[jira] [Updated] (HADOOP-16806) AWS AssumedRoleCredentialProvider needs ExternalId add
[
https://issues.apache.org/jira/browse/HADOOP-16806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated HADOOP-16806:
Labels: pull-request-available (was: )
> AWS AssumedRoleCredentialProvider needs ExternalId add
> --
>
> Key: HADOOP-16806
> URL: https://issues.apache.org/jira/browse/HADOOP-16806
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
>Affects Versions: 3.2.1
>Reporter: Jon Hartlaub
>Priority: Minor
> Labels: pull-request-available
>
> AWS has added a security feature to the assume-role function in the form of
> the "ExternalId" key in the AWS Java SDK
> {{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
> security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
> patch to include this value from the configuration as well as an added
> Constant to the {{org.apache.hadoop.fs.s3a.Constants}} file.
> The ExternalId is not a required security feature, it is an augmentation of
> the current assume role configuration.
> Proposed:
> * Get the assume-role ExternalId token from the configuration for the
> configuration key {{fs.s3a.assumed.role.externalid}}
> * Use the configured ExternalId value in the
> {{STSAssumeRoleSessionCredentialsProvider.Builder}}
> e.g.
> {{if (StringUtils.isNotEmpty(externalId)) {}}
> {{ builder.withExternalId(externalId); // include the token for
> cross-account assume role}}
> {{}}}
> Tests:
> * +Unit test+ which verifies the ExternalId state value of the
> {{AssumedRoleCredentialProvider}} is consistent with the configured value -
> either empty or populated
> * Question: not sure about how to write the +integration test+ for this
> feature. We have an account configured for this use-case that verifies this
> feature but I don't have much context on the Hadoop project AWS S3
> integration tests, perhaps a pointer could help.
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16806) AWS AssumedRoleCredentialProvider needs ExternalId add
[
https://issues.apache.org/jira/browse/HADOOP-16806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran updated HADOOP-16806:
Parent: HADOOP-18067 (was: HADOOP-17566)
> AWS AssumedRoleCredentialProvider needs ExternalId add
> --
>
> Key: HADOOP-16806
> URL: https://issues.apache.org/jira/browse/HADOOP-16806
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
>Affects Versions: 3.2.1
>Reporter: Jon Hartlaub
>Priority: Minor
>
> AWS has added a security feature to the assume-role function in the form of
> the "ExternalId" key in the AWS Java SDK
> {{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
> security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
> patch to include this value from the configuration as well as an added
> Constant to the {{org.apache.hadoop.fs.s3a.Constants}} file.
> The ExternalId is not a required security feature, it is an augmentation of
> the current assume role configuration.
> Proposed:
> * Get the assume-role ExternalId token from the configuration for the
> configuration key {{fs.s3a.assumed.role.externalid}}
> * Use the configured ExternalId value in the
> {{STSAssumeRoleSessionCredentialsProvider.Builder}}
> e.g.
> {{if (StringUtils.isNotEmpty(externalId)) {}}
> {{ builder.withExternalId(externalId); // include the token for
> cross-account assume role}}
> {{}}}
> Tests:
> * +Unit test+ which verifies the ExternalId state value of the
> {{AssumedRoleCredentialProvider}} is consistent with the configured value -
> either empty or populated
> * Question: not sure about how to write the +integration test+ for this
> feature. We have an account configured for this use-case that verifies this
> feature but I don't have much context on the Hadoop project AWS S3
> integration tests, perhaps a pointer could help.
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16806) AWS AssumedRoleCredentialProvider needs ExternalId add
[
https://issues.apache.org/jira/browse/HADOOP-16806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jon Hartlaub updated HADOOP-16806:
--
Description:
AWS has added a security feature to the assume-role function in the form of the
"ExternalId" key in the AWS Java SDK
{{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
patch to include this value from the configuration as well as an added Constant
to the {{org.apache.hadoop.fs.s3a.Constants}} file.
The ExternalId is not a required security feature, it is an augmentation of the
current assume role configuration.
Proposed:
* Get the assume-role ExternalId token from the configuration for the
configuration key {{fs.s3a.assumed.role.externalid}}
* Use the configured ExternalId value in the
{{STSAssumeRoleSessionCredentialsProvider.Builder}}
e.g.
{{if (StringUtils.isNotEmpty(externalId)) {}}
{{ builder.withExternalId(externalId); // include the token for
cross-account assume role}}
{{}}}
Tests:
* +Unit test+ which verifies the ExternalId state value of the
{{AssumedRoleCredentialProvider}} is consistent with the configured value -
either empty or populated
* Question: not sure about how to write the +integration test+ for this
feature. We have an account configured for this use-case that verifies this
feature but I don't have much context on the Hadoop project AWS S3 integration
tests, perhaps a pointer could help.
was:
AWS has added a security feature to the assume-role function in the form of the
"ExternalId" key in the AWS Java SDK
{{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
patch to include this value from the configuration as well as an added Constant
to the {{org.apache.hadoop.fs.s3a.Constants}} file.
The ExternalId is not a required security feature, it is an augmentation of the
current assume role configuration.
Proposed:
* Get the assume-role ExternalId token from the configuration for the
configuration key {{fs.s3a.assumed.role.externalid}}
* Use the configured ExternalId value in the
{{STSAssumeRoleSessionCredentialsProvider.Builder}}
e.g.
{{if (StringUtils.isNotEmpty(externalId)) {}}
{{ builder.withExternalId(externalId); // include the token for
cross-account assume role}}
{{}}}
Tests:
* +Unit test+ which verifies the ExternalId state value of the
{{AssumedRoleCredentialProvider}} is consistent with the configured value -
either empty or populated
* Question: not sure about how to write the +integration test+ for this
feature. We have an account configured for this use-case that verifies this
feature but I don't have much context on the AWS S3 integration tests, perhaps
a pointer could help.
> AWS AssumedRoleCredentialProvider needs ExternalId add
> --
>
> Key: HADOOP-16806
> URL: https://issues.apache.org/jira/browse/HADOOP-16806
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
>Affects Versions: 3.2.1
>Reporter: Jon Hartlaub
>Priority: Minor
>
> AWS has added a security feature to the assume-role function in the form of
> the "ExternalId" key in the AWS Java SDK
> {{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
> security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
> patch to include this value from the configuration as well as an added
> Constant to the {{org.apache.hadoop.fs.s3a.Constants}} file.
> The ExternalId is not a required security feature, it is an augmentation of
> the current assume role configuration.
> Proposed:
> * Get the assume-role ExternalId token from the configuration for the
> configuration key {{fs.s3a.assumed.role.externalid}}
> * Use the configured ExternalId value in the
> {{STSAssumeRoleSessionCredentialsProvider.Builder}}
> e.g.
> {{if (StringUtils.isNotEmpty(externalId)) {}}
> {{ builder.withExternalId(externalId); // include the token for
> cross-account assume role}}
> {{}}}
> Tests:
> * +Unit test+ which verifies the ExternalId state value of the
> {{AssumedRoleCredentialProvider}} is consistent with the configured value -
> either empty or populated
> * Question: not sure about how to write the +integration test+ for this
> feature. We have an account configured for this use-case that verifies this
> feature but I don't have much context on the Hadoop project AWS S3
> integration tests, perhaps a pointer could help.
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
[jira] [Updated] (HADOOP-16806) AWS AssumedRoleCredentialProvider needs ExternalId add
[
https://issues.apache.org/jira/browse/HADOOP-16806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jon Hartlaub updated HADOOP-16806:
--
Description:
AWS has added a security feature to the assume-role function in the form of the
"ExternalId" key in the AWS Java SDK
{{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
patch to include this value from the configuration as well as an added Constant
to the {{org.apache.hadoop.fs.s3a.Constants}} file.
The ExternalId is not a required security feature, it is an augmentation of the
current assume role configuration.
Proposed:
* Get the assume-role ExternalId token from the configuration for the
configuration key {{fs.s3a.assumed.role.externalid}}
* Use the configured ExternalId value in the
{{STSAssumeRoleSessionCredentialsProvider.Builder}}
e.g.
{{if (StringUtils.isNotEmpty(externalId)) {}}
{{ builder.withExternalId(externalId); // include the token for
cross-account assume role}}
{{}}}
Tests:
* +Unit test+ which verifies the ExternalId state value of the
{{AssumedRoleCredentialProvider}} is consistent with the configured value -
either empty or populated
* Question: not sure about how to write the +integration test+ for this
feature. We have an account configured for this use-case that verifies this
feature but I don't have much context on the AWS S3 integration tests, perhaps
a pointer could help.
was:
AWS has added a security feature to the assume-role function in the form of the
"ExternalId" key in the AWS Java SDK
{{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
patch to include this value from the configuration as well as an added Constant
to the {{org.apache.hadoop.fs.s3a.Constants}} file.
The ExternalId is not a required security feature, it is an augmentation of the
current assume role configuration.
Proposed:
* Get the assume-role ExternalId token from the configuration for the
configuration key {{fs.s3a.assumed.role.externalid}}
* Use the configured ExternalId value in the
{{STSAssumeRoleSessionCredentialsProvider.Builder}}
e.g.
{{if (StringUtils.isNotEmpty(externalId)) {}}
{{ builder.withExternalId(externalId); // include the token for
cross-account assume role}}
{{}}}
> AWS AssumedRoleCredentialProvider needs ExternalId add
> --
>
> Key: HADOOP-16806
> URL: https://issues.apache.org/jira/browse/HADOOP-16806
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
>Affects Versions: 3.2.1
>Reporter: Jon Hartlaub
>Priority: Minor
>
> AWS has added a security feature to the assume-role function in the form of
> the "ExternalId" key in the AWS Java SDK
> {{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
> security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
> patch to include this value from the configuration as well as an added
> Constant to the {{org.apache.hadoop.fs.s3a.Constants}} file.
> The ExternalId is not a required security feature, it is an augmentation of
> the current assume role configuration.
> Proposed:
> * Get the assume-role ExternalId token from the configuration for the
> configuration key {{fs.s3a.assumed.role.externalid}}
> * Use the configured ExternalId value in the
> {{STSAssumeRoleSessionCredentialsProvider.Builder}}
> e.g.
> {{if (StringUtils.isNotEmpty(externalId)) {}}
> {{ builder.withExternalId(externalId); // include the token for
> cross-account assume role}}
> {{}}}
> Tests:
> * +Unit test+ which verifies the ExternalId state value of the
> {{AssumedRoleCredentialProvider}} is consistent with the configured value -
> either empty or populated
> * Question: not sure about how to write the +integration test+ for this
> feature. We have an account configured for this use-case that verifies this
> feature but I don't have much context on the AWS S3 integration tests,
> perhaps a pointer could help.
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16806) AWS AssumedRoleCredentialProvider needs ExternalId add
[
https://issues.apache.org/jira/browse/HADOOP-16806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jon Hartlaub updated HADOOP-16806:
--
Description:
AWS has added a security feature to the assume-role function in the form of the
"ExternalId" key in the AWS Java SDK
{{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
patch to include this value from the configuration as well as an added Constant
to the {{org.apache.hadoop.fs.s3a.Constants}} file.
The ExternalId is not a required security feature, it is an augmentation of the
current assume role configuration.
Proposed:
* Get the assume-role ExternalId token from the configuration for the
configuration key {{fs.s3a.assumed.role.externalid}}
* Use the configured ExternalId value in the
{{STSAssumeRoleSessionCredentialsProvider.Builder}}
e.g.
{{if (StringUtils.isNotEmpty(externalId)) {}}
{{ builder.withExternalId(externalId); // include the token for
cross-account assume role}}
{{}}}
was:
AWS has added a security feature to the assume-role function in the form of the
"ExternalId" key in the AWS Java SDK
{{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
patch to include this value from the configuration as well as an added Constant
to the {{org.apache.hadoop.fs.s3a.Constants}} file.
Proposed:
* Get the assume-role ExternalId token from the configuration for the
configuration key {{fs.s3a.assumed.role.externalid}}
* {{Get}}
> AWS AssumedRoleCredentialProvider needs ExternalId add
> --
>
> Key: HADOOP-16806
> URL: https://issues.apache.org/jira/browse/HADOOP-16806
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
>Affects Versions: 3.2.1
>Reporter: Jon Hartlaub
>Priority: Minor
>
> AWS has added a security feature to the assume-role function in the form of
> the "ExternalId" key in the AWS Java SDK
> {{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
> security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
> patch to include this value from the configuration as well as an added
> Constant to the {{org.apache.hadoop.fs.s3a.Constants}} file.
> The ExternalId is not a required security feature, it is an augmentation of
> the current assume role configuration.
> Proposed:
> * Get the assume-role ExternalId token from the configuration for the
> configuration key {{fs.s3a.assumed.role.externalid}}
> * Use the configured ExternalId value in the
> {{STSAssumeRoleSessionCredentialsProvider.Builder}}
> e.g.
> {{if (StringUtils.isNotEmpty(externalId)) {}}
> {{ builder.withExternalId(externalId); // include the token for
> cross-account assume role}}
> {{}}}
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16806) AWS AssumedRoleCredentialProvider needs ExternalId add
[
https://issues.apache.org/jira/browse/HADOOP-16806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jon Hartlaub updated HADOOP-16806:
--
Description:
AWS has added a security feature to the assume-role function in the form of the
"ExternalId" key in the AWS Java SDK
{{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
patch to include this value from the configuration as well as an added Constant
to the {{org.apache.hadoop.fs.s3a.Constants}} file.
Proposed:
* Get the assume-role ExternalId token from the configuration for the
configuration key {{fs.s3a.assumed.role.externalid}}
* {{Get}}
was:AWS has added a security feature to the assume-role function in the form
of the "ExternalId" key in the AWS Java SDK
{{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
patch to include this value from the configuration as well as an added Constant
to the {{org.apache.hadoop.fs.s3a.Constants}} file.
> AWS AssumedRoleCredentialProvider needs ExternalId add
> --
>
> Key: HADOOP-16806
> URL: https://issues.apache.org/jira/browse/HADOOP-16806
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
>Affects Versions: 3.2.1
>Reporter: Jon Hartlaub
>Priority: Minor
>
> AWS has added a security feature to the assume-role function in the form of
> the "ExternalId" key in the AWS Java SDK
> {{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
> security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
> patch to include this value from the configuration as well as an added
> Constant to the {{org.apache.hadoop.fs.s3a.Constants}} file.
>
> Proposed:
> * Get the assume-role ExternalId token from the configuration for the
> configuration key {{fs.s3a.assumed.role.externalid}}
> * {{Get}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16806) AWS AssumedRoleCredentialProvider needs ExternalId add
[
https://issues.apache.org/jira/browse/HADOOP-16806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran updated HADOOP-16806:
Component/s: fs/s3
> AWS AssumedRoleCredentialProvider needs ExternalId add
> --
>
> Key: HADOOP-16806
> URL: https://issues.apache.org/jira/browse/HADOOP-16806
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
>Affects Versions: 3.2.1
>Reporter: Jon Hartlaub
>Priority: Minor
>
> AWS has added a security feature to the assume-role function in the form of
> the "ExternalId" key in the AWS Java SDK
> {{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
> security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
> patch to include this value from the configuration as well as an added
> Constant to the {{org.apache.hadoop.fs.s3a.Constants}} file.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-16806) AWS AssumedRoleCredentialProvider needs ExternalId add
[
https://issues.apache.org/jira/browse/HADOOP-16806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran updated HADOOP-16806:
Parent: HADOOP-15620
Issue Type: Sub-task (was: Improvement)
> AWS AssumedRoleCredentialProvider needs ExternalId add
> --
>
> Key: HADOOP-16806
> URL: https://issues.apache.org/jira/browse/HADOOP-16806
> Project: Hadoop Common
> Issue Type: Sub-task
>Affects Versions: 3.2.1
>Reporter: Jon Hartlaub
>Priority: Minor
>
> AWS has added a security feature to the assume-role function in the form of
> the "ExternalId" key in the AWS Java SDK
> {{STSAssumeRoleSessionCredentialsProvider.Builder}} class. To support this
> security feature, the hadoop aws {{AssumedRoleCredentialProvider}} needs a
> patch to include this value from the configuration as well as an added
> Constant to the {{org.apache.hadoop.fs.s3a.Constants}} file.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
