Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A439417C59 for ; Mon, 9 Mar 2015 15:43:40 +0000 (UTC) Received: (qmail 88188 invoked by uid 500); 9 Mar 2015 15:43:40 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 88111 invoked by uid 500); 9 Mar 2015 15:43:40 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 87923 invoked by uid 99); 9 Mar 2015 15:43:40 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Mar 2015 15:43:40 +0000 Date: Mon, 9 Mar 2015 15:43:40 +0000 (UTC) From: "Hudson (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-11670) Regression: s3a auth setup broken MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-11670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14353125#comment-14353125 ] Hudson commented on HADOOP-11670: --------------------------------- SUCCESS: Integrated in Hadoop-Mapreduce-trunk #2077 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2077/]) HADOOP-11670. Regression: s3a auth setup broken. (Adam Budde via stevel) (stevel: rev 64443490d7f189e8e42d284615f3814ef751395a) * hadoop-common-project/hadoop-common/CHANGES.txt * hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/S3AFileSystem.java * hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/Constants.java * hadoop-tools/hadoop-aws/src/site/markdown/tools/hadoop-aws/index.md > Regression: s3a auth setup broken > ---------------------------------- > > Key: HADOOP-11670 > URL: https://issues.apache.org/jira/browse/HADOOP-11670 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 > Affects Versions: 2.7.0 > Reporter: Adam Budde > Assignee: Adam Budde > Priority: Blocker > Fix For: 2.7.0 > > Attachments: HADOOP-11670-001.patch, HADOOP-11670-003.patch, HADOOP-11670.002.patch > > > One big advantage provided by the s3a filesystem is the ability to use an IAM instance profile in order to authenticate when attempting to access an S3 bucket from an EC2 instance. This eliminates the need to deploy AWS account credentials to the instance or to provide them to Hadoop via the fs.s3a.awsAccessKeyId and fs.s3a.awsSecretAccessKey params. > The patch submitted to resolve HADOOP-10714 breaks this behavior by using the S3Credentials class to read the value of these two params. The change in question is presented below: > S3AFileSystem.java, lines 161-170: > {code} > // Try to get our credentials or just connect anonymously > S3Credentials s3Credentials = new S3Credentials(); > s3Credentials.initialize(name, conf); > AWSCredentialsProviderChain credentials = new AWSCredentialsProviderChain( > new BasicAWSCredentialsProvider(s3Credentials.getAccessKey(), > s3Credentials.getSecretAccessKey()), > new InstanceProfileCredentialsProvider(), > new AnonymousAWSCredentialsProvider() > ); > {code} > As you can see, the getAccessKey() and getSecretAccessKey() methods from the S3Credentials class are now used to provide constructor arguments to BasicAWSCredentialsProvider. These methods will raise an exception if the fs.s3a.awsAccessKeyId or fs.s3a.awsSecretAccessKey params are missing, respectively. If a user is relying on an IAM instance profile to authenticate to an S3 bucket and therefore doesn't supply values for these params, they will receive an exception and won't be able to access the bucket. -- This message was sent by Atlassian JIRA (v6.3.4#6332)