[ https://issues.apache.org/jira/browse/HADOOP-13389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15385122#comment-15385122 ]
Steven K. Wong edited comment on HADOOP-13389 at 7/20/16 1:10 AM: ------------------------------------------------------------------ I have auth-keys.xml (that only configures test.fs.s3a.name), because I intend to run the S3A tests. All S3A tests -- except TestS3ATemporaryCredentials.testSTS -- succeed for me. The InstanceProfileCredentialsProvider object on line 93 is unhelpful because its temporary credential is not compatible with the getSessionToken call on line 105 (as explained above). Hence, at a minimum I think InstanceProfileCredentialsProvider should be removed from the credentials chain in the test case. But that doesn't fix the test case failure. Perhaps testSTS should explicitly check for the absence of credentials in the config and skip itself (like what line 83 does)? was (Author: slider): I have auth-keys.xml (that only configures test.fs.s3a.name), because I intend to run the S3A tests. All S3A tests -- except TestS3ATemporaryCredentials.testSTS -- succeed for me. The InstanceProfileCredentialsProvider object on line 93 is unhelpful because its temporary credential is not compatible with the getSessionToken call on line 105 (as explained above). Hence, at a minimum I think InstanceProfileCredentialsProvider should be removed from the credentials chain in the test case. But that doesn't fix the test case failure. Perhaps testSTS should explicitly check for the absence of credentials in the config and skip itself? > TestS3ATemporaryCredentials.testSTS error > ----------------------------------------- > > Key: HADOOP-13389 > URL: https://issues.apache.org/jira/browse/HADOOP-13389 > Project: Hadoop Common > Issue Type: Bug > Components: fs/s3 > Reporter: Steven K. Wong > > {{org.apache.hadoop.fs.s3a.TestS3ATemporaryCredentials.testSTS}} throws a 403 > AccessDenied when run without any AWS credentials (access key and secret key) > in the config. > {noformat} > com.amazonaws.AmazonServiceException: Cannot call GetSessionToken with > session credentials (Service: AWSSecurityTokenService; Status Code: 403; > Error Code: AccessDenied; Request ID: XXXXX) > at > com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1182) > at > com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:770) > at > com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:489) > at > com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:310) > at > com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1106) > at > com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.getSessionToken(AWSSecurityTokenServiceClient.java:355) > at > org.apache.hadoop.fs.s3a.TestS3ATemporaryCredentials.testSTS(TestS3ATemporaryCredentials.java:105) > {noformat} > It fails because the InstanceProfileCredentialsProvider in the credentials > chain (on line 91) is used, but an instance profile always provides a > temporary credential and GetSessionToken requires a long-term (not temporary) > credential. > Suggestion on how to fix this test case? -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org