hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12537) s3a: Add flag for session ID to allow Amazon STS temporary credentials
Date Mon, 02 Nov 2015 10:26:27 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14985024#comment-14985024
] 

Steve Loughran commented on HADOOP-12537:
-----------------------------------------

s3: has been essentially deprecated for a long time, nobody uses it for new data

s3n is considered stable, and after the disaster that was HADOOP-9623, in which a patch which
swallowed exceptions snuck in, there's effectively a veto on any patch there that isn't considered
critical in terms of security or performance. No new features.

The failures that patch triggered (HADOOP-10589) showed that there wasn 't adequate testing
of the s3 clients; that's better now, but it means there'll be an expectation of more tests
for any feature; tests that are (a) robust even over long-haul connections (b) skip nicely
against non-AWS implementations of the S3 APIs and (c) tested by you against multiple s3 endpoints,
including the more recent ones with tighter auth (e.g. AWS frankfurt). 


> s3a: Add flag for session ID to allow Amazon STS temporary credentials
> ----------------------------------------------------------------------
>
>                 Key: HADOOP-12537
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12537
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: fs/s3
>    Affects Versions: 2.7.1
>            Reporter: Sean Mackrory
>            Priority: Minor
>
> Amazon STS allows you to issue temporary access key id / secret key pairs for your a
user / role. However, using these credentials also requires specifying a session ID. There
is currently no such configuration property or the required code to pass it through to the
API (at least not that I can find) in any of the S3 connectors.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message