[jira] [Updated] (HADOOP-15141) Support IAM Assumed roles in S3A

Mon, 08 Jan 2018 13:13:12 -0800 

     [ 
https://issues.apache.org/jira/browse/HADOOP-15141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Steve Loughran updated HADOOP-15141:
------------------------------------
    Attachment: HADOOP-15141-002.patch

HADOOP-15141 patch 002
*  Tests are done, docs are done. 
*  Exception reporting of errors during credential provider construction now 
runs through translateException() if the wrapped error is of the right class, 
this ensures that things an STS Auth failure is mapped up to an 
AccessDeniedException. Tests for this too.

Tested the entire test suite withh everything set to use assumed roles, at 
-Dscale, -Ds3guard, -Ddynamodb, s3 ireland.

Some tests broke because they didn't expect fs.s3a.aws.credentials.provider to 
be set in the default configuration (standard fix: unset the property). This is 
of course harmless in the default operations; it's just making sure it always 
stays like this.

Ready for review now, I hope


> Support IAM Assumed roles in S3A
> --------------------------------
>
>                 Key: HADOOP-15141
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15141
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 3.0.0
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>         Attachments: HADOOP-15141-001.patch, HADOOP-15141-002.patch
>
>
> Add the ability to use assumed roles in S3A
> * Add a property fs.s3a.assumed.role.arn for the ARN of the assumed role
> * add a new provider which grabs that and other properties and then creates a 
> {{STSAssumeRoleSessionCredentialsProvider}} from it.
> * This also needs to support building up its own list of aws credential  
> providers, from a different property; make the changes to S3AUtils for that
> * Tests
> * docs
> * and have the AwsProviderList forward closeable to it.
> * Get picked up automatically by DDB/s3guard



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to