[
https://issues.apache.org/jira/browse/HDDS-14364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fabian Morgan updated HDDS-14364:
---------------------------------
Description: To create STS tokens, the AssumeRole API must be called with a
user that has permanent S3 credentials. If that user is revoked, then all
session tokens created by that user must be rendered useless. This issue was
found from a discussion on this PR:
https://github.com/apache/ozone/pull/9468#issuecomment-3709828535 (was: To
create STS tokens, the AssumeRole API must be called with a user that has
permanent S3 credentials. If that user is revoked, then all session tokens
created by that user must be rendered useless.)
> [STS] Revoked permanent credential must render all STS tokens useless
> ---------------------------------------------------------------------
>
> Key: HDDS-14364
> URL: https://issues.apache.org/jira/browse/HDDS-14364
> Project: Apache Ozone
> Issue Type: Sub-task
> Reporter: Fabian Morgan
> Assignee: Fabian Morgan
> Priority: Major
>
> To create STS tokens, the AssumeRole API must be called with a user that has
> permanent S3 credentials. If that user is revoked, then all session tokens
> created by that user must be rendered useless. This issue was found from a
> discussion on this PR:
> https://github.com/apache/ozone/pull/9468#issuecomment-3709828535
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
