hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-15141) Support IAM Assumed roles in S3A
Date Mon, 08 Jan 2018 21:13:00 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-15141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Steve Loughran updated HADOOP-15141:
    Attachment: HADOOP-15141-002.patch

HADOOP-15141 patch 002
*  Tests are done, docs are done. 
*  Exception reporting of errors during credential provider construction now runs through
translateException() if the wrapped error is of the right class, this ensures that things
an STS Auth failure is mapped up to an AccessDeniedException. Tests for this too.

Tested the entire test suite withh everything set to use assumed roles, at -Dscale, -Ds3guard,
-Ddynamodb, s3 ireland.

Some tests broke because they didn't expect fs.s3a.aws.credentials.provider to be set in the
default configuration (standard fix: unset the property). This is of course harmless in the
default operations; it's just making sure it always stays like this.

Ready for review now, I hope

> Support IAM Assumed roles in S3A
> --------------------------------
>                 Key: HADOOP-15141
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15141
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 3.0.0
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>         Attachments: HADOOP-15141-001.patch, HADOOP-15141-002.patch
> Add the ability to use assumed roles in S3A
> * Add a property fs.s3a.assumed.role.arn for the ARN of the assumed role
> * add a new provider which grabs that and other properties and then creates a {{STSAssumeRoleSessionCredentialsProvider}}
from it.
> * This also needs to support building up its own list of aws credential  providers, from
a different property; make the changes to S3AUtils for that
> * Tests
> * docs
> * and have the AwsProviderList forward closeable to it.
> * Get picked up automatically by DDB/s3guard

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message