[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Resolution: Fixed Fix Version/s: 3.3.0 Status: Resolved (was: Patch Available) revision 29 committed. Thank you all for your help! > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Fix For: 3.3.0 > > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-026.patch, > HADOOP-14556-027.patch, HADOOP-14556-028.patch, HADOOP-14556-029.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) patch 029 * ITestRoleDelegationTokens to only run when fs.s3a.assumed.role set * Expand testing & Assumed role docs to list the current set of tests which need this. +checkstyle tested, S3 ireland with and without {{fs.s3a.assumed.role}}. When unset, the relevant tests skip > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-026.patch, > HADOOP-14556-027.patch, HADOOP-14556-028.patch, HADOOP-14556-029.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-029.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-026.patch, > HADOOP-14556-027.patch, HADOOP-14556-028.patch, HADOOP-14556-029.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-026.patch, > HADOOP-14556-027.patch, HADOOP-14556-028.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Reopened) HADOOP-14556 patch 028: fix up javadocs, address HADOOP-16033 (hamcrest library scope) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-026.patch, > HADOOP-14556-027.patch, HADOOP-14556-028.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-028.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-026.patch, > HADOOP-14556-027.patch, HADOOP-14556-028.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Akira Ajisaka updated HADOOP-14556: --- Fix Version/s: (was: 3.3.0) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-026.patch, > HADOOP-14556-027.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jitendra Nath Pandey updated HADOOP-14556: -- Fix Version/s: 3.3.0 > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Fix For: 3.3.0 > > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-026.patch, > HADOOP-14556-027.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Resolution: Fixed Status: Resolved (was: Patch Available) thanks, committed For the curious: Larry and I have been using this internally, it all seems to work. And with the hardening of token loading and removal of even transitive dependencies on aws-sdk in the token identifier's fields, I believe I've removed both the risk of classloading problems, and the consequences. And it's really slick to be able to submit distcp jobs into a cluster which doesn't have the permissions to read or decrypt the data you are working with. More downstream testing will of course be needed. For anyone new to this JIRA, *this does not work with hive*. Spark, yes, Hive no > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-026.patch, > HADOOP-14556-027.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-026.patch, > HADOOP-14556-027.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-027.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-026.patch, > HADOOP-14556-027.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-026.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-026.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: (was: HADOOP-14556-025.patch) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-026.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-025.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-025.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556-025.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Affects Version/s: (was: 3.2.0) 3.3.0 Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-025.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.3.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556-025.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) HADOOP-14556 Patch 024 Isolate MarshalledCredentials (which end up Token Identifiers) from any AWS classes, exceptions, interfaces. The bridging code is in a new class, MarshalledCredentialBinding. This makes some bits cleaner, some bits less so. But it should guarantee that there will never be classload problems with hadoop-aws on the CP and aws-sdk not. Doesn't mean that you can actually use a DT, but it means that some things like the RM won't crash on renewals. > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-024.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556-024.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-023.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556-023.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) patch 022; try to address all of Íñigo's comments + review of docs, canonicalisation process and tightening down off delta with trunk (e.g. pom, S3AFilesystem, S3AUtils_ + also moved field declaration so merge conflict w/ HADOOP-15229 is reduced. (not tested!) Testing: S3A ireland + s3guard+dynamodb > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-022.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556-022.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-021.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) Patch 021: address checkstyle and javadoc warnings from patch 020 No other changes, not done any retest (yet). This patch is really, really, ready for review. I am successfully using it in real Distcp jobs > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556-021.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) Patch 020 * adds DtFetcher binding (copy and past of HDFS one, new service entry), plus test * various improvements for strings and logging * minor cleanup. I have used this in real distcp jobs: it works > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-020.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556-020.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-019.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556-019.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) patch 018a (don't ask) * reorders some things for easier cherry picking to 3.2 branch * addresses that findbugs bug which was, yes, a real bug: s3guard commands which didn't pass in a FS URI could trigger NPEs in DT code whose authenticator assumed that it never happened. Conclusion: need a test for that codepath, even if its DT binding stuff fails * To address that, I've got the S3AUTils methods to create providers taking an Optional; make clear it may not be set, and AWS credential providers can now have a constructor with the same; moved things over to it with tests as appropriate test: s3 ireland > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-018a.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556-018a.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-017.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556-017.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-016.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556-016.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-015.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556-015.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) HADOOP-14556 patch 014 * instrumentation to track getDelegationToken() invocation count (new CommonStatisticNames field), and of tokens issued * which are probed for in one of the tests * DelegatedMR job cleaned up, now as much as I can see easily done. * There's an origin string on token IDs to make it easier to debug; usually: (hostname, time); * when propagating session secrets this is noted in origin * and for role tokens, the role ARN. * checkstyle and minor cleanups *This stuff is ready to play with —can anyone have a go?* > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-014.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556-014.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-013.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556-013.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) Patch 012; checkstyle and weekly update patch * adding options to core-default.xml * address previous patch javadoc issues main change is that the session token will lift and forward any existing session credentials its auth chain provides. The standard DT login chain is "simple" (full keys in config options) and env vars, but if the env vars are session vars or the chain is configured to use Temporary credentials then those creds are marshalled into the DT *after a warning is logged* the warning & docs cover a limitation of forwarding: the token life is now that of the existing credentials, which we don't know. But: it allows people who only have session creds (e.g. issued by 2FA) to pass them on as DTs. role DTs don't handle this: you can't call STS.assumeRole with session tokens TODO * add a test for session credential forwarding * salvage something from the MR test which uses a mock yarn client for job submit, so avoids the challenge of getting a secure mini yarn cluster up. * only log that forwarding once > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-012.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556-012.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-011.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556-011.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-010.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) (resubmit rebased to trunk) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-010.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556-010.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: (was: HADOOP-14556-010.patch) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-010.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556-010.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) patch 009 fetchdt tests & identity propagation * The owner of a token is now the user who created it (with auth==token); tests check this * fetchdt tests working, provided HDFS-13951 is applied * fix up javadoc/javac/site There's now tests for creating an instance as user alice, bob asking for a DT & verifying that alice is the owner of the token; that is: the FS owner is the owner. hdfs fetchdt is also used to generate & validate tokens; there's some changes there for resilience & testing which will also be submitted as a separate patch The only remaining real test will be one to actually show job submit (ideally, with s3 committers), works. That will be fun to write. > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-009.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556-009.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: (was: HADOOP-14556-008.patch) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-008.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-008.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556-008.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-007.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556-007.patch, HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Affects Version/s: (was: 2.8.1) 3.2.0 Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 3.2.0 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-005.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556-005.patch, > HADOOP-14556.oath-002.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: In Progress) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556.oath-002.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556.oath-002.patch, > HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daryn Sharp updated HADOOP-14556: - Attachment: HADOOP-14556.oath.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch, HADOOP-14556.oath.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-004.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch, HADOOP-14556-004.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) HADOOP-14556 patch 003 * rebased to trunk * move everything new to auth package * conflicts with pending HADOOP-15583 patch, as the ddb credential wire up here is obsoleted by that. This is purely a rebase to see where things are, and to *probably* get jenkins to recompile. Not compiled or tested mysef. To get this in # needs HADOOP-15583 in first, this patch reworked # needs to move to the plugin model I've proposed, with marshalled credentials including info about it # Plus of course: all Daryn's comments. Will need to think about testing that user-level scoping. For a simple "full credentials DT" (which still gets secrets to a service), which should also work with 3rd party stores * place keys and encryption info in DT; send over wire, decode and auth. session/AssumedRole DT provider * get long-life keys * option for role/session should be restricted to the specific bucket, ddb table (and all kms keys) of the destination I'm slightly worried about the impact asking for lots of session tokens could have on launch; will need retry logic there in case the whole account is overloaded for (undocumented) STS limits, as every bucket will have an STS call made @ launch time. > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-003.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch, > HADOOP-14556-003.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Parent: HADOOP-15220 (was: HADOOP-14831) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Assignee: Steve Loughran Target Version/s: 3.2.0 (was: 3.1.0) Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran >Assignee: Steve Loughran >Priority: Major > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-002.patch Patch 002; in sync with trunk. FileContext tests still failing, as paths returned in getFileStatus/list, etc, don't include the port, that is: they don't have the same URI as the canonical name. Daryn, if yo've got your patch ready, I'd like to see it to see how we can merge things. For this DT I want to * add: encryption settings, * forward session credentials * pick up env vars and use them if present. Gives you automatic marshalling. Issue: risk of fun with spark here, as it propagates the env vars already. These DTs would take priority for the specific FSs DTs get picked up for. I guess we can conclude that if you enable DTs, you want it * support assumed roles, so that the client will talk to STS to assume a role before creating the client, and use that for local s3, DDB access, and pass in as the DT credentials > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran > Attachments: HADOOP-14556-001.patch, HADOOP-14556-002.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Target Version/s: 3.1.0 (was: 3.0.0-beta1) Status: Open (was: Patch Available) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran >Assignee: Steve Loughran > Attachments: HADOOP-14556-001.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Parent Issue: HADOOP-14831 (was: HADOOP-13204) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran >Assignee: Steve Loughran > Attachments: HADOOP-14556-001.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Affects Version/s: 2.8.1 Status: Patch Available (was: Open) > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Affects Versions: 2.8.1 >Reporter: Steve Loughran >Assignee: Steve Loughran > Attachments: HADOOP-14556-001.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Attachment: HADOOP-14556-001.patch > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Reporter: Steve Loughran >Assignee: Steve Loughran > Attachments: HADOOP-14556-001.patch > > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14556) S3A to support Delegation Tokens
[ https://issues.apache.org/jira/browse/HADOOP-14556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-14556: Description: S3A to support delegation tokens where * an authenticated client can request a token via {{FileSystem.getDelegationToken()}} * Amazon's token service is used to request short-lived session secret & id; these will be saved in the token and marshalled with jobs * A new authentication provider will look for a token for the current user and authenticate the user if found This will not support renewals; the lifespan of a token will be limited to the initial duration. Also, as you can't request an STS token from a temporary session, IAM instances won't be able to issue tokens. was: S3A to support delegation tokens where * authenticated client can request a token via {{FileSystem.getDelegationToken()}} * STS is used to request short-lived session secret & id; these will be saved in the token and marshalled with jobs * new authentication provider to look for a token for the current user. This will not support renewals; the lifespan of a token will be limited to the initial duration. Also, as you can't request an STS token from a temporary session, IAM instances won't be able to issue tokens. > S3A to support Delegation Tokens > > > Key: HADOOP-14556 > URL: https://issues.apache.org/jira/browse/HADOOP-14556 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 >Reporter: Steve Loughran >Assignee: Steve Loughran > > S3A to support delegation tokens where > * an authenticated client can request a token via > {{FileSystem.getDelegationToken()}} > * Amazon's token service is used to request short-lived session secret & id; > these will be saved in the token and marshalled with jobs > * A new authentication provider will look for a token for the current user > and authenticate the user if found > This will not support renewals; the lifespan of a token will be limited to > the initial duration. Also, as you can't request an STS token from a > temporary session, IAM instances won't be able to issue tokens. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org