will be passed through the authorizer, > allowing implementations to determine if the file path and access type > (create, open, delete, etc.) being requested is valid. If the requested > implementation class is not found or it fails to initialize, it will fail > initialization of the ADL driver. If no configuration is provided, calls to > the authorizer will be skipped and the driver will behave as it did > previously. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14565) Azure: Add Authorization support to ADLS
[ https://issues.apache.org/jira/browse/HADOOP-14565?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ryan Waters updated HADOOP-14565: - Description: This task is meant to add an Authorizer interface to be used by the ADLS driver in a similar way to the one used by WASB. The primary difference in functionality being that the implementation of this Authorizer will be provided by an external jar. This class will be specified through configuration using "adl.external.authorization.class". If this configuration is provided, an instance of the provided class will be created and all file system calls will be passed through the authorizer, allowing implementations to determine if the file path and access type (create, open, delete, etc.) being requested is valid. If the requested implementation class is not found or it fails to initialize, it will fail initialization of the ADL driver. If no configuration is provided, calls to the authorizer will be skipped and the driver will behave as it did previously. was: This task is meant to add an Authorizer interface to be used by the ADLS driver in a similar way to the one used by WASB. The primary difference in functionality being that the implementation of this Authorizer will be provided by an external jar. This class will be specified through configuration using "adl.external.authorization.class". If this configuration is provided, an instance of the provided class will be created and all file system calls will be passed through the authorizer, allowing implementations to determine if the file path and access type (create, open, delete, etc.) being requested is valid. If the requested implementation class is not found, it will fail initialization of the ADL driver. If no configuration is provided, calls to the authorizer will be skipped and the driver will behave as it did previously. > Azure: Add Authorization support to ADLS > > > Key: HADOOP-14565 > URL: https://issues.apache.org/jira/browse/HADOOP-14565 > Project: Hadoop Common > Issue Type: Improvement > Components: fs/azure >Affects Versions: 2.8.0 >Reporter: Ryan Waters >Assignee: Sivaguru Sankaridurg > Fix For: 2.9.0, 3.0.0-alpha4 > > > This task is meant to add an Authorizer interface to be used by the ADLS > driver in a similar way to the one used by WASB. The primary difference in > functionality being that the implementation of this Authorizer will be > provided by an external jar. This class will be specified through > configuration using "adl.external.authorization.class". > If this configuration is provided, an instance of the provided class will be > created and all file system calls will be passed through the authorizer, > allowing implementations to determine if the file path and access type > (create, open, delete, etc.) being requested is valid. If the requested > implementation class is not found or it fails to initialize, it will fail > initialization of the ADL driver. If no configuration is provided, calls to > the authorizer will be skipped and the driver will behave as it did > previously. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14565) Azure: Add Authorization support to ADLS
[
https://issues.apache.org/jira/browse/HADOOP-14565?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ryan Waters updated HADOOP-14565:
-
Description:
This task is meant to add an Authorizer interface to be used by the ADLS driver
in a similar way to the one used by WASB. The primary difference in
functionality being that the implementation of this Authorizer will be provided
by an external jar. This class will be specified through configuration using
"adl.external.authorization.class".
If this configuration is provided, an instance of the provided class will be
created and all file system calls will be passed through the authorizer,
allowing implementations to determine if the file path and access type (create,
open, delete, etc.) being requested is valid. If the requested implementation
class is not found, it will fail initialization of the ADL driver. If no
configuration is provided, calls to the authorizer will be skipped and the
driver will behave as it did previously.
was:
As highlighted in HADOOP-13863, current implementation of WASB does not support
authorization to any File System operations. This jira is created to add
authorization support for WASB. The current approach is to enforce
authorization via an external REST service (One approach could be to use
component like Ranger to enforce authorization). The support for authorization
would be hiding behind a configuration flag : "fs.azure.enable.authorization"
and the remote service is expected to be provided via config :
"fs.azure.remote.auth.service.url".
The remote service is expected to provide support for the following REST call:
{URL}/CHECK_AUTHORIZATION```
An example request:
{URL}/CHECK_AUTHORIZATION?wasb_absolute_path=&operation_type=&delegation_token=
> Azure: Add Authorization support to ADLS
>
>
> Key: HADOOP-14565
> URL: https://issues.apache.org/jira/browse/HADOOP-14565
> Project: Hadoop Common
> Issue Type: Improvement
> Components: fs/azure
>Affects Versions: 2.8.0
>Reporter: Ryan Waters
>Assignee: Sivaguru Sankaridurg
> Fix For: 2.9.0, 3.0.0-alpha4
>
>
> This task is meant to add an Authorizer interface to be used by the ADLS
> driver in a similar way to the one used by WASB. The primary difference in
> functionality being that the implementation of this Authorizer will be
> provided by an external jar. This class will be specified through
> configuration using "adl.external.authorization.class".
> If this configuration is provided, an instance of the provided class will be
> created and all file system calls will be passed through the authorizer,
> allowing implementations to determine if the file path and access type
> (create, open, delete, etc.) being requested is valid. If the requested
> implementation class is not found, it will fail initialization of the ADL
> driver. If no configuration is provided, calls to the authorizer will be
> skipped and the driver will behave as it did previously.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Created] (HADOOP-14565) Azure: Add Authorization support to ADLS
Ryan Waters created HADOOP-14565:
Summary: Azure: Add Authorization support to ADLS
Key: HADOOP-14565
URL: https://issues.apache.org/jira/browse/HADOOP-14565
Project: Hadoop Common
Issue Type: Improvement
Components: fs/azure
Affects Versions: 2.8.0
Reporter: Ryan Waters
Assignee: Sivaguru Sankaridurg
Fix For: 2.9.0, 3.0.0-alpha4
As highlighted in HADOOP-13863, current implementation of WASB does not support
authorization to any File System operations. This jira is created to add
authorization support for WASB. The current approach is to enforce
authorization via an external REST service (One approach could be to use
component like Ranger to enforce authorization). The support for authorization
would be hiding behind a configuration flag : "fs.azure.enable.authorization"
and the remote service is expected to be provided via config :
"fs.azure.remote.auth.service.url".
The remote service is expected to provide support for the following REST call:
{URL}/CHECK_AUTHORIZATION```
An example request:
{URL}/CHECK_AUTHORIZATION?wasb_absolute_path=&operation_type=&delegation_token=
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
