[ https://issues.apache.org/jira/browse/HADOOP-15672?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Steve Loughran resolved HADOOP-15672. ------------------------------------- Fix Version/s: 3.3.0 Resolution: Duplicate > add s3guard CLI command to generate session keys for an assumed role > -------------------------------------------------------------------- > > Key: HADOOP-15672 > URL: https://issues.apache.org/jira/browse/HADOOP-15672 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 > Affects Versions: 3.2.0 > Reporter: Steve Loughran > Priority: Minor > Fix For: 3.3.0 > > > the aws cli > [get-session-token|https://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html] > can generate the keys for short-lived session. > I'd like something similar in an s3guard command, e.g. "create-role-keys", > which would take the existing (full) credentials and optionally: > * ARN of role to adopt > * duration > * name > * restrictions as path to a JSON file or just stdin > * output format > * whether to use a per-bucket binding for the credentials in the property > names generated > * MFA secrets > output formats > * A JCEKS file (with chosen passwd? For better hive use: append/replace > entries in existing file); saved through the hadoop FS APIs to HDFS, file:// > or elsewhere > * hadoop config XML > * spark properties > The goal here is to have a workflow where you can generate role credentials > to use for a limited time, store them in a JCEKS file and then share them in > your jobs. This can be for: Jenkins, Oozie, build files, .. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org