[
https://issues.apache.org/jira/browse/HADOOP-13324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15351811#comment-15351811
]
Steve Loughran commented on HADOOP-13324:
-----------------------------------------
http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html
* The V4 API protocol first has the client get a session key, valid for 7 days,
using that to sign requests.
* It's possible to sign the entire upload payload, though it requires
precomputation. This could be done while the data is buffered in the
outputstream.write() calls.
* You need to select the right s3 region to talk to. It looks like currently
there's a request to the US east endpoint, which is then 301'd over to any
other region. While this works for V3 signatures, it may mean that every single
HTTP request is being redirected. (I say may, as while GET calls can be
redirected, PUT/POST are harder.
> s3a doesn't authenticate with S3 frankfurt (or other V4 auth only endpoints)
> ----------------------------------------------------------------------------
>
> Key: HADOOP-13324
> URL: https://issues.apache.org/jira/browse/HADOOP-13324
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Affects Versions: 2.8.0
> Reporter: Steve Loughran
> Assignee: Steve Loughran
>
> S3A doesn't auth with S3 frankfurt. This installation only supports v4 API.
> There are some JVM options which should set this, but even they don't appear
> to be enough. It appears that we have to allow the s3a client to change the
> endpoint with which it authenticates from a generic "AWS S3" to a
> frankfurt-specific one.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
