hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-15141) Support IAM Assumed roles in S3A
Date Wed, 10 Jan 2018 16:12:00 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-15141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Steve Loughran updated HADOOP-15141:
------------------------------------
    Attachment: HADOOP-15141-005.patch

Patch 005.

Fixes typo and indentation.

Not fixed: the 84 char wide lines; no real need

Not fixed: use of deprecated SDK methods. I did start this but ended up staging the changes
as it was getting far too convoluted. Instead of *a builder you configured* it moved to *a
builder you had to configure with some other builder-instantiated class plus some some structures
you created*. I'd got as far as having the two separate builders being done in parallel with
some other objects before concluding that it was actually making the code worse in terms of
readability and hence maintainability. The existing builder will create the other classes
it needs in its .build() operation, so my stance is: let it do so.



> Support IAM Assumed roles in S3A
> --------------------------------
>
>                 Key: HADOOP-15141
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15141
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 3.0.0
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>         Attachments: HADOOP-15141-001.patch, HADOOP-15141-002.patch, HADOOP-15141-003.patch,
HADOOP-15141-004.patch, HADOOP-15141-005.patch
>
>
> Add the ability to use assumed roles in S3A
> * Add a property fs.s3a.assumed.role.arn for the ARN of the assumed role
> * add a new provider which grabs that and other properties and then creates a {{STSAssumeRoleSessionCredentialsProvider}}
from it.
> * This also needs to support building up its own list of aws credential  providers, from
a different property; make the changes to S3AUtils for that
> * Tests
> * docs
> * and have the AwsProviderList forward closeable to it.
> * Get picked up automatically by DDB/s3guard



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message