hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-15572) Test S3Guard ops with assumed roles & verify required permissions
Date Mon, 09 Jul 2018 20:01:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-15572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16537491#comment-16537491
] 

Steve Loughran commented on HADOOP-15572:
-----------------------------------------

This is using a restricted test a/c which has enough perms to work with the table on end-user
actions (not DDB admin), as tested on the CLI. In this test its not getting through

> Test S3Guard ops with assumed roles & verify required permissions
> -----------------------------------------------------------------
>
>                 Key: HADOOP-15572
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15572
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 3.1.0
>            Reporter: Steve Loughran
>            Priority: Major
>
> We haven't documented permissions for S3Guard (WiP of mine); when I try to test using
the AssumedRoleCredentialProvider & a role nominally restricted to R/W of S3guard *but
not create/delete*, I can still create and destroy buckets
> Either I've got my list wrong, or how S3Guard sets up its auth isn't right & somehow
falling back to the full role



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message