virajjasani commented on PR #4705: URL: https://github.com/apache/hadoop/pull/4705#issuecomment-1209781608
> what was it? test running as other user? Basically for this test, I manually did the `sts assume-role` and then retrieved session token with `aws sts get-session-token` and also added this token to auth-keys, this was the root cause behind `ITestS3ATemporaryCredentials#testSTS` failure because calling GetSessionToken with session credentials (including session token) would not allow user to retrieve temporary creds. Besides, I also kept `fs.s3a.aws.credentials.provider` as `TemporaryAWSCredentialsProvider`. After bit of digging, when I realized that temporary credential provider cannot call the above API with session token, I removed session token and also removed `fs.s3a.aws.credentials.provider` to let the credential providers be picked up by default. After this change, test went smooth. > fwiw i use a very restricted user/role for my s3 tests, so if that key ever leaked, it would limit the damage to accessing my test s3 buckets, assume one role, etc. not even start an EC2 vm Ah yes, this is definitely very good suggestion, thanks! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
