[
https://issues.apache.org/jira/browse/HADOOP-12807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran updated HADOOP-12807:
------------------------------------
Resolution: Fixed
Fix Version/s: 2.8.0
Status: Resolved (was: Patch Available)
Thanks: patch applied to 2.8
Tobin, I hope you aren't letting anyone untrusted submit patches to that CI
system? As if they can print your env vars, they get your secrets.
Given that the env vars supported include transient session tokens, you may be
able to get away with session tokens there; it may mean that the STS SDK JAR
needs to go on to the CP. If you do try this —let us know how you get on.
> S3AFileSystem should read AWS credentials from environment variables
> --------------------------------------------------------------------
>
> Key: HADOOP-12807
> URL: https://issues.apache.org/jira/browse/HADOOP-12807
> Project: Hadoop Common
> Issue Type: Improvement
> Components: fs/s3
> Affects Versions: 2.7.2
> Reporter: Tobin Baker
> Assignee: Tobin Baker
> Priority: Minor
> Fix For: 2.8.0
>
> Attachments: HADOOP-12807-1.patch, HADOOP-12807-branch-2-004.patch
>
>
> Unlike the {{DefaultAWSCredentialsProviderChain}} in the AWS SDK, the
> {{AWSCredentialsProviderChain}} constructed by {{S3AFileSystem}} does not
> include an {{EnvironmentVariableCredentialsProvider}} instance. This prevents
> users from supplying AWS credentials in the environment variables
> {{AWS_ACCESS_KEY_ID}} and {{AWS_SECRET_ACCESS_KEY}}, which is the only
> alternative in some scenarios.
> In my scenario, I need to access S3 from within a test running in a CI
> environment that does not support IAM roles but does allow me to supply
> encrypted environment variables. Thus, the only secure approach I can use is
> to supply my AWS credentials in environment variables (plaintext
> configuration files are out of the question).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
