[HADOOP-15572] Test S3Guard ops with assumed roles & verify required permissions - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Duplicate
Affects Version/s: 3.1.0
Fix Version/s: None
Component/s: fs/s3
Labels:
None

Description

We haven't documented permissions for S3Guard (WiP of mine); when I try to test using the AssumedRoleCredentialProvider & a role nominally restricted to R/W of S3guard but not create/delete, I can still create and destroy buckets

Either I've got my list wrong, or how S3Guard sets up its auth isn't right & somehow falling back to the full role

Attachments

Issue Links

Is contained by

HADOOP-15583 Stabilize S3A Assumed Role support

Resolved

is related to

HADOOP-15569 Expand S3A Assumed Role docs

Resolved

relates to

HADOOP-15583 Stabilize S3A Assumed Role support

Resolved

supercedes

HADOOP-14592 ITestS3ATemporaryCredentials to cover all ddb metastore ops with session credentials

Resolved

Activity

People

Assignee:: Steve Loughran

Reporter:: Steve Loughran

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 29/Jun/18 11:19

Updated:: 24/Jul/18 22:29

Resolved:: 24/Jul/18 22:29