[ https://issues.apache.org/jira/browse/HADOOP-15176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16365136#comment-16365136 ]
Aaron Fabbri commented on HADOOP-15176: --------------------------------------- {noformat} public static final String NAME - = "org.apache.hadoop.fs.s3a.AssumedRoleCredentialProvider"; + = "org.apache.hadoop.fs.s3a.auth.AssumedRoleCredentialProvider"; {noformat} Minor compatibility issue here to call out for existing configs. +1 from me though, this was still stabilizing before now. {noformat} + * Jackson Role Model {noformat} For me? Michael Jackson, when I was really young and Thriller came out. I digress. Documentation looks great. I really appreciate the work here, especially the particulars around directory markers. Formatting looks good in my IDE's markdown rendering. {noformat} + LOG.warn("Cannot create directory marker at {}}", + f.getParent()); {noformat} This is where we catch {{AccessDeniedException}} in delete(). Shouldn't the error message say "access denied" so folks know why, without having to use debug level logging? I would just change it to {{LOG.warn("Cannot create directory marker (access denied) at {}}"}} Other than that, +1 LGTM. Tested in us-west-2 w/ and w/o S3Guard. > Enhance IAM assumed role support in S3A client > ---------------------------------------------- > > Key: HADOOP-15176 > URL: https://issues.apache.org/jira/browse/HADOOP-15176 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3, test > Affects Versions: 3.1.0 > Environment: > Reporter: Steve Loughran > Assignee: Steve Loughran > Priority: Blocker > Attachments: HADOOP-15176-001.patch, HADOOP-15176-002.patch, > HADOOP-15176-003.patch, HADOOP-15176-004.patch > > > Followup HADOOP-15141 with > * Code to generate basic AWS json policies somewhat declaratively (no hand > coded strings) > * Tests to simulate users with different permissions down the path of a > single bucket > * test-driven changes to S3A client to handle user without full write up the > FS tree > * move the new authenticator into the s3a sub-package "auth", where we can > put more auth stuff (that base s3a package is getting way too big) -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org