[ https://issues.apache.org/jira/browse/HADOOP-3733?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Steve Loughran updated HADOOP-3733: ----------------------------------- Attachment: HADOOP-3733-branch-2-001.patch Fix for this # pull out all URL user/pass extraction into a new class {{org.apache.hadoop.fs.s3native.S3xLoginHelper}}. It's in s3n as it is needed there too, I want it to outlive s3: removal, and reserve the option to backport. # this performs its own parsing of the user:pass from the authority info; handles / in passwords. # FS URI construction strips out the authority info, includes only the host in its URIs. # S3, S3N, S3A all use this codepath # S3A has had its code related to credentials modified to work with this too; it shares the same Login structure and is in a static S3AUtils method for easier testing. # Lots of unit tests to verify parsing works # There's an S3A functional test which verifies that passwords stuck in the FS URL are picked up. # I have tested that suite with a password with / in it If you do want to use a / in a password in a URL, do encode it with %2F; this will now be handled. > "s3:" URLs break when Secret Key contains a slash, even if encoded > ------------------------------------------------------------------ > > Key: HADOOP-3733 > URL: https://issues.apache.org/jira/browse/HADOOP-3733 > Project: Hadoop Common > Issue Type: Bug > Components: fs/s3 > Affects Versions: 0.17.1, 2.0.2-alpha > Reporter: Stuart Sierra > Assignee: Steve Loughran > Priority: Minor > Attachments: HADOOP-3733-20130223T011025Z.patch, > HADOOP-3733-branch-2-001.patch, HADOOP-3733.patch, hadoop-3733.patch > > > When using URLs of the form s3://ID:SECRET@BUCKET/ at the command line, > distcp fails if the SECRET contains a slash, even when the slash is > URL-encoded as %2F. > Say your AWS Access Key ID is RYWX12N9WCY42XVOL8WH > And your AWS Secret Key is Xqj1/NMvKBhl1jqKlzbYJS66ua0e8z7Kkvptl9bv > And your bucket is called "mybucket" > You can URL-encode the Secret KKey as > Xqj1%2FNMvKBhl1jqKlzbYJS66ua0e8z7Kkvptl9bv > But this doesn't work: > {noformat} > $ bin/hadoop distcp file:///source > s3://RYWX12N9WCY42XVOL8WH:Xqj1%2FNMvKBhl1jqKlzbYJS66ua0e8z7Kkvptl9bv@mybucket/dest > 08/07/09 15:05:22 INFO util.CopyFiles: srcPaths=[file:///source] > 08/07/09 15:05:22 INFO util.CopyFiles: > destPath=s3://RYWX12N9WCY42XVOL8WH:Xqj1%2FNMvKBhl1jqKlzbYJS66ua0e8z7Kkvptl9bv@mybucket/dest > 08/07/09 15:05:23 WARN httpclient.RestS3Service: Unable to access bucket: > mybucket > org.jets3t.service.S3ServiceException: S3 HEAD request failed. > ResponseCode=403, ResponseMessage=Forbidden > at > org.jets3t.service.impl.rest.httpclient.RestS3Service.performRequest(RestS3Service.java:339) > ... > With failures, global counters are inaccurate; consider running with -i > Copy failed: org.apache.hadoop.fs.s3.S3Exception: > org.jets3t.service.S3ServiceException: S3 PUT failed. XML Error Message: > <?xml version="1.0" > encoding="UTF-8"?><Error><Code>SignatureDoesNotMatch</Code><Message>The > request signature we calculated does not match the signature you provided. > Check your key and signing method.</Message> > at > org.apache.hadoop.fs.s3.Jets3tFileSystemStore.createBucket(Jets3tFileSystemStore.java:141) > ... > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org