[jira] [Commented] (HADOOP-12807) S3AFileSystem should read AWS credentials from environment variables

Mon, 06 Jun 2016 15:10:33 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-12807?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15317370#comment-15317370
 ] 

Tobin Baker commented on HADOOP-12807:
--------------------------------------

Thanks so much for getting this in, and sorry for slacking off on the tests!

I don't think our CI configuration exposes us to much risk since the IAM user 
whose env vars are encrypted in our {{.travis.yml}} file has no permissions 
except read/write access to a dedicated test data S3 bucket. Also, our Travis 
account is restricted to users with write privileges on our Github repo, which 
is confined to our team.


> S3AFileSystem should read AWS credentials from environment variables
> --------------------------------------------------------------------
>
>                 Key: HADOOP-12807
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12807
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/s3
>    Affects Versions: 2.7.2
>            Reporter: Tobin Baker
>            Assignee: Tobin Baker
>            Priority: Minor
>             Fix For: 2.8.0
>
>         Attachments: HADOOP-12807-1.patch, HADOOP-12807-branch-2-004.patch
>
>
> Unlike the {{DefaultAWSCredentialsProviderChain}} in the AWS SDK, the 
> {{AWSCredentialsProviderChain}} constructed by {{S3AFileSystem}} does not 
> include an {{EnvironmentVariableCredentialsProvider}} instance. This prevents 
> users from supplying AWS credentials in the environment variables 
> {{AWS_ACCESS_KEY_ID}} and {{AWS_SECRET_ACCESS_KEY}}, which is the only 
> alternative in some scenarios.
> In my scenario, I need to access S3 from within a test running in a CI 
> environment that does not support IAM roles but does allow me to supply 
> encrypted environment variables. Thus, the only secure approach I can use is 
> to supply my AWS credentials in environment variables (plaintext 
> configuration files are out of the question).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to