[jira] [Commented] (HADOOP-15141) Support IAM Assumed roles in S3A

Tue, 09 Jan 2018 08:01:33 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-15141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16318649#comment-16318649
 ] 

Steve Loughran commented on HADOOP-15141:
-----------------------------------------

HADOOP-15141 patch 003
* Fix up doc duplication
* Generate some more stack traces; add in docs & tests
* Removed S3A_ prefix from new constants
* Subclass the ITestS3AContractDistCp test into 
ITestS3AContractDistCpAssumedRole, which runs under assumed roles if the ARN 
for one is defined, and the FS isn't already running under assumed roles.

Testing: S3A ireland with/without s3guard, and with/without assumed roles set 
for the entire suite. This includes making sure that all is well when there 
isn't an assumed role option set for the test run.

If anyone testing this gets some new stack traces, they should go into the 
troubleshooting. I think we should really have
* bad inner auth (how is that presented?). Should just be the normal error.
* What happens if you are authenticated with session tokens and try to get role 
credentials
* bad ref to the STS endpoint




> Support IAM Assumed roles in S3A
> --------------------------------
>
>                 Key: HADOOP-15141
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15141
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 3.0.0
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>         Attachments: HADOOP-15141-001.patch, HADOOP-15141-002.patch, 
> HADOOP-15141-003.patch
>
>
> Add the ability to use assumed roles in S3A
> * Add a property fs.s3a.assumed.role.arn for the ARN of the assumed role
> * add a new provider which grabs that and other properties and then creates a 
> {{STSAssumeRoleSessionCredentialsProvider}} from it.
> * This also needs to support building up its own list of aws credential  
> providers, from a different property; make the changes to S3AUtils for that
> * Tests
> * docs
> * and have the AwsProviderList forward closeable to it.
> * Get picked up automatically by DDB/s3guard



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to