[ https://issues.apache.org/jira/browse/HADOOP-13389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15385122#comment-15385122 ]
Steven K. Wong commented on HADOOP-13389: ----------------------------------------- I have auth-keys.xml (that only configures test.fs.s3a.name), because I intend to run the S3A tests. All S3A tests -- except TestS3ATemporaryCredentials.testSTS -- succeed for me. The InstanceProfileCredentialsProvider object on line 93 is unhelpful because its temporary credential is not compatible with the getSessionToken call on line 105. Hence, at a minimum I think InstanceProfileCredentialsProvider should be removed from the credentials chain in the test case. But that doesn't fix the test case failure. > TestS3ATemporaryCredentials.testSTS error > ----------------------------------------- > > Key: HADOOP-13389 > URL: https://issues.apache.org/jira/browse/HADOOP-13389 > Project: Hadoop Common > Issue Type: Bug > Components: fs/s3 > Reporter: Steven K. Wong > > {{org.apache.hadoop.fs.s3a.TestS3ATemporaryCredentials.testSTS}} throws a 403 > AccessDenied when run without any AWS credentials (access key and secret key) > in the config. > {noformat} > com.amazonaws.AmazonServiceException: Cannot call GetSessionToken with > session credentials (Service: AWSSecurityTokenService; Status Code: 403; > Error Code: AccessDenied; Request ID: XXXXX) > at > com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1182) > at > com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:770) > at > com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:489) > at > com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:310) > at > com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1106) > at > com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.getSessionToken(AWSSecurityTokenServiceClient.java:355) > at > org.apache.hadoop.fs.s3a.TestS3ATemporaryCredentials.testSTS(TestS3ATemporaryCredentials.java:105) > {noformat} > It fails because the InstanceProfileCredentialsProvider in the credentials > chain (on line 91) is used, but an instance profile always provides a > temporary credential and GetSessionToken requires a long-term (not temporary) > credential. > Suggestion on how to fix this test case? -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org