[
https://issues.apache.org/jira/browse/HADOOP-15141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16317596#comment-16317596
]
Aaron Fabbri commented on HADOOP-15141:
---------------------------------------
Thanks for the contribution. I just ran integration tests (parallel, w/o
S3Guard) and had one failure which seems unrelated:
{noformat}
[ERROR]
testFakeDirectoryDeletion(org.apache.hadoop.fs.s3a.ITestS3AFileOperationCost)
Time elapsed: 4.58 s <<< FAILURE!
java.lang.AssertionError: after mkdir(srcDir): object_delete_requests
expected:<1> but was:<2>
at org.junit.Assert.fail(Assert.java:88)
at org.junit.Assert.failNotEquals(Assert.java:743)
at org.junit.Assert.assertEquals(Assert.java:118)
at org.junit.Assert.assertEquals(Assert.java:555)
{noformat}
Some comments on the patch...
{noformat}
+ // and force in a fail-fast check just to keep the stack traces less
+ // convoluted
+ getCredentials();
{noformat}
Good idea, thanks.
{noformat}
+The S3A connector supports assumed roles for authenticate with AWS.
{noformat}
/authenticate/authentication/
It seems like there is a little duplication in the docs, with some config
parameters in both index.md and assumed_roles.md. Do you want to remove the
section on all the Role Options (configuration) from the end of the index.md
blurb and replace it with a link to the assumed_roles.md page instead?
Overall patch looks good but I still need to test it out.
> Support IAM Assumed roles in S3A
> --------------------------------
>
> Key: HADOOP-15141
> URL: https://issues.apache.org/jira/browse/HADOOP-15141
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Affects Versions: 3.0.0
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Attachments: HADOOP-15141-001.patch, HADOOP-15141-002.patch
>
>
> Add the ability to use assumed roles in S3A
> * Add a property fs.s3a.assumed.role.arn for the ARN of the assumed role
> * add a new provider which grabs that and other properties and then creates a
> {{STSAssumeRoleSessionCredentialsProvider}} from it.
> * This also needs to support building up its own list of aws credential
> providers, from a different property; make the changes to S3AUtils for that
> * Tests
> * docs
> * and have the AwsProviderList forward closeable to it.
> * Get picked up automatically by DDB/s3guard
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
