[jira] [Commented] (NIFI-1325) Enhance AWS S3 fetch to access bucket across accounts

Sun, 27 Dec 2015 18:47:49 -0800 

    [ 
https://issues.apache.org/jira/browse/NIFI-1325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15072362#comment-15072362
 ] 

Tony Kurc commented on NIFI-1325:
---------------------------------

[~mans2singh] - in reading the modified getCredentials method, which is called 
in the onScheduled method - it looks a lot like temporary credentials have a 
duration of only 1 hour (see code below), and I don't see a call to get 
credentials after this hour. What is your expected behavior after the hour? 

{code}

        AssumeRoleRequest assumeRoleRequest = new 
AssumeRoleRequest().withRoleArn(roleToAssume)
                .withDurationSeconds(3600).withRoleSessionName("AWSAssumeRole");
{code}

For other reviewers, this was helpful: 
https://aws.amazon.com/blogs/aws/delegating-api-access-to-aws-services-using-iam-roles/

I know the "unit tests" for the S3 processors are not really unit tests 
(they're @Ignored)  - did you write a "unit test" for this and not contribute 
it? I noticed the addition of mockito, a test properties file in the pom, and 
the comments for makeAWSStsTokenServiceClient implying it was protected for 
testing. I'd generally expect to see tests with a new capability (in the case 
of S3, another test I'd un-@Ignore) 

Is this something that would make sense for the other aws processors? I'd 
assume yes.



> Enhance AWS S3 fetch to access bucket across accounts
> -----------------------------------------------------
>
>                 Key: NIFI-1325
>                 URL: https://issues.apache.org/jira/browse/NIFI-1325
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 0.4.1
>         Environment: All
>            Reporter: Mans Singh
>            Assignee: Tony Kurc
>            Priority: Minor
>              Labels: easyfix
>             Fix For: 0.4.1
>
>         Attachments: nifi-1325.patch.zip
>
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> The AWS S3 Fetch Object component does not allow access to bucket across 
> accounts. AWS  S3 Fetch Object with can be enhanced to provide this 
> functionality by using assume role session/credentials 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to