[ https://issues.apache.org/jira/browse/HADOOP-15672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16938905#comment-16938905 ]
Steve Loughran commented on HADOOP-15672: ----------------------------------------- I don't think we need this any more. I have successfully issued session delegation tokens and then loaded them back from a file for authentication. That is: you can use hadoop dfsutil to save a token you can then pass on to others via email, etc. This includes encryption. Closing as DONE > add s3guard CLI command to generate session keys for an assumed role > -------------------------------------------------------------------- > > Key: HADOOP-15672 > URL: https://issues.apache.org/jira/browse/HADOOP-15672 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 > Affects Versions: 3.2.0 > Reporter: Steve Loughran > Priority: Minor > > the aws cli > [get-session-token|https://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html] > can generate the keys for short-lived session. > I'd like something similar in an s3guard command, e.g. "create-role-keys", > which would take the existing (full) credentials and optionally: > * ARN of role to adopt > * duration > * name > * restrictions as path to a JSON file or just stdin > * output format > * whether to use a per-bucket binding for the credentials in the property > names generated > * MFA secrets > output formats > * A JCEKS file (with chosen passwd? For better hive use: append/replace > entries in existing file); saved through the hadoop FS APIs to HDFS, file:// > or elsewhere > * hadoop config XML > * spark properties > The goal here is to have a workflow where you can generate role credentials > to use for a limited time, store them in a JCEKS file and then share them in > your jobs. This can be for: Jenkins, Oozie, build files, .. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org