[
https://issues.apache.org/jira/browse/HADOOP-12537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15311279#comment-15311279
]
Sean Mackrory commented on HADOOP-12537:
----------------------------------------
It looks to me like you can append to the session token and it will still work
- it must just be parsing what it expects and not looking at the rest. I can
make the test fail by prepending, or simply setting the empty string as the
session token. As soon as I append to an otherwise valid session token, the
test fails because the S3 access still works.
I thought I also observed behavior where authorization seemed to be cached for
a short period of time, but I have been misinterpreting the behavior I just
described. Going to run through a few more tweaks of the test case to ensure
this is not the case.
> s3a: Add flag for session ID to allow Amazon STS temporary credentials
> ----------------------------------------------------------------------
>
> Key: HADOOP-12537
> URL: https://issues.apache.org/jira/browse/HADOOP-12537
> Project: Hadoop Common
> Issue Type: New Feature
> Components: fs/s3
> Affects Versions: 2.7.1
> Reporter: Sean Mackrory
> Assignee: Sean Mackrory
> Priority: Minor
> Attachments: HADOOP-12537-branch-2.005.patch, HADOOP-12537.001.patch,
> HADOOP-12537.002.patch, HADOOP-12537.003.patch, HADOOP-12537.004.patch,
> HADOOP-12537.diff, HADOOP-12537.diff
>
>
> Amazon STS allows you to issue temporary access key id / secret key pairs for
> your a user / role. However, using these credentials also requires specifying
> a session ID. There is currently no such configuration property or the
> required code to pass it through to the API (at least not that I can find) in
> any of the S3 connectors.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
