Viraj Jasani created HADOOP-19066:
-------------------------------------
Summary: AWS SDK V2 - Enabling FIPS should be allowed with central
endpoint
Key: HADOOP-19066
URL: https://issues.apache.org/jira/browse/HADOOP-19066
Project: Hadoop Common
Issue Type: Sub-task
Components: fs/s3
Affects Versions: 3.5.0, 3.4.1
Reporter: Viraj Jasani
FIPS support can be enabled by setting "fs.s3a.endpoint.fips". Since the SDK
considers overriding endpoint and enabling fips as mutually exclusive, we fail
fast if fs.s3a.endpoint is set with fips support (details on HADOOP-18975).
Now, we no longer override SDK endpoint for central endpoint since we enable
cross region access (details on HADOOP-19044) but we would still fail fast if
endpoint is central and fips is enabled.
Changes proposed:
* S3A to fail fast only if FIPS is enabled and non-central endpoint is
configured.
* Tests to ensure S3 bucket is accessible with default region us-east-2 with
cross region access (expected with central endpoint).
* Document FIPS support with central endpoint on connecting.html.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org
