[jira] [Commented] (HADOOP-15176) Enhance IAM assumed role support in S3A client

[Steve Loughran (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-15176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16365630#comment-16365630
 ] 

Steve Loughran commented on HADOOP-15176:
-----------------------------------------

bq. For me? Michael Jackson, when I was really young and Thriller came out. I 
digress.

you know, I didn't even see that when I wrote it. I'll leave it in for your 
amusement: you can practise your moves during test runs


bq, Minor compatibility issue here to call out for existing configs

Never shipped. I just think that the root package is getting too big, so I want 
to put all new auth stuff into s3.auth, and misc extensions under s3a.ext. And 
if you haven't noticed, I've claimed org.apache.fs.store in hadoop-common for 
object store stuff to be shared cross connectors, which is a goal I have. 
There's been too much historical copy and paste, and we are suffering now that 
there are 6 connectors in our own codebase.

bq. This is where we catch AccessDeniedException in delete(). Shouldn't the 
error message say "access denied" so folks know why, without having to use 
debug level logging?

will do.

I'll apply the change, do a full retest, then commit. thanks for the revie.

> Enhance IAM assumed role support in S3A client
> ----------------------------------------------
>
>                 Key: HADOOP-15176
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15176
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3, test
>    Affects Versions: 3.1.0
>         Environment: 
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Blocker
>         Attachments: HADOOP-15176-001.patch, HADOOP-15176-002.patch, 
> HADOOP-15176-003.patch, HADOOP-15176-004.patch
>
>
> Followup HADOOP-15141 with
> * Code to generate basic AWS json policies somewhat declaratively (no hand 
> coded strings)
> * Tests to simulate users with different permissions down the path of a 
> single bucket
> * test-driven changes to S3A client to handle user without full write up the 
> FS tree
> * move the new authenticator into the s3a sub-package "auth", where we can 
> put more auth stuff (that base s3a package is getting way too big)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org