[
https://issues.apache.org/jira/browse/HADOOP-12723?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15293553#comment-15293553
]
Steve Loughran commented on HADOOP-12723:
-----------------------------------------
Note that it turns out that the bad config test was broken; after HADOOP-13058
{{FS.initalize()}} swallows access exceptions trying to set multipart
thresholds, which was where the 403 was being triggered before. HADOOP-13130
patch 014 addresses that.
Its always important to have the non-exception-throwing codepath to assert that
it is never reached —that is what was happening here, hence why the tests
weren't catching the regression in the test. Apologies for not noticing that
during review
> S3A: Add ability to plug in any AWSCredentialsProvider
> ------------------------------------------------------
>
> Key: HADOOP-12723
> URL: https://issues.apache.org/jira/browse/HADOOP-12723
> Project: Hadoop Common
> Issue Type: New Feature
> Components: fs/s3
> Affects Versions: 2.7.1
> Reporter: Steven Wong
> Assignee: Steven Wong
> Fix For: 2.8.0
>
> Attachments: HADOOP-12723-branch-2-006.patch, HADOOP-12723.0.patch,
> HADOOP-12723.1.patch, HADOOP-12723.2.patch, HADOOP-12723.3.patch,
> HADOOP-12723.4.patch, HADOOP-12723.5.patch
>
>
> Although S3A currently has built-in support for
> {{org.apache.hadoop.fs.s3a.BasicAWSCredentialsProvider}},
> {{com.amazonaws.auth.InstanceProfileCredentialsProvider}}, and
> {{org.apache.hadoop.fs.s3a.AnonymousAWSCredentialsProvider}}, it does not
> support any other credentials provider that implements the
> {{com.amazonaws.auth.AWSCredentialsProvider}} interface. Supporting the
> ability to plug in any {{com.amazonaws.auth.AWSCredentialsProvider}} instance
> will expand the options for S3 credentials, such as:
> * temporary credentials from STS, e.g. via
> {{com.amazonaws.auth.STSSessionCredentialsProvider}}
> * IAM role-based credentials, e.g. via
> {{com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider}}
> * a custom credentials provider that satisfies one's own needs, e.g.
> bucket-specific credentials, user-specific credentials, etc.
> To support this, we can add a configuration for the fully qualified class
> name of a credentials provider, to be loaded by
> {{S3AFileSystem.initialize(URI, Configuration)}}.
> The configured credentials provider should implement
> {{com.amazonaws.auth.AWSCredentialsProvider}} and have a constructor that
> accepts {{(URI uri, Configuration conf)}}.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
