Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
org.apache.hadoop.fs.s3a.TestS3ATemporaryCredentials.testSTS throws a 403 AccessDenied when run without any AWS credentials (access key and secret key) in the config.
com.amazonaws.AmazonServiceException: Cannot call GetSessionToken with session credentials (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: XXXXX) at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1182) at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:770) at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:489) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:310) at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1106) at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.getSessionToken(AWSSecurityTokenServiceClient.java:355) at org.apache.hadoop.fs.s3a.TestS3ATemporaryCredentials.testSTS(TestS3ATemporaryCredentials.java:105)
It fails because the InstanceProfileCredentialsProvider in the credentials chain (on line 91) is used, but an instance profile always provides a temporary credential and GetSessionToken requires a long-term (not temporary) credential.
Suggestion on how to fix this test case?
Attachments
Attachments
Issue Links
- is depended upon by
-
HADOOP-11694 Über-jira: S3a phase II: robustness, scale and performance
-
- Resolved
-