[jira] [Commented] (HADOOP-15176) Enhance IAM assumed role support in S3A client

[Aaron Fabbri (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-15176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16365136#comment-16365136
 ] 

Aaron Fabbri commented on HADOOP-15176:
---------------------------------------

{noformat}
   public static final String NAME
-      = "org.apache.hadoop.fs.s3a.AssumedRoleCredentialProvider";
+      = "org.apache.hadoop.fs.s3a.auth.AssumedRoleCredentialProvider";
{noformat}

Minor compatibility issue here to call out for existing configs.  +1 from me 
though, this was still stabilizing before now.

{noformat}
+ * Jackson Role Model 
{noformat}

For me? Michael Jackson, when I was really young and Thriller came out.  I 
digress.

Documentation looks great. I really appreciate the work here, especially the 
particulars around directory markers. Formatting looks good in my IDE's 
markdown rendering.

{noformat}
+          LOG.warn("Cannot create directory marker at {}}",
+              f.getParent());
{noformat}

This is where we catch {{AccessDeniedException}} in delete().  Shouldn't the 
error message say "access denied" so folks know why, without having to use 
debug level logging?

I would just change it to {{LOG.warn("Cannot create directory marker (access 
denied) at {}}"}}

Other than that, +1 LGTM.

Tested in us-west-2 w/ and w/o S3Guard.

> Enhance IAM assumed role support in S3A client
> ----------------------------------------------
>
>                 Key: HADOOP-15176
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15176
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3, test
>    Affects Versions: 3.1.0
>         Environment: 
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Blocker
>         Attachments: HADOOP-15176-001.patch, HADOOP-15176-002.patch, 
> HADOOP-15176-003.patch, HADOOP-15176-004.patch
>
>
> Followup HADOOP-15141 with
> * Code to generate basic AWS json policies somewhat declaratively (no hand 
> coded strings)
> * Tests to simulate users with different permissions down the path of a 
> single bucket
> * test-driven changes to S3A client to handle user without full write up the 
> FS tree
> * move the new authenticator into the s3a sub-package "auth", where we can 
> put more auth stuff (that base s3a package is getting way too big)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org