Aaron Fabbri created HADOOP-15525:
-------------------------------------
Summary: s3a: clarify / improve support for mixed ACL buckets
Key: HADOOP-15525
URL: https://issues.apache.org/jira/browse/HADOOP-15525
Project: Hadoop Common
Issue Type: Bug
Components: fs/s3
Affects Versions: 3.0.0
Reporter: Aaron Fabbri
Scenario: customer wants to only give a Hadoop cluster access to a subtree of
an S3 bucket.
For example, assume Hadoop uses some IAM identity "hadoop", which they wish to
grant full permission to everything under the following path:
s3a://bucket/a/b/c/hadoop-dir
they don't want hadoop user to be able to read/list/delete anything outside of
the hadoop-dir "subdir"
Problems:
To implement the "directory structure on flat key space" emulation logic we use
to present a Hadoop FS on top of a blob store, we need to create / delete /
list ancestors of {{hadoop-dir}}.
I'd like us to either (1) document a workaround (example IAM ACLs) that gets
this basic functionality, and/or (2) make improvements to make this less
painful.
We've discussed some of these issues before but I didn't see a dedicated JIRA.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
